【Kubernetes弹性伸缩方案】VPA（Vertical Pod Autoscaler）纵向自动伸缩

前提条件

Kubernetes >= 1.25
Openssl >= 1.1.1
部署MetricServer

官方Github：autoscaler/vertical-pod-autoscaler at vertical-pod-autoscaler-1.1.2 · kubernetes/autoscaler · GitHub

部署VPA（v1.1.2）

git clone https://github.com/kubernetes/autoscaler.git -b vertical-pod-autoscaler-1.1.2
cd autoscaler/vertical-pod-autoscaler/hack
./vpa-up.sh

已知问题

ERROR: Failed to create CA certificate for self-signing. If the error is "unknown option -addext", update your openssl version or deploy VPA from the vpa-release-0.8 branch.

原因：openssl 版本太低

解决方法：执行vpa-down.sh卸载后，升级openssl，重新安装

升级openssl（部署机升级即可）

查看当前版本

下载地址（最新稳定版3.3，支持到2026.4.9）：openssl-3.3.1.tar.gz

备份

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

安装依赖

yum -y install perl-IPC-Cmd perl-ExtUtils-MakeMaker perl-Data-Dumper

编译

tar zxvf openssl-3.3.1.tar.gz
cd openssl-3.3.1/
./config shared --openssldir=/usr/local/openssl --prefix=/usr/local/openssl
make && make install

软连接

ln -s /usr/local/openssl/lib/libssl.so.3 /usr/lib/libssl.so.3
ln -s /usr/local/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/openssl/lib/libcrypto.so.3 /usr/lib/libcrypto.so.3
ln -s /usr/local/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo “/usr/local/openssl/lib” >> /etc/ld.so.conf
ldconfig -v

查看版本

测试VPA

创建Deployment

cat > apache.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: apache
spec:
  replicas: 3
  selector:
    matchLabels:
      run: apache
  template:
    metadata:
      labels:
        run: apache
    spec:
      containers:
      - name: apache
        image: registry.k8s.io/hpa-example
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: apache
  labels:
    run: apache
spec:
  ports:
  - port: 80
  selector:
    run: apache
EOF

kubectl apply -f apache.yaml

查看当前pod资源

kubectl describe pod <podname>

没有限制，所以没有Limits和Requests

创建VPA

cat > vpa-apache.yaml << EOF 
apiVersion: autoscaling.k8s.io/v1 
kind: VerticalPodAutoscaler 
metadata: 
  name: apache-deployment-basic-vpa   
namespace: default 
spec: 
  targetRef: 
    apiVersion: "apps/v1" 
    kind:       Deployment 
    name:       apache 
  updatePolicy: 
    updateMode: "Auto" 
EOF

kubectl apply -f vpa-apache.yaml

# 需要等待两分钟，才能返回结果
kubectl get vpa

pod会根据推荐资源配置，重新分配

kubectl describe vpa apache-deployment-basic-vpa

kubectl describe pod <podname>

vpa与重新创建的pod资源对应

增加负载

yum -y install httpd-tools

ab -c 100 -n 500000 http://10.20.13.140:29704/

Elijah's Blog