Allow eviction of DaemonSet pods (#1342)

* feat: evictDaemonSetPods flag for evictors * test: evictDaemonSetPods unit and e2e * docs: evictDaemonSetPods
2026-01-28 06:29:29 +01:00 · 2024-04-09 11:47:34 -03:00
parent a2c88582fa
commit 82559025b1
15 changed files with 267 additions and 15 deletions
--- a/pkg/api/v1alpha1/conversion.go
+++ b/pkg/api/v1alpha1/conversion.go
@@ -139,6 +139,14 @@ func V1alpha1ToInternal(
 		}
 	}

+	evictDaemonSetPods := false
+	if deschedulerPolicy.EvictDaemonSetPods != nil {
+		evictDaemonSetPods = *deschedulerPolicy.EvictDaemonSetPods
+		if evictDaemonSetPods {
+			klog.V(1).Info("Warning: EvictDaemonSetPods is set to True. This could cause eviction of Kubernetes DaemonSet pods.")
+		}
+	}
+
 	ignorePvcPods := false
 	if deschedulerPolicy.IgnorePVCPods != nil {
 		ignorePvcPods = *deschedulerPolicy.IgnorePVCPods
@@ -193,6 +201,7 @@ func V1alpha1ToInternal(
 							Name: defaultevictor.PluginName,
 							Args: &defaultevictor.DefaultEvictorArgs{
 								EvictLocalStoragePods:   evictLocalStoragePods,
+								EvictDaemonSetPods:      evictDaemonSetPods,
 								EvictSystemCriticalPods: evictSystemCriticalPods,
 								IgnorePvcPods:           ignorePvcPods,
 								EvictFailedBarePods:     evictBarePods,
--- a/pkg/api/v1alpha1/types.go
+++ b/pkg/api/v1alpha1/types.go
@@ -41,6 +41,9 @@ type DeschedulerPolicy struct {
 	// EvictSystemCriticalPods allows eviction of pods of any priority (including Kubernetes system pods)
 	EvictSystemCriticalPods *bool `json:"evictSystemCriticalPods,omitempty"`

+	// EvictDaemonSetPods allows pods owned by a DaemonSet resource to be evicted.
+	EvictDaemonSetPods *bool `json:"evictDaemonSetPods,omitempty"`
+
 	// IgnorePVCPods prevents pods with PVCs from being evicted.
 	IgnorePVCPods *bool `json:"ignorePvcPods,omitempty"`

--- a/pkg/api/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/api/v1alpha1/zz_generated.deepcopy.go
@@ -57,6 +57,11 @@ func (in *DeschedulerPolicy) DeepCopyInto(out *DeschedulerPolicy) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.EvictDaemonSetPods != nil {
+		in, out := &in.EvictDaemonSetPods, &out.EvictDaemonSetPods
+		*out = new(bool)
+		**out = **in
+	}
 	if in.IgnorePVCPods != nil {
 		in, out := &in.IgnorePVCPods, &out.IgnorePVCPods
 		*out = new(bool)
--- a/pkg/apis/componentconfig/types.go
+++ b/pkg/apis/componentconfig/types.go
@@ -51,6 +51,9 @@ type DeschedulerConfiguration struct {
 	// EvictLocalStoragePods allows pods using local storage to be evicted.
 	EvictLocalStoragePods bool

+	// EvictDaemonSetPods allows pods owned by a DaemonSet resource to be evicted.
+	EvictDaemonSetPods bool
+
 	// IgnorePVCPods sets whether PVC pods should be allowed to be evicted
 	IgnorePVCPods bool

--- a/pkg/apis/componentconfig/v1alpha1/types.go
+++ b/pkg/apis/componentconfig/v1alpha1/types.go
@@ -51,6 +51,9 @@ type DeschedulerConfiguration struct {
 	// EvictLocalStoragePods allows pods using local storage to be evicted.
 	EvictLocalStoragePods bool `json:"evictLocalStoragePods,omitempty"`

+	// EvictDaemonSetPods allows pods owned by a DaemonSet resource to be evicted.
+	EvictDaemonSetPods bool `json:"evictDaemonSetPods,omitempty"`
+
 	// IgnorePVCPods sets whether PVC pods should be allowed to be evicted
 	IgnorePVCPods bool `json:"ignorePvcPods,omitempty"`

--- a/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go
@@ -67,6 +67,7 @@ func autoConvert_v1alpha1_DeschedulerConfiguration_To_componentconfig_Deschedule
 	out.NodeSelector = in.NodeSelector
 	out.MaxNoOfPodsToEvictPerNode = in.MaxNoOfPodsToEvictPerNode
 	out.EvictLocalStoragePods = in.EvictLocalStoragePods
+	out.EvictDaemonSetPods = in.EvictDaemonSetPods
 	out.IgnorePVCPods = in.IgnorePVCPods
 	if err := Convert_v1alpha1_TracingConfiguration_To_componentconfig_TracingConfiguration(&in.Tracing, &out.Tracing, s); err != nil {
 		return err
@@ -89,6 +90,7 @@ func autoConvert_componentconfig_DeschedulerConfiguration_To_v1alpha1_Deschedule
 	out.NodeSelector = in.NodeSelector
 	out.MaxNoOfPodsToEvictPerNode = in.MaxNoOfPodsToEvictPerNode
 	out.EvictLocalStoragePods = in.EvictLocalStoragePods
+	out.EvictDaemonSetPods = in.EvictDaemonSetPods
 	out.IgnorePVCPods = in.IgnorePVCPods
 	if err := Convert_componentconfig_TracingConfiguration_To_v1alpha1_TracingConfiguration(&in.Tracing, &out.Tracing, s); err != nil {
 		return err
--- a/pkg/descheduler/policyconfig_test.go
+++ b/pkg/descheduler/policyconfig_test.go
@@ -134,6 +134,71 @@ func TestV1alpha1ToV1alpha2(t *testing.T) {
 				},
 			},
 		},
+		{
+			description: "convert global policy fields to defaultevictor",
+			policy: &v1alpha1.DeschedulerPolicy{
+				EvictFailedBarePods:     utilpointer.Bool(true),
+				EvictLocalStoragePods:   utilpointer.Bool(true),
+				EvictSystemCriticalPods: utilpointer.Bool(true),
+				EvictDaemonSetPods:      utilpointer.Bool(true),
+				IgnorePVCPods:           utilpointer.Bool(true),
+				Strategies: v1alpha1.StrategyList{
+					removeduplicates.PluginName: v1alpha1.DeschedulerStrategy{
+						Enabled: true,
+						Params: &v1alpha1.StrategyParameters{
+							Namespaces: &v1alpha1.Namespaces{
+								Exclude: []string{
+									"test2",
+								},
+							},
+						},
+					},
+				},
+			},
+			result: &api.DeschedulerPolicy{
+				Profiles: []api.DeschedulerProfile{
+					{
+						Name: fmt.Sprintf("strategy-%s-profile", removeduplicates.PluginName),
+						PluginConfigs: []api.PluginConfig{
+							{
+								Name: defaultevictor.PluginName,
+								Args: &defaultevictor.DefaultEvictorArgs{
+									EvictLocalStoragePods:   true,
+									EvictDaemonSetPods:      true,
+									EvictSystemCriticalPods: true,
+									IgnorePvcPods:           true,
+									EvictFailedBarePods:     true,
+									PriorityThreshold: &api.PriorityThreshold{
+										Value: nil,
+									},
+								},
+							},
+							{
+								Name: removeduplicates.PluginName,
+								Args: &removeduplicates.RemoveDuplicatesArgs{
+									Namespaces: &api.Namespaces{
+										Exclude: []string{
+											"test2",
+										},
+									},
+								},
+							},
+						},
+						Plugins: api.Plugins{
+							Balance: api.PluginSet{
+								Enabled: []string{removeduplicates.PluginName},
+							},
+							Filter: api.PluginSet{
+								Enabled: []string{defaultevictor.PluginName},
+							},
+							PreEvictionFilter: api.PluginSet{
+								Enabled: []string{defaultevictor.PluginName},
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			description: "convert all strategies",
 			policy: &v1alpha1.DeschedulerPolicy{
@@ -947,6 +1012,7 @@ profiles:
        evictSystemCriticalPods: true
        evictFailedBarePods: true
        evictLocalStoragePods: true
+        evictDaemonSetPods: true
        nodeFit: true
    - name: "RemovePodsHavingTooManyRestarts"
      args:
@@ -968,6 +1034,7 @@ profiles:
 									EvictSystemCriticalPods: true,
 									EvictFailedBarePods:     true,
 									EvictLocalStoragePods:   true,
+									EvictDaemonSetPods:      true,
 									PriorityThreshold:       &api.PriorityThreshold{Value: utilpointer.Int32(2000000000)},
 									NodeFit:                 true,
 								},
@@ -1099,6 +1166,7 @@ profiles:
        evictSystemCriticalPods: true
        evictFailedBarePods: true
        evictLocalStoragePods: true
+        evictDaemonSetPods: true
        nodeFit: true
    - name: "RemoveFailedPods"
    plugins:
@@ -1123,6 +1191,7 @@ profiles:
 									EvictSystemCriticalPods: true,
 									EvictFailedBarePods:     true,
 									EvictLocalStoragePods:   true,
+									EvictDaemonSetPods:      true,
 									PriorityThreshold:       &api.PriorityThreshold{Value: utilpointer.Int32(2000000000)},
 									NodeFit:                 true,
 								},
@@ -1161,6 +1230,7 @@ profiles:
        evictSystemCriticalPods: true
        evictFailedBarePods: true
        evictLocalStoragePods: true
+        evictDaemonSetPods: true
        nodeFit: true
    - name: "RemoveFailedPods"
    plugins:
@@ -1179,6 +1249,7 @@ profiles:
 									EvictSystemCriticalPods: true,
 									EvictFailedBarePods:     true,
 									EvictLocalStoragePods:   true,
+									EvictDaemonSetPods:      true,
 									PriorityThreshold:       &api.PriorityThreshold{Value: utilpointer.Int32(2000000000)},
 									NodeFit:                 true,
 								},
--- a/pkg/framework/plugins/defaultevictor/defaultevictor.go
+++ b/pkg/framework/plugins/defaultevictor/defaultevictor.go
@@ -125,6 +125,15 @@ func New(args runtime.Object, handle frameworktypes.Handle) (frameworktypes.Plug
 			return nil
 		})
 	}
+	if !defaultEvictorArgs.EvictDaemonSetPods {
+		ev.constraints = append(ev.constraints, func(pod *v1.Pod) error {
+			ownerRefList := podutil.OwnerRef(pod)
+			if utils.IsDaemonsetPod(ownerRefList) {
+				return fmt.Errorf("pod is related to daemonset and descheduler is not configured with evictDaemonSetPods")
+			}
+			return nil
+		})
+	}
 	if defaultEvictorArgs.IgnorePvcPods {
 		ev.constraints = append(ev.constraints, func(pod *v1.Pod) error {
 			if utils.IsPodWithPVC(pod) {
@@ -207,11 +216,6 @@ func (d *DefaultEvictor) Filter(pod *v1.Pod) bool {
 		return true
 	}

-	ownerRefList := podutil.OwnerRef(pod)
-	if utils.IsDaemonsetPod(ownerRefList) {
-		checkErrs = append(checkErrs, fmt.Errorf("pod is a DaemonSet pod"))
-	}
-
 	if utils.IsMirrorPod(pod) {
 		checkErrs = append(checkErrs, fmt.Errorf("pod is a mirror pod"))
 	}
--- a/pkg/framework/plugins/defaultevictor/defaults.go
+++ b/pkg/framework/plugins/defaultevictor/defaults.go
@@ -31,6 +31,9 @@ func SetDefaults_DefaultEvictorArgs(obj runtime.Object) {
 	if !args.EvictLocalStoragePods {
 		args.EvictLocalStoragePods = false
 	}
+	if !args.EvictDaemonSetPods {
+		args.EvictDaemonSetPods = false
+	}
 	if !args.EvictSystemCriticalPods {
 		args.EvictSystemCriticalPods = false
 	}
--- a/pkg/framework/plugins/defaultevictor/defaults_test.go
+++ b/pkg/framework/plugins/defaultevictor/defaults_test.go
@@ -35,6 +35,7 @@ func TestSetDefaults_DefaultEvictorArgs(t *testing.T) {
 			want: &DefaultEvictorArgs{
 				NodeSelector:            "",
 				EvictLocalStoragePods:   false,
+				EvictDaemonSetPods:      false,
 				EvictSystemCriticalPods: false,
 				IgnorePvcPods:           false,
 				EvictFailedBarePods:     false,
@@ -48,6 +49,7 @@ func TestSetDefaults_DefaultEvictorArgs(t *testing.T) {
 			in: &DefaultEvictorArgs{
 				NodeSelector:            "NodeSelector",
 				EvictLocalStoragePods:   true,
+				EvictDaemonSetPods:      true,
 				EvictSystemCriticalPods: true,
 				IgnorePvcPods:           true,
 				EvictFailedBarePods:     true,
@@ -60,6 +62,7 @@ func TestSetDefaults_DefaultEvictorArgs(t *testing.T) {
 			want: &DefaultEvictorArgs{
 				NodeSelector:            "NodeSelector",
 				EvictLocalStoragePods:   true,
+				EvictDaemonSetPods:      true,
 				EvictSystemCriticalPods: true,
 				IgnorePvcPods:           true,
 				EvictFailedBarePods:     true,
--- a/pkg/framework/plugins/defaultevictor/types.go
+++ b/pkg/framework/plugins/defaultevictor/types.go
@@ -27,6 +27,7 @@ type DefaultEvictorArgs struct {

 	NodeSelector            string                 `json:"nodeSelector"`
 	EvictLocalStoragePods   bool                   `json:"evictLocalStoragePods"`
+	EvictDaemonSetPods      bool                   `json:"evictDaemonSetPods"`
 	EvictSystemCriticalPods bool                   `json:"evictSystemCriticalPods"`
 	IgnorePvcPods           bool                   `json:"ignorePvcPods"`
 	EvictFailedBarePods     bool                   `json:"evictFailedBarePods"`