From 05117f5f759cb5fdcd34954d714c7c5303dbc7a6 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Thu, 14 Sep 2023 10:35:56 -0400
Subject: [PATCH] Add cluster-autoscaler.kubernetes.io/safe-to-evict

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---
 pkg/issuer/acme/http/pod.go      |  3 ++-
 pkg/issuer/acme/http/pod_test.go | 13 ++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkg/issuer/acme/http/pod.go b/pkg/issuer/acme/http/pod.go
index 029a5c0ea..22ab5a999 100644
--- a/pkg/issuer/acme/http/pod.go
+++ b/pkg/issuer/acme/http/pod.go
@@ -175,7 +175,8 @@ func (s *Solver) buildDefaultPod(ch *cmacme.Challenge) *corev1.Pod {
 			Namespace:    ch.Namespace,
 			Labels:       podLabels,
 			Annotations: map[string]string{
-				"sidecar.istio.io/inject": "false",
+				"sidecar.istio.io/inject":                        "false",
+				"cluster-autoscaler.kubernetes.io/safe-to-evict": "true",
 			},
 			OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(ch, challengeGvk)},
 		},
diff --git a/pkg/issuer/acme/http/pod_test.go b/pkg/issuer/acme/http/pod_test.go
index 35c892ef8..486649c86 100644
--- a/pkg/issuer/acme/http/pod_test.go
+++ b/pkg/issuer/acme/http/pod_test.go
@@ -71,7 +71,8 @@ func TestEnsurePod(t *testing.T) {
 				Namespace:    testNamespace,
 				Labels:       podLabels(chal),
 				Annotations: map[string]string{
-					"sidecar.istio.io/inject": "false",
+					"sidecar.istio.io/inject":                        "false",
+					"cluster-autoscaler.kubernetes.io/safe-to-evict": "true",
 				},
 				OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(chal, challengeGvk)},
 			},
@@ -286,8 +287,9 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) {
 											cmacme.DomainLabelKey: "44655555555",
 										},
 										Annotations: map[string]string{
-											"sidecar.istio.io/inject": "true",
-											"foo":                     "bar",
+											"sidecar.istio.io/inject":                        "true",
+											"cluster-autoscaler.kubernetes.io/safe-to-evict": "false",
+											"foo": "bar",
 										},
 									},
 									Spec: cmacme.ACMEChallengeSolverHTTP01IngressPodSpec{
@@ -320,8 +322,9 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) {
 					cmacme.SolverIdentificationLabelKey: "true",
 				}
 				resultingPod.Annotations = map[string]string{
-					"sidecar.istio.io/inject": "true",
-					"foo":                     "bar",
+					"sidecar.istio.io/inject":                        "true",
+					"cluster-autoscaler.kubernetes.io/safe-to-evict": "false",
+					"foo": "bar",
 				}
 				resultingPod.Spec.NodeSelector = map[string]string{
 					"kubernetes.io/os": "linux",