Merge pull request #989 from damemi/1.25-update-rolebinding

[release-1.25] Update helm chart rolebinding to use events.k8s.io
Update helm chart rolebinding to use events.k8s.io
2026-01-26 05:14:13 +01:00 · 2022-10-17 14:53:18 -07:00 · 2022-10-17 13:15:15 +00:00 · 2022-09-27 08:01:51 -07:00 · 2022-09-27 14:36:55 +00:00 · 2022-09-27 07:15:51 -07:00
2297 changed files with 162983 additions and 55067 deletions
--- a/.github/ci/ct.yaml
+++ b/.github/ci/ct.yaml
@@ -0,0 +1,6 @@
 chart-dirs:
  - charts
 helm-extra-args: "--timeout=5m"
 check-version-increment: false
 helm-extra-set-args: "--set=kind=Deployment"
 target-branch: master
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -0,0 +1,67 @@
 name: Helm
 on:
  push:
    branches:
      - master
      - release-*
    paths:
      - 'charts/**'
      - '.github/workflows/helm.yaml'
  pull_request:
    paths:
      - 'charts/**'
      - '.github/workflows/helm.yaml'
 jobs:
  lint-and-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v2.1
        with:
          version: v3.9.2
      - uses: actions/setup-python@v3.1.2
        with:
          python-version: 3.7
      - uses: actions/setup-go@v3
        with:
          go-version: '1.19.0'
      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.2.1
        with:
          version: v3.7.0
      - name: Run chart-testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --config=.github/ci/ct.yaml)
          if [[ -n "$changed" ]]; then
            echo "::set-output name=changed::true"
          fi
      - name: Run chart-testing (lint)
        run: ct lint --config=.github/ci/ct.yaml --validate-maintainers=false
      # Need a multi node cluster so descheduler runs until evictions
      - name: Create multi node Kind cluster
        run: make kind-multi-node
      # helm-extra-set-args only available after ct 3.6.0
      - name: Run chart-testing (install)
        run: ct install --config=.github/ci/ct.yaml
      - name: E2E after chart install
        env:
          KUBERNETES_VERSION: "v1.25.0"
          KIND_E2E: true
          SKIP_INSTALL: true
        run: make test-e2e
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -0,0 +1,47 @@
 name: "Security"
 on:
  push:
    branches:
      - main
      - master
      - release-*
  schedule:
    - cron: '30 1 * * 0'
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Build image
        run: |
          IMAGE_REPO=${HELM_IMAGE_REPO:-descheduler}
          IMAGE_TAG=${HELM_IMAGE_TAG:-security-test}
          VERSION=security-test make image
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'descheduler:security-test'
          format: 'sarif'
          exit-code: '0'
          severity: 'CRITICAL,HIGH'
          output: 'trivy-results.sarif'
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: 'trivy-results.sarif'
          exit-code: '0'
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@ vendordiff.patch
 .idea/
 *.code-workspace
 .vscode/
-kind
+kind
 bin/
--- a/2
+++ b/2
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM golang:1.16.7
+FROM golang:1.19.0
 WORKDIR /go/src/sigs.k8s.io/descheduler
 COPY . .
--- a/55
+++ b/55
@@ -14,8 +14,10 @@
 .PHONY: test
 export CONTAINER_ENGINE ?= docker
 # VERSION is based on a date stamp plus the last commit
-VERSION?=v$(shell date +%Y%m%d)-$(shell git describe --tags --match "v*")
+VERSION?=v$(shell date +%Y%m%d)-$(shell git describe --tags)
 BRANCH?=$(shell git branch --show-current)
 SHA1?=$(shell git rev-parse HEAD)
 BUILD=$(shell date +%FT%T%z)
@@ -24,7 +26,7 @@ ARCHS = amd64 arm arm64
 LDFLAGS=-ldflags "-X ${LDFLAG_LOCATION}.version=${VERSION} -X ${LDFLAG_LOCATION}.buildDate=${BUILD} -X ${LDFLAG_LOCATION}.gitbranch=${BRANCH} -X ${LDFLAG_LOCATION}.gitsha1=${SHA1}"
-GOLANGCI_VERSION := v1.30.0
+GOLANGCI_VERSION := v1.49.0
 HAS_GOLANGCI := $(shell ls _output/bin/golangci-lint 2> /dev/null)
 # REGISTRY is the container registry to push
@@ -60,36 +62,36 @@ build.arm64:
 	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build ${LDFLAGS} -o _output/bin/descheduler sigs.k8s.io/descheduler/cmd/descheduler
 dev-image: build
-	docker build -f Dockerfile.dev -t $(IMAGE) .
+	$(CONTAINER_ENGINE) build -f Dockerfile.dev -t $(IMAGE) .
 image:
-	docker build --build-arg VERSION="$(VERSION)" --build-arg ARCH="amd64" -t $(IMAGE) .
+	$(CONTAINER_ENGINE) build --build-arg VERSION="$(VERSION)" --build-arg ARCH="amd64" -t $(IMAGE) .
 image.amd64:
-	docker build --build-arg VERSION="$(VERSION)" --build-arg ARCH="amd64" -t $(IMAGE)-amd64 .
+	$(CONTAINER_ENGINE) build --build-arg VERSION="$(VERSION)" --build-arg ARCH="amd64" -t $(IMAGE)-amd64 .
 image.arm:
-	docker build --build-arg VERSION="$(VERSION)" --build-arg ARCH="arm" -t $(IMAGE)-arm .
+	$(CONTAINER_ENGINE) build --build-arg VERSION="$(VERSION)" --build-arg ARCH="arm" -t $(IMAGE)-arm .
 image.arm64:
-	docker build --build-arg VERSION="$(VERSION)" --build-arg ARCH="arm64" -t $(IMAGE)-arm64 .
+	$(CONTAINER_ENGINE) build --build-arg VERSION="$(VERSION)" --build-arg ARCH="arm64" -t $(IMAGE)-arm64 .
 push: image
 	gcloud auth configure-docker
-	docker tag $(IMAGE) $(IMAGE_GCLOUD)
+	$(CONTAINER_ENGINE) tag $(IMAGE) $(IMAGE_GCLOUD)
-	docker push $(IMAGE_GCLOUD)
+	$(CONTAINER_ENGINE) push $(IMAGE_GCLOUD)
 push-all: image.amd64 image.arm image.arm64
 	gcloud auth configure-docker
 	for arch in $(ARCHS); do \
-		docker tag $(IMAGE)-$${arch} $(IMAGE_GCLOUD)-$${arch} ;\
+		$(CONTAINER_ENGINE) tag $(IMAGE)-$${arch} $(IMAGE_GCLOUD)-$${arch} ;\
-		docker push $(IMAGE_GCLOUD)-$${arch} ;\
+		$(CONTAINER_ENGINE) push $(IMAGE_GCLOUD)-$${arch} ;\
 	done
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create $(IMAGE_GCLOUD) $(addprefix --amend $(IMAGE_GCLOUD)-, $(ARCHS))
+	DOCKER_CLI_EXPERIMENTAL=enabled $(CONTAINER_ENGINE) manifest create $(IMAGE_GCLOUD) $(addprefix --amend $(IMAGE_GCLOUD)-, $(ARCHS))
 	for arch in $(ARCHS); do \
-		DOCKER_CLI_EXPERIMENTAL=enabled docker manifest annotate --arch $${arch} $(IMAGE_GCLOUD) $(IMAGE_GCLOUD)-$${arch} ;\
+		DOCKER_CLI_EXPERIMENTAL=enabled $(CONTAINER_ENGINE) manifest annotate --arch $${arch} $(IMAGE_GCLOUD) $(IMAGE_GCLOUD)-$${arch} ;\
 	done
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push $(IMAGE_GCLOUD) ;\
+	DOCKER_CLI_EXPERIMENTAL=enabled $(CONTAINER_ENGINE) manifest push $(IMAGE_GCLOUD) ;\
 clean:
 	rm -rf _output
@@ -131,17 +133,28 @@ verify-gen:
 lint:
 ifndef HAS_GOLANGCI
-	curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b ./_output/bin ${GOLANGCI_VERSION}
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b ./_output/bin ${GOLANGCI_VERSION}
 endif
 	./_output/bin/golangci-lint run
-lint-chart: ensure-helm-install
+# helm
 	helm lint ./charts/descheduler
 test-helm: ensure-helm-install
 	./test/run-helm-tests.sh
 ensure-helm-install:
 ifndef HAS_HELM
 	curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 && chmod 700 ./get_helm.sh && ./get_helm.sh
-endif
+endif
 lint-chart: ensure-helm-install
 	helm lint ./charts/descheduler
 build-helm:
 	helm package ./charts/descheduler --dependency-update --destination ./bin/chart
 test-helm: ensure-helm-install
 	./test/run-helm-tests.sh
 kind-multi-node:
 	kind create cluster --name kind --config ./hack/kind_config.yaml --wait 2m
 ct-helm:
 	./hack/verify-chart.sh
--- a/6
+++ b/6
@@ -2,14 +2,14 @@ approvers:
 - damemi
 - ingvagabund
 - seanmalloy
 - a7i
 reviewers:
 - aveshagarwal
 - k82cn
 - ravisantoshgudimetla
 - damemi
 - seanmalloy
 - ingvagabund
 - lixiang233
 - a7i
 - janeliul
 emeritus_approvers:
 - aveshagarwal
 - k82cn
--- a/README.md
+++ b/README.md
@@ -50,6 +50,8 @@ Table of Contents
  - [Node Fit filtering](#node-fit-filtering)
 - [Pod Evictions](#pod-evictions)
  - [Pod Disruption Budget (PDB)](#pod-disruption-budget-pdb)
 - [High Availability](#high-availability)
  - [Configure HA Mode](#configure-ha-mode)
 - [Metrics](#metrics)
 - [Compatibility Matrix](#compatibility-matrix)
 - [Getting Involved and Contributing](#getting-involved-and-contributing)
@@ -103,17 +105,17 @@ See the [resources | Kustomize](https://kubectl.docs.kubernetes.io/references/ku
 Run As A Job
 ```
-kustomize build 'github.com/kubernetes-sigs/descheduler/kubernetes/job?ref=v0.22.0' | kubectl apply -f -
+kustomize build 'github.com/kubernetes-sigs/descheduler/kubernetes/job?ref=v0.25.1' | kubectl apply -f -
 ```
 Run As A CronJob
 ```
-kustomize build 'github.com/kubernetes-sigs/descheduler/kubernetes/cronjob?ref=v0.22.0' | kubectl apply -f -
+kustomize build 'github.com/kubernetes-sigs/descheduler/kubernetes/cronjob?ref=v0.25.1' | kubectl apply -f -
 ```
 Run As A Deployment
 ```
-kustomize build 'github.com/kubernetes-sigs/descheduler/kubernetes/deployment?ref=v0.22.0' | kubectl apply -f -
+kustomize build 'github.com/kubernetes-sigs/descheduler/kubernetes/deployment?ref=v0.25.1' | kubectl apply -f -
 ```
 ## User Guide
@@ -132,6 +134,8 @@ The policy includes a common configuration that applies to all the strategies:
 | `evictSystemCriticalPods` | `false` | [Warning: Will evict Kubernetes system pods] allows eviction of pods with any priority, including system pods like kube-dns |
 | `ignorePvcPods` | `false` | set whether PVC pods should be evicted or ignored |
 | `maxNoOfPodsToEvictPerNode` | `nil` | maximum number of pods evicted from each node (summed through all strategies) |
 | `maxNoOfPodsToEvictPerNamespace` | `nil` | maximum number of pods evicted from each namespace (summed through all strategies) |
 | `evictFailedBarePods` | `false` | allow eviction of pods without owner references and in failed phase |
 As part of the policy, the parameters associated with each strategy can be configured.
 See each strategy for details on available parameters.
@@ -142,6 +146,7 @@ See each strategy for details on available parameters.
 apiVersion: "descheduler/v1alpha1"
 kind: "DeschedulerPolicy"
 nodeSelector: prod=dev
 evictFailedBarePods: false
 evictLocalStoragePods: true
 evictSystemCriticalPods: true
 maxNoOfPodsToEvictPerNode: 40
@@ -216,6 +221,17 @@ These thresholds, `thresholds` and `targetThresholds`, could be tuned as per you
 strategy evicts pods from `overutilized nodes` (those with usage above `targetThresholds`) to `underutilized nodes`
 (those with usage below `thresholds`), it will abort if any number of `underutilized nodes` or `overutilized nodes` is zero.
 Additionally, the strategy accepts a `useDeviationThresholds` parameter.
 If that parameter is set to `true`, the thresholds are considered as percentage deviations from mean resource usage.
 `thresholds` will be deducted from the mean among all nodes and `targetThresholds` will be added to the mean.
 A resource consumption above (resp. below) this window is considered as overutilization (resp. underutilization).
 **NOTE:** Node resource consumption is determined by the requests and limits of pods, not actual usage.
 This approach is chosen in order to maintain consistency with the kube-scheduler, which follows the same
 design for scheduling pods onto nodes. This means that resource usage as reported by Kubelet (or commands
 like `kubectl top`) may differ from the calculated consumption, due to these components reporting
 actual usage metrics. Implementing metrics-based descheduling is currently TODO for the project.
 **Parameters:**
 |Name|Type|
@@ -223,6 +239,7 @@ strategy evicts pods from `overutilized nodes` (those with usage above `targetTh
 |`thresholds`|map(string:int)|
 |`targetThresholds`|map(string:int)|
 |`numberOfNodes`|int|
 |`useDeviationThresholds`|bool|
 |`thresholdPriority`|int (see [priority filtering](#priority-filtering))|
 |`thresholdPriorityClassName`|string (see [priority filtering](#priority-filtering))|
 |`nodeFit`|bool (see [node fit filtering](#node-fit-filtering))|
@@ -263,10 +280,10 @@ under utilized frequently or for a short period of time. By default, `numberOfNo
 ### HighNodeUtilization
-This strategy finds nodes that are under utilized and evicts pods from the nodes in the hope that these pods will be 
+This strategy finds nodes that are under utilized and evicts pods from the nodes in the hope that these pods will be
-scheduled compactly into fewer nodes.  Used in conjunction with node auto-scaling, this strategy is intended to help 
+scheduled compactly into fewer nodes.  Used in conjunction with node auto-scaling, this strategy is intended to help
 trigger down scaling of under utilized nodes.
-This strategy **must** be used with the scheduler strategy `MostRequestedPriority`. The parameters of this strategy are 
+This strategy **must** be used with the scheduler scoring strategy `MostAllocated`. The parameters of this strategy are
 configured under `nodeResourceUtilizationThresholds`.
 The under utilization of nodes is determined by a configurable threshold `thresholds`. The threshold
@@ -283,6 +300,12 @@ strategy evicts pods from `underutilized nodes` (those with usage below `thresho
 so that they can be recreated in appropriately utilized nodes.
 The strategy will abort if any number of `underutilized nodes` or `appropriately utilized nodes` is zero.
 **NOTE:** Node resource consumption is determined by the requests and limits of pods, not actual usage.
 This approach is chosen in order to maintain consistency with the kube-scheduler, which follows the same
 design for scheduling pods onto nodes. This means that resource usage as reported by Kubelet (or commands
 like `kubectl top`) may differ from the calculated consumption, due to these components reporting
 actual usage metrics. Implementing metrics-based descheduling is currently TODO for the project.
 **Parameters:**
 |Name|Type|
@@ -397,10 +420,17 @@ pod "podA" with a toleration to tolerate a taint ``key=value:NoSchedule`` schedu
 node. If the node's taint is subsequently updated/removed, taint is no longer satisfied by its pods' tolerations
 and will be evicted.
 Node taints can be excluded from consideration by specifying a list of excludedTaints. If a node taint key **or**
 key=value matches an excludedTaints entry, the taint will be ignored.
 For example, excludedTaints entry "dedicated" would match all taints with key "dedicated", regardless of value.
 excludedTaints entry "dedicated=special-user" would match taints with key "dedicated" and value "special-user".
 **Parameters:**
 |Name|Type|
 |---|---|
 |`excludedTaints`|list(string)|
 |`thresholdPriority`|int (see [priority filtering](#priority-filtering))|
 |`thresholdPriorityClassName`|string (see [priority filtering](#priority-filtering))|
 |`namespaces`|(see [namespace filtering](#namespace-filtering))|
@@ -415,6 +445,10 @@ kind: "DeschedulerPolicy"
 strategies:
  "RemovePodsViolatingNodeTaints":
    enabled: true
    params:
      excludedTaints:
      - dedicated=special-user # exclude taints with key "dedicated" and value "special-user"
      - reserved # exclude all taints with key "reserved"
 ````
 ### RemovePodsViolatingTopologySpreadConstraint
@@ -456,9 +490,9 @@ strategies:
 This strategy makes sure that pods having too many restarts are removed from nodes. For example a pod with EBS/PD that
 can't get the volume/disk attached to the instance, then the pod should be re-scheduled to other nodes. Its parameters
-include `podRestartThreshold`, which is the number of restarts at which a pod should be evicted, and `includingInitContainers`,
+include `podRestartThreshold`, which is the number of restarts (summed over all eligible containers) at which a pod
-which determines whether init container restarts should be factored into that calculation.
+should be evicted, and `includingInitContainers`, which determines whether init container restarts should be factored
-|`labelSelector`|(see [label filtering](#label-filtering))|
+into that calculation.
 **Parameters:**
@@ -469,6 +503,7 @@ which determines whether init container restarts should be factored into that ca
 |`thresholdPriority`|int (see [priority filtering](#priority-filtering))|
 |`thresholdPriorityClassName`|string (see [priority filtering](#priority-filtering))|
 |`namespaces`|(see [namespace filtering](#namespace-filtering))|
 |`labelSelector`|(see [label filtering](#label-filtering))|
 |`nodeFit`|bool (see [node fit filtering](#node-fit-filtering))|
 **Example:**
@@ -489,19 +524,24 @@ strategies:
 This strategy evicts pods that are older than `maxPodLifeTimeSeconds`.
-You can also specify `podStatusPhases` to `only` evict pods with specific `StatusPhases`, currently this parameter is limited
+You can also specify `states` parameter to **only** evict pods matching the following conditions:
-to `Running` and `Pending`.
+  - [Pod Phase](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase) status of: `Running`, `Pending`
  - [Container State Waiting](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-state-waiting) condition of: `PodInitializing`, `ContainerCreating`
 If a value for `states` or `podStatusPhases` is not specified,
 Pods in any state (even `Running`) are considered for eviction.
 **Parameters:**
-|Name|Type|
+|Name|Type|Notes|
-|---|---|
+|---|---|---|
-|`maxPodLifeTimeSeconds`|int|
+|`maxPodLifeTimeSeconds`|int||
-|`podStatusPhases`|list(string)|
+|`podStatusPhases`|list(string)|Deprecated in v0.25+ Use `states` instead|
-|`thresholdPriority`|int (see [priority filtering](#priority-filtering))|
+|`states`|list(string)|Only supported in v0.25+|
-|`thresholdPriorityClassName`|string (see [priority filtering](#priority-filtering))|
+|`thresholdPriority`|int (see [priority filtering](#priority-filtering))||
-|`namespaces`|(see [namespace filtering](#namespace-filtering))|
+|`thresholdPriorityClassName`|string (see [priority filtering](#priority-filtering))||
-|`labelSelector`|(see [label filtering](#label-filtering))|
+|`namespaces`|(see [namespace filtering](#namespace-filtering))||
 |`labelSelector`|(see [label filtering](#label-filtering))||
 **Example:**
@@ -514,8 +554,9 @@ strategies:
     params:
       podLifeTime:
         maxPodLifeTimeSeconds: 86400
-         podStatusPhases:
+         states:
         - "Pending"
         - "PodInitializing"
 ```
 ### RemoveFailedPods
@@ -523,7 +564,7 @@ strategies:
 This strategy evicts pods that are in failed status phase.
 You can provide an optional parameter to filter by failed `reasons`.
 `reasons` can be expanded to include reasons of InitContainers as well by setting the optional parameter `includingInitContainers` to `true`.
-You can specify an optional parameter `minPodLifeTimeSeconds` to evict pods that are older than specified seconds.
+You can specify an optional parameter `minPodLifetimeSeconds` to evict pods that are older than specified seconds.
 Lastly, you can specify the optional parameter `excludeOwnerKinds` and if a pod
 has any of these `Kind`s listed as an `OwnerRef`, that pod will not be considered for eviction.
@@ -531,7 +572,7 @@ has any of these `Kind`s listed as an `OwnerRef`, that pod will not be considere
 |Name|Type|
 |---|---|
-|`minPodLifeTimeSeconds`|uint|
+|`minPodLifetimeSeconds`|uint|
 |`excludeOwnerKinds`|list(string)|
 |`reasons`|list(string)|
 |`includingInitContainers`|bool|
@@ -556,7 +597,7 @@ strategies:
         includingInitContainers: true
         excludeOwnerKinds:
         - "Job"
-         minPodLifeTimeSeconds: 3600
+         minPodLifetimeSeconds: 3600
 ```
 ## Filter Pods
@@ -654,7 +695,7 @@ does not exist, descheduler won't create it and will throw an error.
 ### Label filtering
-The following strategies can configure a [standard kubernetes labelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#labelselector-v1-meta)
+The following strategies can configure a [standard kubernetes labelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#labelselector-v1-meta)
 to filter pods by their labels:
 * `PodLifeTime`
@@ -702,8 +743,9 @@ The following strategies accept a `nodeFit` boolean parameter which can optimize
 If set to `true` the descheduler will consider whether or not the pods that meet eviction criteria will fit on other nodes before evicting them. If a pod cannot be rescheduled to another node, it will not be evicted. Currently the following criteria are considered when setting `nodeFit` to `true`:
 - A `nodeSelector` on the pod
- Any `Tolerations` on the pod and any `Taints` on the other nodes
+- Any `tolerations` on the pod and any `taints` on the other nodes
 - `nodeAffinity` on the pod
 - Resource `requests` made by the pod and the resources available on other nodes
 - Whether any of the other nodes are marked as `unschedulable`
 E.g.
@@ -713,18 +755,18 @@ apiVersion: "descheduler/v1alpha1"
 kind: "DeschedulerPolicy"
 strategies:
  "LowNodeUtilization":
-     enabled: true
+    enabled: true
-     params:
+    params:
-       nodeResourceUtilizationThresholds:
+      nodeFit: true
-         thresholds:
+      nodeResourceUtilizationThresholds:
-           "cpu" : 20
+        thresholds:
-           "memory": 20
+          "cpu": 20
-           "pods": 20
+          "memory": 20
-         targetThresholds:
+          "pods": 20
-           "cpu" : 50
+        targetThresholds:
-           "memory": 50
+          "cpu": 50
-           "pods": 50
+          "memory": 50
-        nodeFit: true
+          "pods": 50
 ```
 Note that node fit filtering references the current pod spec, and not that of it's owner.
@@ -739,8 +781,8 @@ Using Deployments instead of ReplicationControllers provides an automated rollou
 When the descheduler decides to evict pods from a node, it employs the following general mechanism:
 * [Critical pods](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) (with priorityClassName set to system-cluster-critical or system-node-critical) are never evicted (unless `evictSystemCriticalPods: true` is set).
-* Pods (static or mirrored pods or stand alone pods) not part of an ReplicationController, ReplicaSet(Deployment), StatefulSet, or Job are
+* Pods (static or mirrored pods or standalone pods) not part of an ReplicationController, ReplicaSet(Deployment), StatefulSet, or Job are
-never evicted because these pods won't be recreated.
+never evicted because these pods won't be recreated. (Standalone pods in failed status phase can be evicted by setting `evictFailedBarePods: true`)
 * Pods associated with DaemonSets are never evicted.
 * Pods with local storage are never evicted (unless `evictLocalStoragePods: true` is set).
 * Pods with PVCs are evicted (unless `ignorePvcPods: true` is set).
@@ -749,6 +791,7 @@ best effort pods are evicted before burstable and guaranteed pods.
 * All types of pods with the annotation `descheduler.alpha.kubernetes.io/evict` are eligible for eviction. This
  annotation is used to override checks which prevent eviction and users can select which pod is evicted.
  Users should know how and if the pod will be recreated.
 * Pods with a non-nil DeletionTimestamp are not evicted by default.
 Setting `--v=4` or greater on the Descheduler will log all reasons why any pod is not evictable.
@@ -757,6 +800,23 @@ Setting `--v=4` or greater on the Descheduler will log all reasons why any pod i
 Pods subject to a Pod Disruption Budget(PDB) are not evicted if descheduling violates its PDB. The pods
 are evicted by using the eviction subresource to handle PDB.
 ## High Availability
 In High Availability mode, Descheduler starts [leader election](https://github.com/kubernetes/client-go/tree/master/tools/leaderelection) process in Kubernetes. You can activate HA mode
 if you choose to deploy your application as Deployment.
 Deployment starts with 1 replica by default. If you want to use more than 1 replica, you must consider
 enable High Availability mode since we don't want to run descheduler pods simultaneously.
 ### Configure HA Mode
 The leader election process can be enabled by setting `--leader-elect` in the CLI. You can also set
 `--set=leaderElection.enabled=true` flag if you are using Helm.
 To get best results from HA mode some additional configurations might require:
 * Configure a [podAntiAffinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node) rule if you want to schedule onto a node only if that node is in the same zone as at least one already-running descheduler
 * Set the replica count greater than 1
 ## Metrics
 | name	| type	| description |
@@ -776,17 +836,19 @@ v0.18 should work with k8s v1.18, v1.17, and v1.16.
 Starting with descheduler release v0.18 the minor version of descheduler matches the minor version of the k8s client
 packages that it is compiled with.
-Descheduler  | Supported Kubernetes Version
+| Descheduler | Supported Kubernetes Version |
-------------|-----------------------------
+|-------------|------------------------------|
-v0.22        | v1.22
+| v0.25       | v1.25                        |
-v0.21        | v1.21
+| v0.24       | v1.24                        |
-v0.20        | v1.20
+| v0.23       | v1.23                        |
-v0.19        | v1.19
+| v0.22       | v1.22                        |
-v0.18        | v1.18
+| v0.21       | v1.21                        |
-v0.10        | v1.17
+| v0.20       | v1.20                        |
-v0.4-v0.9    | v1.9+
+| v0.19       | v1.19                        |
-v0.1-v0.3    | v1.7-v1.8
+| v0.18       | v1.18                        |
-
+| v0.10       | v1.17                        |
 | v0.4-v0.9   | v1.9+                        |
 | v0.1-v0.3   | v1.7-v1.8                    |
 ## Getting Involved and Contributing
--- a/charts/descheduler/Chart.yaml
+++ b/charts/descheduler/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: descheduler
-version: 0.22.0
+version: 0.25.2
-appVersion: 0.22.0
+appVersion: 0.25.1
 description: Descheduler for Kubernetes is used to rebalance clusters by evicting pods that can potentially be scheduled on better nodes. In the current implementation, descheduler does not schedule replacement of evicted pods but relies on the default scheduler for that.
 keywords:
 - kubernetes
--- a/charts/descheduler/README.md
+++ b/charts/descheduler/README.md
@@ -43,28 +43,45 @@ The command removes all the Kubernetes components associated with the chart and
 The following table lists the configurable parameters of the _descheduler_ chart and their default values.
-| Parameter                      | Description                                                                                                           | Default                              |
+| Parameter                           | Description                                                                                                           | Default                              |
-| ------------------------------ | --------------------------------------------------------------------------------------------------------------------- | ------------------------------------ |
+|-------------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------------------------------|
-| `kind`                         | Use as CronJob or Deployment                                                                                          | `CronJob`                            |
+| `kind`                              | Use as CronJob or Deployment                                                                                          | `CronJob`                            |
-| `image.repository`             | Docker repository to use                                                                                              | `k8s.gcr.io/descheduler/descheduler` |
+| `image.repository`                  | Docker repository to use                                                                                              | `k8s.gcr.io/descheduler/descheduler` |
-| `image.tag`                    | Docker tag to use                                                                                                     | `v[chart appVersion]`                |
+| `image.tag`                         | Docker tag to use                                                                                                     | `v[chart appVersion]`                |
-| `image.pullPolicy`             | Docker image pull policy                                                                                              | `IfNotPresent`                       |
+| `image.pullPolicy`                  | Docker image pull policy                                                                                              | `IfNotPresent`                       |
-| `imagePullSecrets`             | Docker repository secrets                                                                                              | `[]`                       |
+| `imagePullSecrets`                  | Docker repository secrets                                                                                             | `[]`                                 |
-| `nameOverride`                 | String to partially override `descheduler.fullname` template (will prepend the release name)                          | `""`                                 |
+| `nameOverride`                      | String to partially override `descheduler.fullname` template (will prepend the release name)                          | `""`                                 |
-| `fullnameOverride`             | String to fully override `descheduler.fullname` template                                                              | `""`                                 |
+| `fullnameOverride`                  | String to fully override `descheduler.fullname` template                                                              | `""`                                 |
-| `cronJobApiVersion`            | CronJob API Group Version                                                                                             | `"batch/v1"`                         |
+| `cronJobApiVersion`                 | CronJob API Group Version                                                                                             | `"batch/v1"`                         |
-| `schedule`                     | The cron schedule to run the _descheduler_ job on                                                                     | `"*/2 * * * *"`                      |
+| `schedule`                          | The cron schedule to run the _descheduler_ job on                                                                     | `"*/2 * * * *"`                      |
-| `startingDeadlineSeconds`      | If set, configure `startingDeadlineSeconds` for the _descheduler_ job                                                 | `nil`                                |
+| `startingDeadlineSeconds`           | If set, configure `startingDeadlineSeconds` for the _descheduler_ job                                                 | `nil`                                |
-| `successfulJobsHistoryLimit`   | If set, configure `successfulJobsHistoryLimit` for the _descheduler_ job                                              | `nil`                                |
+| `successfulJobsHistoryLimit`        | If set, configure `successfulJobsHistoryLimit` for the _descheduler_ job                                              | `nil`                                |
-| `failedJobsHistoryLimit`       | If set, configure `failedJobsHistoryLimit` for the _descheduler_ job                                                  | `nil`                                |
+| `failedJobsHistoryLimit`            | If set, configure `failedJobsHistoryLimit` for the _descheduler_ job                                                  | `nil`                                |
-| `deschedulingInterval`         | If using kind:Deployment, sets time between consecutive descheduler executions.                                       | `5m`                                 |
+| `deschedulingInterval`              | If using kind:Deployment, sets time between consecutive descheduler executions.                                       | `5m`                                 |
-| `cmdOptions`                   | The options to pass to the _descheduler_ command                                                                      | _see values.yaml_                    |
+| `replicas`                          | The replica count for Deployment                                                                                      | `1`                                  |
-| `deschedulerPolicy.strategies` | The _descheduler_ strategies to apply                                                                                 | _see values.yaml_                    |
+| `leaderElection`                    | The options for high availability when running replicated components                                                  | _see values.yaml_                    |
-| `priorityClassName`            | The name of the priority class to add to pods                                                                         | `system-cluster-critical`            |
+| `cmdOptions`                        | The options to pass to the _descheduler_ command                                                                      | _see values.yaml_                    |
-| `rbac.create`                  | If `true`, create & use RBAC resources                                                                                | `true`                               |
+| `deschedulerPolicy.strategies`      | The _descheduler_ strategies to apply                                                                                 | _see values.yaml_                    |
-| `podSecurityPolicy.create`     | If `true`, create PodSecurityPolicy                                                                                   | `true`                               |
+| `priorityClassName`                 | The name of the priority class to add to pods                                                                         | `system-cluster-critical`            |
-| `resources`                    | Descheduler container CPU and memory requests/limits                                                                  | _see values.yaml_                    |
+| `rbac.create`                       | If `true`, create & use RBAC resources                                                                                | `true`                               |
-| `serviceAccount.create`        | If `true`, create a service account for the cron job                                                                  | `true`                               |
+| `resources`                         | Descheduler container CPU and memory requests/limits                                                                  | _see values.yaml_                    |
-| `serviceAccount.name`          | The name of the service account to use, if not set and create is true a name is generated using the fullname template | `nil`                                |
+| `serviceAccount.create`             | If `true`, create a service account for the cron job                                                                  | `true`                               |
-| `nodeSelector`                 | Node selectors to run the descheduler cronjob on specific nodes                                                       | `nil`                                |
+| `serviceAccount.name`               | The name of the service account to use, if not set and create is true a name is generated using the fullname template | `nil`                                |
-| `tolerations`                  | tolerations to run the descheduler cronjob on specific nodes                                                          | `nil`                                |
+| `serviceAccount.annotations`        | Specifies custom annotations for the serviceAccount                                                                   | `{}`                                 |
 | `podAnnotations`                    | Annotations to add to the descheduler Pods                                                                            | `{}`                                 |
 | `podLabels`                         | Labels to add to the descheduler Pods                                                                                 | `{}`                                 |
 | `nodeSelector`                      | Node selectors to run the descheduler cronjob/deployment on specific nodes                                            | `nil`                                |
 | `service.enabled`                   | If `true`, create a service for deployment                                                                            | `false`                              |
 | `serviceMonitor.enabled`            | If `true`, create a ServiceMonitor for deployment                                                                     | `false`                              |
 | `serviceMonitor.namespace`          | The namespace where Prometheus expects to find service monitors                                                       | `nil`                                |
 | `serviceMonitor.interval`           | The scrape interval. If not set, the Prometheus default scrape interval is used                                       | `nil`                                |
 | `serviceMonitor.honorLabels`        | Keeps the scraped data's labels when labels are on collisions with target labels.                                     | `true`                               |
 | `serviceMonitor.insecureSkipVerify` | Skip TLS certificate validation when scraping                                                                         | `true`                               |
 | `serviceMonitor.serverName`         | Name of the server to use when validating TLS certificate                                                             | `nil`                                |
 | `serviceMonitor.metricRelabelings`  | MetricRelabelConfigs to apply to samples after scraping, but before ingestion                                         | `[]`                                 |
 | `serviceMonitor.relabelings`        | RelabelConfigs to apply to samples before scraping                                                                    | `[]`                                 |
 | `affinity`                          | Node affinity to run the descheduler cronjob/deployment on specific nodes                                             | `nil`                                |
 | `tolerations`                       | tolerations to run the descheduler cronjob/deployment on specific nodes                                               | `nil`                                |
 | `suspend`                           | Set spec.suspend in descheduler cronjob                                                                               | `false`                              |
 | `commonLabels`                      | Labels to apply to all resources                                                                                      | `{}`                                 |
 | `livenessProbe`                     | Liveness probe configuration for the descheduler container                                                            | _see values.yaml_                    |
--- a/charts/descheduler/templates/NOTES.txt
+++ b/charts/descheduler/templates/NOTES.txt
@@ -1 +1,7 @@
-Descheduler installed as a cron job.
+Descheduler installed as a {{ .Values.kind }}.
 {{- if eq .Values.kind "Deployment" }}
 {{- if eq .Values.replicas 1.0}}
 WARNING: You set replica count as 1 and workload kind as Deployment however leaderElection is not enabled. Consider enabling Leader Election for HA mode.
 {{- end}}
 {{- end}}
--- a/charts/descheduler/templates/_helpers.tpl
+++ b/charts/descheduler/templates/_helpers.tpl
@@ -42,6 +42,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- if .Values.commonLabels}}
 {{ toYaml .Values.commonLabels }}
 {{- end }}
 {{- end -}}
 {{/*
@@ -62,3 +65,30 @@ Create the name of the service account to use
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Leader Election
 */}}
 {{- define "descheduler.leaderElection"}}
 {{- if .Values.leaderElection -}}
 - --leader-elect={{ .Values.leaderElection.enabled }}
 {{- if .Values.leaderElection.leaseDuration }}
 - --leader-elect-lease-duration={{ .Values.leaderElection.leaseDuration }}
 {{- end }}
 {{- if .Values.leaderElection.renewDeadline }}
 - --leader-elect-renew-deadline={{ .Values.leaderElection.renewDeadline }}
 {{- end }}
 {{- if .Values.leaderElection.retryPeriod }}
 - --leader-elect-retry-period={{ .Values.leaderElection.retryPeriod }}
 {{- end }}
 {{- if .Values.leaderElection.resourceLock }}
 - --leader-elect-resource-lock={{ .Values.leaderElection.resourceLock }}
 {{- end }}
 {{- if .Values.leaderElection.resourceName }}
 - --leader-elect-resource-name={{ .Values.leaderElection.resourceName }}
 {{- end }}
 {{- if .Values.leaderElection.resourceNamescape }}
 - --leader-elect-resource-namespace={{ .Values.leaderElection.resourceNamescape }}
 {{- end -}}
 {{- end }}
 {{- end }}
--- a/charts/descheduler/templates/clusterrole.yaml
+++ b/charts/descheduler/templates/clusterrole.yaml
@@ -6,7 +6,7 @@ metadata:
  labels:
    {{- include "descheduler.labels" . | nindent 4 }}
 rules:
- apiGroups: [""]
+- apiGroups: ["events.k8s.io"]
  resources: ["events"]
  verbs: ["create", "update"]
 - apiGroups: [""]
@@ -14,7 +14,7 @@ rules:
  verbs: ["get", "watch", "list"]
 - apiGroups: [""]
  resources: ["namespaces"]
-  verbs: ["get", "list"]
+  verbs: ["get", "watch", "list"]
 - apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list", "delete"]
@@ -24,11 +24,13 @@ rules:
 - apiGroups: ["scheduling.k8s.io"]
  resources: ["priorityclasses"]
  verbs: ["get", "watch", "list"]
-{{- if .Values.podSecurityPolicy.create }}
+{{- if .Values.leaderElection.enabled }}
- apiGroups: ['policy']
+- apiGroups: ["coordination.k8s.io"]
-  resources: ['podsecuritypolicies']
+  resources: ["leases"]
-  verbs:     ['use']
+  verbs: ["create", "update"]
-  resourceNames:
+- apiGroups: ["coordination.k8s.io"]
-  - {{ template "descheduler.fullname" . }}
+  resources: ["leases"]
  resourceNames: ["{{ .Values.leaderElection.resourceName | default "descheduler" }}"]
  verbs: ["get", "patch", "delete"]
 {{- end }}
 {{- end -}}
--- a/charts/descheduler/templates/configmap.yaml
+++ b/charts/descheduler/templates/configmap.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "descheduler.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "descheduler.labels" . | nindent 4 }}
 data:
--- a/charts/descheduler/templates/cronjob.yaml
+++ b/charts/descheduler/templates/cronjob.yaml
@@ -3,10 +3,14 @@ apiVersion: {{ .Values.cronJobApiVersion | default "batch/v1" }}
 kind: CronJob
 metadata:
  name: {{ template "descheduler.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "descheduler.labels" . | nindent 4 }}
 spec:
  schedule: {{ .Values.schedule | quote }}
  {{- if .Values.suspend }}
  suspend: {{ .Values.suspend }}
  {{- end }}
  concurrencyPolicy: "Forbid"
  {{- if .Values.startingDeadlineSeconds }}
  startingDeadlineSeconds: {{ .Values.startingDeadlineSeconds }}
@@ -37,6 +41,10 @@ spec:
          nodeSelector:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.affinity }}
          affinity:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.tolerations }}
          tolerations:
            {{- toYaml . | nindent 12 }}
@@ -65,6 +73,8 @@ spec:
                - {{ $value | quote }}
                {{- end }}
                {{- end }}
              livenessProbe:
                {{- toYaml .Values.livenessProbe | nindent 16 }}
              resources:
                {{- toYaml .Values.resources | nindent 16 }}
              securityContext:
--- a/charts/descheduler/templates/deployment.yaml
+++ b/charts/descheduler/templates/deployment.yaml
@@ -3,10 +3,18 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "descheduler.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "descheduler.labels" . | nindent 4 }}
 spec:
  {{- if gt .Values.replicas 1.0}}
  {{- if not .Values.leaderElection.enabled }}
  {{- fail "You must set leaderElection to use more than 1 replica"}}
  {{- end}}
  replicas: {{ required "leaderElection required for running more than one replica" .Values.replicas }}
  {{- else }}
  replicas: 1
  {{- end }}
  selector:
    matchLabels:
      {{- include "descheduler.selectorLabels" . | nindent 6 }}
@@ -27,6 +35,10 @@ spec:
      priorityClassName: {{ .Values.priorityClassName }}
      {{- end }}
      serviceAccountName: {{ template "descheduler.serviceAccountName" . }}
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
      {{- toYaml . | nindent 10 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
@@ -44,9 +56,12 @@ spec:
            - {{ $value | quote }}
            {{- end }}
            {{- end }}
            {{- include "descheduler.leaderElection" . | nindent 12 }}
          ports:
            - containerPort: 10258
              protocol: TCP
          livenessProbe:
            {{- toYaml .Values.livenessProbe | nindent 12 }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          securityContext:
@@ -68,6 +83,10 @@ spec:
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
--- a/charts/descheduler/templates/podsecuritypolicy.yaml
+++ b/charts/descheduler/templates/podsecuritypolicy.yaml
@@ -1,38 +0,0 @@
 {{- if .Values.podSecurityPolicy.create -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: {{ template "descheduler.fullname" . }}
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
 spec:
  privileged: false
  allowPrivilegeEscalation: false
  requiredDropCapabilities:
    - ALL
  volumes:
    - 'configMap'
    - 'secret'
  hostNetwork: false
  hostIPC: false
  hostPID: false
  runAsUser:
    rule: 'MustRunAs'
    ranges:
      - min: 1
        max: 65535
  seLinux:
    rule: 'RunAsAny'
  supplementalGroups:
    rule: 'MustRunAs'
    ranges:
      - min: 1
        max: 65535
  fsGroup:
    rule: 'MustRunAs'
    ranges:
      - min: 1
        max: 65535
  readOnlyRootFilesystem: true
 {{- end -}}
--- a/charts/descheduler/templates/service.yaml
+++ b/charts/descheduler/templates/service.yaml
@@ -0,0 +1,21 @@
 {{- if eq .Values.kind "Deployment" }}
 {{- if eq .Values.service.enabled true }}
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    {{- include "descheduler.labels" . | nindent 4 }}
  name: {{ template "descheduler.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  clusterIP: None
  ports:
  - name: http-metrics
    port: 10258
    protocol: TCP
    targetPort: 10258
  selector:
    {{- include "descheduler.selectorLabels" . | nindent 4 }}
  type: ClusterIP
 {{- end }}
 {{- end }}
--- a/charts/descheduler/templates/serviceaccount.yaml
+++ b/charts/descheduler/templates/serviceaccount.yaml
@@ -3,6 +3,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "descheduler.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "descheduler.labels" . | nindent 4 }}
 {{- if .Values.serviceAccount.annotations }}
  annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
 {{- end }}
 {{- end -}}
--- a/charts/descheduler/templates/servicemonitor.yaml
+++ b/charts/descheduler/templates/servicemonitor.yaml
@@ -0,0 +1,41 @@
 {{- if eq .Values.kind "Deployment" }}
 {{- if eq .Values.serviceMonitor.enabled true }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "descheduler.fullname" . }}-servicemonitor
  namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }}
  labels:
    {{- include "descheduler.labels" . | nindent 4 }}
 spec:
  jobLabel: jobLabel
  namespaceSelector:
    matchNames:
    - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "descheduler.selectorLabels" . | nindent 6 }}
  endpoints:
  - honorLabels: {{ .Values.serviceMonitor.honorLabels | default true }}
    port: http-metrics
    {{- if .Values.serviceMonitor.interval }}
    interval: {{ .Values.serviceMonitor.interval }}
    {{- end }}
    scheme: https
    tlsConfig:
      {{- if eq .Values.serviceMonitor.insecureSkipVerify true }}
      insecureSkipVerify: true
      {{- end }}
      {{- if .Values.serviceMonitor.serverName }}
      serverName: {{ .Values.serviceMonitor.serverName }}
      {{- end}}
 {{- if .Values.serviceMonitor.metricRelabelings }}
    metricRelabelings:
 {{ tpl (toYaml .Values.serviceMonitor.metricRelabelings | indent 4) . }}
 {{- end }}
 {{- if .Values.serviceMonitor.relabelings }}
    relabelings:
 {{ tpl (toYaml .Values.serviceMonitor.relabelings | indent 4) . }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/descheduler/templates/tests/test-descheduler-pod.yaml
+++ b/charts/descheduler/templates/tests/test-descheduler-pod.yaml
@@ -1,29 +0,0 @@
 apiVersion: v1
 kind: Pod
 metadata:
    name: descheduler-test-pod
    annotations:
      "helm.sh/hook": test
 spec:
    restartPolicy: Never
    serviceAccountName: descheduler-ci
    containers:
      - name: descheduler-test-container
        image: alpine:latest
        imagePullPolicy: IfNotPresent
        securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - All
            privileged: false
            runAsNonRoot: false 
        command: ["/bin/ash"]
        args:
          - -c
          - >-
            apk --no-cache add curl &&
            curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl &&
            chmod +x ./kubectl &&
            mv ./kubectl /usr/local/bin/kubectl &&
            /usr/local/bin/kubectl get pods --namespace kube-system --token "$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | grep "descheduler" | grep "Completed"
--- a/charts/descheduler/values.yaml
+++ b/charts/descheduler/values.yaml
@@ -11,7 +11,8 @@ image:
  tag: ""
  pullPolicy: IfNotPresent
-imagePullSecrets: []
+imagePullSecrets:
 #   - name: container-registry-secret
 resources:
  requests:
@@ -24,25 +25,54 @@ resources:
 nameOverride: ""
 fullnameOverride: ""
-cronJobApiVersion: "batch/v1"  # Use "batch/v1beta1" for k8s version < 1.21.0. TODO(@7i) remove with 1.23 release
+# labels that'll be applied to all resources
 commonLabels: {}
 cronJobApiVersion: "batch/v1"
 schedule: "*/2 * * * *"
-#startingDeadlineSeconds: 200
+suspend: false
-#successfulJobsHistoryLimit: 1
+# startingDeadlineSeconds: 200
-#failedJobsHistoryLimit: 1
+# successfulJobsHistoryLimit: 1
 # failedJobsHistoryLimit: 1
 # Required when running as a Deployment
 deschedulingInterval: 5m
 # Specifies the replica count for Deployment
 # Set leaderElection if you want to use more than 1 replica
 # Set affinity.podAntiAffinity rule if you want to schedule onto a node
 # only if that node is in the same zone as at least one already-running descheduler
 replicas: 1
 # Specifies whether Leader Election resources should be created
 # Required when running as a Deployment
 leaderElection: {}
 #  enabled: true
 #  leaseDuration: 15s
 #  renewDeadline: 10s
 #  retryPeriod: 2s
 #  resourceLock: "leases"
 #  resourceName: "descheduler"
 #  resourceNamescape: "kube-system"
 cmdOptions:
  v: 3
  # evict-local-storage-pods:
  # max-pods-to-evict-per-node: 10
  # node-selector: "key1=value1,key2=value2"
 deschedulerPolicy:
  # nodeSelector: "key1=value1,key2=value2"
  # maxNoOfPodsToEvictPerNode: 10
  # maxNoOfPodsToEvictPerNamespace: 10
  # ignorePvcPods: true
  # evictLocalStoragePods: true
  strategies:
    RemoveDuplicates:
      enabled: true
    RemovePodsHavingTooManyRestarts:
      enabled: true
      params:
        podsHavingTooManyRestarts:
          podRestartThreshold: 100
          includingInitContainers: true
    RemovePodsViolatingNodeTaints:
      enabled: true
    RemovePodsViolatingNodeAffinity:
@@ -52,6 +82,10 @@ deschedulerPolicy:
        - requiredDuringSchedulingIgnoredDuringExecution
    RemovePodsViolatingInterPodAntiAffinity:
      enabled: true
    RemovePodsViolatingTopologySpreadConstraint:
      enabled: true
      params:
        includeSoftConstraints: false
    LowNodeUtilization:
      enabled: true
      params:
@@ -70,6 +104,25 @@ priorityClassName: system-cluster-critical
 nodeSelector: {}
 #  foo: bar
 affinity: {}
 # nodeAffinity:
 #   requiredDuringSchedulingIgnoredDuringExecution:
 #     nodeSelectorTerms:
 #     - matchExpressions:
 #       - key: kubernetes.io/e2e-az-name
 #         operator: In
 #         values:
 #         - e2e-az1
 #         - e2e-az2
 #  podAntiAffinity:
 #    requiredDuringSchedulingIgnoredDuringExecution:
 #      - labelSelector:
 #          matchExpressions:
 #            - key: app.kubernetes.io/name
 #              operator: In
 #              values:
 #                - descheduler
 #        topologyKey: "kubernetes.io/hostname"
 tolerations: []
 # - key: 'management'
 #   operator: 'Equal'
@@ -80,13 +133,47 @@ rbac:
  # Specifies whether RBAC resources should be created
  create: true
 podSecurityPolicy:
  # Specifies whether PodSecurityPolicy should be created.
  create: true
 serviceAccount:
  # Specifies whether a ServiceAccount should be created
  create: true
  # The name of the ServiceAccount to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
  # Specifies custom annotations for the serviceAccount
  annotations: {}
 podAnnotations: {}
 podLabels: {}
 livenessProbe:
  failureThreshold: 3
  httpGet:
    path: /healthz
    port: 10258
    scheme: HTTPS
  initialDelaySeconds: 3
  periodSeconds: 10
 service:
  enabled: false
 serviceMonitor:
  enabled: false
  # The namespace where Prometheus expects to find service monitors.
  # namespace: ""
  interval: ""
  # honorLabels: true
  insecureSkipVerify: true
  serverName: null
  metricRelabelings: []
    # - action: keep
    #   regex: 'descheduler_(build_info|pods_evicted)'
    #   sourceLabels: [__name__]
  relabelings: []
    # - sourceLabels: [__meta_kubernetes_pod_node_name]
    #   separator: ;
    #   regex: ^(.*)$
    #   targetLabel: nodename
    #   replacement: $1
    #   action: replace
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -1,13 +1,13 @@
 # See https://cloud.google.com/cloud-build/docs/build-config
 # this must be specified in seconds. If omitted, defaults to 600s (10 mins)
-timeout: 1200s
+timeout: 1500s
 # this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF,
 # or any new substitutions added in the future.
 options:
  substitution_option: ALLOW_LOOSE
 steps:
-  - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4'
+  - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90'
    entrypoint: make
    env:
    - DOCKER_CLI_EXPERIMENTAL=enabled
--- a/cmd/descheduler/app/options/options.go
+++ b/cmd/descheduler/app/options/options.go
@@ -18,13 +18,14 @@ limitations under the License.
 package options
 import (
-	"github.com/spf13/pflag"
+	"time"
-	utilerrors "k8s.io/apimachinery/pkg/util/errors"
+	"github.com/spf13/pflag"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	apiserveroptions "k8s.io/apiserver/pkg/server/options"
 	clientset "k8s.io/client-go/kubernetes"
-	"k8s.io/component-base/logs"
+	componentbaseconfig "k8s.io/component-base/config"
-
+	componentbaseoptions "k8s.io/component-base/config/options"
 	"sigs.k8s.io/descheduler/pkg/apis/componentconfig"
 	"sigs.k8s.io/descheduler/pkg/apis/componentconfig/v1alpha1"
 	deschedulerscheme "sigs.k8s.io/descheduler/pkg/descheduler/scheme"
@@ -39,7 +40,7 @@ type DeschedulerServer struct {
 	componentconfig.DeschedulerConfiguration
 	Client         clientset.Interface
-	Logs           *logs.Options
+	EventClient    clientset.Interface
 	SecureServing  *apiserveroptions.SecureServingOptionsWithLoopback
 	DisableMetrics bool
 }
@@ -56,20 +57,22 @@ func NewDeschedulerServer() (*DeschedulerServer, error) {
 	return &DeschedulerServer{
 		DeschedulerConfiguration: *cfg,
 		Logs:                     logs.NewOptions(),
 		SecureServing:            secureServing,
 	}, nil
 }
 // Validation checks for DeschedulerServer.
 func (s *DeschedulerServer) Validate() error {
 	var errs []error
 	errs = append(errs, s.Logs.Validate()...)
 	return utilerrors.NewAggregate(errs)
 }
 func newDefaultComponentConfig() (*componentconfig.DeschedulerConfiguration, error) {
-	versionedCfg := v1alpha1.DeschedulerConfiguration{}
+	versionedCfg := v1alpha1.DeschedulerConfiguration{
 		LeaderElection: componentbaseconfig.LeaderElectionConfiguration{
 			LeaderElect:       false,
 			LeaseDuration:     metav1.Duration{Duration: 137 * time.Second},
 			RenewDeadline:     metav1.Duration{Duration: 107 * time.Second},
 			RetryPeriod:       metav1.Duration{Duration: 26 * time.Second},
 			ResourceLock:      "leases",
 			ResourceName:      "descheduler",
 			ResourceNamespace: "kube-system",
 		},
 	}
 	deschedulerscheme.Scheme.Default(&versionedCfg)
 	cfg := componentconfig.DeschedulerConfiguration{}
 	if err := deschedulerscheme.Scheme.Convert(&versionedCfg, &cfg, nil); err != nil {
@@ -80,18 +83,14 @@ func newDefaultComponentConfig() (*componentconfig.DeschedulerConfiguration, err
 // AddFlags adds flags for a specific SchedulerServer to the specified FlagSet
 func (rs *DeschedulerServer) AddFlags(fs *pflag.FlagSet) {
-	fs.StringVar(&rs.Logging.Format, "logging-format", "text", `Sets the log format. Permitted formats: "text", "json". Non-default formats don't honor these flags: --add-dir-header, --alsologtostderr, --log-backtrace-at, --log-dir, --log-file, --log-file-max-size, --logtostderr, --skip-headers, --skip-log-headers, --stderrthreshold, --log-flush-frequency.\nNon-default choices are currently alpha and subject to change without warning.`)
+	fs.StringVar(&rs.Logging.Format, "logging-format", "text", `Sets the log format. Permitted formats: "text", "json". Non-default formats don't honor these flags: --add-dir-header, --alsologtostderr, --log-backtrace-at, --log_dir, --log_file, --log_file_max_size, --logtostderr, --skip-headers, --skip-log-headers, --stderrthreshold, --log-flush-frequency.\nNon-default choices are currently alpha and subject to change without warning.`)
 	fs.DurationVar(&rs.DeschedulingInterval, "descheduling-interval", rs.DeschedulingInterval, "Time interval between two consecutive descheduler executions. Setting this value instructs the descheduler to run in a continuous loop at the interval specified.")
 	fs.StringVar(&rs.KubeconfigFile, "kubeconfig", rs.KubeconfigFile, "File with  kube configuration.")
 	fs.StringVar(&rs.PolicyConfigFile, "policy-config-file", rs.PolicyConfigFile, "File with descheduler policy configuration.")
 	fs.BoolVar(&rs.DryRun, "dry-run", rs.DryRun, "execute descheduler in dry run mode.")
 	// node-selector query causes descheduler to run only on nodes that matches the node labels in the query
 	fs.StringVar(&rs.NodeSelector, "node-selector", rs.NodeSelector, "DEPRECATED: selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)")
 	// max-no-pods-to-evict limits the maximum number of pods to be evicted per node by descheduler.
 	fs.IntVar(&rs.MaxNoOfPodsToEvictPerNode, "max-pods-to-evict-per-node", rs.MaxNoOfPodsToEvictPerNode, "DEPRECATED: limits the maximum number of pods to be evicted per node by descheduler")
 	// evict-local-storage-pods allows eviction of pods that are using local storage. This is false by default.
 	fs.BoolVar(&rs.EvictLocalStoragePods, "evict-local-storage-pods", rs.EvictLocalStoragePods, "DEPRECATED: enables evicting pods using local storage by descheduler")
 	fs.BoolVar(&rs.DisableMetrics, "disable-metrics", rs.DisableMetrics, "Disables metrics. The metrics are by default served through https://localhost:10258/metrics. Secure address, resp. port can be changed through --bind-address, resp. --secure-port flags.")
 	componentbaseoptions.BindLeaderElectionFlags(&rs.LeaderElection, fs)
 	rs.SecureServing.AddFlags(fs)
 }
--- a/cmd/descheduler/app/server.go
+++ b/cmd/descheduler/app/server.go
@@ -19,8 +19,11 @@ package app
 import (
 	"context"
 	"flag"
 	"io"
 	"os/signal"
 	"syscall"
 	"k8s.io/apiserver/pkg/server/healthz"
 	"sigs.k8s.io/descheduler/cmd/descheduler/app/options"
 	"sigs.k8s.io/descheduler/pkg/descheduler"
@@ -30,7 +33,8 @@ import (
 	apiserver "k8s.io/apiserver/pkg/server"
 	"k8s.io/apiserver/pkg/server/mux"
 	restclient "k8s.io/client-go/rest"
-	aflag "k8s.io/component-base/cli/flag"
+	registry "k8s.io/component-base/logs/api/v1"
 	_ "k8s.io/component-base/logs/json/register"
 	"k8s.io/component-base/metrics/legacyregistry"
 	"k8s.io/klog/v2"
 )
@@ -48,8 +52,7 @@ func NewDeschedulerCommand(out io.Writer) *cobra.Command {
 		Short: "descheduler",
 		Long:  `The descheduler evicts pods which may be bound to less desired nodes`,
 		Run: func(cmd *cobra.Command, args []string) {
-			s.Logs.Config.Format = s.Logging.Format
+			// s.Logs.Config.Format = s.Logging.Format
 			s.Logs.Apply()
 			// LoopbackClientConfig is a config for a privileged loopback connection
 			var LoopbackClientConfig *restclient.Config
@@ -58,37 +61,49 @@ func NewDeschedulerCommand(out io.Writer) *cobra.Command {
 				klog.ErrorS(err, "failed to apply secure server configuration")
 				return
 			}
 			var factory registry.LogFormatFactory
 			if factory == nil {
 				klog.ClearLogger()
 			} else {
 				log, logrFlush := factory.Create(registry.LoggingConfiguration{
 					Format: s.Logging.Format,
 				})
-			if err := s.Validate(); err != nil {
+				defer logrFlush()
-				klog.ErrorS(err, "failed to validate server configuration")
+				klog.SetLogger(log)
 			}
 			ctx, done := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
 			pathRecorderMux := mux.NewPathRecorderMux("descheduler")
 			if !s.DisableMetrics {
 				pathRecorderMux.Handle("/metrics", legacyregistry.HandlerWithReset())
 			}
 			healthz.InstallHandler(pathRecorderMux, healthz.NamedCheck("Descheduler", healthz.PingHealthz.Check))
 			stoppedCh, _, err := SecureServing.Serve(pathRecorderMux, 0, ctx.Done())
 			if err != nil {
 				klog.Fatalf("failed to start secure server: %v", err)
 				return
 			}
-			if !s.DisableMetrics {
+			err = Run(ctx, s)
 				ctx := context.TODO()
 				pathRecorderMux := mux.NewPathRecorderMux("descheduler")
 				pathRecorderMux.Handle("/metrics", legacyregistry.HandlerWithReset())
 				if _, err := SecureServing.Serve(pathRecorderMux, 0, ctx.Done()); err != nil {
 					klog.Fatalf("failed to start secure server: %v", err)
 					return
 				}
 			}
 			err := Run(s)
 			if err != nil {
 				klog.ErrorS(err, "descheduler server")
 			}
 			done()
 			// wait for metrics server to close
 			<-stoppedCh
 		},
 	}
 	cmd.SetOut(out)
 	flags := cmd.Flags()
 	flags.SetNormalizeFunc(aflag.WordSepNormalizeFunc)
 	flags.AddGoFlagSet(flag.CommandLine)
 	s.AddFlags(flags)
 	return cmd
 }
-func Run(rs *options.DeschedulerServer) error {
+func Run(ctx context.Context, rs *options.DeschedulerServer) error {
-	return descheduler.Run(rs)
+	return descheduler.Run(ctx, rs)
 }
--- a/cmd/descheduler/descheduler.go
+++ b/cmd/descheduler/descheduler.go
@@ -17,22 +17,23 @@ limitations under the License.
 package main
 import (
 	"fmt"
 	"k8s.io/component-base/logs"
 	"os"
 	"k8s.io/component-base/cli"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/descheduler/cmd/descheduler/app"
 )
 func init() {
 	klog.SetOutput(os.Stdout)
 	klog.InitFlags(nil)
 }
 func main() {
 	out := os.Stdout
 	cmd := app.NewDeschedulerCommand(out)
 	cmd.AddCommand(app.NewVersionCommand())
-	logs.InitLogs()
+	code := cli.Run(cmd)
-	defer logs.FlushLogs()
+	os.Exit(code)
 	if err := cmd.Execute(); err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}
 }
--- a/docs/contributor-guide.md
+++ b/docs/contributor-guide.md
@@ -31,7 +31,7 @@ View all CLI options.
 ## Run Tests
 ```
 GOOS=linux make dev-image
-kind create cluster --config hack/kind_config.yaml
+make kind-multi-node
 kind load docker-image <image name>
 kind get kubeconfig > /tmp/admin.conf
 export KUBECONFIG=/tmp/admin.conf
@@ -39,17 +39,31 @@ make test-unit
 make test-e2e
 ```
-## Run Helm Tests
+
-Run the helm test for a particular descheduler release by setting below variables,
+## Build Helm Package locally
-```
+
-HELM_IMAGE_REPO="descheduler"
+If you made some changes in the chart, and just want to check if templating is ok, or if the chart is buildable, you can run this command to have a package built from the `./charts` directory.
 HELM_IMAGE_TAG="helm-test"
 HELM_CHART_LOCATION="./charts/descheduler"
 ```
 The helm tests runs as part of descheduler CI. But, to run it manually from the descheduler root,
 ```
-make test-helm
+make build-helm
 ```
 ## Lint Helm Chart locally
 To check linting of your changes in the helm chart locally you can run:
 ```
 make lint-helm
 ```
 ## Test helm changes locally with kind and ct
 You will need kind and docker (or equivalent) installed. We can use ct public image to avoid installing ct and all its dependencies.
 ```
 make kind-multi-node
 make ct-helm
 ```
 ### Miscellaneous
--- a/docs/proposals.md
+++ b/docs/proposals.md
@@ -0,0 +1,16 @@
 # Proposals
 This document walk you through about all the enhancements proposals for descheduler.
 ## Descheduler v1alpha2 Design Proposal
 ```yaml
 title: Descheduler v1alpha2 Design Proposal
 authors:
 - "@damemi"
 link: 
 - https://docs.google.com/document/d/1S1JCh-0F-QCJvBBG-kbmXiHAJFF8doArhDIAKbOj93I/edit#heading=h.imbp1ctnc8lx
 - https://github.com/kubernetes-sigs/descheduler/issues/679
 owning-sig: sig-scheduling
 creation-date: 2021-05-01
 status: implementable
 ```
--- a/docs/release-guide.md
+++ b/docs/release-guide.md
@@ -1,36 +1,82 @@
 # Release Guide
-## Container Image
+The process for publishing each Descheduler release includes a mixture of manual and automatic steps. Over 
 time, it would be good to automate as much of this process as possible. However, due to current limitations there 
 is care that must be taken to perform each manual step precisely so that the automated steps execute properly.
-### Semi-automatic
+## Pre-release Code Changes
-1. Make sure your repo is clean by git's standards
+Before publishing each release, the following code updates must be made:
 2. Create a release branch `git checkout -b release-1.18` (not required for patch releases)
 3. Push the release branch to the descheuler repo and ensure branch protection is enabled (not required for patch releases)
 4. Tag the repository from the `master` branch (from the `release-1.18` branch for a patch release) and push the tag `VERSION=v0.18.0 git tag -m $VERSION $VERSION; git push origin $VERSION`
 5. Publish a draft release using the tag you just created
 6. Perform the [image promotion process](https://github.com/kubernetes/k8s.io/tree/main/k8s.gcr.io#image-promoter)
 7. Publish release
 8. Email `kubernetes-sig-scheduling@googlegroups.com` to announce the release
-### Manual
+- [ ] (Optional, but recommended) Bump `k8s.io` dependencies to the `-rc` tags. These tags are usually published around upstream code freeze. [Example](https://github.com/kubernetes-sigs/descheduler/pull/539)
 - [ ] Bump `k8s.io` dependencies to GA tags once they are published (following the upstream release). [Example](https://github.com/kubernetes-sigs/descheduler/pull/615)
 - [ ] Ensure that Go is updated to the same version as upstream. [Example](https://github.com/kubernetes-sigs/descheduler/pull/801)
 - [ ] Make CI changes in [github.com/kubernetes/test-infra](https://github.com/kubernetes/test-infra) to add the new version's tests (note, this may also include a Go bump). [Example](https://github.com/kubernetes/test-infra/pull/25833)
 - [ ] Update local CI versions for utils (such as golang-ci), kind, and go. [Example - e2e](https://github.com/kubernetes-sigs/descheduler/commit/ac4d576df8831c0c399ee8fff1e85469e90b8c44), [Example - helm](https://github.com/kubernetes-sigs/descheduler/pull/821)
 - [ ] Update version references in docs and Readme. [Example](https://github.com/kubernetes-sigs/descheduler/pull/617)
-1. Make sure your repo is clean by git's standards
+## Release Process
 2. Create a release branch `git checkout -b release-1.18` (not required for patch releases)
 3. Push the release branch to the descheuler repo and ensure branch protection is enabled (not required for patch releases)
 4. Tag the repository from the `master` branch (from the `release-1.18` branch for a patch release) and push the tag `VERSION=v0.18.0 git tag -m $VERSION $VERSION; git push origin $VERSION`
 5. Checkout the tag you just created and make sure your repo is clean by git's standards `git checkout $VERSION`
 6. Build and push the container image to the staging registry `VERSION=$VERSION make push-all`
 7. Publish a draft release using the tag you just created
 8. Perform the [image promotion process](https://github.com/kubernetes/k8s.io/tree/main/k8s.gcr.io#image-promoter)
 9. Publish release
 10. Email `kubernetes-sig-scheduling@googlegroups.com` to announce the release
-### Notes
+When the above pre-release steps are complete and the release is ready to be cut, perform the following steps **in order** 
-It's important to create the tag on the master branch after creating the release-* branch so that the [Helm releaser-action](#helm-chart) can work.
+(the flowchart below demonstrates these steps):
-It compares the changes in the action-triggering branch to the latest tag on that branch, so if you tag before creating the new branch there
+
-will be nothing to compare and it will fail (creating a new release branch usually involves no code changes). For this same reason, you should
+**Version release**
-also tag patch releases (on the release-* branch) *after* pushing changes (if those changes involve bumping the Helm chart version).
+1. Create the `git tag` on `master` for the release, eg `v0.24.0`
 2. Merge Helm chart version update to `master` (see [Helm chart](#helm-chart) below). [Example](https://github.com/kubernetes-sigs/descheduler/pull/709)
 3. Perform the [image promotion process](https://github.com/kubernetes/k8s.io/tree/main/k8s.gcr.io#image-promoter). [Example](https://github.com/kubernetes/k8s.io/pull/3344)
 4. Cut release branch from `master`, eg `release-1.24`
 5. Publish release using Github's release process from the git tag you created
 6. Email `kubernetes-sig-scheduling@googlegroups.com` to announce the release
 **Patch release**
 1. Pick relevant code change commits to the matching release branch, eg `release-1.24`
 2. Create the patch tag on the release branch, eg `v0.24.1` on `release-1.24`
 3. Merge Helm chart version update to release branch
 4. Perform the image promotion process for the patch version
 5. Publish release using Github's release process from the git tag you created
 6. Email `kubernetes-sig-scheduling@googlegroups.com` to announce the release
 ### Flowchart
 ![Flowchart for major and patch releases](release-process.png)
 ### Image promotion process
 Every merge to any branch triggers an [image build and push](https://github.com/kubernetes/test-infra/blob/c36b8e5/config/jobs/image-pushing/k8s-staging-descheduler.yaml) to a `gcr.io` repository. 
 These automated image builds are snapshots of the code in place at the time of every PR merge and 
 tagged with the latest git SHA at the time of the build. To create a final release image, the desired 
 auto-built image SHA is added to a [file upstream](https://github.com/kubernetes/k8s.io/blob/e9e971c/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml) which 
 copies that image to a public registry.
 Automatic builds can be monitored and re-triggered with the [`post-descheduler-push-images` job](https://prow.k8s.io/?job=post-descheduler-push-images) on prow.k8s.io.
 Note that images can also be manually built and pushed using `VERSION=$VERSION make push-all` by [users with access](https://github.com/kubernetes/k8s.io/blob/fbee8f67b70304241e613a672c625ad972998ad7/groups/sig-scheduling/groups.yaml#L33-L43).
 ## Helm Chart
 We currently use the [chart-releaser-action GitHub Action](https://github.com/helm/chart-releaser-action) to automatically 
 publish [Helm chart releases](https://github.com/kubernetes-sigs/descheduler/blob/022e07c/.github/workflows/release.yaml). 
 This action is triggered when it detects any changes to [`Chart.yaml`](https://github.com/kubernetes-sigs/descheduler/blob/022e07c27853fade6d1304adc0a6ebe02642386c/charts/descheduler/Chart.yaml) on 
 a `release-*` branch.
 Helm chart releases are managed by a separate set of git tags that are prefixed with `descheduler-helm-chart-*`. Example git tag name is `descheduler-helm-chart-0.18.0`.
 Released versions of the helm charts are stored in the `gh-pages` branch of this repo.
 The major and minor version of the chart matches the descheduler major and minor versions. For example descheduler helm chart version helm-descheduler-chart-0.18.0 corresponds
 to descheduler version v0.18.0. The patch version of the descheduler helm chart and the patcher version of the descheduler will not necessarily match. The patch
 version of the descheduler helm chart is used to version changes specific to the helm chart.
 1. Merge all helm chart changes into the master branch before the release is tagged/cut
   1. Ensure that `appVersion` in file `charts/descheduler/Chart.yaml` matches the descheduler version(no `v` prefix)
   2. Ensure that `version` in file `charts/descheduler/Chart.yaml` has been incremented. This is the chart version.
 2. Make sure your repo is clean by git's standards
 3. Follow the release-branch or patch release tagging pattern from the above section.
 4. Verify the new helm artifact has been successfully pushed to the `gh-pages` branch
 ## Notes
 The Helm releaser-action compares the changes in the action-triggering branch to the latest tag on that branch, so if you tag before creating the new branch there
 will be nothing to compare and it will fail. This is why it's necessary to tag, eg, `v0.24.0` *before* making the changes to the 
 Helm chart version, so that there is a new diff for the action to find. (Tagging *after* making the Helm chart changes would 
 also work, but then the code that gets built into the promoted image will be tagged as `descheduler-helm-chart-xxx` rather than `v0.xx.0`).
 See [post-descheduler-push-images dashboard](https://testgrid.k8s.io/sig-scheduling#post-descheduler-push-images) for staging registry image build job status.
@@ -56,19 +102,3 @@ Pull image from the staging registry.
 ```
 docker pull gcr.io/k8s-staging-descheduler/descheduler:v20200206-0.9.0-94-ge2a23f284
 ```
 ## Helm Chart
 Helm chart releases are managed by a separate set of git tags that are prefixed with `descheduler-helm-chart-*`. Example git tag name is `descheduler-helm-chart-0.18.0`.
 Released versions of the helm charts are stored in the `gh-pages` branch of this repo. The [chart-releaser-action GitHub Action](https://github.com/helm/chart-releaser-action)
 is setup to build and push the helm charts to the `gh-pages` branch when changes are pushed to a `release-*` branch.
 The major and minor version of the chart matches the descheduler major and minor versions. For example descheduler helm chart version helm-descheduler-chart-0.18.0 corresponds
 to descheduler version v0.18.0. The patch version of the descheduler helm chart and the patcher version of the descheduler will not necessarily match. The patch
 version of the descheduler helm chart is used to version changes specific to the helm chart.
 1. Merge all helm chart changes into the master branch before the release is tagged/cut
   1. Ensure that `appVersion` in file `charts/descheduler/Chart.yaml` matches the descheduler version(no `v` prefix)
   2. Ensure that `version` in file `charts/descheduler/Chart.yaml` has been incremented. This is the chart version.
 2. Make sure your repo is clean by git's standards
 3. Follow the release-branch or patch release tagging pattern from the above section.
 4. Verify the new helm artifact has been successfully pushed to the `gh-pages` branch
--- a/docs/release-process.png
+++ b/docs/release-process.png
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -2,14 +2,19 @@
 Starting with descheduler release v0.10.0 container images are available in the official k8s container registry.
-Descheduler Version | Container Image                                     | Architectures           |
+Descheduler Version | Container Image                            | Architectures           |
------------------- |-----------------------------------------------------|-------------------------|
+------------------- |--------------------------------------------|-------------------------|
-v0.22.0             | k8s.gcr.io/descheduler/descheduler:v0.22.0          | AMD64<br>ARM64<br>ARMv7 |
+v0.25.1             | k8s.gcr.io/descheduler/descheduler:v0.25.1 | AMD64<br>ARM64<br>ARMv7 |
-v0.21.0             | k8s.gcr.io/descheduler/descheduler:v0.21.0          | AMD64<br>ARM64<br>ARMv7 |
+v0.25.0             | k8s.gcr.io/descheduler/descheduler:v0.25.0 | AMD64<br>ARM64<br>ARMv7 |
-v0.20.0             | k8s.gcr.io/descheduler/descheduler:v0.20.0          | AMD64<br>ARM64          |
+v0.24.1             | k8s.gcr.io/descheduler/descheduler:v0.24.1 | AMD64<br>ARM64<br>ARMv7 |
-v0.19.0             | k8s.gcr.io/descheduler/descheduler:v0.19.0          | AMD64                   |
+v0.24.0             | k8s.gcr.io/descheduler/descheduler:v0.24.0 | AMD64<br>ARM64<br>ARMv7 |
-v0.18.0             | k8s.gcr.io/descheduler/descheduler:v0.18.0          | AMD64                   |
+v0.23.1             | k8s.gcr.io/descheduler/descheduler:v0.23.1 | AMD64<br>ARM64<br>ARMv7 |
-v0.10.0             | k8s.gcr.io/descheduler/descheduler:v0.10.0          | AMD64                   |
+v0.22.0             | k8s.gcr.io/descheduler/descheduler:v0.22.0 | AMD64<br>ARM64<br>ARMv7 |
 v0.21.0             | k8s.gcr.io/descheduler/descheduler:v0.21.0 | AMD64<br>ARM64<br>ARMv7 |
 v0.20.0             | k8s.gcr.io/descheduler/descheduler:v0.20.0 | AMD64<br>ARM64          |
 v0.19.0             | k8s.gcr.io/descheduler/descheduler:v0.19.0 | AMD64                   |
 v0.18.0             | k8s.gcr.io/descheduler/descheduler:v0.18.0 | AMD64                   |
 v0.10.0             | k8s.gcr.io/descheduler/descheduler:v0.10.0 | AMD64                   |
 Note that multi-arch container images cannot be pulled by [kind](https://kind.sigs.k8s.io) from a registry. Therefore
 starting with descheduler release v0.20.0 use the below process to download the official descheduler
@@ -34,31 +39,52 @@ Usage:
  descheduler [command]
 Available Commands:
  completion  generate the autocompletion script for the specified shell
  help        Help about any command
  version     Version of descheduler
 Flags:
-      --add-dir-header                   If true, adds the file directory to the header of the log messages
+      --add-dir-header                           If true, adds the file directory to the header of the log messages (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
-      --alsologtostderr                  log to standard error as well as files
+      --alsologtostderr                          log to standard error as well as files (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
-      --descheduling-interval duration   Time interval between two consecutive descheduler executions. Setting this value instructs the descheduler to run in a continuous loop at the interval specified.
+      --bind-address ip                          The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank or an unspecified address (0.0.0.0 or ::), all interfaces will be used. (default 0.0.0.0)
-      --dry-run                          execute descheduler in dry run mode.
+      --cert-dir string                          The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates")
-      --evict-local-storage-pods         DEPRECATED: enables evicting pods using local storage by descheduler
+      --descheduling-interval duration           Time interval between two consecutive descheduler executions. Setting this value instructs the descheduler to run in a continuous loop at the interval specified.
-  -h, --help                             help for descheduler
+      --disable-metrics                          Disables metrics. The metrics are by default served through https://localhost:10258/metrics. Secure address, resp. port can be changed through --bind-address, resp. --secure-port flags.
-      --kubeconfig string                File with  kube configuration.
+      --dry-run                                  execute descheduler in dry run mode.
-      --log-backtrace-at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+  -h, --help                                     help for descheduler
-      --log-dir string                   If non-empty, write log files in this directory
+      --http2-max-streams-per-connection int     The limit that the server gives to clients for the maximum number of streams in an HTTP/2 connection. Zero means to use golang's default.
-      --log-file string                  If non-empty, use this log file
+      --kubeconfig string                        File with  kube configuration.
-      --log-file-max-size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
+      --leader-elect                             Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability.
-      --log-flush-frequency duration     Maximum number of seconds between log flushes (default 5s)
+      --leader-elect-lease-duration duration     The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 15s)
-      --logtostderr                      log to standard error instead of files (default true)
+      --leader-elect-renew-deadline duration     The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. (default 10s)
-      --max-pods-to-evict-per-node int   DEPRECATED: limits the maximum number of pods to be evicted per node by descheduler
+      --leader-elect-resource-lock string        The type of resource object that is used for locking during leader election. Supported options are 'endpoints', 'configmaps', 'leases', 'endpointsleases' and 'configmapsleases'. (default "leases")
-      --node-selector string             DEPRECATED: selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+      --leader-elect-resource-name string        The name of resource object that is used for locking during leader election. (default "descheduler")
-      --policy-config-file string        File with descheduler policy configuration.
+      --leader-elect-resource-namespace string   The namespace of resource object that is used for locking during leader election. (default "kube-system")
-      --skip-headers                     If true, avoid header prefixes in the log messages
+      --leader-elect-retry-period duration       The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. (default 2s)
-      --skip-log-headers                 If true, avoid headers when opening log files
+      --log-backtrace-at traceLocation           when logging hits line file:N, emit a stack trace (default :0) (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
-      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+      --log_dir string                           If non-empty, write log files in this directory (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
-  -v, --v Level                          number for the log level verbosity
+      --log_file string                          If non-empty, use this log file (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
-      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+      --log_file_max_size uint                   Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
      --log-flush-frequency duration             Maximum number of seconds between log flushes (default 5s)
      --logging-format string                    Sets the log format. Permitted formats: "text", "json". Non-default formats don't honor these flags: --add-dir-header, --alsologtostderr, --log-backtrace-at, --log_dir, --log_file, --log_file_max_size, --logtostderr, --skip-headers, --skip-log-headers, --stderrthreshold, --log-flush-frequency.\nNon-default choices are currently alpha and subject to change without warning. (default "text")
      --logtostderr                              log to standard error instead of files (default true) (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
      --one-output                               If true, only write logs to their native severity level (vs also writing to each lower severity level) (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
      --permit-address-sharing                   If true, SO_REUSEADDR will be used when binding the port. This allows binding to wildcard IPs like 0.0.0.0 and specific IPs in parallel, and it avoids waiting for the kernel to release sockets in TIME_WAIT state. [default=false]
      --permit-port-sharing                      If true, SO_REUSEPORT will be used when binding the port, which allows more than one instance to bind on the same address and port. [default=false]
      --policy-config-file string                File with descheduler policy configuration.
      --secure-port int                          The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 10258)
      --skip-headers                             If true, avoid header prefixes in the log messages (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
      --skip-log-headers                         If true, avoid headers when opening log files (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
      --stderrthreshold severity                 logs at or above this threshold go to stderr (default 2) (DEPRECATED: will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
      --tls-cert-file string                     File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.
      --tls-cipher-suites strings                Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be used. 
                                                 Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384. 
                                                 Insecure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_RC4_128_SHA.
      --tls-min-version string                   Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
      --tls-private-key-file string              File containing the default x509 private key matching --tls-cert-file.
      --tls-sni-cert-key namedCertKey            A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. The domain patterns also allow IP addresses, but IPs should only be used if the apiserver has visibility to the IP address requested by a client. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default [])
  -v, --v Level                                  number for the log level verbosity
      --vmodule moduleSpec                       comma-separated list of pattern=N settings for file-filtered logging
 Use "descheduler [command] --help" for more information about a command.
 ```
@@ -89,7 +115,8 @@ strategies:
  "PodLifeTime":
    enabled: true
    params:
-      maxPodLifeTimeSeconds: 604800 # pods run for a maximum of 7 days
+      podLifeTime:
        maxPodLifeTimeSeconds: 604800 # pods run for a maximum of 7 days
 ```
 ### Balance Cluster By Node Memory Utilization
@@ -117,7 +144,7 @@ strategies:
 #### Balance low utilization nodes
 Using `HighNodeUtilization`, descheduler will rebalance the cluster based on memory by evicting pods
-from nodes with memory utilization lower than 20%. This should be used along with scheduler strategy `MostRequestedPriority`.
+from nodes with memory utilization lower than 20%. This should be use `NodeResourcesFit` with the `MostAllocated` scoring strategy based on these [doc](https://kubernetes.io/docs/reference/scheduling/config/#scheduling-plugins).
 The evicted pods will be compacted into minimal set of nodes.
 ```
@@ -136,7 +163,14 @@ strategies:
 Descheduler's `RemovePodsViolatingNodeTaints` strategy can be combined with
 [Node Problem Detector](https://github.com/kubernetes/node-problem-detector/) and
 [Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) to automatically remove
-Nodes which have problems. Node Problem Detector can detect specific Node problems and taint any Nodes which have those
+Nodes which have problems. Node Problem Detector can detect specific Node problems and report them to the API server.
-problems. The Descheduler will then deschedule workloads from those Nodes. Finally, if the descheduled Node's resource
+There is a feature called TaintNodeByCondition of the node controller that takes some conditions and turns them into taints. Currently, this only works for the default node conditions: PIDPressure, MemoryPressure, DiskPressure, Ready, and some cloud provider specific conditions.
 The Descheduler will then deschedule workloads from those Nodes. Finally, if the descheduled Node's resource
 allocation falls below the Cluster Autoscaler's scale down threshold, the Node will become a scale down candidate
 and can be removed by Cluster Autoscaler. These three components form an autohealing cycle for Node problems.
 ---
 **NOTE**
 Once [kubernetes/node-problem-detector#565](https://github.com/kubernetes/node-problem-detector/pull/565) is available in NPD, we need to update this section.
 ---
--- a/examples/failed-pods.yaml
+++ b/examples/failed-pods.yaml
@@ -11,4 +11,4 @@ strategies:
        includingInitContainers: true
        excludeOwnerKinds:
        - "Job"
-        minPodLifeTimeSeconds: 3600 # 1 hour
+        minPodLifetimeSeconds: 3600 # 1 hour
--- a/examples/pod-life-time.yml
+++ b/examples/pod-life-time.yml
@@ -6,3 +6,6 @@ strategies:
    params:
      podLifeTime:
        maxPodLifeTimeSeconds: 604800 # 7 days
        states:
        - "Pending"
        - "PodInitializing"
--- a/examples/topology-spread-constraint.yaml
+++ b/examples/topology-spread-constraint.yaml
@@ -4,4 +4,5 @@ strategies:
  "RemovePodsViolatingTopologySpreadConstraint":
     enabled: true
     params:
       nodeFit: true
       includeSoftConstraints: true # Include 'ScheduleAnyways' constraints
--- a/go.mod
+++ b/go.mod
@@ -1,19 +1,115 @@
 module sigs.k8s.io/descheduler
-go 1.16
+go 1.19
 require (
 	github.com/client9/misspell v0.3.4
-	github.com/spf13/cobra v1.1.3
+	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
-	k8s.io/api v0.22.0
+	k8s.io/api v0.25.0
-	k8s.io/apimachinery v0.22.0
+	k8s.io/apimachinery v0.25.0
-	k8s.io/apiserver v0.22.0
+	k8s.io/apiserver v0.25.0
-	k8s.io/client-go v0.22.0
+	k8s.io/client-go v0.25.0
-	k8s.io/code-generator v0.22.0
+	k8s.io/code-generator v0.25.0
-	k8s.io/component-base v0.22.0
+	k8s.io/component-base v0.25.0
-	k8s.io/component-helpers v0.22.0
+	k8s.io/component-helpers v0.25.0
-	k8s.io/klog/v2 v2.9.0
+	k8s.io/klog/v2 v2.70.1
-	k8s.io/kubectl v0.20.5
+	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73
 	sigs.k8s.io/mdtoc v1.0.1
 )
 require (
 	cloud.google.com/go v0.97.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/felixge/httpsnoop v1.0.1 // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/zapr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/gomarkdown/markdown v0.0.0-20200824053859-8c8b3816f167 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.6 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/google/uuid v1.1.2 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
 	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mmarkdown/mmark v2.0.40+incompatible // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.12.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.4 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.4 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.4 // indirect
 	go.opentelemetry.io/contrib v0.20.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 // indirect
 	go.opentelemetry.io/otel v0.20.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp v0.20.0 // indirect
 	go.opentelemetry.io/otel/metric v0.20.0 // indirect
 	go.opentelemetry.io/otel/sdk v0.20.0 // indirect
 	go.opentelemetry.io/otel/sdk/export/metric v0.20.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v0.20.0 // indirect
 	go.opentelemetry.io/otel/trace v0.20.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.7.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.0 // indirect
 	golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
 	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
 	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	golang.org/x/tools v0.1.12 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
 	google.golang.org/grpc v1.47.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.2.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/hack/tools.go
+++ b/hack/tools.go
@@ -1,3 +1,4 @@
 //go:build tools
 // +build tools
 /*
--- a/hack/update-generated-deep-copies.sh
+++ b/hack/update-generated-deep-copies.sh
@@ -5,6 +5,6 @@ go build -o "${OS_OUTPUT_BINPATH}/deepcopy-gen" "k8s.io/code-generator/cmd/deepc
 ${OS_OUTPUT_BINPATH}/deepcopy-gen \
                --go-header-file "hack/boilerplate/boilerplate.go.txt" \
-                --input-dirs "${PRJ_PREFIX}/pkg/apis/componentconfig,${PRJ_PREFIX}/pkg/apis/componentconfig/v1alpha1,${PRJ_PREFIX}/pkg/api,${PRJ_PREFIX}/pkg/api/v1alpha1" \
+                --input-dirs "${PRJ_PREFIX}/pkg/apis/componentconfig,${PRJ_PREFIX}/pkg/apis/componentconfig/v1alpha1,${PRJ_PREFIX}/pkg/api,${PRJ_PREFIX}/pkg/api/v1alpha1,${PRJ_PREFIX}/pkg/framework/plugins/defaultevictor/" \
                --output-file-base zz_generated.deepcopy
--- a/hack/update-gofmt.sh
+++ b/hack/update-gofmt.sh
@@ -23,7 +23,7 @@ DESCHEDULER_ROOT=$(dirname "${BASH_SOURCE}")/..
 GO_VERSION=($(go version))
-if [[ -z $(echo "${GO_VERSION[2]}" | grep -E 'go1.14|go1.15|go1.16') ]]; then
+if [[ -z $(echo "${GO_VERSION[2]}" | grep -E 'go1.17|go1.18|go1.19') ]]; then
  echo "Unknown go version '${GO_VERSION[2]}', skipping gofmt."
  exit 1
 fi
--- a/hack/verify-chart.sh
+++ b/hack/verify-chart.sh
@@ -0,0 +1 @@
 ${CONTAINER_ENGINE:-docker} run -it --rm --network host --workdir=/data --volume ~/.kube/config:/root/.kube/config:ro --volume $(pwd):/data quay.io/helmpack/chart-testing:v3.7.0 /bin/bash -c "git config --global --add safe.directory /data; ct install --config=.github/ci/ct.yaml --helm-extra-set-args=\"--set=kind=Deployment\""
--- a/hack/verify-deep-copies.sh
+++ b/hack/verify-deep-copies.sh
@@ -20,7 +20,7 @@ go build -o "${OS_OUTPUT_BINPATH}/deepcopy-gen" "k8s.io/code-generator/cmd/deepc
 ${OS_OUTPUT_BINPATH}/deepcopy-gen \
                --go-header-file "hack/boilerplate/boilerplate.go.txt" \
-                --input-dirs "./pkg/apis/componentconfig,./pkg/apis/componentconfig/v1alpha1,./pkg/api,./pkg/api/v1alpha1" \
+                --input-dirs "./pkg/apis/componentconfig,./pkg/apis/componentconfig/v1alpha1,./pkg/api,./pkg/api/v1alpha1,./pkg/framework/plugins/defaultevictor/" \
                --output-file-base zz_generated.deepcopy
 popd > /dev/null 2>&1
--- a/hack/verify-gofmt.sh
+++ b/hack/verify-gofmt.sh
@@ -23,7 +23,7 @@ DESCHEDULER_ROOT=$(dirname "${BASH_SOURCE}")/..
 GO_VERSION=($(go version))
-if [[ -z $(echo "${GO_VERSION[2]}" | grep -E 'go1.14|go1.15|go1.16') ]]; then
+if [[ -z $(echo "${GO_VERSION[2]}" | grep -E 'go1.17|go1.18|go1.19') ]]; then
  echo "Unknown go version '${GO_VERSION[2]}', skipping gofmt."
  exit 1
 fi
--- a/kubernetes/base/rbac.yaml
+++ b/kubernetes/base/rbac.yaml
@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: descheduler-cluster-role
 rules:
- apiGroups: [""]
+- apiGroups: ["events.k8s.io"]
  resources: ["events"]
  verbs: ["create", "update"]
 - apiGroups: [""]
@@ -12,7 +12,7 @@ rules:
  verbs: ["get", "watch", "list"]
 - apiGroups: [""]
  resources: ["namespaces"]
-  verbs: ["get", "list"]
+  verbs: ["get", "watch", "list"]
 - apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list", "delete"]
@@ -22,6 +22,13 @@ rules:
 - apiGroups: ["scheduling.k8s.io"]
  resources: ["priorityclasses"]
  verbs: ["get", "watch", "list"]
 - apiGroups: ["coordination.k8s.io"]
  resources: ["leases"]
  verbs: ["create"]
 - apiGroups: ["coordination.k8s.io"]
  resources: ["leases"]
  resourceNames: ["descheduler"]
  verbs: ["get", "patch", "delete"]
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -41,4 +48,3 @@ subjects:
  - name: descheduler-sa
    kind: ServiceAccount
    namespace: kube-system
--- a/kubernetes/cronjob/cronjob.yaml
+++ b/kubernetes/cronjob/cronjob.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: batch/v1  # for k8s version < 1.21.0, use batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
		`@@ -0,0 +1 @@`
							`${CONTAINER_ENGINE:-docker} run -it --rm --network host --workdir=/data --volume ~/.kube/config:/root/.kube/config:ro --volume $(pwd):/data quay.io/helmpack/chart-testing:v3.7.0 /bin/bash -c "git config --global --add safe.directory /data; ct install --config=.github/ci/ct.yaml --helm-extra-set-args=\"--set=kind=Deployment\""`