PCP-2902: skip killing CSI pod after frist drain

api/v1beta1/machine_types.go

@@ -19,7 +19,6 @@ package v1beta1
 import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
 	capierrors "sigs.k8s.io/cluster-api/errors"
 )
 
@@ -121,6 +120,10 @@ type MachineSpec struct {
 	// Defaults to 10 seconds.
 	// +optional
 	NodeDeletionTimeout *metav1.Duration `json:"nodeDeletionTimeout,omitempty"`
+
+	// NodeDrainPodFilters allows to specify filters for pods to be excluded during node drain
+	// +optional
+	NodeDrainPodFilters *metav1.LabelSelector `json:"nodeDrainPodFilters,omitempty"`
 }
 
 // ANCHOR_END: MachineSpec

internal/controllers/machine/machine_controller.go

@@ -352,7 +352,7 @@ func (r *Reconciler) reconcileDelete(ctx context.Context, cluster *clusterv1.Clu
 				return ctrl.Result{}, errors.Wrap(err, "failed to patch Machine")
 			}
 
-			if result, err := r.drainNode(ctx, cluster, m.Status.NodeRef.Name); !result.IsZero() || err != nil {
+			if result, err := r.drainNode(ctx, cluster, m); !result.IsZero() || err != nil {
 				if err != nil {
 					conditions.MarkFalse(m, clusterv1.DrainingSucceededCondition, clusterv1.DrainingFailedReason, clusterv1.ConditionSeverityWarning, err.Error())
 					r.recorder.Eventf(m, corev1.EventTypeWarning, "FailedDrainNode", "error draining Machine's node %q: %v", m.Status.NodeRef.Name, err)
@@ -572,7 +572,8 @@ func (r *Reconciler) isDeleteNodeAllowed(ctx context.Context, cluster *clusterv1
 	return nil
 }
 
-func (r *Reconciler) drainNode(ctx context.Context, cluster *clusterv1.Cluster, nodeName string) (ctrl.Result, error) {
+func (r *Reconciler) drainNode(ctx context.Context, cluster *clusterv1.Cluster, m *clusterv1.Machine) (ctrl.Result, error) {
+	nodeName := m.Status.NodeRef.Name
 	log := ctrl.LoggerFrom(ctx, "Node", klog.KRef("", nodeName))
 
 	restConfig, err := remote.RESTConfig(ctx, controllerName, r.Client, util.ObjectKey(cluster))
@@ -620,8 +621,10 @@ func (r *Reconciler) drainNode(ctx context.Context, cluster *clusterv1.Cluster,
 		}},
 		// SPECTRO: Even if the node is reachable, we wait 30 minutes for drain completion else move ahead
 		SkipWaitForDeleteTimeoutSeconds: 60 * 30, // 30 minutes
+		AdditionalFilters: []kubedrain.PodFilter{
+			SkipFuncGenerator(m.Spec.NodeDrainPodFilters),
+		},
 	}
-
 	if noderefutil.IsNodeUnreachable(node) {
 		// When the node is unreachable and some pods are not evicted for as long as this timeout, we ignore them.
 		drainer.SkipWaitForDeleteTimeoutSeconds = 60 * 5 // 5 minutes
@@ -643,6 +646,18 @@ func (r *Reconciler) drainNode(ctx context.Context, cluster *clusterv1.Cluster,
 	return ctrl.Result{}, nil
 }
 
+func SkipFuncGenerator(labelSelector *metav1.LabelSelector) func(pod corev1.Pod) kubedrain.PodDeleteStatus {
+	return func(pod corev1.Pod) kubedrain.PodDeleteStatus {
+		if pod.Labels == nil {
+			return kubedrain.MakePodDeleteStatusOkay()
+		}
+		if HasMatchingLabels(*labelSelector, pod.ObjectMeta.Labels) {
+			return kubedrain.MakePodDeleteStatusSkip()
+		}
+		return kubedrain.MakePodDeleteStatusOkay()
+	}
+}
+
 // shouldWaitForNodeVolumes returns true if node status still have volumes attached
 // pod deletion and volume detach happen asynchronously, so pod could be deleted before volume detached from the node
 // this could cause issue for some storage provisioner, for example, vsphere-volume this is problematic

spectro/generated/bootstrap-base.yaml

@@ -26,7 +26,7 @@ spec:
         - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m}
         command:
         - /manager
-        image: gcr.io/spectro-dev-public/release/kubeadm-bootstrap-controller-amd64:20220805
+        image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-bootstrap-controller:v1.3.2-spectro-4.0.0-dev
         imagePullPolicy: Always
         name: manager
       terminationGracePeriodSeconds: 10