Pass the whole VPA into cappingRecommendationProcessor.Apply()

[adrianmoisey]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

The current log message for when no container is found is very misleading and can cause confusion.

This passes the entire VPA object into that function, in order for it to create a log file with the relevant VPA name in it.

It kinda feels like surgery with a scalpel, any alternative approaches would be appreciated.

Take a look at #7491 to see the confusion it can cause.

Which issue(s) this PR fixes:

Fixes #7491

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[omerap12]

Can we check for some edge cases ( just to avoid panic )?

if vpa == nil {
    return nil, nil, fmt.Errorf("cannot process nil vpa")
    }
if pod == nil {
    return nil, nil, fmt.Errorf("cannot process nil pod")
    }
if vpa.Status.Recommendation == nil {
        return nil, nil, nil  // This matches existing behavior for no recommendation
    }

[adrianmoisey]

Should be fixed in 13d6ffa

[omerap12]

Same for here ( not sure if needed but just my opinion ):

if vpa == nil {
      return nil, nil, fmt.Errorf("cannot process nil vpa")
  }
if vpa.Status.Recommendation == nil {
    return nil, nil, nil
}

[adrianmoisey]

Should be fixed in 13d6ffa

[raywainman]

Should we check pod here as well?

[adrianmoisey]

I thought about adding a check there, but all that function does is pass Pod on to another function call.
Since this function doesn't actually do anything to Pod, I figured the guards could be in the functions that would do something with Pod.

[omerap12]

If my comments make sense to you, we could add more unit tests to cover those edge cases. For example:

func TestApplyWithNilVPA(t *testing.T) {
    pod := test.Pod().WithName("pod1").AddContainer(test.Container().WithName("ctr-name").Get()).Get()
    processor := NewCappingRecommendationProcessor(&fakeLimitRangeCalculator{})
    
    res, annotations, err := processor.Apply(nil, pod)
    assert.Error(t, err)
    assert.Nil(t, res)
    assert.Nil(t, annotations)
}

func TestApplyWithNilPod(t *testing.T) {
    vpa := test.VerticalPodAutoscaler().WithContainer("container").Get()
    processor := NewCappingRecommendationProcessor(&fakeLimitRangeCalculator{})
    
    res, annotations, err := processor.Apply(vpa, nil)
    assert.Error(t, err)
    assert.Nil(t, res)
    assert.Nil(t, annotations)
}

[raywainman]

Nice cleanup, thank you :)

/lgtm

[raywainman]

Sorry realized I didn't submit my comments

[raywainman]

I like the defensiveness here, in practice the code before could have allowed someone to mutate the object and cause all kinds of weird behavior.

Curious if you noticed any issue anywhere in this function that could have caused unwanted mutation?

[raywainman]

That being said, we might inherit some performance penalties here (though should be very small) and I don't think we generally do this anywhere else in the codebase so could go either way here.

[adrianmoisey]

I've removed them in e9c1c1c

For some reason I thought they were needed. When making this PR I was a little rushed, since I was moving laptops and wanted my work-in-progress code pushed.

Anyway, the problem I was facing was actually fixed in e277df0, but for some reason I thought that DeepCopy fixed it

[adrianmoisey]

Thanks for the reviews. I was actually rushed when making this, so still need to do a cleanup and respond to comments.
I'll hold for now until I can address all of that
/hold

[omerap12]

/lgtm

[adrianmoisey]

/unhold

[raywainman]

Should we check pod here as well?

[raywainman]

I actually wonder if this should be an error case...

The processors are generally "adjusting" the recommendation one at a time. If there is no recommendation to adjust then this feels like an error case to me.

@omerap12 or @adrianmoisey are you seeing a case where this should be allowed?

[raywainman]

Oh wait I see that this is being done in the capping processor. Perhaps it is best to be consistent.

However I wonder if this can eventually be made more strict and turned into an error.

[adrianmoisey]

I am assuming that this case should never happen

[raywainman]

/lgtm

[voelzmo]

Thanks, this change really improves the error message and should be a good step forward to improve the situation. I have just some small comments where I don't want to block the approval on.

Looking at this I'm reminded that we have #6744 still open and never got to reviewing #6745 to the end. This should fix the main reason for seeing these messages.

[voelzmo]

Nit: this should be lower case

Suggested change

	Apply(Vpa *vpa_types.VerticalPodAutoscaler,
	Apply(vpa *vpa_types.VerticalPodAutoscaler,

[adrianmoisey]

Fixed in 3ea36d2

[voelzmo]

Sorry for the back-and-forth, but should we really add these nilchecks? You're changing the signature coming from explicitly passing the recommendations, policy and conditions to passing an entire VPA object. So the context where all this is currently called from already ensures that the VPA and Pod aren't nil: https://github.com/kubernetes/autoscaler/pull/7527/files#diff-b21ffa4a9ddd85d3bdd971cf8ff4cdb5050b05f8c349137a3f7e3152d4634d6eR108-R110

[adrianmoisey]

That is something I had considered, but I landed on the fact that this function should be able to handle any possible input.

I don't actually know if there's a Go or Kubernetes best practice around this. I figured that more defensive code is a good thing, but I'm also happy to change, but I'll wait for consensus before changing it.

[omerap12]

In my opinion, since this is an exported function, we should include the nil check as to prevent panics from invalid usage. But, I do agree that we're only changing the signature to so it's unlikely the VPA object would ever be nil in current usage patterns. I'm comfortable with whatever you decide.

[raywainman]

+1 for defensive approach here.

[omerap12]

/lgtm

[raywainman]

One small edge case here is that if there are no processors, this will be nil (where the behavior beforehand was that we would return the existing VPA recommendation).

I know we don't currently have an empty processor but should we match the behavior here and initialize this to the value of vpa.Status.Recommendation?

[adrianmoisey]

I've made this change in cf1e270, is that what you were thinking?

[raywainman]

Yes, sorry I added a quick comment on the commit and it isn't appearing anywhere :/

You can fold the two lines:

recommendation := vpa.Status.Recommendation

[adrianmoisey]

🤦 Yup, good callout.
Should be fixed in 59236c9

[raywainman]

One last small comment then this is good to go, sorry for the wait.

[raywainman]

/lgtm

[raywainman]

/lgtm

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adrianmoisey, raywainman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• vertical-pod-autoscaler/OWNERS [raywainman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment