This tool checks whether pods in a Kubernetes cluster are eligible to be evicted by kubectl drain.
There are multiple reasons why pods cannot be evicted by kubectl drain:
- There are multiple pod disruption budgets acting on a pod
- A pod disruption budget is misconfigured, allowing no disruptions
- Multiple pods in a replicaset/statefulset are crashing, causing the pod disruption budget to prevent evictions
- A pod has no owner references
This can make cluster maintenance difficult as manual intervention is required to drain nodes, particularly in multi-tenant clusters where administrators may not have access to fix misconfigured or broken applications. By using this tool, cluster administrators can identify misconfigured workloads & check whether pods are eligible to be evicted prior to draining nodes.
Firstly, the tool checks that all selected pods have at least one owner reference, as kubectl drain will reject pods that do not have an owner reference. Any pods without owner references are reported.
It then uses the eviction API to create an eviction resource with dry-run mode enabled for each selected pod. This is the same mechanism that kubectl drain uses to evict pods. If there are any errors blocking the pod from being evicted, these are reported.
To install the tool, run the following command:
$ go install github.com/fhke/kubectl-draincheckTo run in a Docker container, run the following command:
n.b. - this assumes that your kubeconfig is in the default location ~/.kube/config. If it is in a different location, you will need to change the volume mount source.
$ docker run --rm -v ~/.kube/config:/kubeconfig -e KUBECONFIG=/kubeconfig quay.io/fhke97/kubectl-draincheck$ kubectl draincheck --all-namespaces$ kubectl draincheck --namespace foo$ kubectl draincheck --namespace foo bar-pod baz-pod