容器化应用的资源配置常在部署初期设定,但随着业务演进,静态配置易与实际负载脱节,导致资源冗余或不足。ACK资源画像能够通过分析历史使用数据,实现容器粒度的资源推荐,简化Request和Limit配置。
在以下场景中,资源画像的定期自动变配机制可提升资源配置效率:
- 存量资源配置未优化:批量纠偏低效的手动调整
- 业务负载规律变化:定期更新推荐值,减少人工介入
- 大规模微服务集群:实现推荐值的批量、策略化落地
需注意自动化落地伴随稳定性风险,应在风险可控、过程可追溯、策略可干预的前提下按需启用。
核心组件:
- 资源画像服务:分析工作负载历史资源使用模式,生成资源配置建议,输出为Recommendation CR
- Vertical Pod Autoscaler (VPA):监听VPA对象,驱动工作负载自动更新配置
- resource-profile-recommender:监听Recommendation CR,生成或更新对应的VPA对象
- 定时触发:Recommender根据Cron表达式启动同步任务
- 查询画像:获取所有开启自动变配的Recommendation CR
- 解析配置:读取Recommendation Annotation中的自动变配配置
- 更新VPA:根据资源画像更新VPA对象的配置和推荐值
- 策略执行:VPA Updater检测配置差距,超出阈值则执行变配
通过在Recommendation CR上添加Label autoscaling.alibabacloud.com/autogen-vpa: 'true',即可开启自动变配并使用默认配置。
自动变配配置通过编辑Recommendation的Annotation下发,目前支持的配置包括:
| Annotation Key | 对应 VPA 字段 | 说明 |
|---|---|---|
| alpha.alibabacloud.com/vpa-update-mode | spec.updatePolicy.updateMode | 自动变配模式,可选 "Auto"、"Initial"、"Off",默认值为"Initial" |
| alpha.alibabacloud.com/vpa-cpu-min-allowed | spec.resourcePolicy.containerPolicies[].minAllowed.cpu | CPU Request 最小生效值,防止推荐值过低影响服务稳定性 |
| alpha.alibabacloud.com/vpa-cpu-max-allowed | spec.resourcePolicy.containerPolicies[].maxAllowed.cpu | CPU Request 最大生效值,防止资源浪费或调度失败 |
| alpha.alibabacloud.com/vpa-memory-min-allowed | spec.resourcePolicy.containerPolicies[].minAllowed.memory | 内存 Request 最小生效值,避免因内存不足触发 OOM |
| alpha.alibabacloud.com/vpa-memory-max-allowed | spec.resourcePolicy.containerPolicies[].maxAllowed.memory | 内存 Request 最大生效值,控制成本与节点分配压力 |
| alpha.alibabacloud.com/vpa-container-controlled-values | spec.resourcePolicy.containerPolicies[].controlledValues | Limit 变配策略,可选 "RequestsAndLimits" 或 "RequestsOnly" |
| alpha.alibabacloud.com/vpa-min-replicas | spec.updatePolicy.minReplicas | 允许自动变配的最小副本数,用于前置检查,若当前副本数低于此值则跳过自动更新。默认值为2 |
| alpha.alibabacloud.com/recommendation-cpu-custom-safety-margin-ratio | 无 | CPU 安全冗余比例,默认值为0.3 |
| alpha.alibabacloud.com/recommendation-memory-custom-safety-margin-ratio | 无 | 内存安全冗余比例,默认值为0.3 |
| alpha.alibabacloud.com/recommendation-cpu-ceil-step | 无 | CPU 规整精度(如 "0.1"、"0.5"、"1"),推荐值向上取整至指定步长,便于资源标准化。默认值为"0.1" |
| alpha.alibabacloud.com/recommendation-memory-ceil-step | 无 | 内存规整精度(如 "128Mi"、"512Mi"、"1Gi"),推荐值按步长向上规整。默认值为10Mi |
下面是工作负载开启自动变配的 Recommendation CR 配置:
apiVersion: autoscaling.alibabacloud.com/v1alpha1
kind: Recommendation
metadata:
annotations:
alpha.alibabacloud.com/recommendation-workload-name: cpu-simulator
alpha.alibabacloud.com/vpa-container-controlled-values: RequestsOnly
alpha.alibabacloud.com/vpa-cpu-max-allowed: '1.3'
alpha.alibabacloud.com/vpa-cpu-min-allowed: 1m
alpha.alibabacloud.com/vpa-memory-max-allowed: 10Gi
alpha.alibabacloud.com/vpa-memory-min-allowed: 1Mi
alpha.alibabacloud.com/vpa-min-replicas: '1'
alpha.alibabacloud.com/vpa-update-mode: Auto
alpha.alibabacloud.com/recommendation-cpu-ceil-step: '0.351'
alpha.alibabacloud.com/recommendation-cpu-custom-safety-margin-ratio: '0.4'
alpha.alibabacloud.com/recommendation-memory-ceil-step: 13Mi
alpha.alibabacloud.com/recommendation-memory-custom-safety-margin-ratio: '0.4'
labels:
alpha.alibabacloud.com/recommendation-cpu-operation: Decrease
alpha.alibabacloud.com/recommendation-memory-operation: Increase
alpha.alibabacloud.com/recommendation-profile-name: ack-recommender-console-default
alpha.alibabacloud.com/recommendation-status: Working
alpha.alibabacloud.com/recommendation-workload-apiVersion: apps-v1
alpha.alibabacloud.com/recommendation-workload-kind: Deployment
alpha.alibabacloud.com/recommendation-workload-name: cpu-simulator
alpha.alibabacloud.com/recommendation-workload-namespace: default
autoscaling.alibabacloud.com/autogen-vpa: 'true'
name: 57435792-f3bd-4b72-b944-ce01ca97919f
namespace: default
resourceVersion: '123471792'
uid: fd8d75ff-fb27-4a44-8db1-72be13065808
spec:
workloadRef:
apiVersion: apps/v1
kind: Deployment
name: cpu-simulator
status:
conditions:
- lastTransitionTime: '2025-07-07T09:37:35Z'
status: 'False'
type: LowConfidence
- lastTransitionTime: '2025-06-09T08:59:32Z'
status: 'True'
type: RecommendationProvided
recommendResources:
containerRecommendations:
- containerName: simulator
originalTarget:
avg:
cpu: 726m
memory: 250Mi
max:
cpu: 1016m
memory: 250Mi
p60:
cpu: 903m
memory: 250Mi
p95:
cpu: 1016m
memory: 250Mi
p99:
cpu: 1016m
memory: 250Mi
target:
cpu: 1168m
memory: 250Mi
updateTime: '2025-07-12T07:14:36Z'自动生成的VPA:
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
labels:
autoscaling.alibabacloud.com/generated-by-resource-profile: 57435792-f3bd-4b72-b944-ce01ca97919f
name: 57435792-f3bd-4b72-b944-ce01ca97919f
namespace: default
resourceVersion: '123442437'
uid: 8cd37f45-4202-4698-a138-36f7193d7901
spec:
recommenders:
- name: resource-profile-recommender
resourcePolicy:
containerPolicies:
- containerName: '*'
controlledValues: RequestsOnly
maxAllowed:
cpu: 1300m
memory: 10Gi
minAllowed:
cpu: 1m
memory: 1Mi
targetRef:
apiVersion: apps/v1
kind: Deployment
name: cpu-simulator
updatePolicy:
minReplicas: 1
updateMode: Auto
status:
conditions:
- lastTransitionTime: '2025-07-12T05:52:41Z'
status: 'True'
type: RecommendationProvided
recommendation:
containerRecommendations:
- containerName: simulator
target:
cpu: 1800m
memory: 330Mi尽管自动化资源配置调整能提升运维效率,但其本质需通过 Pod 重建生效,可能对线上服务稳定性造成影响。启用前请充分评估以下风险,并配套相应控制措施:
由于目前 VPA 通过驱逐 Pod 实现资源变配,对于以下类型的服务,Pod 重建过程可能带来风险:
- 单副本服务:重建期间服务不可用
- 需预热或优雅上线的服务:如 Java 应用、AI 模型加载、缓存预热等,冷启动耗时长
- 长连接保持型服务:如网关、数据库连接池、WebSocket 服务,重建会导致连接中断
- 流量敏感或突增型服务:重建期间若遇流量高峰,可能引发雪崩
控制建议:
- 对副本数为 1 的服务,禁止启用自动更新,或确保其具备快速启动与无损流量切换能力
- 对需预热或长连接服务,建议人工分批操作,或配置就绪探针,确保 Pod 就绪后再切流
- 提前配置 PodDisruptionBudget(PDB),限制同时中断的 Pod 数量,避免批量重建导致服务不可用
当多个工作负载的 Recommendation CR 同时被标注启用同步,可能变配窗口期内触发大量 Pod 重建,造成节点资源争抢、调度失败;或者服务依赖链中断,比如 A 服务重启导致 B 服务调用失败,造成了 C 服务熔断。
控制建议:
- 避免对关键链路服务(如网关、中间件、数据库代理)进行批量自动变配
- 如需批量操作,务必确认变更顺序与依赖关系,优先变更下游、非核心服务
- 启用前进行变更影响分析,通过 dry-run 评估重建范围
docker build -t alibabacloud-resource-profile-vpa-recommender .--recommender-name: Recommender名称,默认为"resource-profile-recommender"--recommender-cron-schedule: Cron表达式,默认为"0 30 3 * * *"(每天凌晨3:30执行)--recommender-cron-timezone: Cron时区,默认为"Asia/Shanghai"
项目可以通过标准的Kubernetes Deployment方式进行部署,需要相应的RBAC权限配置以访问Recommendation和VPA资源。 径,同时需以稳定性为前提,合理配置策略,确保安全可控。