search

kubernetes-sigs / descheduler

Descheduler for Kubernetes
https://sigs.k8s.io/descheduler
Apache License 2.0
4.24k stars 645 forks source link

evictLocalStoragePods doesn't seem to work with the PodLifeTime plugin #1269

Closed nalshamaajc closed 8 months ago

nalshamaajc commented 8 months ago

https://github.com/kubernetes-sigs/descheduler/blob/73eb42467a3dc8f8c6aebf06acf93438a4dd57c6/charts/descheduler/values.yaml#L85

Hello, I'm using descheduler to manage Pod Time To Live. I'm deploying it as a kind: deployment using the helm chart. I checked the clusterrole and it's binding to the service account. I also tested that the service account can do what it needs to do using the kubectl auth can-i ... command and it was all working fine. The below snippet of the configmap works

apiVersion: v1  
data:   
  policy.yaml: |    
    apiVersion: "descheduler/v1alpha2"  
    kind: "DeschedulerPolicy"   
    profiles:   
    - name: pod-ttl 
      pluginConfig: 
      - args:   
          labelSelector:    
            matchExpressions:   
            - key: app  
              operator: In  
              values:   
              - kj-test-deploy  
          maxPodLifeTimeSeconds: 120    
          namespaces:   
            include:    
            - default   
        name: PodLifeTime   
      plugins:  
        deschedule: 
          enabled:  
          - PodLifeTime 
    - name: node-affinity   
      pluginConfig: 
      - args:   
          namespaces:   
            exclude:    
            - karpenter 
          nodeAffinityType: 
          - preferredDuringSchedulingIgnoredDuringExecution 
        name: RemovePodsViolatingNodeAffinity   
      plugins:  
        deschedule: 
          enabled:  
          - RemovePodsViolatingNodeAffinity

When I change the namespace, and label key and value nothing happens as if the rule is not matching any pods. Below is a snippet of the changes

          labelSelector:    
            matchExpressions:   
            - key: service  
              operator: In  
              values:   
              - greeter-api 
          maxPodLifeTimeSeconds: 120    
          namespaces:   
            include:    
            - default   
            - greeter

You can also see that the resource should match the conditions in terms of time being > than 120 seconds and the namespaces and labels also match.

kubectl get pods -l service=greeter-api -n greeter
NAME                          READY   STATUS    RESTARTS   AGE
greeter-api-bc857d697-cg7sc   2/2     Running   0          18d
greeter-api-bc857d697-xthgq   2/2     Running   0          18d

Below is the snippet of the helmchart values file that I'm using and is also not being successful (the values are not exact but the structure is).

deschedulerPolicy:
  profiles:
    - name: pod-ttl
      pluginConfig:
      - name: "PodLifeTime"
        args:
          maxPodLifeTimeSeconds: 120
          namespaces:
            include:
            - "default"
            - "greeter"
          labelSelector:
            matchExpressions:
              - {key: service, operator: In, values: ["greeter"]}
      plugins:
        deschedule:
          enabled:
            - "PodLifeTime"

I increased the logging debug verbosity and I got the below error (values were changed

I1019 13:52:47.602974       1 defaultevictor.go:202] "Pod fails the following checks" pod="greeter/greeter-55dc4fb58d-2m7qk" checks="pod has local storage and descheduler is not configured with evictLocalStoragePods"

So I added the parameter and it looks like the below in the configmap

apiVersion: v1
data:
  policy.yaml: |
    apiVersion: "descheduler/v1alpha2"
    kind: "DeschedulerPolicy"
    evictLocalStoragePods: true    #<-- HERE
    profiles:
    - name: pod-ttl
a7i commented 8 months ago

It shoud be set at DefaultEvictor level. Would you try the following?

    profiles:
    - name: pod-ttl 
      pluginConfig:
      - name: DefaultEvictor
        args:
          evictLocalStoragePods: true
      - args:   
          labelSelector:    
            matchExpressions:   
            - key: app  
              operator: In  
              values:   
              - kj-test-deploy  
          maxPodLifeTimeSeconds: 120    
          namespaces:   
            include:    
            - default   
        name: PodLifeTime
nalshamaajc commented 8 months ago

This worked after some modifications thanks, unfortunately the docs are not clear enough on this part.

a7i commented 8 months ago

@nalshamaajc would you be open to creating a PR to make the docs better? ref: https://github.com/kubernetes-sigs/descheduler#example-policy