{"id":18637024,"url":"https://github.com/openshift/cluster-kube-descheduler-operator","last_synced_at":"2025-09-14T15:36:42.284Z","repository":{"id":37819540,"uuid":"153352722","full_name":"openshift/cluster-kube-descheduler-operator","owner":"openshift","description":"An operator to run descheduler on OpenShift.","archived":false,"fork":false,"pushed_at":"2025-09-13T08:33:08.000Z","size":85047,"stargazers_count":55,"open_issues_count":54,"forks_count":54,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-09-13T10:48:12.934Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openshift.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-10-16T20:52:47.000Z","updated_at":"2025-08-29T07:08:56.000Z","dependencies_parsed_at":"2023-10-17T01:56:04.526Z","dependency_job_id":"b5b35ecf-1f63-493c-8f22-a5db1bf5ca46","html_url":"https://github.com/openshift/cluster-kube-descheduler-operator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/openshift/cluster-kube-descheduler-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-descheduler-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-descheduler-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-descheduler-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-descheduler-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift","download_url":"https://codeload.github.com/openshift/cluster-kube-descheduler-operator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-descheduler-operator/sbom","scorecard":{"id":294319,"data":{"date":"2025-08-11","repo":{"name":"github.com/openshift/cluster-kube-descheduler-operator","commit":"c3649f85807f64b0522f685ceafe40d2f656df3d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.5,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/openshift/.github/SECURITY.md:1","Info: Found linked content: github.com/openshift/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/openshift/.github/SECURITY.md:1","Info: Found text in security policy: github.com/openshift/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3521","Warn: Project is vulnerable to: GO-2025-3547"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:6","Warn: containerImage not pinned by hash: Dockerfile.metadata:1","Warn: containerImage not pinned by hash: Dockerfile.metadata:5: pin your Docker image by updating registry.ci.openshift.org/openshift/origin-v4.0:base to registry.ci.openshift.org/openshift/origin-v4.0:base@sha256:cbd0e2931e6ae8cbd1522cd7226cff89629c21a3652f6fd57d84f405d432c07a","Warn: containerImage not pinned by hash: Dockerfile.rhel7:1","Warn: containerImage not pinned by hash: Dockerfile.rhel7:6","Warn: containerImage not pinned by hash: build/Dockerfile:1: pin your Docker image by updating alpine:3.6 to alpine:3.6@sha256:66790a2b79e1ea3e1dabac43990c54aca5d1ddf268d9a5a0285e4167c8b24475","Warn: containerImage not pinned by hash: bundle.Dockerfile:1","Warn: containerImage not pinned by hash: bundle.Dockerfile:19","Warn: downloadThenRun not pinned by hash: hack/run-e2e.sh:12","Warn: downloadThenRun not pinned by hash: hack/run-e2e.sh:13","Warn: downloadThenRun not pinned by hash: hack/run-e2e.sh:14","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Warn: goCommand not pinned by hash: vendor/github.com/openshift/build-machinery-go/scripts/vulncheck.sh:8","Info:   0 out of   9 containerImage dependencies pinned","Info:   0 out of   3 downloadThenRun dependencies pinned","Info:   1 out of   3 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-17T19:06:19.049Z","repository_id":37819540,"created_at":"2025-08-17T19:06:19.050Z","updated_at":"2025-08-17T19:06:19.050Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275125289,"owners_count":25409880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-14T02:00:10.474Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T05:32:41.550Z","updated_at":"2025-09-14T15:36:42.274Z","avatar_url":"https://github.com/openshift.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kube Descheduler Operator\n\nRun the descheduler in your OpenShift cluster to move pods based on specific strategies.\n\n## Releases\n\n| kdo version | ocp version | k8s version | golang |\n| ----------- | ----------- | ----------- | ------ |\n| 5.0.0       | 4.15, 4.16  | 1.28        | 1.20   |\n| 5.0.1       | 4.15, 4.16  | 1.29        | 1.21   |\n| 5.0.2       | 4.15, 4.16  | 1.29        | 1.21   |\n| 5.1.0       | 4.17, 4.18  | 1.30        | 1.22   |\n| 5.1.1       | 4.17, 4.18  | 1.31        | 1.22   |\n| 5.1.2       | 4.17, 4.18  | 1.31        | 1.22   |\n| 5.1.3       | 4.17, 4.18  | 1.31        | 1.22   |\n| 5.2.0       | 4.19, 4.20  | 1.32        | 1.23   |\n| 5.3.0       | 4.20, 4.21  | 1.33        | 1.24   |\n\n## Rebase instruction\n\n```\nSteps:\n- [ ] bump .ci-operator.yaml if needed (as a separate PR and wait until the changes gets propagated to https://github.com/openshift/release/tree/master/ci-operator/config/openshift/ of the corresponding CI definition)\n- [ ] bump go version in a go.mod file if needed (check go.mod of the corresponding kubernetes release under https://github.com/kubernetes/kubernetes/branches)\n- [ ] bump all k8s.io/*, github.com/openshift/* and other relevant dependencies (you can consults the corresponding go.mod file as mentioned previously)\n- [ ] (recommended) commit all the go.mod and go.sum changes separatelly from `go mod vendor` changes\n- [ ] run \"go mod vendor\" and commit the changes\n- [ ] build the code (e.g. by running make) and adjust the code if needed to make the building step compile successfully\n- [ ] run unit tests (e.g. by running make unit-tests) successfully\n- [ ] commit the code adjustments if there are any\n```\n\n## Deploy the operator\n\n### Quick Development\n\n1. Build and push the operator image to a registry:\n2. Ensure the `image` spec in `deploy/05_deployment.yaml` refers to the operator image you pushed\n3. Run `oc create -f deploy/.`\n\n### OperatorHub install with custom index image\n\nThis process refers to building the operator in a way that it can be installed locally via the OperatorHub with a custom index image\n\n1. Build and push the operator image to a registry:\n   ```sh\n   export QUAY_USER=${your_quay_user_id}\n   export IMAGE_TAG=${your_image_tag}\n   podman build -t quay.io/${QUAY_USER}/cluster-kube-descheduler-operator:${IMAGE_TAG} -f Dockerfile.rhel7\n   podman login quay.io -u ${QUAY_USER}\n   podman push quay.io/${QUAY_USER}/cluster-kube-descheduler-operator:${IMAGE_TAG}\n   ```\n\n1. Update the `.spec.install.spec.deployments[0].spec.template.spec.containers[0].image` field in the KDO CSV under `./manifests/cluster-kube-descheduler-operator.clusterserviceversion.yaml` to point to the newly built image.\n\n1. build and push the metadata image to a registry (e.g. https://quay.io):\n   ```sh\n   podman build -t quay.io/${QUAY_USER}/cluster-kube-descheduler-operator-metadata:${IMAGE_TAG} -f Dockerfile.metadata .\n   podman push quay.io/${QUAY_USER}/cluster-kube-descheduler-operator-metadata:${IMAGE_TAG}\n   ```\n\n1. build and push image index for operator-registry (pull and build https://github.com/operator-framework/operator-registry/ to get the `opm` binary)\n   ```sh\n   opm index add --bundles quay.io/${QUAY_USER}/cluster-kube-descheduler-operator-metadata:${IMAGE_TAG} --tag quay.io/${QUAY_USER}/cluster-kube-descheduler-operator-index:${IMAGE_TAG}\n   podman push quay.io/${QUAY_USER}/cluster-kube-descheduler-operator-index:${IMAGE_TAG}\n   ```\n\n   Don't forget to increase the number of open files, .e.g. `ulimit -n 100000` in case the current limit is insufficient.\n\n1. create and apply catalogsource manifest (remember to change \u003c\u003cQUAY_USER\u003e\u003e and \u003c\u003cIMAGE_TAG\u003e\u003e to your own values):\n   ```yaml\n   apiVersion: operators.coreos.com/v1alpha1\n   kind: CatalogSource\n   metadata:\n     name: cluster-kube-descheduler-operator\n     namespace: openshift-marketplace\n   spec:\n     sourceType: grpc\n     image: quay.io/\u003c\u003cQUAY_USER\u003e\u003e/cluster-kube-descheduler-operator-index:\u003c\u003cIMAGE_TAG\u003e\u003e\n   ```\n\n1. create `openshift-kube-descheduler-operator` namespace:\n   ```\n   $ oc create ns openshift-kube-descheduler-operator\n   ```\n\n1. open the console Operators -\u003e OperatorHub, search for `descheduler operator` and install the operator\n\n\n## Sample CR\n\nA sample CR definition looks like below (the operator expects `cluster` CR under `openshift-kube-descheduler-operator` namespace):\n\n```yaml\napiVersion: operator.openshift.io/v1\nkind: KubeDescheduler\nmetadata:\n  name: cluster\n  namespace: openshift-kube-descheduler-operator\nspec:\n  deschedulingIntervalSeconds: 1800\n  profiles:\n  - AffinityAndTaints\n  - LifecycleAndUtilization\n  profileCustomizations:\n    podLifetime: 5m\n    namespaces:\n      included:\n      - ns1\n      - ns2\n```\n\nThe operator spec provides a `profiles` field, which allows users to set one or more descheduling profiles to enable.\n\nThese profiles map to preconfigured policy definitions, enabling several descheduler strategies grouped by intent, and\nany that are enabled will be merged.\n\n## Profiles\n\nThe following profiles are currently provided:\n* [`AffinityAndTaints`](#AffinityAndTaints)\n* [`TopologyAndDuplicates`](#TopologyAndDuplicates)\n* [`SoftTopologyAndDuplicates`](#SoftTopologyAndDuplicates)\n* [`LifecycleAndUtilization`](#LifecycleAndUtilization)\n* [`LongLifecycle`](#LongLifecycle)\n* [`CompactAndScale`](#compactandscale-techpreview)\n* [`KubeVirtRelieveAndMigrate`](#kubevirtrelieveandmigrate)\n* [`EvictPodsWithPVC`](#EvictPodsWithPVC)\n* [`EvictPodsWithLocalStorage`](#EvictPodsWithLocalStorage)\n\nEach of these enables cluster-wide descheduling (excluding openshift and kube-system namespaces) based on certain goals.\n\n### AffinityAndTaints\nThis is the most basic descheduling profile and it removes running pods which violate node and pod affinity, and node\ntaints.\n\nThis profile enables the [`RemovePodsViolatingInterPodAntiAffinity`](https://github.com/kubernetes-sigs/descheduler/#removepodsviolatinginterpodantiaffinity),\n[`RemovePodsViolatingNodeAffinity`](https://github.com/kubernetes-sigs/descheduler/#removepodsviolatingnodeaffinity), and\n[`RemovePodsViolatingNodeTaints`](https://github.com/kubernetes-sigs/descheduler/#removepodsviolatingnodeaffinity) strategies.\n\n### TopologyAndDuplicates\nThis profile attempts to balance pod distribution based on topology constraint definitions and evicting duplicate copies\nof the same pod running on the same node. It enables the [`RemovePodsViolatingTopologySpreadConstraints`](https://github.com/kubernetes-sigs/descheduler/#removepodsviolatingtopologyspreadconstraint)\nand [`RemoveDuplicates`](https://github.com/kubernetes-sigs/descheduler/#removeduplicates) strategies.\n\n### SoftTopologyAndDuplicates\nThis profile is the same as `TopologyAndDuplicates`, however it will also consider pods with \"soft\" topology constraints\nfor eviction (ie, `whenUnsatisfiable: ScheduleAnyway`)\n\n### LifecycleAndUtilization\nThis profile focuses on pod lifecycles and node resource consumption. It will evict any running pod older than 24 hours\nand attempts to evict pods from \"high utilization\" nodes that can fit onto \"low utilization\" nodes. A high utilization\nnode is any node consuming more than 50% its available cpu, memory, *or* pod capacity. A low utilization node is any node\nwith less than 20% of its available cpu, memory, *and* pod capacity.\n\nThis profile enables the [`LowNodeUtilizaition`](https://github.com/kubernetes-sigs/descheduler/#lownodeutilization),\n[`RemovePodsHavingTooManyRestarts`](https://github.com/kubernetes-sigs/descheduler/#removepodshavingtoomanyrestarts) and\n[`PodLifeTime`](https://github.com/kubernetes-sigs/descheduler/#podlifetime) strategies. In the future, more configuration\nmay be made available through the operator for these strategies based on user feedback.\n\n### LongLifecycle\nThis profile provides cluster resource balancing similar to [LifecycleAndUtilization](#LifecycleAndUtilization) for longer-running\nclusters. It does not evict pods based on the 24 hour lifetime used by LifecycleAndUtilization.\n\n### CompactAndScale\nThis profile seeks to evict pods to enable the same workload to run on a smaller set of nodes.\nIt will attempts to evict pods from \"under utilized\" nodes that can fit into fewer nodes.\nAn under utilized node is any node consuming less than 20% of its available cpu, memory, *and* pod capacity.\n\nThis profile enables the [`HighNodeUtilization`](https://github.com/kubernetes-sigs/descheduler/#highnodeutilization) strategy.\nIn the future, more configuration may be made available through the operator based on user feedback.\n\n### KubeVirtRelieveAndMigrate\n\nThis profiles seeks to evict pods from high-cost nodes to relieve overall expenses while considering workload migration.\nNode cost can include:\n- Actual resource utilization: Increased resource pressure leads to higher overhead for running applications.\n- Node maintenance costs: A higher number of containers on a node results in greater resource counting.\nMigration strategies may involve VM live migration, state transitions between stateful set pods, and other methods.\n\nThis profile enables the [`LowNodeUtilization`](https://github.com/kubernetes-sigs/descheduler/#lownodeutilization) strategy\nwith `EvictionsInBackground` alpha feature enabled.\nAt the same time, allow the eviction of pods with PVC or local storage (both disabled by default),\nas they are commonly encountered during VM eviction and migration.\nEquivalent to enabling both `EvictPodsWithPVC` and `EvictPodsWithLocalStorage` profiles in parallel.\nIn the future, additional configurations may be introduced through the operator based on user feedback.\n\nThis profile sets a nodeSelector (`kubevirt.io/schedulable=true`)\nin the Descheduler policy to limit its action to nodes that are considered schedulable for `KubeVirt`.\nThat nodeSelector is a top level configuration option affecting all the active descheduler profiles:\nthis profile is not expected to be combined with other profiles\nunless all profiles are expected to operate over the same set of nodes.\n\nThis profile deploys the soft-tainter component to dynamically set/remove soft taints according to the\nsame criteria used for load aware descheduling. In case of load-aware descheduling we can potentially have a\nrelevant asymmetry between the descheduling and successive scheduling decisions.\nThe soft taints set by the descheduler soft-tainter act as a hint for the scheduler to mitigate\nthis asymmetry and foster a quicker convergence.\n\nThis profile requires [PSI](https://docs.kernel.org/accounting/psi.html) metrics to be enabled (psi=1 kernel parameter)\nfor all the worker nodes.\n\nThe profile exposes the following customization:\n- `devLowNodeUtilizationThresholds`: Sets experimental thresholds for the LowNodeUtilization strategy.\n- `devActualUtilizationProfile`: Enable load-aware descheduling.\n- `devDeviationThresholds`: Have the thresholds be based on the average utilization.\n\nBy default, this profile will enable load-aware descheduling based on the `PrometheusCPUCombined` Prometheus query.\nBy default, the thresholds will be dynamic (based on the distance from the average utilization) and asymmetric (all the nodes below the average will be considered as underutilized to help rebalancing overutilized outliers) tolerating low deviations (10%).\n\nBy default, this profile configures the descheduler to restrict the maximum number of overall parallel evictions to 5 and\nthe maximum number of evictions per node to 2 aligning with KubeVirt defaults around concurrent live migrations.\nThose two values can be customized with `evictionLimits.total` and `evictionLimits.node` parameters.\n\nThis profile configures the `DefaultEvictor` plugin with a `Mandatory noEvictionPolicy`. As a result, the `descheduler.alpha.kubernetes.io/prefer-no-eviction` annotation can be dynamically applied to VM templates and/or VMIs to exclude them from the descheduler's scope.\n\n### EvictPodsWithPVC\nBy default, the operator prevents pods with PVCs from being evicted. Enabling this\nprofile in combination with any of the above profiles allows pods with PVCs to be\neligible for eviction.\n\n### EvictPodsWithLocalStorage\nBy default, pods with local storage are not eligible to be considered for eviction by any\nprofile. Using this profile allows them to be evicted if necessary. A pod is defined as using\nlocal storage if any of its volumes have `HostPath` or `EmptyDir` set (note that a pod that only\nuses PVCs does not fit this definition, and will need the `EvictPodsWithPVC` profile instead. Pods\nthat use both will need both profiles to be evicted).\n\n## Profile Customizations\nSome profiles expose options which may be used to configure the underlying Descheduler strategy parameters. These are available under\nthe `profileCustomizations` field:\n\n|Name|Type|Description|\n|---|---|---|\n|`podLifetime`|`time.Duration`|Sets the lifetime value for pods evicted by the `LifecycleAndUtilization` profile|\n|`thresholdPriorityClassName`|`string`|Sets the priority class threshold by name for all strategies|\n|`thresholdPriority`|`string`|Sets the priority class threshold by value for all strategies|\n|`namespaces.included`, `namespaces.excluded`|`[]string`| Sets the included/excluded namespaces for all strategies (included namespaces are not allowed to include protected namespaces which consist of `kube-system`, `hypershift` and all `openshift-` prefixed namespaces)|\n| `devLowNodeUtilizationThresholds` | `string` | Sets experimental thresholds for the [LowNodeUtilization](https://github.com/kubernetes-sigs/descheduler#lownodeutilization) strategy of the `LifecycleAndUtilization` profile in the following ratios: `Low` for 10%:30%, `Medium` for 20%:50%, `High` for 40%:70%|\n|`devEnableEvictionsInBackground`|`bool`| Enables descheduler's EvictionsInBackground alpha feature. The EvictionsInBackground alpha feature is a subject to change. Currently provided as an experimental feature.|\n| `devHighNodeUtilizationThresholds` | `string` | Sets thresholds for the [HighNodeUtilization](https://github.com/kubernetes-sigs/descheduler#highnodeutilization) strategy of the `CompactAndScale` profile in the following ratios: `Minimal` for 10%, `Modest` for 20%, `Moderate` for 30%. Currently provided as an experimental feature.|\n|`devActualUtilizationProfile`|`string`| Sets a profile that gets translated into a predefined prometheus query |\n| `devDeviationThresholds` | `string` | Have the thresholds be based on the average utilization. Thresholds signify the distance from the average node utilization. An AsymmetricDeviationThreshold will force all nodes below the average to be considered as underutilized to help rebalancing overutilized outliers. Supported settings: `Low`: 10%:10%, `Medium`: 20%:20%, `High`: 30%:30%, `AsymmetricLow`: 0%:10%, `AsymmetricMedium`: 0%:20%, `AsymmetricHigh`: 0%:30% |\n\n## Prometheus query profiles\nThe operator provides the following profiles:\n- `PrometheusCPUUsage`: `instance:node_cpu:rate:sum` (metric available in OpenShift by default)\n- `PrometheusCPUPSIPressure`: `rate(node_pressure_cpu_waiting_seconds_total[1m])` (`node_pressure_cpu_waiting_seconds_total` is reported in OpenShift only for nodes configured with psi=1 kernel argument)\n- `PrometheusCPUPSIPressureByUtilization`: `avg by (instance) ( rate(node_pressure_cpu_waiting_seconds_total[1m])) and (1 - avg by (instance) (rate(node_cpu_seconds_total{mode=\"idle\"}[1m]))) \u003e 0.7 or avg by (instance) ( rate(node_pressure_cpu_waiting_seconds_total[1m])) * 0` (`node_pressure_cpu_waiting_seconds_total` is reported in OpenShift only for nodes configured with psi=1 kernel argument; the query is filtering out PSI pressure on nodes with average CPU utilization \u003c 0.7 to filter out false positives pressure spikes due to self imposed CPU throttling)\n- `PrometheusMemoryPSIPressure`: `rate(node_pressure_memory_waiting_seconds_total[1m])` (`node_pressure_memory_waiting_seconds_total` is reported in OpenShift only for nodes configured with psi=1 kernel argument)\n- `PrometheusIOPSIPressure`: `rate(node_pressure_io_waiting_seconds_total[1m])` (`node_pressure_memory_waiting_seconds_total` is reported in OpenShift only for nodes configured with psi=1 kernel argument)\n- `PrometheusCPUCombined`: `descheduler:combined_utilization_and_pressure:avg1m` (`descheduler:combined_utilization_and_pressure:avg1m` uses a combination of CPU utilization and CPU PSI pressure based on a recording rule; CPU PSI pressure is reported in OpenShift only for nodes configured with psi=1 kernel argument)\n\n```yaml\napiVersion: operator.openshift.io/v1\nkind: KubeDescheduler\nmetadata:\n  name: cluster\n  namespace: openshift-kube-descheduler-operator\nspec:\n  managementState: Managed\n  deschedulingIntervalSeconds: 3600\n  profiles:\n  - LongLifecycle\n  profileCustomizations:\n    devActualUtilizationProfile: PrometheusCPUUsage\n```\n\n## Descheduling modes\nThe operator provides two modes of eviction:\n- `Predictive`: configures the descheduler to only simulate eviction\n- `Automatic`: configures the descheduler to evict pods\n\nThe predictive mode is the default mode.\nThe descheduler in either of the modes still produces metrics (unless the metrics are disabled).\nWhen the predictive mode is configured, the reported metrics can serve as an estimation\nof evicted pods in the cluster.\n\n\n## How does the descheduler operator work?\n\nDescheduler operator at a high level is responsible for watching the above CR\n- Create a configmap that could be used by descheduler.\n- Run descheduler as a deployment mounting the configmap as a policy file in the pod.\n\nThe configmap created from above sample CR definition looks like this:\n\n```yaml\napiVersion: descheduler/v1alpha1\n    kind: DeschedulerPolicy\n    strategies:\n      RemovePodsViolatingInterPodAntiAffinity:\n        enabled: true\n        ...\n      RemovePodsViolatingNodeAffinity:\n        enabled: true\n        params:\n          ...\n          nodeAffinityType:\n          - requiredDuringSchedulingIgnoredDuringExecution\n      RemovePodsViolatingNodeTaints:\n        enabled: true\n        ...\n```\n(Some generated parameters omitted.)\n\n\n## Parameters\nThe Descheduler operator exposes the following parameters in its CRD:\n\n|Name|Type|Description|\n|---|---|---|\n|`deschedulingIntervalSeconds`|`int32`|Sets the number of seconds between descheduler runs|\n|`profiles`|`[]string`|Sets which descheduler strategy profiles are enabled|\n|`profileCustomizations`|`map`|Contains various parameters for modifying the default behavior of certain profiles|\n|`mode`|`string`|Configures the descheduler to either evict pods or to simulate the eviction|\n|`evictionLimits`|`map`|Restrict the number of evictions during each descheduling run. Available fields are: `total`|\n|`evictionLimits.total`|`int32`|Restricts the maximum number of overall evictions|\n|`evictionLimits.node`|`int32`|Restricts the maximum number of of evictions per node|\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fcluster-kube-descheduler-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenshift%2Fcluster-kube-descheduler-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fcluster-kube-descheduler-operator/lists"}