Add request-evict-only annotation to virt-launcher pods

Add the `descheduler.alpha.kubernetes.io/request-evict-only` annotation to virt-launcher pods. This annotation should be added to already running pods too. ref: kubevirt/community#258 Signed-off-by: fossedihelm <[email protected]>
fossedihelm · Jun 11, 2024 · a70333b · a70333b
1 parent a7556cd
commit a70333b
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 17 deletions.
diff --git a/pkg/virt-controller/services/BUILD.bazel b/pkg/virt-controller/services/BUILD.bazel
@@ -33,6 +33,7 @@ go_library(
         "//pkg/util/net/dns:go_default_library",
         "//pkg/virt-config:go_default_library",
         "//pkg/virt-controller/network:go_default_library",
+        "//pkg/virt-controller/watch/descheduler:go_default_library",
         "//pkg/virt-controller/watch/topology:go_default_library",
         "//pkg/virt-launcher/virtwrap/api:go_default_library",
         "//pkg/virt-operator/util:go_default_library",

diff --git a/pkg/virt-controller/services/template.go b/pkg/virt-controller/services/template.go
@@ -56,6 +56,7 @@ import (
 	"kubevirt.io/kubevirt/pkg/util/net/dns"
 	virtconfig "kubevirt.io/kubevirt/pkg/virt-config"
 	"kubevirt.io/kubevirt/pkg/virt-controller/network"
+	"kubevirt.io/kubevirt/pkg/virt-controller/watch/descheduler"
 	"kubevirt.io/kubevirt/pkg/virt-controller/watch/topology"
 	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/api"
 	operatorutil "kubevirt.io/kubevirt/pkg/virt-operator/util"
@@ -1365,6 +1366,8 @@ func generatePodAnnotations(vmi *v1.VirtualMachineInstance, config *virtconfig.C
 	// Set this annotation now to indicate that the newly created virt-launchers will use
 	// unix sockets as a transport for migration
 	annotationsSet[v1.MigrationTransportUnixAnnotation] = "true"
+	annotationsSet[descheduler.EvictOnlyAnnotation] = ""
+
 	return annotationsSet, nil
 }
 

diff --git a/pkg/virt-controller/services/template_test.go b/pkg/virt-controller/services/template_test.go
@@ -418,15 +418,16 @@ var _ = Describe("Template", func() {
 					v1.VirtualMachineNameLabel: "testvmi",
 				}))
 				Expect(pod.ObjectMeta.Annotations).To(Equal(map[string]string{
-					v1.DomainAnnotation:                       "testvmi",
-					"test":                                    "shouldBeInPod",
-					hooks.HookSidecarListAnnotationName:       `[{"image": "some-image:v1", "imagePullPolicy": "IfNotPresent"}]`,
-					"pre.hook.backup.velero.io/container":     "compute",
-					"pre.hook.backup.velero.io/command":       "[\"/usr/bin/virt-freezer\", \"--freeze\", \"--name\", \"testvmi\", \"--namespace\", \"testns\"]",
-					"post.hook.backup.velero.io/container":    "compute",
-					"post.hook.backup.velero.io/command":      "[\"/usr/bin/virt-freezer\", \"--unfreeze\", \"--name\", \"testvmi\", \"--namespace\", \"testns\"]",
-					"kubevirt.io/migrationTransportUnix":      "true",
-					"kubectl.kubernetes.io/default-container": "compute",
+					v1.DomainAnnotation:                                  "testvmi",
+					"test":                                               "shouldBeInPod",
+					hooks.HookSidecarListAnnotationName:                  `[{"image": "some-image:v1", "imagePullPolicy": "IfNotPresent"}]`,
+					"pre.hook.backup.velero.io/container":                "compute",
+					"pre.hook.backup.velero.io/command":                  "[\"/usr/bin/virt-freezer\", \"--freeze\", \"--name\", \"testvmi\", \"--namespace\", \"testns\"]",
+					"post.hook.backup.velero.io/container":               "compute",
+					"post.hook.backup.velero.io/command":                 "[\"/usr/bin/virt-freezer\", \"--unfreeze\", \"--name\", \"testvmi\", \"--namespace\", \"testns\"]",
+					"kubevirt.io/migrationTransportUnix":                 "true",
+					"kubectl.kubernetes.io/default-container":            "compute",
+					"descheduler.alpha.kubernetes.io/request-evict-only": "",
 				}))
 				Expect(pod.ObjectMeta.OwnerReferences).To(Equal([]metav1.OwnerReference{{
 					APIVersion:         v1.VirtualMachineInstanceGroupVersionKind.GroupVersion().String(),

diff --git a/pkg/virt-controller/watch/BUILD.bazel b/pkg/virt-controller/watch/BUILD.bazel
@@ -46,6 +46,7 @@ go_library(
         "//pkg/virt-controller/network:go_default_library",
         "//pkg/virt-controller/services:go_default_library",
         "//pkg/virt-controller/watch/clone:go_default_library",
+        "//pkg/virt-controller/watch/descheduler:go_default_library",
         "//pkg/virt-controller/watch/drain/disruptionbudget:go_default_library",
         "//pkg/virt-controller/watch/drain/evacuation:go_default_library",
         "//pkg/virt-controller/watch/migration:go_default_library",
@@ -130,6 +131,7 @@ go_test(
         "//pkg/virt-controller/network:go_default_library",
         "//pkg/virt-controller/services:go_default_library",
         "//pkg/virt-controller/watch/clone:go_default_library",
+        "//pkg/virt-controller/watch/descheduler:go_default_library",
         "//pkg/virt-controller/watch/drain/disruptionbudget:go_default_library",
         "//pkg/virt-controller/watch/drain/evacuation:go_default_library",
         "//pkg/virt-controller/watch/migration:go_default_library",

diff --git a/pkg/virt-controller/watch/descheduler/BUILD.bazel b/pkg/virt-controller/watch/descheduler/BUILD.bazel
@@ -0,0 +1,8 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["descheduler.go"],
+    importpath = "kubevirt.io/kubevirt/pkg/virt-controller/watch/descheduler",
+    visibility = ["//visibility:public"],
+)
diff --git a/pkg/virt-controller/watch/descheduler/descheduler.go b/pkg/virt-controller/watch/descheduler/descheduler.go
@@ -0,0 +1,25 @@
+/*
+ * This file is part of the KubeVirt project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright The KubeVirt Authors
+ *
+ */
+
+package descheduler
+
+// EvictOnlyAnnotation indicates pods whose eviction is not expected to be completed right away.
+// Instead, an eviction request is expected to be intercepted by an external component which will initiate the
+// eviction process for the pod.
+const EvictOnlyAnnotation = "descheduler.alpha.kubernetes.io/request-evict-only"
diff --git a/pkg/virt-controller/watch/vmi.go b/pkg/virt-controller/watch/vmi.go
@@ -23,6 +23,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"maps"
 	"sort"
 	"strings"
 	"time"
@@ -63,6 +64,7 @@ import (
 	traceUtils "kubevirt.io/kubevirt/pkg/util/trace"
 	virtconfig "kubevirt.io/kubevirt/pkg/virt-config"
 	"kubevirt.io/kubevirt/pkg/virt-controller/services"
+	"kubevirt.io/kubevirt/pkg/virt-controller/watch/descheduler"
 )
 
 const (
@@ -1134,14 +1136,14 @@ func (c *VMIController) sync(vmi *virtv1.VirtualMachineInstance, pod *k8sv1.Pod,
 	}
 
 	if !isTempPod(pod) && controller.IsPodReady(pod) {
-		newAnnotations := network.GeneratePodAnnotations(vmi.Spec.Networks, vmi.Spec.Domain.Devices.Interfaces, pod.Annotations[networkv1.NetworkStatusAnnot], c.clusterConfig.GetNetworkBindings())
-		if len(newAnnotations) != 0 {
-			patchedPod, err := c.syncPodAnnotations(pod, newAnnotations)
-			if err != nil {
-				return &syncErrorImpl{err, controller.FailedPodPatchReason}
-			}
-			*pod = *patchedPod
+		newAnnotations := map[string]string{descheduler.EvictOnlyAnnotation: ""}
+		maps.Copy(newAnnotations, network.GeneratePodAnnotations(vmi.Spec.Networks, vmi.Spec.Domain.Devices.Interfaces, pod.Annotations[networkv1.NetworkStatusAnnot], c.clusterConfig.GetNetworkBindings()))
+
+		patchedPod, err := c.syncPodAnnotations(pod, newAnnotations)
+		if err != nil {
+			return &syncErrorImpl{err, controller.FailedPodPatchReason}
 		}
+		*pod = *patchedPod
 
 		hotplugVolumes := controller.GetHotplugVolumes(vmi, pod)
 		hotplugAttachmentPods, err := controller.AttachmentPods(pod, c.podIndexer)

diff --git a/pkg/virt-controller/watch/vmi_test.go b/pkg/virt-controller/watch/vmi_test.go
@@ -65,6 +65,7 @@ import (
 	virtconfig "kubevirt.io/kubevirt/pkg/virt-config"
 	"kubevirt.io/kubevirt/pkg/virt-controller/network"
 	"kubevirt.io/kubevirt/pkg/virt-controller/services"
+	"kubevirt.io/kubevirt/pkg/virt-controller/watch/descheduler"
 	"kubevirt.io/kubevirt/pkg/virt-controller/watch/topology"
 )
 
@@ -3942,7 +3943,8 @@ func setDataVolumeCondition(dv *cdiv1.DataVolume, cond cdiv1.DataVolumeCondition
 
 func NewPodForVirtualMachine(vmi *virtv1.VirtualMachineInstance, phase k8sv1.PodPhase) *k8sv1.Pod {
 	podAnnotations := map[string]string{
-		virtv1.DomainAnnotation: vmi.Name,
+		virtv1.DomainAnnotation:         vmi.Name,
+		descheduler.EvictOnlyAnnotation: "",
 	}
 	return &k8sv1.Pod{
 		ObjectMeta: metav1.ObjectMeta{