Add ability to park disrupted karpenter nodes (#386)

add parked-reason label to make it more explicit why a node was parked

Author: sfotony

.gitignore

@@ -7,6 +7,7 @@ kubeconfig*
 dist
 /k8s-shredder
 my-k8s-shredder-values.yaml
+/park-node
 
 # Test binary, build with `go test -c`
 *.test

Makefile

@@ -124,16 +124,17 @@ local-test: build ## Test docker image in a kind cluster (with Karpenter drift a
 		echo >&2 "[WARN] I require kind but it's not installed(see https://kind.sigs.k8s.io). Assuming a cluster is already accessible."; \
 	}
 
-local-test-karpenter: build ## Test docker image in a kind cluster with Karpenter and drift detection enabled
+local-test-karpenter: build ## Test docker image in a kind cluster with Karpenter drift and disruption detection enabled
 	@hash kind 2>/dev/null && { \
-		echo "Test docker image in a kind cluster with Karpenter..."; \
+		echo "Test docker image in a kind cluster with Karpenter drift and disruption detection..."; \
 		./internal/testing/local_env_prep_karpenter_helm.sh "${K8S_SHREDDER_VERSION}" "${KINDNODE_VERSION}" "${TEST_CLUSTERNAME_KARPENTER}" "${KUBECONFIG_KARPENTER}" && \
 		./internal/testing/cluster_upgrade_karpenter.sh "${TEST_CLUSTERNAME_KARPENTER}" "${KUBECONFIG_KARPENTER}" || \
 		exit 1; \
 	} || { \
 		echo >&2 "[WARN] I require kind but it's not installed(see https://kind.sigs.k8s.io). Assuming a cluster is already accessible."; \
 	}
 
+
 local-test-node-labels: build ## Test docker image in a kind cluster with node label detection enabled
 	@hash kind 2>/dev/null && { \
 		echo "Test docker image in a kind cluster with node label detection..."; \

README.md

@@ -53,13 +53,15 @@ The following options can be used to customize the k8s-shredder controller:
 | ToBeDeletedTaint                   | "ToBeDeletedByClusterAutoscaler"                            | Node taint used for skipping a subset of parked nodes that are already handled by cluster-autoscaler |
 | ArgoRolloutsAPIVersion             | "v1alpha1"                                                  | API version from `argoproj.io` API group to be used while handling Argo Rollouts objects             |
 | EnableKarpenterDriftDetection      | false                                                       | Controls whether to scan for drifted Karpenter NodeClaims and automatically label their nodes        |
+| EnableKarpenterDisruptionDetection | false                                                       | Controls whether to scan for disrupted Karpenter NodeClaims and automatically label their nodes      |
 | ParkedByLabel                      | "shredder.ethos.adobe.net/parked-by"                        | Label used to identify which component parked the node                                               |
 | ParkedNodeTaint                    | "shredder.ethos.adobe.net/upgrade-status=parked:NoSchedule" | Taint to apply to parked nodes in format key=value:effect                                            |
 | EnableNodeLabelDetection           | false                                                       | Controls whether to scan for nodes with specific labels and automatically park them                  |
 | NodeLabelsToDetect                 | []                                                          | List of node labels to detect. Supports both key-only and key=value formats                          |
 | MaxParkedNodes                     | 0                                                           | Maximum number of nodes that can be parked simultaneously. Set to 0 (default) for no limit.         |
 | ExtraParkingLabels                 | {}                                                          | (Optional) Map of extra labels to apply to nodes and pods during parking. Example: `{ "example.com/owner": "infrastructure" }` |
 | EvictionSafetyCheck                | true                                                        | Controls whether to perform safety checks before force eviction. If true, nodes will be unparked if pods don't have required parking labels. |
+| ParkingReasonLabel                 | "shredder.ethos.adobe.net/parked-reason"                   | Label used to track why a node or pod was parked (values: node-label, karpenter-drifted, karpenter-disrupted) |
 
 ### How it works
 
@@ -89,6 +91,24 @@ k8s-shredder includes an optional feature for automatic detection of drifted Kar
 
 This integration allows k8s-shredder to automatically handle node lifecycle management for clusters using Karpenter, ensuring that drifted nodes are properly marked for eviction and eventual replacement.
 
+#### Karpenter Disruption Detection
+
+k8s-shredder includes an optional feature for automatic detection of disrupted Karpenter NodeClaims. This feature is disabled by default, but can be enabled by setting `EnableKarpenterDisruptionDetection` to `true`. When enabled, at the beginning of each eviction loop, the controller will:
+
+1. Scan the Kubernetes cluster for Karpenter NodeClaims that are marked as disrupted (e.g., "Disrupting", "Terminating", "Empty", "Underutilized")
+2. Identify the nodes associated with these disrupted NodeClaims
+3. Automatically process these nodes by:
+
+   - **Labeling** nodes and their non-DaemonSet pods with:
+       - `UpgradeStatusLabel` (set to "parked") 
+       - `ExpiresOnLabel` (set to current time + `ParkedNodeTTL`)
+       - `ParkedByLabel` (set to "k8s-shredder")
+       - Any labels specified in `ExtraParkingLabels`
+   - **Cordoning** the nodes to prevent new pod scheduling
+   - **Tainting** the nodes with the configured `ParkedNodeTaint`
+
+This integration ensures that nodes undergoing disruption as part of bin-packing operations have all pods evicted in a reasonable amount of time, preventing them from getting stuck due to blocking Pod Disruption Budgets (PDBs). It complements the drift detection feature by handling nodes that are actively being disrupted by Karpenter's consolidation and optimization processes.
+
 #### Labeled Node Detection
 
 k8s-shredder includes optional automatic detection of nodes with specific labels. This feature is disabled by default but can be enabled by setting `EnableNodeLabelDetection` to `true`. When enabled, at the beginning of each eviction loop, the application will:
@@ -193,6 +213,32 @@ EvictionSafetyCheck: false # Disable safety checks (force eviction always procee
 **Logging:**
 When safety checks fail, k8s-shredder logs detailed information about which pods are missing required labels, helping operators understand why the node was unparked instead of force evicted.
 
+#### Parking Reason Tracking
+
+k8s-shredder automatically tracks why nodes and pods were parked by applying a configurable parking reason label. This feature helps operators understand the source of parking actions and enables better monitoring and debugging.
+
+**Configuration:**
+```yaml
+ParkingReasonLabel: "shredder.ethos.adobe.net/parked-reason"  # Default label name
+```
+
+**Parking Reason Values:**
+- `node-label`: Node was parked due to node label detection
+- `karpenter-drifted`: Node was parked due to Karpenter drift detection
+- `karpenter-disrupted`: Node was parked due to Karpenter disruption detection
+
+**Behavior:**
+- The parking reason label is applied to both nodes and their non-DaemonSet pods during parking
+- The label is automatically removed during the unparking process (e.g., when safety checks fail)
+- The label value corresponds to the detection method that triggered the parking action
+- This label works alongside other parking labels and doesn't interfere with existing functionality
+
+**Use cases:**
+- **Monitoring**: Track which detection method is most active in your cluster
+- **Debugging**: Understand why specific nodes were parked
+- **Automation**: Trigger different workflows based on parking reason
+- **Compliance**: Audit parking actions and their sources
+
 ## Metrics
 
 k8s-shredder exposes comprehensive metrics for monitoring its operation. You can find detailed information about all available metrics in the [metrics documentation](docs/metrics.md).

charts/k8s-shredder/Chart.yaml

@@ -12,5 +12,5 @@ maintainers:
   - name: sfotony
     email: [email protected]
     url: https://adobe.com
-version: 0.2.5
-appVersion: v0.3.5
+version: 0.2.6
+appVersion: v0.3.6

charts/k8s-shredder/README.md

@@ -1,6 +1,6 @@
 # k8s-shredder
 
-![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.5](https://img.shields.io/badge/AppVersion-v0.3.5-informational?style=flat-square)
+![Version: 0.2.6](https://img.shields.io/badge/Version-0.2.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.6](https://img.shields.io/badge/AppVersion-v0.3.6-informational?style=flat-square)
 
 a novel way of dealing with kubernetes nodes blocked from draining
 
@@ -64,9 +64,10 @@ a novel way of dealing with kubernetes nodes blocked from draining
 | serviceAccount.annotations | object | `{}` | Additional annotations for the service account (useful for IAM roles, etc.) |
 | serviceAccount.create | bool | `true` | Create a service account for k8s-shredder |
 | serviceAccount.name | string | `"k8s-shredder"` | Name of the service account |
-| shredder | object | `{"AllowEvictionLabel":"shredder.ethos.adobe.net/allow-eviction","ArgoRolloutsAPIVersion":"v1alpha1","EnableKarpenterDriftDetection":false,"EnableNodeLabelDetection":false,"EvictionLoopInterval":"1h","EvictionSafetyCheck":true,"ExpiresOnLabel":"shredder.ethos.adobe.net/parked-node-expires-on","ExtraParkingLabels":{},"MaxParkedNodes":0,"NamespacePrefixSkipInitialEviction":"ns-ethos-","NodeLabelsToDetect":[],"ParkedByLabel":"shredder.ethos.adobe.net/parked-by","ParkedByValue":"k8s-shredder","ParkedNodeTTL":"168h","ParkedNodeTaint":"shredder.ethos.adobe.net/upgrade-status=parked:NoSchedule","RestartedAtAnnotation":"shredder.ethos.adobe.net/restartedAt","RollingRestartThreshold":0.1,"ToBeDeletedTaint":"ToBeDeletedByClusterAutoscaler","UpgradeStatusLabel":"shredder.ethos.adobe.net/upgrade-status"}` | Core k8s-shredder configuration |
+| shredder | object | `{"AllowEvictionLabel":"shredder.ethos.adobe.net/allow-eviction","ArgoRolloutsAPIVersion":"v1alpha1","EnableKarpenterDisruptionDetection":false,"EnableKarpenterDriftDetection":false,"EnableNodeLabelDetection":false,"EvictionLoopInterval":"1h","EvictionSafetyCheck":true,"ExpiresOnLabel":"shredder.ethos.adobe.net/parked-node-expires-on","ExtraParkingLabels":{},"MaxParkedNodes":0,"NamespacePrefixSkipInitialEviction":"ns-ethos-","NodeLabelsToDetect":[],"ParkedByLabel":"shredder.ethos.adobe.net/parked-by","ParkedByValue":"k8s-shredder","ParkedNodeTTL":"168h","ParkedNodeTaint":"shredder.ethos.adobe.net/upgrade-status=parked:NoSchedule","ParkingReasonLabel":"shredder.ethos.adobe.net/parked-reason","RestartedAtAnnotation":"shredder.ethos.adobe.net/restartedAt","RollingRestartThreshold":0.1,"ToBeDeletedTaint":"ToBeDeletedByClusterAutoscaler","UpgradeStatusLabel":"shredder.ethos.adobe.net/upgrade-status"}` | Core k8s-shredder configuration |
 | shredder.AllowEvictionLabel | string | `"shredder.ethos.adobe.net/allow-eviction"` | Label to explicitly allow eviction on specific resources |
 | shredder.ArgoRolloutsAPIVersion | string | `"v1alpha1"` | API version for Argo Rollouts integration |
+| shredder.EnableKarpenterDisruptionDetection | bool | `false` | Enable Karpenter disruption detection for node lifecycle management |
 | shredder.EnableKarpenterDriftDetection | bool | `false` | Enable Karpenter drift detection for node lifecycle management |
 | shredder.EnableNodeLabelDetection | bool | `false` | Enable detection of nodes based on specific labels |
 | shredder.EvictionLoopInterval | string | `"1h"` | How often to run the main eviction loop |
@@ -80,6 +81,7 @@ a novel way of dealing with kubernetes nodes blocked from draining
 | shredder.ParkedByValue | string | `"k8s-shredder"` | Value set in the ParkedByLabel to identify k8s-shredder as the parking agent |
 | shredder.ParkedNodeTTL | string | `"168h"` | How long parked nodes should remain before being eligible for deletion (7 days default) |
 | shredder.ParkedNodeTaint | string | `"shredder.ethos.adobe.net/upgrade-status=parked:NoSchedule"` | Taint applied to parked nodes to prevent new pod scheduling |
+| shredder.ParkingReasonLabel | string | `"shredder.ethos.adobe.net/parked-reason"` | Label used to track why a node or pod was parked |
 | shredder.RestartedAtAnnotation | string | `"shredder.ethos.adobe.net/restartedAt"` | Annotation to track when a workload was last restarted |
 | shredder.RollingRestartThreshold | float | `0.1` | Maximum percentage of nodes that can be restarted simultaneously during rolling restarts |
 | shredder.ToBeDeletedTaint | string | `"ToBeDeletedByClusterAutoscaler"` | Taint indicating nodes scheduled for deletion by cluster autoscaler |

charts/k8s-shredder/templates/configmap.yaml

@@ -18,11 +18,13 @@ data:
     ToBeDeletedTaint: "{{.Values.shredder.ToBeDeletedTaint}}"
     ArgoRolloutsAPIVersion: "{{.Values.shredder.ArgoRolloutsAPIVersion}}"
     EnableKarpenterDriftDetection: {{.Values.shredder.EnableKarpenterDriftDetection}}
+    EnableKarpenterDisruptionDetection: {{.Values.shredder.EnableKarpenterDisruptionDetection}}
     ParkedByLabel: "{{.Values.shredder.ParkedByLabel}}"
     ParkedByValue: "{{.Values.shredder.ParkedByValue}}"
     ParkedNodeTaint: "{{.Values.shredder.ParkedNodeTaint}}"
     EnableNodeLabelDetection: {{.Values.shredder.EnableNodeLabelDetection}}
     NodeLabelsToDetect: {{.Values.shredder.NodeLabelsToDetect | toJson}}
     MaxParkedNodes: {{.Values.shredder.MaxParkedNodes}}
     EvictionSafetyCheck: {{.Values.shredder.EvictionSafetyCheck}}
+    ParkingReasonLabel: "{{.Values.shredder.ParkingReasonLabel}}"
     ExtraParkingLabels: {{.Values.shredder.ExtraParkingLabels | toJson}}

charts/k8s-shredder/values.yaml

@@ -50,6 +50,8 @@ shredder:
   ArgoRolloutsAPIVersion: v1alpha1
   # -- Enable Karpenter drift detection for node lifecycle management
   EnableKarpenterDriftDetection: false
+  # -- Enable Karpenter disruption detection for node lifecycle management
+  EnableKarpenterDisruptionDetection: false
   # -- Label to track which component parked a node
   ParkedByLabel: shredder.ethos.adobe.net/parked-by
   # -- Value set in the ParkedByLabel to identify k8s-shredder as the parking agent
@@ -64,6 +66,8 @@ shredder:
   MaxParkedNodes: 0
   # -- Controls whether to perform safety checks before force eviction
   EvictionSafetyCheck: true
+  # -- Label used to track why a node or pod was parked
+  ParkingReasonLabel: shredder.ethos.adobe.net/parked-reason
   # -- Additional labels to apply to nodes and pods during parking
   ExtraParkingLabels: {}
     # Example configuration:

cmd/root.go

@@ -117,6 +117,7 @@ func discoverConfig() {
 	viper.SetDefault("ToBeDeletedTaint", "ToBeDeletedByClusterAutoscaler")
 	viper.SetDefault("ArgoRolloutsAPIVersion", "v1alpha1")
 	viper.SetDefault("EnableKarpenterDriftDetection", false)
+	viper.SetDefault("EnableKarpenterDisruptionDetection", false)
 	viper.SetDefault("ParkedByLabel", "shredder.ethos.adobe.net/parked-by")
 	viper.SetDefault("ParkedByValue", "k8s-shredder")
 	viper.SetDefault("ParkedNodeTaint", "shredder.ethos.adobe.net/upgrade-status=parked:NoSchedule")
@@ -125,6 +126,7 @@ func discoverConfig() {
 	viper.SetDefault("MaxParkedNodes", 0)
 	viper.SetDefault("ExtraParkingLabels", map[string]string{})
 	viper.SetDefault("EvictionSafetyCheck", true)
+	viper.SetDefault("ParkingReasonLabel", "shredder.ethos.adobe.net/parked-reason")
 
 	err := viper.ReadInConfig()
 	if err != nil {
@@ -164,6 +166,7 @@ func parseConfig() {
 		"ToBeDeletedTaint":                   cfg.ToBeDeletedTaint,
 		"ArgoRolloutsAPIVersion":             cfg.ArgoRolloutsAPIVersion,
 		"EnableKarpenterDriftDetection":      cfg.EnableKarpenterDriftDetection,
+		"EnableKarpenterDisruptionDetection": cfg.EnableKarpenterDisruptionDetection,
 		"ParkedByLabel":                      cfg.ParkedByLabel,
 		"ParkedByValue":                      cfg.ParkedByValue,
 		"ParkedNodeTaint":                    cfg.ParkedNodeTaint,
@@ -172,6 +175,7 @@ func parseConfig() {
 		"MaxParkedNodes":                     cfg.MaxParkedNodes,
 		"ExtraParkingLabels":                 cfg.ExtraParkingLabels,
 		"EvictionSafetyCheck":                cfg.EvictionSafetyCheck,
+		"ParkingReasonLabel":                 cfg.ParkingReasonLabel,
 	}).Info("Loaded configuration")
 }
 

config.yaml

@@ -22,6 +22,7 @@ ParkedNodeTaint: shredder.ethos.adobe.net/upgrade-status=parked:NoSchedule  # Ta
 ArgoRolloutsAPIVersion: v1alpha1  # API version from argoproj.io API group to be used while handling Argo Rollouts objects
 # Karpenter integration
 EnableKarpenterDriftDetection: false  # Controls whether to scan for drifted Karpenter NodeClaims and automatically label their nodes
+EnableKarpenterDisruptionDetection: false  # Controls whether to scan for disrupted Karpenter NodeClaims and automatically label their nodes
 # Node label detection
 EnableNodeLabelDetection: false  # Controls whether to scan for nodes with specific labels and automatically park them
 NodeLabelsToDetect: []  # List of node labels to detect. Supports both key-only and key=value formats
@@ -40,3 +41,6 @@ MaxParkedNodes: 0  # Maximum number of nodes that can be parked simultaneously.
 
 # Safety settings
 EvictionSafetyCheck: true  # Controls whether to perform safety checks before force eviction. If true, nodes will be unparked if pods don't have required parking labels.
+
+# Parking reason tracking
+ParkingReasonLabel: shredder.ethos.adobe.net/parked-reason  # Label used to track why a node or pod was parked

docs/metrics.md

@@ -86,6 +86,11 @@ k8s-shredder exposes metrics in Prometheus format to help operators monitor the
 - **Description**: Total number of drifted Karpenter nodes detected
 - **Use Case**: Monitor the volume of Karpenter drift detection activity
 
+### `shredder_karpenter_disrupted_nodes_total`
+- **Type**: Counter
+- **Description**: Total number of disrupted Karpenter nodes detected
+- **Use Case**: Monitor the volume of Karpenter disruption detection activity
+
 ### `shredder_karpenter_nodes_parked_total`
 - **Type**: Counter
 - **Description**: Total number of Karpenter nodes successfully parked
@@ -220,4 +225,4 @@ Metrics are exposed on the configured port (default: 8080) at the `/metrics` end
 - **Health Endpoint**: Available at `/healthz` for health checks
 - **OpenMetrics Format**: Enabled by default for better compatibility
 
-For more information about configuring k8s-shredder, see the [main README](../README.md). 
+For more information about configuring k8s-shredder, see the [main README](../README.md).