Cannot evict pod as it would violate the pod's disruption budget

kubectl drain <node> 时，无法驱逐 istio-galley。

error when evicting pod "istio-galley-698fb8c979-fvxdz" (will retry after 5s): Cannot evict pod as it would violate the pod's disruption budget.

原来是 PDB（pod's disruption budget）的特性，主动清理 Pod 时（例如 drain）对可用数量的保护，防止影响业务。

通过 describe 命令可以看到 istio-galley 至少要有一个 Pod，所以我们无法驱逐。

kubectl describe pdb istio-galley -n istio-system
Name:           istio-galley
Namespace:      istio-system
Min available:  1
Selector:       app=galley,istio=galley,release=istio
Status:
    Allowed disruptions:  0
    Current:              1
    Desired:              1
    Total:                1

1
2
3
4
5
6
7
8
9
10

解决办法就是扩容。

kubectl scale --replicas=2 deploy/istio-galley -n istio-system

最后，驱逐成功。

kubectl drain 10.0.0.19 --ignore-daemonsets
node/10.0.0.19 already cordoned
WARNING: ignoring DaemonSet-managed Pods: default/metricbeat-metricbeat-9z595, kube-system/ccs-log-collector-g266d, kube-system/ip-masq-agent-5h9vd
evicting pod "istio-galley-698fb8c979-fvxdz"
pod/istio-galley-698fb8c979-fvxdz evicted
node/10.0.0.19 evicted

1
2
3
4
5
6

reference

[1] istio. unable to drain k8s node running istio-policy podopen in new window
[2] Kubernetes 教程/入门教程. kubernetes 1.7 新特性: PodDisruptionBudget 控制器变化open in new window

# Cannot evict pod as it would violate the pod's disruption budget

# reference

Cannot evict pod as it would violate the pod's disruption budget

reference