descheduler
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for descheduler.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
# CronJob or Deployment
6
kind: CronJob
7
image:
8
repository: cgr.dev/chainguard-private/descheduler
9
# Overrides the image tag whose default is the chart version
10
tag: latest@sha256:11aea7e23506a7ffaeedb80e46b6a3bed25d3fa45c8f5338fe9d271754d340f0
11
pullPolicy: IfNotPresent
12
imagePullSecrets:
13
# - name: container-registry-secret
14
resources:
15
requests:
16
cpu: 500m
17
memory: 256Mi
18
limits:
19
cpu: 500m
20
memory: 256Mi
21
ports:
22
- containerPort: 10258
23
protocol: TCP
24
securityContext:
25
allowPrivilegeEscalation: false
26
capabilities:
27
drop:
28
- ALL
29
privileged: false
30
readOnlyRootFilesystem: true
31
runAsNonRoot: true
32
runAsUser: 1000
33
# podSecurityContext -- [Security context for pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
34
podSecurityContext: {}
35
# fsGroup: 1000
36
37
nameOverride: ""
38
fullnameOverride: ""
39
# -- Override the deployment namespace; defaults to .Release.Namespace
40
namespaceOverride: ""
41
# labels that'll be applied to all resources
42
commonLabels: {}
43
cronJobApiVersion: "batch/v1"
44
schedule: "*/2 * * * *"
45
suspend: false
46
# startingDeadlineSeconds: 200
47
# successfulJobsHistoryLimit: 3
48
# failedJobsHistoryLimit: 1
49
# ttlSecondsAfterFinished: 600
50
# activeDeadlineSeconds: 60 # Make sure this value is SHORTER than the cron interval.
51
# timeZone: Etc/UTC
52
53
# Required when running as a Deployment
54
deschedulingInterval: 5m
55
# Specifies the replica count for Deployment
56
# Set leaderElection if you want to use more than 1 replica
57
# Set affinity.podAntiAffinity rule if you want to schedule onto a node
58
# only if that node is in the same zone as at least one already-running descheduler
59
replicas: 1
60
# Specifies whether Leader Election resources should be created
61
# Required when running as a Deployment
62
# NOTE: Leader election can't be activated if DryRun enabled
63
leaderElection: {}
64
# enabled: true
65
# leaseDuration: 15s
66
# renewDeadline: 10s
67
# retryPeriod: 2s
68
# resourceLock: "leases"
69
# resourceName: "descheduler"
70
# resourceNamespace: "kube-system"
71
72
command:
73
- "/bin/descheduler"
74
cmdOptions:
75
v: 3
76
# Recommended to use the latest Policy API version supported by the Descheduler app version
77
deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
78
# deschedulerPolicy contains the policies the descheduler will execute.
79
deschedulerPolicy:
80
# nodeSelector: "key1=value1,key2=value2"
81
# maxNoOfPodsToEvictPerNode: 10
82
# maxNoOfPodsToEvictPerNamespace: 10
83
# metricsProviders:
84
# - source: KubernetesMetrics
85
# tracing:
86
# collectorEndpoint: otel-collector.observability.svc.cluster.local:4317
87
# transportCert: ""
88
# serviceName: ""
89
# serviceNamespace: ""
90
# sampleRate: 1.0
91
# fallbackToNoOpProviderOnError: true
92
profiles:
93
- name: default
94
pluginConfig:
95
- name: DefaultEvictor
96
args:
97
podProtections:
98
defaultDisabled:
99
- "PodsWithLocalStorage"
100
extraEnabled:
101
- "PodsWithPVC"
102
- name: RemoveDuplicates
103
- name: RemovePodsHavingTooManyRestarts
104
args:
105
podRestartThreshold: 100
106
includingInitContainers: true
107
- name: RemovePodsViolatingNodeAffinity
108
args:
109
nodeAffinityType:
110
- requiredDuringSchedulingIgnoredDuringExecution
111
- name: RemovePodsViolatingNodeTaints
112
- name: RemovePodsViolatingInterPodAntiAffinity
113
- name: RemovePodsViolatingTopologySpreadConstraint
114
- name: LowNodeUtilization
115
args:
116
thresholds:
117
cpu: 20
118
memory: 20
119
pods: 20
120
targetThresholds:
121
cpu: 50
122
memory: 50
123
pods: 50
124
plugins:
125
balance:
126
enabled:
127
- RemoveDuplicates
128
- RemovePodsViolatingTopologySpreadConstraint
129
- LowNodeUtilization
130
deschedule:
131
enabled:
132
- RemovePodsHavingTooManyRestarts
133
- RemovePodsViolatingNodeTaints
134
- RemovePodsViolatingNodeAffinity
135
- RemovePodsViolatingInterPodAntiAffinity
136
priorityClassName: system-cluster-critical
137
nodeSelector: {}
138
# foo: bar
139
140
affinity: {}
141
# nodeAffinity:
142
# requiredDuringSchedulingIgnoredDuringExecution:
143
# nodeSelectorTerms:
144
# - matchExpressions:
145
# - key: kubernetes.io/e2e-az-name
146
# operator: In
147
# values:
148
# - e2e-az1
149
# - e2e-az2
150
# podAntiAffinity:
151
# requiredDuringSchedulingIgnoredDuringExecution:
152
# - labelSelector:
153
# matchExpressions:
154
# - key: app.kubernetes.io/name
155
# operator: In
156
# values:
157
# - descheduler
158
# topologyKey: "kubernetes.io/hostname"
159
topologySpreadConstraints: []
160
# - maxSkew: 1
161
# topologyKey: kubernetes.io/hostname
162
# whenUnsatisfiable: DoNotSchedule
163
# labelSelector:
164
# matchLabels:
165
# app.kubernetes.io/name: descheduler
166
tolerations: []
167
# - key: 'management'
168
# operator: 'Equal'
169
# value: 'tool'
170
# effect: 'NoSchedule'
171
172
rbac:
173
# Specifies whether RBAC resources should be created
174
create: true
175
serviceAccount:
176
# Specifies whether a ServiceAccount should be created
177
create: true
178
# The name of the ServiceAccount to use.
179
# If not set and create is true, a name is generated using the fullname template
180
name:
181
# Specifies custom annotations for the serviceAccount
182
annotations: {}
183
# Opt out of API credential automounting
184
#
185
# automountServiceAccountToken Default is not set
186
# automountServiceAccountToken: true
187
# Mount the ServiceAccountToken in the Pod of a CronJob or Deployment
188
# Default is not set - but only implied by the ServiceAccount
189
# automountServiceAccountToken: true
190
191
# Annotations that'll be applied to deployment
192
deploymentAnnotations: {}
193
cronJobAnnotations: {}
194
cronJobLabels: {}
195
jobAnnotations: {}
196
jobLabels: {}
197
podAnnotations: {}
198
podLabels: {}
199
dnsConfig: {}
200
livenessProbe:
201
failureThreshold: 3
202
httpGet:
203
path: /healthz
204
port: 10258
205
scheme: HTTPS
206
initialDelaySeconds: 5
207
periodSeconds: 20
208
timeoutSeconds: 5
209
# Init containers to run before the main descheduler container
210
initContainers: []
211
# Example:
212
# - name: init-myservice
213
# image: busybox:1.28
214
# command: ['sh', '-c', 'echo The app is running! && sleep 10']
215
216
service:
217
enabled: false
218
# @param service.ipFamilyPolicy [string], support SingleStack, PreferDualStack and RequireDualStack
219
#
220
ipFamilyPolicy: ""
221
# @param service.ipFamilies [array] List of IP families (e.g. IPv4, IPv6) assigned to the service.
222
# Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
223
# E.g.
224
# ipFamilies:
225
# - IPv6
226
# - IPv4
227
ipFamilies: []
228
serviceMonitor:
229
enabled: false
230
# The namespace where Prometheus expects to find service monitors.
231
# namespace: ""
232
# Add custom labels to the ServiceMonitor resource
233
additionalLabels: {}
234
# prometheus: kube-prometheus-stack
235
interval: ""
236
# honorLabels: true
237
insecureSkipVerify: true
238
serverName: null
239
metricRelabelings: []
240
# - action: keep
241
# regex: 'descheduler_(build_info|pods_evicted)'
242
# sourceLabels: [__name__]
243
relabelings: []
244
# - sourceLabels: [__meta_kubernetes_pod_node_name]
245
# separator: ;
246
# regex: ^(.*)$
247
# targetLabel: nodename
248
# replacement: $1
249
# action: replace
250
251
## Additional Volume mounts when automountServiceAccountToken is false
252
# extraServiceAccountVolumeMounts:
253
# - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
254
# name: kube-api-access
255
# readOnly: true
256
257
## Additional Volumes when automountServiceAccountToken is false
258
# extraServiceAccountVolumes:
259
# - name: kube-api-access
260
# projected:
261
# defaultMode: 0444
262
# sources:
263
# - configMap:
264
# items:
265
# - key: ca.crt
266
# path: ca.crt
267
# name: kube-root-ca.crt
268
# - downwardAPI:
269
# items:
270
# - fieldRef:
271
# apiVersion: v1
272
# fieldPath: metadata.namespace
273
# path: namespace
274
# - serviceAccountToken:
275
# expirationSeconds: 3600
276
# path: token
277
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.