Make calico/node resource requests dynamic based on cluster size

2025-07-30 06:54:01 +00:00 · 2017-06-08 13:52:56 -07:00 · 2017-06-08 13:52:56 -07:00 · 83ec0d87ff
commit 83ec0d87ff
parent 88d3245671
7 changed files with 62 additions and 3 deletions
--- a/cluster/addons/calico-policy-controller/README.md
+++ b/cluster/addons/calico-policy-controller/README.md
@ -6,6 +6,7 @@ Calico is an implementation of the Kubernetes network policy API.  The provided
 - A DaemonSet which runs Calico on each node in the cluster.
 - A Deployment which installs the Calico Typha agent.
 - A Service for the Calico Typha agent.
+- A HorizontalPodAutoscaler to dynamically adjust the Typha Deployment.

 ### Learn More

--- a/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
+++ b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
@ -11,6 +11,8 @@ spec:
  selector:
    matchLabels:
      k8s-app: calico-node
+  updateStrategy:
+    type: RollingUpdate
  template:
    metadata:
      labels:
@ -58,7 +60,7 @@ spec:
            privileged: true
          resources:
            requests:
-              cpu: 250m
+              cpu: __CALICO_NODE_CPU__
          volumeMounts:
            - mountPath: /lib/modules
              name: lib-modules
--- a/cluster/addons/calico-policy-controller/typha-autoscaler.yaml
+++ b/cluster/addons/calico-policy-controller/typha-autoscaler.yaml
@ -0,0 +1,17 @@
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: calico-typha
+  namespace: kube-system
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    k8s-app: calico-typha
+spec:
+  scaleTargetRef:
+    apiVersion: extensions/v1beta1
+    kind: Deployment
+    name: calico-typha
+  minReplicas: 1
+  maxReplicas: 20
+  targetCPUUtilizationPercentage: 75
--- a/cluster/addons/calico-policy-controller/typha-deployment.yaml
+++ b/cluster/addons/calico-policy-controller/typha-deployment.yaml
@ -45,4 +45,4 @@ spec:
            value: "kubernetes"
        resources:
          requests:
-            cpu: 1000m
+            cpu: 200m
--- a/cluster/addons/calico-policy-controller/typha-service.yaml
+++ b/cluster/addons/calico-policy-controller/typha-service.yaml
@ -15,4 +15,3 @@ spec:
      name: calico-typha
  selector:
    k8s-app: calico-typha
-
--- a/cluster/gce/container-linux/configure-helper.sh
+++ b/cluster/gce/container-linux/configure-helper.sh
@ -34,6 +34,22 @@ function create-dirs {
  fi
 }

+# Vars assumed:
+#   NUM_NODES
+function get-calico-cpu {
+  local suggested_calico_cpus=100m
+  if [[ "${NUM_NODES}" -gt "10" ]]; then
+    suggested_calico_cpus=250m
+  fi
+  if [[ "${NUM_NODES}" -gt "100" ]]; then
+    suggested_calico_cpus=500m
+  fi
+  if [[ "${NUM_NODES}" -gt "500" ]]; then
+    suggested_calico_cpus=1000m
+  fi
+  echo "${suggested_calico_cpus}"
+}
+
 # Create directories referenced in the kube-controller-manager manifest for
 # bindmounts. This is used under the rkt runtime to work around
 # https://github.com/kubernetes/kubernetes/issues/26816
@ -1212,6 +1228,10 @@ function start-kube-addons {
  fi
  if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" ]]; then
    setup-addon-manifests "addons" "calico-policy-controller"
+
+    # Configure Calico resource requests based on cluster size.
+    local -r calico_file="${dst_dir}/calico-policy-controller/calico-node-daemonset.yaml"
+    sed -i -e "s@__CALICO_NODE_CPU__@$(get-calico-cpu)@g" "${calico_file}"
  fi
  if [[ "${ENABLE_DEFAULT_STORAGE_CLASS:-}" == "true" ]]; then
    setup-addon-manifests "addons" "storage-class/gce"
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -32,6 +32,22 @@ function setup-os-params {
  echo "core.%e.%p.%t" > /proc/sys/kernel/core_pattern
 }

+# Vars assumed:
+#   NUM_NODES
+function get-calico-cpu {
+  local suggested_calico_cpus=100m
+  if [[ "${NUM_NODES}" -gt "10" ]]; then
+    suggested_calico_cpus=250m
+  fi
+  if [[ "${NUM_NODES}" -gt "100" ]]; then
+    suggested_calico_cpus=500m
+  fi
+  if [[ "${NUM_NODES}" -gt "500" ]]; then
+    suggested_calico_cpus=1000m
+  fi
+  echo "${suggested_calico_cpus}"
+}
+
 function config-ip-firewall {
  echo "Configuring IP firewall rules"
  # The GCI image has host firewall which drop most inbound/forwarded packets.
@ -1610,6 +1626,10 @@ function start-kube-addons {
  fi
  if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" ]]; then
    setup-addon-manifests "addons" "calico-policy-controller"
+
+    # Configure Calico resource requests based on cluster size.
+    local -r calico_file="${dst_dir}/calico-policy-controller/calico-node-daemonset.yaml"
+    sed -i -e "s@__CALICO_NODE_CPU__@$(get-calico-cpu)@g" "${calico_file}"
  fi
  if [[ "${ENABLE_DEFAULT_STORAGE_CLASS:-}" == "true" ]]; then
    setup-addon-manifests "addons" "storage-class/gce"