The Kubernetes cluster autoscaler does not evict pods that use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation cluster-autoscaler.kubernetes.io/safe-to-evict=true must be added to the pods.
apiVersion: kyverno.io/v1kind: ClusterPolicymetadata:name: add-safe-to-evictannotations:policies.kyverno.io/title: Add Safe To Evictpolicies.kyverno.io/category: Otherpolicies.kyverno.io/subject: Pod,Annotationpolicies.kyverno.io/minversion: 1.6.0policies.kyverno.io/description: "The Kubernetes cluster autoscaler does not evict pods that use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation cluster-autoscaler.kubernetes.io/safe-to-evict=true must be added to the pods. "spec:rules:- name: annotate-empty-dirmatch:any:- resources:kinds:- Podmutate:patchStrategicMerge:metadata:annotations:+(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"spec:volumes:- <(emptyDir): {}- name: annotate-host-pathmatch:any:- resources:kinds:- Podmutate:patchStrategicMerge:metadata:annotations:+(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"spec:volumes:- hostPath:<(path): "*"
CAST AI will not downscale a node that includes a pod with the autoscaling.cast.ai/removal-disabled="true" label on it, this protects sensitive workloads from being evicted and can be attributed to any pod to protect against unwanted downscaling. This policy will mutate jobs and cronjobs to add the removal-disabled label to protect against eviction.
CAST AI will not downscale a node that includes a pod with the autoscaling.cast.ai/removal-disabled="true" label on it, this protects sensitive workloads from being evicted and can be attributed to any pod to protect against unwanted downscaling. This policy will mutate jobs and cronjobs to add the removal-disabled label to protect against eviction.
A bare Pod is any Pod created directly and not owned by a controller such as a Deployment or Job. Bare Pods are often create manually by users in an attempt to troubleshoot an issue. If left in the cluster, they create clutter, increase cost, and can be a security risk. Bare Pods can be cleaned up periodically through use of a policy. This policy finds and removes all bare Pods across the cluster.