Support adding "node.kubernetes.io/out-of-service" taint

K8s v1.24 has a new well-known taint "node.kubernetes.io/out-of-service" that enables automatic deletion of pv-attached pods on failed nodes. This patch makes fencing-controller adding it to a fenced node just after the fencing job was successfully finished. See the pages below for more detail: kubernetes/enhancements#2268 kubernetes/kubernetes#108486
yosshy · Nov 26, 2022 · 98461c5 · 98461c5
1 parent b931378
commit 98461c5
Show file tree

Hide file tree

Showing 4 changed files with 259 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -94,6 +94,6 @@ You can specify the needed annotations for specific node or commonly for PodTemp
 | `fencing/enabled` | Fencing-switcher automatically sets this annotation to enable or disable fencing for the node. *(can be specified only for node, usually you don't need to configure it)*. | `false` |
 | `fencing/id`      | Specify the device id which will be used to fence the node. | *same as node name* |
 | `fencing/template`| Specify PodTemplate which be used to fence the node. | `fencing` |
-| `fencing/mode`    | Specify cleanup mode for the node: <ul><li><code>none</code> - do nothing after successful fencing.</li><li><code>flush</code> - remove all pods and volumeattachments from the node after successful fencing.</li><li><code>delete</code> - remove the node after successful fencing.</li></ul>  | `flush` |
+| `fencing/mode`    | Specify cleanup mode for the node: <ul><li><code>none</code> - do nothing after successful fencing.</li><li><code>flush</code> - remove all pods and volumeattachments from the node after successful fencing.</li><li><code>taint</code> - remove all pods and volumeattachments from the node with "node.kubernetes.io/out-of-service" taint for k8s v1.24+. </li><li><code>delete</code> - remove the node after successful fencing.</li></ul>  | `flush` |
 | `fencing/after-hook` | Specific PodTemplate which will be spawned after successful fencing. | *unspecified* |
 | `fencing/timeout` | Timeout in seconds to wait for the node recovery before starting fencing procedure. | `0` |
diff --git a/go.mod b/go.mod
@@ -7,6 +7,7 @@ require (
 	k8s.io/apimachinery v0.25.2
 	k8s.io/client-go v0.25.2
 	k8s.io/klog v1.0.0
+	k8s.io/kubernetes v1.25.3
 	sigs.k8s.io/controller-runtime v0.13.0
 )