diff --git a/pkg/issuer/acme/http/pod.go b/pkg/issuer/acme/http/pod.go index 029a5c0ea..22ab5a999 100644 --- a/pkg/issuer/acme/http/pod.go +++ b/pkg/issuer/acme/http/pod.go @@ -175,7 +175,8 @@ func (s *Solver) buildDefaultPod(ch *cmacme.Challenge) *corev1.Pod { Namespace: ch.Namespace, Labels: podLabels, Annotations: map[string]string{ - "sidecar.istio.io/inject": "false", + "sidecar.istio.io/inject": "false", + "cluster-autoscaler.kubernetes.io/safe-to-evict": "true", }, OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(ch, challengeGvk)}, }, diff --git a/pkg/issuer/acme/http/pod_test.go b/pkg/issuer/acme/http/pod_test.go index 35c892ef8..486649c86 100644 --- a/pkg/issuer/acme/http/pod_test.go +++ b/pkg/issuer/acme/http/pod_test.go @@ -71,7 +71,8 @@ func TestEnsurePod(t *testing.T) { Namespace: testNamespace, Labels: podLabels(chal), Annotations: map[string]string{ - "sidecar.istio.io/inject": "false", + "sidecar.istio.io/inject": "false", + "cluster-autoscaler.kubernetes.io/safe-to-evict": "true", }, OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(chal, challengeGvk)}, }, @@ -286,8 +287,9 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) { cmacme.DomainLabelKey: "44655555555", }, Annotations: map[string]string{ - "sidecar.istio.io/inject": "true", - "foo": "bar", + "sidecar.istio.io/inject": "true", + "cluster-autoscaler.kubernetes.io/safe-to-evict": "false", + "foo": "bar", }, }, Spec: cmacme.ACMEChallengeSolverHTTP01IngressPodSpec{ @@ -320,8 +322,9 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) { cmacme.SolverIdentificationLabelKey: "true", } resultingPod.Annotations = map[string]string{ - "sidecar.istio.io/inject": "true", - "foo": "bar", + "sidecar.istio.io/inject": "true", + "cluster-autoscaler.kubernetes.io/safe-to-evict": "false", + "foo": "bar", } resultingPod.Spec.NodeSelector = map[string]string{ "kubernetes.io/os": "linux",