Lets get started.<\/p>\n
What is In-Place Pod Resize?<\/h2>\n\n\ud83d\udccc<\/div>\nNote:<\/strong><\/b> This feature is stable from Kubernetes version 1.35<\/div>\n<\/div>\nIn Kubernetes<\/a>, it was not possible to change the CPU or memory for a running Pod without a restart.<\/p>\nBut the In-Place Pod Resize<\/strong> feature solves that problem.<\/p>\nIn-Place Pod Resize feature allows you to change CPU and memory requests and limits on a running pod without deleting or recreating it.<\/strong><\/p>\nWhen a resize is needed, the kubelet updates the container’s Linux<\/a> cgroup directly, without deleting the pod or restarting the container, unless you explicitly request it.<\/p>\nHere is an example that resizes a nginx pod without restarting it.<\/p>\n
kubectl patch pod nginx-demo \\\n --subresource resize \\\n --type merge \\\n -p '{\n \"spec\": {\n \"containers\": [{\n \"name\": \"nginx\",\n \"resources\": {\n \"requests\": { \"cpu\": \"500m\" },\n \"limits\": { \"cpu\": \"500m\" }\n }\n }]\n }\n }'<\/code><\/pre>\nIn the above example, the --subresource resize<\/code><\/strong> flag is the key part. It tells kubernetes that it is updating only the resizable fields<\/strong> (CPU and memory) of the pod.<\/p>\nThink of \/resize<\/code> subresource as a instruction that tells the cluster to adjust the running container’s resources without terminating the process.<\/p>\nBut there is a problem. <\/p>\n
You can only do it only on a pod level. You cannot do that for a deployment<\/strong>. If you update the Deployment, Kubernetes will recreate the Pods. That is why, you need to use VPA<\/strong> to perform in-place update for resources.<\/p>\nIn-Place Pod Resize With VPA<\/h2>\n
The following image illustrates how below VPA In-Place Pod Resize works behind the scenes.<\/p>\n![\"\"](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2026\/04\/image-44.png\")
<\/figure>\nHere is how the components work together to resize your pod:<\/p>\n
\n- Everything starts with the metrics server. It continuously tracks the CPU and memory usage of your pods.<\/li>\n
- The VPA Recommender<\/strong> analyzes these metrics. If it detects that a pod is under or overused, it calculates a new target resource value.<\/li>\n
- The VPA Updater,<\/strong> instead of evicting it, sends a patch request<\/strong> to the Kubernetes API to update the pod’s resources via the
\/resize<\/code><\/strong> subresource.<\/li>\n- Then, the Kubelet<\/strong> on the node receives the update and updates the container’s cgroups<\/strong> directly.<\/li>\n
- Thus, the new resource range will be updated to the pod without restarting it.<\/li>\n<\/ul>\n
Use Case<\/h2>\n
One limitation when VPA applies a new recommendation is, it evicts the running pod and recreates it. A new pod with the updated resources comes up, the old one gets deleted.<\/p>\n
For many workloads, this is acceptable. But for stateful apps, apps like WordPress<\/a>, long-running jobs<\/a>, or anything sensitive to restarts, that eviction may cause issues.<\/p>\nThis is where VPA In-Place Pod Resize<\/strong> comes in. We can use VPA InPlaceOrRecreate<\/code><\/strong> mode to use the kubernetes In-Place Pod Resize feature. It updates the pods of the target deployment without restarting it.<\/p>\n\n\u26a0\ufe0f<\/div>\nWhat if the node doesnt have requested resources? <\/p>\nIn InPlaceOrRecreate<\/code> mode, if the node does not have enough CPU or memory to complete the resize request, VPA will evict the pod and try to schedule in another node that has enough capacity. Otherwise, the pod remains pending<\/div>\n<\/div>\nContainer ResizePolicy (must know)<\/h2>\n
What if I want to restart the container after an in-place resize?<\/p>\n
For example, JVM based apps<\/strong> read the maximum heap size once when they start, based on the container’s memory limit at that time. If you increase the cgroup memory limit without restarting, the JVM will not use the extra memory, and its heap size does not change.<\/p>\nTo use in-place resize effectively, you can add a resizePolicy<\/code><\/strong> field to each container in your pod spec. This tells the kubelet what to do when a specific resource changes.<\/strong><\/p>\nThis policy allows the container to be restarted without restarting the pod.<\/strong><\/p>\nThere are two options in resizePolicy<\/code><\/strong>:<\/p>\n\n- NotRequired<\/strong> – The cgroup is updated while it keeps the container running.<\/li>\n
- RestartContainer<\/strong> – The container is restarted after the resource change.<\/li>\n<\/ol>\n\n\ud83d\udca1<\/div>\nThe default policy is
NotRequired<\/code><\/div>\n<\/div>\nYou can also use both options for the container. The example below shows the resizePolicy<\/code> block.<\/p>\nresizePolicy:\n - resourceName: cpu\n restartPolicy: NotRequired\n - resourceName: memory\n restartPolicy: RestartContainer<\/code><\/pre>\nThis causes a container restart when memory changes<\/strong>, but not when CPU changes.<\/p>\nNow lets move on to hands-on and look VPA in place resizing practically.<\/p>\n
Prerequisites<\/h2>\n
Make sure you have the following prerequisites before moving forward.<\/p>\n
\n- Kubernetes cluster<\/a> (Version 1.35)<\/li>\n
- kubectl<\/a><\/li>\n<\/ul>\n\n\ud83d\udca1<\/div>\nFor in-place resize work, your cluster nodes should be cgroup2<\/div>\n<\/div>\n
To verify the cgroup version, SSH into a node and run the following command.<\/p>\n
stat -fc %T \/sys\/fs\/cgroup\/\n<\/code><\/pre>\nThe output should be cgroup2<\/code>. If it says tmpfs<\/code>, your nodes are on cgroup v1, and in-place resize will not work.<\/p>\nInstall Metrics Server<\/h2>\n
Before installing VPA, you need to install the metrics server. VPA gets the resource usage of pods from the metrics server. (Ignore this step if you already have metrics server running in your cluster)<\/p>\n
Use the following command to install it.<\/p>\n
kubectl apply -f https:\/\/raw.githubusercontent.com\/techiescamp\/kubeadm-scripts\/main\/manifests\/metrics-server.yaml\n<\/code><\/pre>\nThen use the following command to check if the pods are up and running.<\/p>\n
$ kubectl get pods -n kube-system | grep metrics-server\n\nmetrics-server-6dc6795f96-8jj5w 1\/1 Running 0 3m32s\n<\/code><\/pre>\nInstall VPA <\/h2>\n
Use the following commands to install VPA with the in-place feature enabled.<\/p>\n
git clone https:\/\/github.com\/kubernetes\/autoscaler.git\n\ncd autoscaler\/vertical-pod-autoscaler\/\n\n.\/hack\/vpa-up.sh\n<\/code><\/pre>\nThen use the following command to make sure all the VPA pods are running.<\/p>\n
kubectl get pods -n kube-system | grep vpa\n<\/code><\/pre>\nYou should see the vpa-recommender<\/code><\/strong>, vpa-updater<\/code><\/strong>, and vpa-admission-controller<\/code><\/strong> pods all in Running<\/code><\/strong> state.<\/p>\nvpa-admission-controller-786f8fd784-nbqd7 1\/1 Running 0 14s\nvpa-recommender-797589f6c9-qhf66 1\/1 Running 0 16s\nvpa-updater-579cc98d57-6jwd7 1\/1 Running 0 16s<\/code><\/pre>\nValidating In-Place Resize<\/h2>\n
To test In-Place Resize, let’s create a deployment with an Nginx<\/a> image and create a VPA object for the deployment. <\/p>\nCreate a Deployment with resizePolicy<\/h3>\n
Lets create a simple nginx application with no resource limit or request set.<\/p>\n
Copy the following content and execute in the terminal.<\/p>\n
kubectl apply -f - <<EOF\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n name: nginx\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-resize\n template:\n metadata:\n labels:\n app: nginx-resize\n spec:\n containers:\n - name: nginx\n image: nginx:latest\n resources:\n requests:\n cpu: \"50m\"\n memory: \"64Mi\"\n limits:\n cpu: \"50m\"\n memory: \"64Mi\"\n resizePolicy:\n - resourceName: cpu\n restartPolicy: NotRequired\n - resourceName: memory\n restartPolicy: NotRequired\nEOF<\/code><\/pre>\n\n\u26a0\ufe0f<\/div>\nImportant Note:<\/strong><\/b> If you don’t set initial requests or limits, Kubernetes labels your pod as BestEffort<\/strong><\/b>.<\/p>\nWhen the VPA later adds a request, it tries to change that label to Burstable<\/strong><\/b>. Since a Pod\u2019s QoS class<\/a> is permanent and cannot be changed while it\u2019s running, the cluster is forced to delete and recreate the pod instead of just resizing it.<\/div>\n<\/div>\nNow, verify the pod is running.<\/p>\n
kubectl get pods -l app=nginx-resize<\/code><\/pre>\nYou will get the following output.<\/p>\n
NAME READY STATUS RESTARTS AGE\n\nnginx-77d65d859c-h8v8 1\/1 Running 0 45s<\/code><\/pre>\nUse the following command to check the resource allocation of the pod.<\/p>\n
kubectl get pod -l app=nginx-resize \\\n -o jsonpath='{.items[0].spec.containers[0].resources}' | jq<\/code><\/pre>\nYou will get the CPU and memory request as you specified.<\/p>\n
{\n \"limits\": {\n \"cpu\": \"50m\",\n \"memory\": \"64Mi\"\n },\n \"requests\": {\n \"cpu\": \"50m\",\n \"memory\": \"64Mi\"\n }\n}<\/code><\/pre>\nCreate a VPA Object <\/h3>\n
In Kubernetes<\/a>, it was not possible to change the CPU or memory for a running Pod without a restart.<\/p>\n But the In-Place Pod Resize<\/strong> feature solves that problem.<\/p>\n In-Place Pod Resize feature allows you to change CPU and memory requests and limits on a running pod without deleting or recreating it.<\/strong><\/p>\n When a resize is needed, the kubelet updates the container’s Linux<\/a> cgroup directly, without deleting the pod or restarting the container, unless you explicitly request it.<\/p>\n Here is an example that resizes a nginx pod without restarting it.<\/p>\n In the above example, the Think of But there is a problem. <\/p>\n You can only do it only on a pod level. You cannot do that for a deployment<\/strong>. If you update the Deployment, Kubernetes will recreate the Pods. That is why, you need to use VPA<\/strong> to perform in-place update for resources.<\/p>\n The following image illustrates how below VPA In-Place Pod Resize works behind the scenes.<\/p>\n Here is how the components work together to resize your pod:<\/p>\n One limitation when VPA applies a new recommendation is, it evicts the running pod and recreates it. A new pod with the updated resources comes up, the old one gets deleted.<\/p>\n For many workloads, this is acceptable. But for stateful apps, apps like WordPress<\/a>, long-running jobs<\/a>, or anything sensitive to restarts, that eviction may cause issues.<\/p>\n This is where VPA In-Place Pod Resize<\/strong> comes in. We can use VPA In What if I want to restart the container after an in-place resize?<\/p>\n For example, JVM based apps<\/strong> read the maximum heap size once when they start, based on the container’s memory limit at that time. If you increase the cgroup memory limit without restarting, the JVM will not use the extra memory, and its heap size does not change.<\/p>\n To use in-place resize effectively, you can add a This policy allows the container to be restarted without restarting the pod.<\/strong><\/p>\n There are two options in You can also use both options for the container. The example below shows the This causes a container restart when memory changes<\/strong>, but not when CPU changes.<\/p>\n Now lets move on to hands-on and look VPA in place resizing practically.<\/p>\n Make sure you have the following prerequisites before moving forward.<\/p>\n To verify the cgroup version, SSH into a node and run the following command.<\/p>\n The output should be Before installing VPA, you need to install the metrics server. VPA gets the resource usage of pods from the metrics server. (Ignore this step if you already have metrics server running in your cluster)<\/p>\n Use the following command to install it.<\/p>\n Then use the following command to check if the pods are up and running.<\/p>\n Use the following commands to install VPA with the in-place feature enabled.<\/p>\n Then use the following command to make sure all the VPA pods are running.<\/p>\n You should see the To test In-Place Resize, let’s create a deployment with an Nginx<\/a> image and create a VPA object for the deployment. <\/p>\n Lets create a simple nginx application with no resource limit or request set.<\/p>\n Copy the following content and execute in the terminal.<\/p>\n When the VPA later adds a request, it tries to change that label to Burstable<\/strong><\/b>. Since a Pod\u2019s QoS class<\/a> is permanent and cannot be changed while it\u2019s running, the cluster is forced to delete and recreate the pod instead of just resizing it.<\/div>\n<\/div>\n Now, verify the pod is running.<\/p>\n You will get the following output.<\/p>\n Use the following command to check the resource allocation of the pod.<\/p>\n You will get the CPU and memory request as you specified.<\/p>\nkubectl patch pod nginx-demo \\\n --subresource resize \\\n --type merge \\\n -p '{\n \"spec\": {\n \"containers\": [{\n \"name\": \"nginx\",\n \"resources\": {\n \"requests\": { \"cpu\": \"500m\" },\n \"limits\": { \"cpu\": \"500m\" }\n }\n }]\n }\n }'<\/code><\/pre>\n--subresource resize<\/code><\/strong> flag is the key part. It tells kubernetes that it is updating only the resizable fields<\/strong> (CPU and memory) of the pod.<\/p>\n\/resize<\/code> subresource as a instruction that tells the cluster to adjust the running container’s resources without terminating the process.<\/p>\nIn-Place Pod Resize With VPA<\/h2>\n
<\/figure>\n\n
\/resize<\/code><\/strong> subresource.<\/li>\nUse Case<\/h2>\n
InPlaceOrRecreate<\/code><\/strong> mode to use the kubernetes In-Place Pod Resize feature. It updates the pods of the target deployment without restarting it.<\/p>\nInPlaceOrRecreate<\/code> mode, if the node does not have enough CPU or memory to complete the resize request, VPA will evict the pod and try to schedule in another node that has enough capacity. Otherwise, the pod remains pending<\/div>\n<\/div>\nContainer ResizePolicy (must know)<\/h2>\n
resizePolicy<\/code><\/strong> field to each container in your pod spec. This tells the kubelet what to do when a specific resource changes.<\/strong><\/p>\nresizePolicy<\/code><\/strong>:<\/p>\n\n
NotRequired<\/code><\/div>\n<\/div>\nresizePolicy<\/code> block.<\/p>\nresizePolicy:\n - resourceName: cpu\n restartPolicy: NotRequired\n - resourceName: memory\n restartPolicy: RestartContainer<\/code><\/pre>\nPrerequisites<\/h2>\n
\n
stat -fc %T \/sys\/fs\/cgroup\/\n<\/code><\/pre>\ncgroup2<\/code>. If it says tmpfs<\/code>, your nodes are on cgroup v1, and in-place resize will not work.<\/p>\nInstall Metrics Server<\/h2>\n
kubectl apply -f https:\/\/raw.githubusercontent.com\/techiescamp\/kubeadm-scripts\/main\/manifests\/metrics-server.yaml\n<\/code><\/pre>\n$ kubectl get pods -n kube-system | grep metrics-server\n\nmetrics-server-6dc6795f96-8jj5w 1\/1 Running 0 3m32s\n<\/code><\/pre>\nInstall VPA <\/h2>\n
git clone https:\/\/github.com\/kubernetes\/autoscaler.git\n\ncd autoscaler\/vertical-pod-autoscaler\/\n\n.\/hack\/vpa-up.sh\n<\/code><\/pre>\nkubectl get pods -n kube-system | grep vpa\n<\/code><\/pre>\nvpa-recommender<\/code><\/strong>, vpa-updater<\/code><\/strong>, and vpa-admission-controller<\/code><\/strong> pods all in Running<\/code><\/strong> state.<\/p>\nvpa-admission-controller-786f8fd784-nbqd7 1\/1 Running 0 14s\nvpa-recommender-797589f6c9-qhf66 1\/1 Running 0 16s\nvpa-updater-579cc98d57-6jwd7 1\/1 Running 0 16s<\/code><\/pre>\nValidating In-Place Resize<\/h2>\n
Create a Deployment with resizePolicy<\/h3>\n
kubectl apply -f - <<EOF\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n name: nginx\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-resize\n template:\n metadata:\n labels:\n app: nginx-resize\n spec:\n containers:\n - name: nginx\n image: nginx:latest\n resources:\n requests:\n cpu: \"50m\"\n memory: \"64Mi\"\n limits:\n cpu: \"50m\"\n memory: \"64Mi\"\n resizePolicy:\n - resourceName: cpu\n restartPolicy: NotRequired\n - resourceName: memory\n restartPolicy: NotRequired\nEOF<\/code><\/pre>\nkubectl get pods -l app=nginx-resize<\/code><\/pre>\nNAME READY STATUS RESTARTS AGE\n\nnginx-77d65d859c-h8v8 1\/1 Running 0 45s<\/code><\/pre>\nkubectl get pod -l app=nginx-resize \\\n -o jsonpath='{.items[0].spec.containers[0].resources}' | jq<\/code><\/pre>\n{\n \"limits\": {\n \"cpu\": \"50m\",\n \"memory\": \"64Mi\"\n },\n \"requests\": {\n \"cpu\": \"50m\",\n \"memory\": \"64Mi\"\n }\n}<\/code><\/pre>\nCreate a VPA Object <\/h3>\n