goldilocks

README

goldilocks

Get your resource requests "Just Right"

How?

By using the kubernetes vertical-pod-autoscaler in recommendation mode, we can see a suggestion for resource requests on each of our apps. This tool creates a VPA for each deployment in a namespace and then queries them for information.

Requirements

• kubectl
• vertical-pod-autoscaler configured in the cluster
• some deployments with pods
• metrics-server (a requirement of vpa)
• golang 1.11+

Installing Vertical Pod Autoscaler

There are multiple ways to install VPA for use with Goldilocks:

• Install using the hack/vpa-up.sh script from the vertical-pod-autoscaler repository
• Set the value installVPA=true when doing the Helm chart installation of Goldilocks. This will run the script from VPA in your cluster.

Prometheus (optional)

VPA does not require the use of prometheus, but it is supported.

GKE Notes

Google has provided the vertical pod autoscaler as a beta feature in GKE. You can see the docs here, or just enable it like so:

gcloud beta container clusters update [CLUSTER-NAME] --enable-vertical-pod-autoscaling

NOTE: This does not support using prometheus as a data backend.

Installation

First, make sure you satisfy the requirements above.

Method 1 - Helm (preferred)

helm repo add fairwinds-incubator https://charts.fairwinds.com/incubator
helm install --name goldilocks --namespace goldilocks fairwinds-incubator/goldilocks

Method 2 - Manifests

The hack/manifests directory contains collections of Kubernetes YAML definitions for installing the controller and dashboard components in cluster.

kubectl create namespace goldilocks
kubectl -n goldilocks apply -f hack/manifests/controller
kubectl -n goldilocks apply -f hack/manifests/dashboard

Enable Namespace

Pick an application namespace and label it like so in order to see some data:

kubectl label ns goldilocks goldilocks.fairwinds.com/enabled=true

After that you should start to see VPA objects in that namespace.

Viewing the Dashboard

The default installation creates a ClusterIP service for the dashboard. You can access via port forward:

kubectl -n goldilocks port-forward svc/goldilocks-dashboard 8080:80

Then open your browser to http://localhost:8080

CLI Usage (not recommended)

Normally we recommend installing as a controller in-cluster. However, it can be run as a CLI if desired.

A tool for analysis of kubernetes deployment resource usage.

Usage:
  goldilocks [flags]
  goldilocks [command]

Available Commands:
  controller  Run goldilocks as a controller inside a kubernetes cluster.
  create-vpas Create VPAs
  dashboard   Run the goldilocks dashboard that will show recommendations.
  delete-vpas Delete VPAs
  help        Help about any command
  summary     Genarate a summary of the vpa recommendations in a namespace.
  version     Prints the current version of the tool.

Flags:
      --alsologtostderr                  log to standard error as well as files
  -h, --help                             help for goldilocks
      --kubeconfig string                Kubeconfig location. [KUBECONFIG] (default "$HOME/.kube/config")
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory
      --log_file string                  If non-empty, use this log file
      --log_file_max_size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
      --master string                    The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files
      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
  -v, --v Level                          number for the log level verbosity
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

Use "goldilocks [command] --help" for more information about a command.

controller

This starts the goldilocks controller. Used by the Docker container, it will create vpas for properly labelled namespaces.

create-vpas

goldilocks create-vpas -n some-namespace

This will search for any deployments in the given namespace and generate a VPA for each of them. Each vpa will be labelled for use by this tool.

delete-vpas

This will delete all vpa objects in a namespace that are labelled for use by this tool.

dashboard

goldilocks dashboard

Runs the goldilocks dashboard web server that will display recommendations. Listens on port 8080 by default.

summary

goldilocks summary

Queries all the VPA objects that are labelled for this tool across all namespaces and summarizes their suggestions into a JSON object.

Container Exclusions

The dashboard and summary commands can exclude recommendations for a list of comma separated container names using the --exclude-containers argument. This option can be useful for hiding recommendations for sidecar containers for things like Linkerd and Istio.

Containers can be excluded for individual deployments by applying a label to any deployment. The label value should be a list of comma separated container names. The label value will be combined with any values provided through the --exclude-containers argument.

Example label:

kubectl label deployment myapp goldilocks.fairwinds.com/exclude-containers=linkerd-proxy,istio-proxy