Skip to content

feat: enable pod protection based on storage classes #1752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
k8s-ci-robot merged 1 commit into from
Oct 30, 2025
Merged

feat: enable pod protection based on storage classes #1752

k8s-ci-robot merged 1 commit into from
Oct 30, 2025
+837 −10

Conversation

@ricardomaraschini
Copy link
Contributor

@ricardomaraschini ricardomaraschini commented Oct 8, 2025
edited
Loading

Description

fixes #633

this commit introduces a new customization on the existing PodsWithPVC
protection. this new customization allow users to make pods that refer
to a given storage class unevictable.

for example, to protect pods referring to storage-class-0 and
storage-class-1 this configuration can be used:

apiVersion: "descheduler/v1alpha2"
kind: "DeschedulerPolicy"
profiles:
- name: ProfileName
  pluginConfig:
  - name: "DefaultEvictor"
    args:
      podProtections:
        extraEnabled:
        - PodsWithPVC
        config:
          PodsWithPVC:
            protectedStorageClasses:
            - name: storage-class-0
            - name: storage-class-1

Changes introduced by this pr:

  1. the descheduler starts to observe persistent volume claims.
  2. a new api field was introduced to allow per pod protection config.
  3. rbac had to be adjusted (+persistentvolumeclaims).

Checklist

Please ensure your pull request meets the following criteria before submitting
for review, these items will be used by reviewers to assess the quality and
completeness of your changes:

  • Code Readability: Is the code easy to understand, well-structured, and consistent with project conventions?
  • Naming Conventions: Are variable, function, and structs descriptive and consistent?
  • Code Duplication: Is there any repeated code that should be refactored?
  • Function/Method Size: Are functions/methods short and focused on a single task?
  • Comments & Documentation: Are comments clear, useful, and not excessive? Were comments updated where necessary?
  • Error Handling: Are errors handled appropriately ?
  • Testing: Are there sufficient unit/integration tests?
  • Performance: Are there any obvious performance issues or unnecessary computations?
  • Dependencies: Are new dependencies justified ?
  • Logging & Monitoring: Is logging used appropriately (not too verbose, not too silent)?
  • Backward Compatibility: Does this change break any existing functionality or APIs?
  • Resource Management: Are resources (files, connections, memory) managed and released properly?
  • PR Description: Is the PR description clear, providing enough context and explaining the motivation for the change?
  • Documentation & Changelog: Are README and docs updated if necessary?

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Oct 8, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 8, 2025
@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 8, 2025

/test all

@ricardomaraschini ricardomaraschini force-pushed the create-protection-for-pods-using-storage-class branch from edcfa11 to 5d26502 Compare October 8, 2025 08:10
@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 8, 2025

/test all

@ricardomaraschini ricardomaraschini force-pushed the create-protection-for-pods-using-storage-class branch from 5d26502 to 6d02828 Compare October 8, 2025 08:18
@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 8, 2025

/test all

@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 8, 2025

/retest

@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 8, 2025

/test all

@googs1025
Copy link
Member

googs1025 commented Oct 8, 2025

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Oct 8, 2025
@ricardomaraschini ricardomaraschini force-pushed the create-protection-for-pods-using-storage-class branch from 6d02828 to f0f9d98 Compare October 8, 2025 08:32
@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 8, 2025

/test all

googs1025
googs1025 reviewed Oct 8, 2025
View reviewed changes
@ricardomaraschini ricardomaraschini force-pushed the create-protection-for-pods-using-storage-class branch from f0f9d98 to 888c4f1 Compare October 8, 2025 18:59
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 8, 2025
@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 8, 2025

/test all

@ricardomaraschini ricardomaraschini marked this pull request as ready for review October 9, 2025 08:10
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 9, 2025
googs1025
googs1025 reviewed Oct 9, 2025
View reviewed changes
Copy link
Member

@googs1025 googs1025 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use noEvictionPolicy directly to solve this issue? 🤔

https://github.com/kubernetes-sigs/descheduler?tab=readme-ov-file#evictor-plugin-configuration-default-evictor

@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 9, 2025

Can we use noEvictionPolicy directly to solve this issue? 🤔

https://github.com/kubernetes-sigs/descheduler?tab=readme-ov-file#evictor-plugin-configuration-default-evictor

Would you mind elaborating more ? I did not follow.

ingvagabund
ingvagabund reviewed Oct 13, 2025
View reviewed changes
@ricardomaraschini ricardomaraschini force-pushed the create-protection-for-pods-using-storage-class branch from 9a81d63 to 4a2a136 Compare October 13, 2025 10:44
@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 21, 2025

/test pull-descheduler-test-e2e-k8s-master-1-34

@ricardomaraschini
Copy link
Contributor Author

ricardomaraschini commented Oct 23, 2025

@ingvagabund Any other input on this one ?

ingvagabund
ingvagabund reviewed Oct 27, 2025
View reviewed changes
pkg/framework/plugins/defaultevictor/types.go Outdated
// i.e. if a pod refers to one of these storage classes it is protected
// from being evicted. If none is provided then all pods with PVCs are
// protected from eviction.
StorageClasses []string `json:"storageClasses,omitempty"`
Copy link
Contributor

@ingvagabund ingvagabund Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API nit: storageClasses name does not directly says whether the list of provided SCs will be protected or "every SC but those listed here" will be protected. s/StorageClasses/ProtectedStorageClasses/ will make it more clear.

Copy link
Contributor

@ingvagabund ingvagabund Oct 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For future extension it might be better to go with:

StorageClasses []StorageClass

and

type StorageClass struct {
	Name string `json:"name,omitempty`
}

Just in case other SC options become relevant. E.g. protect based on a provisioner rather a specific storage class name.

With the initial validation requiring the name field to be set for each item in StorageClasses list.

Copy link
Contributor Author

@ricardomaraschini ricardomaraschini Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those are pretty valid points. I have changed the code accordingly. Please take a look.

@ricardomaraschini
feat: enable pod protection based on storage classes
d9d6ca6 
this commit introduces a new customization on the existing PodsWithPVC
protection. this new customization allow users to make pods that refer
to a given storage class unevictable.

for example, to protect pods referring to `storage-class-0` and
`storage-class-1` this configuration can be used:

```yaml
apiVersion: "descheduler/v1alpha2"
kind: "DeschedulerPolicy"
profiles:
- name: ProfileName
  pluginConfig:
  - name: "DefaultEvictor"
    args:
      podProtections:
        extraEnabled:
        - PodsWithPVC
        config:
          PodsWithPVC:
            protectedStorageClasses:
            - name: storage-class-0
            - name: storage-class-1
```

changes introduced by this pr:

1. the descheduler starts to observe persistent volume claims.
1. a new api field was introduced to allow per pod protection config.
1. rbac had to be adjusted (+persistentvolumeclaims).
@ricardomaraschini ricardomaraschini force-pushed the create-protection-for-pods-using-storage-class branch from 4a2a136 to d9d6ca6 Compare October 29, 2025 10:22
@ingvagabund
Copy link
Contributor

ingvagabund commented Oct 30, 2025

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 30, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Oct 30, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ingvagabund

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 30, 2025
@k8s-ci-robot k8s-ci-robot merged commit 582641c into kubernetes-sigs:master Oct 30, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ingvagabund ingvagabund ingvagabund left review comments

@jklaw90 jklaw90 Awaiting requested review from jklaw90

@seanmalloy seanmalloy Awaiting requested review from seanmalloy

+1 more reviewer

@googs1025 googs1025 googs1025 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ingvagabund ingvagabund

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Stop eviction of Pods with Local Storage PVC

4 participants

@ricardomaraschini @k8s-ci-robot @googs1025 @ingvagabund