Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1885213

Summary: Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
Product: OpenShift Container Platform Reporter: Mani <mmohan>
Component: NodeAssignee: Joel Smith <joelsmith>
Node sub component: Autoscaler (HPA, VPA) QA Contact: Weinan Liu <weinliu>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: aos-bugs, dgautam, joelsmith, jokerman, mfojtik, nagrawal, schoudha, tsweeney, weinliu
Version: 4.5Keywords: UpcomingSprint
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: VPA did not have access to monitor DeploymentConfigs Consequence: VPA was unable to scale DeploymentConfig workloads Fix: VPA permissions update Result: VPA can scale DeploymentConfig workloads
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:22:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1892386    

Description Mani 2020-10-05 12:51:56 UTC 
Description of problem:

Have created sample VPA CR for the Auto mode with DeploymentConfig and VPA is not working on DeplymentConfig Workload.Below error in vpa.

error:
"prometheus-example-app" is forbidden: User "system:serviceaccount:openshift-vertical-pod-autoscaler:vpa-recommender"
      cannot get resource "deploymentconfigs/scale" in API group "apps.openshift.io"
      in the namespace "ns1"'

Version-Release number of selected component (if applicable):
RHOCP4.5

How reproducible:

100%
Steps to Reproduce:
1.Install Vertical Pod Autoscaler Operator
2. Deploy sample application with DeploymentConfig and create VPA CR for the Auto mode
3.

Actual results:


Output of VPA.

~~~
  name: vpa-recommender
  namespace: ns1
  resourceVersion: "840675"
  selfLink: /apis/autoscaling.k8s.io/v1/namespaces/mani/verticalpodautoscalers/vpa-recommender
  uid: a5a00238-750f-45ab-a98a-d4c72f1766b4
spec:
  targetRef:
    apiVersion: apps.openshift.io/v1
    kind: DeploymentConfig
    name: prometheus-example-app
  updatePolicy:
    updateMode: Auto
status:
  conditions:
  - lastTransitionTime: "2020-10-05T07:11:59Z"
    message: 'Cannot read targetRef. Reason: Unhandled targetRef apps.openshift.io/v1
      / DeploymentConfig / prometheus-example-app, last error deploymentconfigs.apps.openshift.io
      "prometheus-example-app" is forbidden: User "system:serviceaccount:openshift-vertical-pod-autoscaler:vpa-recommender"
      cannot get resource "deploymentconfigs/scale" in API group "apps.openshift.io"
      in the namespace "ns1"'
    status: "True"
~~~

Expected results:

VPA status should have recommendation 

Additional info:

Clusterole does not have the Deploymentconfig resource 

oc get clusterrole verticalpodautoscaler.v4.5.0-85f6b76654 -o yaml | grep -i deploymentconfig

Also in the DOC[1] we mentioned in the beginning as 'The VPA uses individual custom resources (CR) to update all of the Pods associated with a workload object, such as a Deployment, Deployment Config, StatefulSet, Job, DaemonSet, ReplicaSet, or ReplicationController.' so as per the statement is should support(deploymentconfig).

[1] https://docs.openshift.com/container-platform/4.5/nodes/pods/nodes-pods-vertical-autoscaler.html
Comment 1 Maciej Szulik 2020-10-06 08:27:19 UTC 
Looks like a bug in https://github.com/openshift/vertical-pod-autoscaler-operator/blob/master/manifests/4.6/vertical-pod-autoscaler.v4.6.0.clusterserviceversion.yaml#L201-L314
which does not have DC.
Comment 4 Joel Smith 2020-10-28 16:09:03 UTC 
Here are the objects I used for testing:

hamster-dc.yaml 
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
  name: hamster
spec:
  replicas: 2
  labels:
    app: hamster
  template:
    metadata:
      labels:
        app: hamster
    spec:
      containers:
        - name: hamster
          image: k8s.gcr.io/ubuntu-slim:0.1
          resources:
            requests:
              cpu: 100m
              memory: 50Mi
          command: ["/bin/sh"]
          args:
            - "-c"
            - "while true; do timeout 0.2s yes >/dev/null; sleep 0.8s; done"

hamster-vpa-dc.yaml 
---
apiVersion: "autoscaling.k8s.io/v1beta2"
kind: VerticalPodAutoscaler
metadata:
  name: hamster-vpa
spec:
  targetRef:
    apiVersion: "apps.openshift.io/v1"
    kind: DeploymentConfig
    name: hamster
  resourcePolicy:
    containerPolicies:
    - containerName: hamster
      controlledValues: RequestsOnly
Comment 13 Weinan Liu 2020-11-27 07:26:38 UTC 
Failed test on image: brew.registry.redhat.io/rh-osbs/iib-pub-pending:v4.7 as per comment 12
Comment 22 errata-xmlrpc 2021-02-24 15:22:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633
Comment 23 Mani 2021-02-25 15:36:47 UTC 
Do we have any plan to backport the fix to 4.5/4.6 .?