53 lines
2.1 KiB
Bash
53 lines
2.1 KiB
Bash
#!/bin/bash
|
|
|
|
# Get api server and node name for kubelet context
|
|
API_SERVER=$(kubectl --kubeconfig /root/.kube/config config view -o json | jq -r '.clusters[].cluster.server')
|
|
NODE_NAME=$(kubectl --kubeconfig /root/.kube/config config view -o json | jq -r '.["current-context"]' | sed -e 's/system:node://' -e 's/@.*//')
|
|
|
|
if [ -z "$API_SERVER" ] || [ -z "$NODE_NAME" ]; then
|
|
echo "Could not find kube context. Abort."
|
|
exit 1
|
|
fi
|
|
|
|
# Delete all node status as we are not allowed to cordon ourselfs
|
|
curl -s --cacert /etc/kubernetes/pki/ca.crt \
|
|
--cert /var/lib/kubelet/pki/kubelet-client-current.pem \
|
|
-H "Content-Type: application/json-patch+json" -X PATCH \
|
|
$API_SERVER/api/v1/nodes/$NODE_NAME/status \
|
|
--data '[ { "op": "replace", "path": "/status/conditions", "value": []}]' >/dev/null
|
|
|
|
# Loop through all local pods
|
|
EVICTED=""
|
|
while read NAMESPACE NAME; do
|
|
# get pod owner
|
|
OWNER=$(curl -s --cacert /etc/kubernetes/pki/ca.crt \
|
|
--cert /var/lib/kubelet/pki/kubelet-client-current.pem \
|
|
-H 'Content-type: application/json' \
|
|
"$API_SERVER"/api/v1/namespaces/"$NAMESPACE"/pods/"$NAME" | jq -r '.metadata.ownerReferences[].kind')
|
|
|
|
[ -n "$OWNER" ] || continue
|
|
|
|
# skip over DS and static manifests
|
|
[[ "$OWNER" =~ (DaemonSet|Node) ]] && continue
|
|
|
|
JSON='{ "apiVersion": "policy/v1", "kind": "Eviction", "metadata": { "name": "'$NAME'", "namespace": "'$NAMESPACE'" } }'
|
|
HTTP_CODE=$(curl -o /dev/null -s -w "%{http_code}\n" --cacert /etc/kubernetes/pki/ca.crt \
|
|
--cert /var/lib/kubelet/pki/kubelet-client-current.pem \
|
|
-X POST -H 'Content-type: application/json' \
|
|
--data-raw "$JSON" \
|
|
"$API_SERVER"/api/v1/namespaces/"$NAMESPACE"/pods/"$NAME"/eviction)
|
|
|
|
if [ "$HTTP_CODE" = "201" ]; then
|
|
echo "Evicted $NAMESPACE/$NAME"
|
|
EVICTED="$EVICTED $NAME"
|
|
else
|
|
echo "Error trying to evict $NAMESPACE/$NAME"
|
|
fi
|
|
done < <(crictl pods -o json | jq -r '.items[].metadata | {name,namespace} | .namespace + " " + .name')
|
|
|
|
# Stop all successfully evicted pods in parallel and wait till all stopped
|
|
for name in $EVICTED; do
|
|
crictl stopp $(crictl pods -o json --name $name | jq -r '.items[].id') &
|
|
done
|
|
wait
|