--- apiVersion: v1 kind: ServiceAccount metadata: name: descheduler namespace: kube-system labels: app.kubernetes.io/name: descheduler --- apiVersion: v1 kind: ConfigMap metadata: name: descheduler namespace: kube-system labels: app.kubernetes.io/name: descheduler data: policy.yaml: | apiVersion: "descheduler/v1alpha1" kind: "DeschedulerPolicy" strategies: LowNodeUtilization: enabled: true params: nodeResourceUtilizationThresholds: targetThresholds: cpu: 50 memory: 50 pods: 50 thresholds: cpu: 20 memory: 20 pods: 20 RemoveDuplicates: enabled: true RemovePodsHavingTooManyRestarts: enabled: true params: podsHavingTooManyRestarts: includingInitContainers: true podRestartThreshold: 100 RemovePodsViolatingInterPodAntiAffinity: enabled: true RemovePodsViolatingNodeAffinity: enabled: true params: nodeAffinityType: - requiredDuringSchedulingIgnoredDuringExecution RemovePodsViolatingNodeTaints: enabled: true RemovePodsViolatingTopologySpreadConstraint: enabled: true params: includeSoftConstraints: false --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: descheduler labels: app.kubernetes.io/name: descheduler rules: - apiGroups: ["events.k8s.io"] resources: ["events"] verbs: ["create", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list", "delete"] - apiGroups: [""] resources: ["pods/eviction"] verbs: ["create"] - apiGroups: ["scheduling.k8s.io"] resources: ["priorityclasses"] verbs: ["get", "watch", "list"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["create", "update"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] resourceNames: ["descheduler"] verbs: ["get", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: descheduler labels: app.kubernetes.io/name: descheduler roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: descheduler subjects: - kind: ServiceAccount name: descheduler namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: name: descheduler namespace: kube-system labels: app.kubernetes.io/name: descheduler spec: replicas: 2 selector: matchLabels: &selectorLabels app.kubernetes.io/name: descheduler template: metadata: labels: *selectorLabels spec: priorityClassName: system-cluster-critical serviceAccountName: descheduler containers: - name: descheduler image: "k8s.gcr.io/descheduler/descheduler:v0.25.1" imagePullPolicy: IfNotPresent command: - "/bin/descheduler" args: - "--policy-config-file" - "/policy-dir/policy.yaml" - "--descheduling-interval" - 5m - "--v" - "3" - --leader-elect=true ports: - containerPort: 10258 protocol: TCP livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10258 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 10 resources: requests: cpu: 500m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /policy-dir name: policy-volume volumes: - name: policy-volume configMap: name: descheduler