Background evictions were completely invisible in metrics: the ignore=true
path caused EvictPod to return before incrementing any counter, leaving
operators with no signal that a background eviction had been triggered or
completed.
Add a "background" result label emitted at eviction request time and a
"success" label emitted from the informer DeleteFunc when the pod is
actually gone. The two labels together give a complete picture:
"background" is recorded at eviction request time and may not have a
matching "success" if the descheduler restarts before the pod is deleted,
while "success" confirms the eviction completed within the same lifecycle.
Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
Updates aquasecurity/trivy-action from mutable references to SHA-pinned
version to address security vulnerabilities.
- Updates to v0.35.0 (57a97c7e)
- Pins to specific SHA for immutability
- Addresses issue: aquasecurity/trivy#10425
Signed-off-by: Priyanka Saggu <priyankasaggu11929@gmail.com>
Move container waiting/terminated state checking from PodLifeTime and
RemovePodsHavingTooManyRestarts into podutil as separate exported helpers:
HasMatchingContainerWaitingState and HasMatchingContainerTerminatedState.
Each plugin composes only the helpers it needs.
CodeQL Action v1 and v2 have been deprecated. Update
upload-sarif to v4, remove unnecessary strategy block
(missing required matrix property), and remove invalid
exit-code input from the upload-sarif step.
This commit adds support for init containers in the descheduler Helm chart,
allowing users to run initialization tasks before the main descheduler
container starts.
Changes:
- Add initContainers field to values.yaml with example usage
- Update deployment.yaml template to render init containers
- Update cronjob.yaml template to render init containers
- Bump chart version from 0.34.0 to 0.34.1
Init containers can be used for various purposes such as:
- Pre-loading configuration from external sources
- Waiting for dependencies to be ready
- Setting up required files or permissions
- Running security scans or compliance checks
Example usage in values.yaml:
initContainers:
- name: init-config
image: busybox:1.28
command: ['sh', '-c', 'echo Initializing && sleep 5']
Signed-off-by: kjoshi <kjoshi@egnyte.com>
* Synchronize helm clusterrole RBAC with base yaml
I noticed in v0.35.
```
E0219 23:53:57.761596 1 reflector.go:204] "Failed to watch" err="failed to list *v1.PersistentVolumeClaim: persistentvolumeclaims is forbidden: User \"system:serviceaccount:kube-system:descheduler\" cannot list resource \"persistentvolumeclaims\" in API group \"\" at the cluster scope" logger="UnhandledError" reflector="k8s.io/client-go/informers/factory.go:161" type="*v1.PersistentVolumeClaim"
```
I saw it in rbac.yaml bec9cd38d0/kubernetes/base/rbac.yaml (L38-L40)
So I figured this just needed a bump
* remove dupe
* undo version change
The helm-unittest plugin install was failing with:
error unmarshaling JSON: while decoding JSON: json: unknown field "platformHooks"
Pin helm-unittest to v1.0.3 and bump chart-testing-action to v2.8.0.
