All Policies
Add Karpenter Do Not Evict
If a Pod exists with the annotation `karpenter.sh/do-not-evict: true` on a Node, and a request is made to delete the Node, Karpenter will not drain any Pods from that Node or otherwise try to delete the Node. This is useful for Pods that should run uninterrupted to completion. This policy mutates Jobs and CronJobs so that Pods spawned by them will contain the `karpenter.sh/do-not-evict: true` annotation.
Policy Definition
/karpenter/add-karpenter-donot-evict/add-karpenter-donot-evict.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: add-karpenter-donot-evict
5 annotations:
6 policies.kyverno.io/title: Add Karpenter Do Not Evict
7 policies.kyverno.io/category: Karpenter, EKS Best Practices
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Pod
10 kyverno.io/kyverno-version: 1.7.1
11 policies.kyverno.io/minversion: 1.6.0
12 kyverno.io/kubernetes-version: "1.23"
13 policies.kyverno.io/description: >-
14 If a Pod exists with the annotation `karpenter.sh/do-not-evict: true` on a Node,
15 and a request is made to delete the Node, Karpenter will not drain any Pods from
16 that Node or otherwise try to delete the Node. This is useful for Pods that should
17 run uninterrupted to completion. This policy mutates Jobs and CronJobs
18 so that Pods spawned by them will contain the `karpenter.sh/do-not-evict: true` annotation.
19spec:
20 rules:
21 - name: do-not-evict-jobs
22 match:
23 any:
24 - resources:
25 kinds:
26 - Job
27 mutate:
28 patchStrategicMerge:
29 spec:
30 template:
31 metadata:
32 annotations:
33 karpenter.sh/do-not-evict: "true"
34 - name: do-not-evict-cronjobs
35 match:
36 any:
37 - resources:
38 kinds:
39 - CronJob
40 mutate:
41 patchStrategicMerge:
42 spec:
43 jobTemplate:
44 spec:
45 template:
46 metadata:
47 annotations:
48 karpenter.sh/do-not-evict: "true"