Skip to content
This repository was archived by the owner on Apr 14, 2026. It is now read-only.

KUBE-1815: pods with wildcard tolerations are ignored during drain #238

Merged
cirisked merged 3 commits into from
Mar 25, 2026
+48 −2
Merged

KUBE-1815: pods with wildcard tolerations are ignored during drain #238

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6cfedd5
KUBE-1815: pods with wildcard tolerations are ignored during drain
cirisked Mar 24, 2026
7b71c03
review fixes
cirisked Mar 25, 2026
393d54f
review fixes
cirisked Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions internal/k8s/kubernetes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -457,7 +457,7 @@ func PartitionPodsForEviction(pods []*v1.Pod, castNamespace string, skipDeletedT
continue
}

if IsDaemonSetPod(p) || IsStaticPod(p) {
if IsDaemonSetPod(p) || IsStaticPod(p) || HasWildcardToleration(p) {
nonEvictable = append(nonEvictable, p)
continue
}
Expand Down Expand Up @@ -493,7 +493,19 @@ func IsControlledBy(p *v1.Pod, kind string) bool {
}

func IsNonEvictible(p *v1.Pod) bool {
return IsDaemonSetPod(p) || IsStaticPod(p)
return IsDaemonSetPod(p) || IsStaticPod(p) || HasWildcardToleration(p)
}

// HasWildcardToleration returns true if the pod has a toleration that matches all taints
// (i.e. key is empty and operator is Exists). Such pods would be rescheduled back onto
// a cordoned node since they tolerate the node.kubernetes.io/unschedulable taint.
Comment thread
cirisked marked this conversation as resolved.
func HasWildcardToleration(p *v1.Pod) bool {
for _, t := range p.Spec.Tolerations {
if t.Key == "" && t.Operator == v1.TolerationOpExists {
return true
}
}
return false
}

// PatchNode patches a node with the given change function.
Expand Down
34 changes: 34 additions & 0 deletions internal/k8s/kubernetes_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1087,6 +1087,40 @@ func TestPartitionPodsForEviction(t *testing.T) {
skipDeletedTimeoutSecs: 60,
wantEvictableLen: 0,
},
{
name: "pod with wildcard toleration is non-evictable",
pods: []v1.Pod{
{
ObjectMeta: metav1.ObjectMeta{Name: "wildcard-pod", Namespace: "default"},
Spec: v1.PodSpec{
Tolerations: []v1.Toleration{
{Operator: v1.TolerationOpExists},
},
},
Status: v1.PodStatus{Phase: v1.PodRunning},
},
},
castNamespace: testCastNamespace,
wantNonEvictableLen: 1,
wantNonEvictablePodNames: []string{"wildcard-pod"},
},
{
name: "pod with specific key toleration is evictable",
pods: []v1.Pod{
{
ObjectMeta: metav1.ObjectMeta{Name: "specific-toleration-pod", Namespace: "default"},
Spec: v1.PodSpec{
Tolerations: []v1.Toleration{
{Key: "node.kubernetes.io/unschedulable", Operator: v1.TolerationOpExists},
},
},
Status: v1.PodStatus{Phase: v1.PodRunning},
},
},
castNamespace: testCastNamespace,
wantEvictableLen: 1,
wantEvictablePodNames: []string{"specific-toleration-pod"},
},
{
name: "mixed pods are partitioned correctly",
pods: []v1.Pod{
Expand Down
Loading