[Tracking] VPA Helm Chart Implementation #8587
Description
Following our discussions in the last two SIG meetings, we’ve decided to create a dedicated Helm chart for the VPA 🥳
This issue will serve as a tracking hub for contributors. We’ll use it to collect and organize the tasks needed for this effort. Additional items may be added over time as the work progresses.
At the moment, we’re aiming to achieve the following:
Admission Controller:
- nodeSelector / affinity / tolerations
- Helm hooks for TLS cert patching / rotation
- PodDisruptionBudget - feat(chart): add PodDisruptionBudget chart for admission controller #8651
Recommender:
- Deployment - feat(vpa-chart): add chart logic for the vpa recommender #8646
- ServiceAccount - feat(vpa-chart): add chart logic for the vpa recommender #8646
- RBAC (ClusterRole, RoleBinding) - feat(vpa-chart): add chart logic for the vpa recommender #8646
- ConfigMap (optional tuning parameters) - feat(vpa-chart): add chart logic for the vpa recommender #8646
- PodDisruptionBudget - feat(vpa-chart): add chart logic for the vpa recommender #8646
- nodeSelector / affinity / tolerations - feat(vpa-chart): add chart logic for the vpa recommender #8646
Updater:
- Deployment
- ServiceAccount
- RBAC (ClusterRole, RoleBinding)
- PodDisruptionBudget
- Resource requests/limits
- nodeSelector / affinity / tolerations
CRDs:
- Package CRDs in a dedicated CRDs chart - Add crds chart for the VPA #8661
Other:
- ServiceMonitor / PodMonitor (Prometheus Operator support)
- Add optional imagePullSecrets
- Add configurable commands
- Add schema validation for values.yaml (values.schema.json)
- Support PodSecurity admission labels (restricted/baseline)
- Optionally integrate with cert-manager for webhook TLS (instead of Helm hook patching)
- SecurityContext (drop capabilities, runAsNonRoot, readOnlyRootFilesystem)
- PriorityClass support