feature: add PodsWithResourceClaims parameter in DefaultEvictorArgs PodProtections

Signed-off-by: googs1025 <googs1025@gmail.com>
2026-01-26 13:29:11 +01:00 · 2025-01-02 08:54:39 +08:00
parent f2211e1cef
commit 9c7e01de67
8 changed files with 83 additions and 15 deletions
--- a/pkg/framework/plugins/defaultevictor/constraints.go
+++ b/pkg/framework/plugins/defaultevictor/constraints.go
@@ -211,3 +211,17 @@ func evictionConstraintsForIgnorePodsWithoutPDB(ignorePodsWithoutPDB bool, handl
 	}
 	return nil
 }
+
+func evictionConstraintsForResourceClaimsPods(protectionEnabled bool) []constraint {
+	if protectionEnabled {
+		return []constraint{
+			func(pod *v1.Pod) error {
+				if utils.IsPodWithResourceClaims(pod) {
+					return fmt.Errorf("pod has ResourceClaims and descheduler is configured to protect ResourceClaims pods")
+				}
+				return nil
+			},
+		}
+	}
+	return nil
+}
--- a/pkg/framework/plugins/defaultevictor/defaultevictor.go
+++ b/pkg/framework/plugins/defaultevictor/defaultevictor.go
@@ -124,6 +124,7 @@ func applyEffectivePodProtections(d *DefaultEvictor, podProtections []PodProtect
 	applyDaemonSetPodsProtection(d, protectionMap)
 	applyPvcPodsProtection(d, protectionMap)
 	applyPodsWithoutPDBProtection(d, protectionMap, handle)
+	applyPodsWithResourceClaimsProtection(d, protectionMap)

 	return nil
 }
@@ -168,6 +169,11 @@ func applyPodsWithoutPDBProtection(d *DefaultEvictor, protectionMap map[PodProte
 	d.constraints = append(d.constraints, evictionConstraintsForIgnorePodsWithoutPDB(isProtectionEnabled, handle)...)
 }

+func applyPodsWithResourceClaimsProtection(d *DefaultEvictor, protectionMap map[PodProtection]bool) {
+	isProtectionEnabled := protectionMap[PodsWithResourceClaims]
+	d.constraints = append(d.constraints, evictionConstraintsForResourceClaimsPods(isProtectionEnabled)...)
+}
+
 // getEffectivePodProtections determines which policies are currently active.
 // It supports both new-style (PodProtections) and legacy-style flags.
 func getEffectivePodProtections(args *DefaultEvictorArgs) []PodProtection {
--- a/pkg/framework/plugins/defaultevictor/defaultevictor_test.go
+++ b/pkg/framework/plugins/defaultevictor/defaultevictor_test.go
@@ -28,6 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes/fake"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/descheduler/pkg/api"
 	evictionutils "sigs.k8s.io/descheduler/pkg/descheduler/evictions/utils"
 	podutil "sigs.k8s.io/descheduler/pkg/descheduler/pod"
@@ -860,6 +861,24 @@ func TestDefaultEvictorFilter(t *testing.T) {
 			},
 			result: false,
 		},
+		{
+			description: "Pod with ResourceClaims is not evicted because 'PodsWithResourceClaims' is in extraPodProtections",
+			pods: []*v1.Pod{
+				test.BuildTestPod("p20", 400, 0, n1.Name, func(pod *v1.Pod) {
+					pod.ObjectMeta.OwnerReferences = test.GetNormalPodOwnerRefList()
+					pod.Spec.ResourceClaims = []v1.PodResourceClaim{
+						{
+							Name:              "test-claim",
+							ResourceClaimName: ptr.To("test-resource-claim"),
+						},
+					}
+				}),
+			},
+			podProtections: PodProtections{
+				ExtraEnabled: []PodProtection{PodsWithResourceClaims},
+			},
+			result: false,
+		},
 	}

 	for _, test := range testCases {
@@ -1049,6 +1068,26 @@ func TestGetEffectivePodProtections_TableDriven(t *testing.T) {
 			},
 			wantResult: []PodProtection{PodsWithLocalStorage, SystemCriticalPods, PodsWithPVC},
 		},
+		{
+			name: "NewConfig_EnableOneExtra(PodsWithResourceClaims)_ReturnsDefaultPlusOne",
+			args: &DefaultEvictorArgs{
+				PodProtections: PodProtections{
+					DefaultDisabled: []PodProtection{},
+					ExtraEnabled:    []PodProtection{PodsWithResourceClaims},
+				},
+			},
+			wantResult: append(defaultSet, PodsWithResourceClaims),
+		},
+		{
+			name: "NewConfig_DisableAndEnable_ReturnsModifiedSet",
+			args: &DefaultEvictorArgs{
+				PodProtections: PodProtections{
+					DefaultDisabled: []PodProtection{FailedBarePods, DaemonSetPods},
+					ExtraEnabled:    []PodProtection{PodsWithPVC, PodsWithResourceClaims},
+				},
+			},
+			wantResult: []PodProtection{PodsWithLocalStorage, SystemCriticalPods, PodsWithPVC, PodsWithResourceClaims},
+		},
 	}

 	for _, tt := range tests {
--- a/pkg/framework/plugins/defaultevictor/types.go
+++ b/pkg/framework/plugins/defaultevictor/types.go
@@ -55,12 +55,13 @@ type DefaultEvictorArgs struct {
 type PodProtection string

 const (
-	PodsWithLocalStorage PodProtection = "PodsWithLocalStorage"
-	DaemonSetPods        PodProtection = "DaemonSetPods"
-	SystemCriticalPods   PodProtection = "SystemCriticalPods"
-	FailedBarePods       PodProtection = "FailedBarePods"
-	PodsWithPVC          PodProtection = "PodsWithPVC"
-	PodsWithoutPDB       PodProtection = "PodsWithoutPDB"
+	PodsWithLocalStorage   PodProtection = "PodsWithLocalStorage"
+	DaemonSetPods          PodProtection = "DaemonSetPods"
+	SystemCriticalPods     PodProtection = "SystemCriticalPods"
+	FailedBarePods         PodProtection = "FailedBarePods"
+	PodsWithPVC            PodProtection = "PodsWithPVC"
+	PodsWithoutPDB         PodProtection = "PodsWithoutPDB"
+	PodsWithResourceClaims PodProtection = "PodsWithResourceClaims"
 )

 // PodProtections holds the list of enabled and disabled protection policies.
@@ -98,9 +99,11 @@ var defaultPodProtections = []PodProtection{
 // Currently supported extra policies:
 //   - PodsWithPVC: Protects pods using PersistentVolumeClaims.
 //   - PodsWithoutPDB: Protects pods lacking a PodDisruptionBudget.
+//   - PodsWithResourceClaims: Protects pods using ResourceClaims.
 var extraPodProtections = []PodProtection{
 	PodsWithPVC,
 	PodsWithoutPDB,
+	PodsWithResourceClaims,
 }

 // NoEvictionPolicy dictates whether a no-eviction policy is preferred or mandatory.
--- a/pkg/framework/plugins/defaultevictor/validation_test.go
+++ b/pkg/framework/plugins/defaultevictor/validation_test.go
@@ -122,7 +122,7 @@ func TestValidateDefaultEvictorArgs(t *testing.T) {
 					ExtraEnabled: []PodProtection{"InvalidPolicy"},
 				},
 			},
-			errInfo: fmt.Errorf(`invalid pod protection policy in ExtraEnabled: "InvalidPolicy". Valid options are: [PodsWithPVC PodsWithoutPDB]`),
+			errInfo: fmt.Errorf(`invalid pod protection policy in ExtraEnabled: "InvalidPolicy". Valid options are: [PodsWithPVC PodsWithoutPDB PodsWithResourceClaims]`),
 		},
 		{
 			name: "Invalid ExtraEnabled: Misspelled policy",
@@ -131,7 +131,7 @@ func TestValidateDefaultEvictorArgs(t *testing.T) {
 					ExtraEnabled: []PodProtection{"PodsWithPVCC"},
 				},
 			},
-			errInfo: fmt.Errorf(`invalid pod protection policy in ExtraEnabled: "PodsWithPVCC". Valid options are: [PodsWithPVC PodsWithoutPDB]`),
+			errInfo: fmt.Errorf(`invalid pod protection policy in ExtraEnabled: "PodsWithPVCC". Valid options are: [PodsWithPVC PodsWithoutPDB PodsWithResourceClaims]`),
 		},
 		{
 			name: "Invalid ExtraEnabled: Policy from DefaultDisabled list",
@@ -140,7 +140,7 @@ func TestValidateDefaultEvictorArgs(t *testing.T) {
 					ExtraEnabled: []PodProtection{DaemonSetPods},
 				},
 			},
-			errInfo: fmt.Errorf(`invalid pod protection policy in ExtraEnabled: "DaemonSetPods". Valid options are: [PodsWithPVC PodsWithoutPDB]`),
+			errInfo: fmt.Errorf(`invalid pod protection policy in ExtraEnabled: "DaemonSetPods". Valid options are: [PodsWithPVC PodsWithoutPDB PodsWithResourceClaims]`),
 		},
 		{
 			name: "Invalid DefaultDisabled: Unknown policy",