Skip to content

Put Falco pods under VPA #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lsroe wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Put Falco pods under VPA #377

lsroe wants to merge 3 commits into from

Conversation

@lsroe
Copy link
Contributor

@lsroe lsroe commented Oct 31, 2025
edited
Loading

What this PR does / why we need it:

Falco pods need to be able to dynamically increase memory for very large nodes as two ringbuffers need to be created for each CPU

Which issue(s) this PR fixes:
Fixes #348

Special notes for your reviewer:

Release note:

Falco pod memory handled by VPA

@lsroe lsroe requested a review from a team as a code owner October 31, 2025 10:50
@gardener-robot gardener-robot added needs/review Needs review size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 31, 2025
@lsroe lsroe requested a review from marwinski November 3, 2025 08:37
@marwinski
Copy link
Contributor

marwinski commented Nov 3, 2025

I am reluctant to allow VPA control here. We currently have a memory leak in Falco which sometimes lead to OOM kills, but the current limits are good also for large machines, just not for very large machines with lots of cores. Putting Falco under VPA control would mean that we allow the leak to consume more before being OOM killed.

From my point of view a better approach would be to configure more memory for machines with a high number of cores. The ways to do that are debatable and I don't have a really good idea just yet.

@gardener-robot
Copy link

gardener-robot commented Nov 6, 2025

@marwinski You have pull request review open invite, please check

lsroe added 2 commits December 1, 2025 17:22
@lsroe
Decrease max memory limit for Falco container
00a989d 
Reduced maximum allowed memory for Falco container from 2048Mi to 1024Mi.
@lsroe
Remove memory limits entirely as handled by vpa
e594297
@gardener-ci-robot
Copy link
Collaborator

gardener-ci-robot commented Dec 20, 2025

The Gardener project currently lacks enough active contributors to adequately respond to all PRs.
This bot triages PRs according to the following rules:

  • After 15d of inactivity, lifecycle/stale is applied
  • After 15d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 7d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Mark this PR as rotten with /lifecycle rotten
  • Close this PR with /close

/lifecycle stale

@gardener-robot gardener-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marwinski marwinski Awaiting requested review from marwinski

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs/review Needs review size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enable VPA for Falco component

4 participants

@lsroe @marwinski @gardener-robot @gardener-ci-robot