mirror of
https://github.com/kubernetes-sigs/descheduler.git
synced 2026-01-25 20:59:28 +01:00
d9d6ca64e9
this commit introduces a new customization on the existing PodsWithPVC
protection. this new customization allow users to make pods that refer
to a given storage class unevictable.
for example, to protect pods referring to `storage-class-0` and
`storage-class-1` this configuration can be used:
```yaml
apiVersion: "descheduler/v1alpha2"
kind: "DeschedulerPolicy"
profiles:
- name: ProfileName
pluginConfig:
- name: "DefaultEvictor"
args:
podProtections:
extraEnabled:
- PodsWithPVC
config:
PodsWithPVC:
protectedStorageClasses:
- name: storage-class-0
- name: storage-class-1
```
changes introduced by this pr:
1. the descheduler starts to observe persistent volume claims.
1. a new api field was introduced to allow per pod protection config.
1. rbac had to be adjusted (+persistentvolumeclaims).
101 lines
3.9 KiB
Go
101 lines
3.9 KiB
Go
/*
|
|
Copyright 2022 The Kubernetes Authors.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package defaultevictor
|
|
|
|
import (
|
|
"fmt"
|
|
"slices"
|
|
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
utilerrors "k8s.io/apimachinery/pkg/util/errors"
|
|
"k8s.io/klog/v2"
|
|
)
|
|
|
|
func ValidateDefaultEvictorArgs(obj runtime.Object) error {
|
|
args := obj.(*DefaultEvictorArgs)
|
|
var allErrs []error
|
|
if args.PriorityThreshold != nil && args.PriorityThreshold.Value != nil && len(args.PriorityThreshold.Name) > 0 {
|
|
allErrs = append(allErrs, fmt.Errorf("priority threshold misconfigured, only one of priorityThreshold fields can be set"))
|
|
}
|
|
|
|
if args.MinReplicas == 1 {
|
|
klog.V(4).Info("DefaultEvictor minReplicas must be greater than 1 to check for min pods during eviction. This check will be ignored during eviction.")
|
|
}
|
|
|
|
if args.NoEvictionPolicy != "" {
|
|
if args.NoEvictionPolicy != PreferredNoEvictionPolicy && args.NoEvictionPolicy != MandatoryNoEvictionPolicy {
|
|
allErrs = append(allErrs, fmt.Errorf("noEvictionPolicy accepts only %q values", []NoEvictionPolicy{PreferredNoEvictionPolicy, MandatoryNoEvictionPolicy}))
|
|
}
|
|
}
|
|
|
|
// check if any deprecated fields are set to true
|
|
hasDeprecatedFields := args.EvictLocalStoragePods || args.EvictDaemonSetPods ||
|
|
args.EvictSystemCriticalPods || args.IgnorePvcPods ||
|
|
args.EvictFailedBarePods || args.IgnorePodsWithoutPDB
|
|
|
|
// disallow mixing deprecated fields with PodProtections.ExtraEnabled and PodProtections.DefaultDisabled
|
|
if hasDeprecatedFields && (len(args.PodProtections.ExtraEnabled) > 0 || len(args.PodProtections.DefaultDisabled) > 0) {
|
|
allErrs = append(allErrs, fmt.Errorf("cannot use Deprecated fields alongside PodProtections.ExtraEnabled or PodProtections.DefaultDisabled"))
|
|
}
|
|
|
|
if len(args.PodProtections.ExtraEnabled) > 0 || len(args.PodProtections.DefaultDisabled) > 0 {
|
|
|
|
for _, policy := range args.PodProtections.ExtraEnabled {
|
|
if !slices.Contains(extraPodProtections, policy) {
|
|
allErrs = append(allErrs, fmt.Errorf("invalid pod protection policy in ExtraEnabled: %q. Valid options are: %v",
|
|
string(policy), extraPodProtections))
|
|
}
|
|
}
|
|
|
|
for _, policy := range args.PodProtections.DefaultDisabled {
|
|
if !slices.Contains(defaultPodProtections, policy) {
|
|
allErrs = append(allErrs, fmt.Errorf("invalid pod protection policy in DefaultDisabled: %q. Valid options are: %v",
|
|
string(policy), defaultPodProtections))
|
|
}
|
|
}
|
|
|
|
if hasDuplicates(args.PodProtections.DefaultDisabled) {
|
|
allErrs = append(allErrs, fmt.Errorf("PodProtections.DefaultDisabled contains duplicate entries"))
|
|
}
|
|
|
|
if hasDuplicates(args.PodProtections.ExtraEnabled) {
|
|
allErrs = append(allErrs, fmt.Errorf("PodProtections.ExtraEnabled contains duplicate entries"))
|
|
}
|
|
|
|
if slices.Contains(args.PodProtections.ExtraEnabled, PodsWithPVC) {
|
|
if args.PodProtections.Config != nil && args.PodProtections.Config.PodsWithPVC != nil {
|
|
protectedsc := args.PodProtections.Config.PodsWithPVC.ProtectedStorageClasses
|
|
for i, sc := range protectedsc {
|
|
if sc.Name == "" {
|
|
allErrs = append(allErrs, fmt.Errorf("PodProtections.Config.PodsWithPVC.ProtectedStorageClasses[%d] name cannot be empty", i))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return utilerrors.NewAggregate(allErrs)
|
|
}
|
|
|
|
func hasDuplicates(slice []PodProtection) bool {
|
|
seen := make(map[PodProtection]struct{}, len(slice))
|
|
for _, item := range slice {
|
|
if _, exists := seen[item]; exists {
|
|
return true
|
|
}
|
|
seen[item] = struct{}{}
|
|
}
|
|
return false
|
|
}
|