VPA
Lumie deploys VPA in recommendation-only mode. It is there to compute resource advice, not to automatically change running workloads.
Source paths
lumie-infra/observability/vpa/argocd.yamllumie-infra/observability/vpa/helm-values.yaml
Runtime contract
- recommender enabled
- updater disabled
- admission controller disabled
- ignoreDifferences rule for CPU limits to avoid ArgoCD drift noise
What that means operationally
- VPA gathers history and computes recommended requests.
- No controller in this deployment rewrites live pod specs.
- Goldilocks is the main consumer-facing surface for those recommendations.
Failure modes
- Operators may assume VPA is auto-rightsizing workloads; it is not.
- If the recommender is down, Goldilocks loses fresh data but workloads keep running unchanged.
- If a team later enables updater or admission without revisiting repo assumptions, the operational model changes materially and this page must be updated.
Verification
kubectl get applications.argoproj.io -n argocd vpa
kubectl get pods -n vpa
kubectl describe deploy -n vpa vpa-recommender
kubectl get vpa -A