add PodProtections for DefaultEvictorArgs

[googs1025]

fix: #1664

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign a7i for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ricardomaraschini]

What is the purpose of this function ?

[googs1025]

oh... This is also where I am confused. I just added it in the same way as before...

[ingvagabund]

Unfortunate product of duplicating the no-op constructs.

[googs1025]

We will recommend users to use the new config here

[googs1025]

validate check here: We do not want users to mix old and new config. If any of the old config is true and there is a value in the new config list (including: DisabledDefaultPodProtections and ExtraPodProtections), it means that they are mixed and the validation fails.

[googs1025]

I think add new file constraints.go to be more clear

[googs1025]

I hope we can reach an agreement and merge it into the master before the next release. 😄
@ingvagabund @a7i @ricardomaraschini Can you help with this PR? I know this may take some time....

[ingvagabund]

What about to put the list of disabled and extra enabled policies under a single field? E.g.

# Pod anti-eviction/protection policies.
# The list of policies enabled by default:
# - protect pods with local storage, extend disabled with 'podsWithLocalStorage' to disable the protection
# - protect daemon set pods, extend disabled with `daemonSetPods` to disable the protection
# - ...
protectionPolicies:
  # list of extra enabled policies
  extraEnabled:
  # list of disabled pod policies
  disabled:

?

[googs1025]

Here is a good suggestion
we can config like this:

- name: "DefaultEvictor"
  args:
    # Deprecated: Use `disabledDefaultPodProtections` with "systemCriticalPods" instead.
    # evictSystemCriticalPods: true
    # Deprecated: Use `disabledDefaultPodProtections` with "failedBarePods" instead.
    # evictFailedBarePods: true
    # Deprecated: Use `disabledDefaultPodProtections` with "withLocalStorage" instead.
    # evictLocalStoragePods: true
    nodeFit: true
    minReplicas: 2
    protectionPolicies:
      extraEnabled:
         - withPVC
         - withoutPDB
      # list of disabled pod policies
      disabled:
         - withLocalStorage
         - systemCriticalPods
         - failedBarePods
         - daemonSetPods

[ingvagabund]

Both DisabledDefaultPodProtection and ExtraPodProtection can be consolidated into a single type. E.g.

type PodProtectionPolicy string

const (
	PodsWithLocalStorage PodProtectionPolicy = "podsWithLocalStorage"
	DaemonSetPods PodProtectionPolicy = "daemonSetPods"
	SystemCriticalPods PodProtectionPolicy = "systemCriticalPods"
	FailedBarePods PodProtectionPolicy = "failedBarePods"
	PodsWithPVC PodProtectionPolicy = "podsWithPVC"
	PodsWithoutPDB PodProtectionPolicy = "podsWithoutPDB"
)

With some of the policies enabled by default. Other used for extra enabling or disabling. Also, would you please have defaults.go set the default list of enabled policies too? E.g.

args.defaultPodProtectionPolicies = [PodsWithLocalStorage, DaemonSetPods, ...]

while extending the new private defaultPodProtectionPolicies field with a comment saying the list of default policies is a subject to change?

[googs1025]

#1664 (comment)
@ingvagabund
We have discussed why not to use the default value here

[googs1025]

I thinks this(set default value) will make the behavior incompatible with previous. I think using two types will not have any impact for user. It will also avoid coding errors of different strategies in the delegate (because we distinguish enable and disable as different types).

[ingvagabund]

defaultPodProtectionPolicies is going to be a private variable only, not exposed to customers. Only for internal use.

[googs1025]

got this

[googs1025]

Change to one type and use ExtraEnabled Disabled to decide

[googs1025]

We are here to maintain compatibility with the old config logic.

[ingvagabund]

To make the review and refactoring easier to follow would you please move the changes in constaints.go into a separate PR? Without introducing the pod protection policy. Just to refactor the code is it's easier to introduce the pod protection policies later.

[ingvagabund]

defaultPodProtectionPolicies is used only for internal purposes so the same list of default policies does not have to be duplicated. If you plan to define BuiltInPodProtectionPolicies as well the new variable can be used instead of the internal defaultPodProtectionPolicies field.

[googs1025]

removed BuiltInPodProtectionPolicies
I think we just use defaultPodProtectionPolicies is enough 🤔

[googs1025]

see https://github.com/googs1025/descheduler/tree/refator/evict_arg?tab=readme-ov-file#evictor-plugin-configuration-default-evictor

This can see more clearer.

[ingvagabund]

Apologies for the delays. I will not be able to finish the review. I am leaving for a vacation until June 8. I will resume once I am back.