Pulling in do-not-disrupt grace period

Author: AndrewMitchell25

go.mod

@@ -123,7 +123,7 @@ require (
 	golang.org/x/oauth2 v0.34.0 // indirect
 	golang.org/x/sys v0.40.0 // indirect
 	golang.org/x/term v0.39.0 // indirect
-	golang.org/x/text v0.33.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 	golang.org/x/tools v0.41.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
@@ -140,3 +140,5 @@ require (
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect
 )
+
+replace sigs.k8s.io/karpenter => github.com/AndrewMitchell25/karpenter v0.0.0-20260302230637-bb8c524f9de3

go.sum

@@ -1,3 +1,5 @@
+github.com/AndrewMitchell25/karpenter v0.0.0-20260302230637-bb8c524f9de3 h1:cj7ydUP0ELUINLi40EbYaeW4odjs05+fFScPCBj0H0w=
+github.com/AndrewMitchell25/karpenter v0.0.0-20260302230637-bb8c524f9de3/go.mod h1:7HVTLcR8uNwHcnwjfaCqV2ICF3aOPvngK/J8CBXZraU=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Pallinder/go-randomdata v1.2.0 h1:DZ41wBchNRb/0GfsePLiSwb0PHZmT67XY00lCDlaYPg=
@@ -323,8 +325,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
-golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -375,8 +377,6 @@ sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327U
 sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
-sigs.k8s.io/karpenter v1.9.1-0.20260220232539-5e12af134257 h1:Z7WZW+Hw8Naj3kOcHIZbHyIKwTDtzQzm0N9tgqdGZbY=
-sigs.k8s.io/karpenter v1.9.1-0.20260220232539-5e12af134257/go.mod h1:5NVeUwDmwHGnGIiqZhYCVfRx1uE5f9zdZsUYI34isIo=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
 sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E=

website/content/en/preview/concepts/disruption.md

@@ -360,20 +360,44 @@ In this scenario, Karpenter cannot voluntary disrupt the node because:
 
 As seen in this example, the more PDBs there are affecting a Node, the more difficult it will be for Karpenter to find an opportunity to perform voluntary disruption actions.
 
-Secondly, you can block Karpenter from voluntarily disrupting and draining pods by adding the `karpenter.sh/do-not-disrupt: "true"` annotation to the pod.
-You can treat this annotation as a single-pod, permanently blocking PDB.
+Secondly, you can block Karpenter from voluntarily disrupting and draining pods by adding the `karpenter.sh/do-not-disrupt` annotation to the pod.
+The annotation supports two formats:
+- **Boolean format**: `karpenter.sh/do-not-disrupt: "true"` - Provides permanent protection from disruption
+- **Duration format**: `karpenter.sh/do-not-disrupt: "30m"` - Provides time-based protection for the specified duration after the pod starts running
+
+#### Duration-Based Protection
+
+When using the duration format, pods are protected from disruption for the specified time period after they start running (based on `pod.status.startTime`).
+Once the grace period expires, the pod becomes eligible for disruption like any other pod.
+This is useful for workloads that need protection during startup or critical phases but can be safely disrupted later.
+
+Supported duration formats include:
+- `"5m"` - 5 minutes
+- `"1h"` - 1 hour  
+- `"2h30m"` - 2 hours and 30 minutes
+- `"24h"` - 24 hours
+
+###TODO REWRITE THIS SECTION
+If an invalid duration is specified, the pod will be treated as permanently protected (equivalent to `"true"`).
+
+#### Behavior and Consequences
+
+You can treat this annotation as a single-pod, blocking PDB (permanent when using boolean format, or temporary when using duration format).
 This has the following consequences:
 - Nodes with `karpenter.sh/do-not-disrupt` pods will be excluded from [Consolidation]({{<ref "#consolidation" >}}), and conditionally excluded from [Drift]({{<ref "#drift" >}}).
   - If the Node's owning NodeClaim has a [`terminationGracePeriod`]({{<ref "#terminationgraceperiod" >}}) configured, it will still be eligible for disruption via drift.
 - Like pods with a blocking PDB, pods with the `karpenter.sh/do-not-disrupt` annotation will **not** be gracefully evicted by the [Termination Controller]({{<ref "#termination-controller">}}).
   Karpenter will not be able to complete termination of the node until one of the following conditions is met:
   - All pods with the `karpenter.sh/do-not-disrupt` annotation are removed.
   - All pods with the `karpenter.sh/do-not-disrupt` annotation have entered a [terminal phase](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase) (`Succeeded` or `Failed`).
+  - For duration-based annotations, the grace period has expired and the pod is no longer protected.
   - The owning NodeClaim's [`terminationGracePeriod`]({{<ref "#terminationgraceperiod" >}}) has elapsed.
 
-This is useful for pods that you want to run from start to finish without disruption.
-Examples of pods that you might want to opt-out of disruption include an interactive game that you don't want to interrupt or a long batch job (such as you might have with machine learning) that would need to start over if it were interrupted.
+#### Examples
 
+This is useful for pods that you want to run from start to finish without disruption, or that need protection during critical startup phases.
+
+**Permanent protection** - useful for interactive games or long-running batch jobs:
 ```yaml
 apiVersion: apps/v1
 kind: Deployment
@@ -384,6 +408,29 @@ spec:
         karpenter.sh/do-not-disrupt: "true"
 ```
 
+**Time-based protection** - useful for workloads with critical startup phases:
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+spec:
+  template:
+    metadata:
+      annotations:
+        # Protect for 30 minutes after pod starts running
+        karpenter.sh/do-not-disrupt: "30m"
+```
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+spec:
+  template:
+    metadata:
+      annotations:
+        # Protect for 2 hours after pod starts running
+        karpenter.sh/do-not-disrupt: "2h"
+```
+
 {{% alert title="Note" color="primary" %}}
 The `karpenter.sh/do-not-disrupt` annotation does **not** exclude nodes from the forceful disruption methods: [Expiration]({{<ref "#expiration" >}}), [Interruption]({{<ref "#interruption" >}}), [Node Repair](<ref "#node-repair" >), and manual deletion (e.g. `kubectl delete node ...`).
 While both interruption and node repair have implicit upper-bounds on termination time, expiration and manual termination do not.

website/content/en/preview/troubleshooting.md

@@ -482,9 +482,32 @@ Review what [disruptions are](https://kubernetes.io/docs/concepts/workloads/pods
 
 #### `karpenter.sh/do-not-disrupt` Annotation
 
-If a pod exists with the annotation `karpenter.sh/do-not-disrupt: true` on a node, and a request is made to delete the node, Karpenter will not drain any pods from that node or otherwise try to delete the node. Nodes that have pods with a `do-not-disrupt` annotation are not considered for consolidation, though their unused capacity is considered for the purposes of running pods from other nodes which can be consolidated.
+The `karpenter.sh/do-not-disrupt` annotation can be used to protect pods from voluntary disruption. It supports two formats:
 
-If you want to terminate a node with a `do-not-disrupt` pod, you can simply remove the annotation and the deprovisioning process will continue.
+**Boolean format** - Permanent protection:
+```yaml
+karpenter.sh/do-not-disrupt: "true"
+```
+
+**Duration format** - Time-based protection:
+```yaml
+# Protect for 30 minutes after pod starts running
+karpenter.sh/do-not-disrupt: "30m"
+
+# Protect for 2 hours after pod starts running  
+karpenter.sh/do-not-disrupt: "2h"
+
+# Protect for 1 hour and 30 minutes after pod starts running
+karpenter.sh/do-not-disrupt: "1h30m"
+```
+
+If a pod exists with the `do-not-disrupt` annotation on a node, and a request is made to delete the node, Karpenter will not drain any pods from that node or otherwise try to delete the node. Nodes that have pods with a `do-not-disrupt` annotation are not considered for consolidation, though their unused capacity is considered for the purposes of running pods from other nodes which can be consolidated.
+
+For duration-based annotations, protection expires after the specified time period from when the pod starts running (`pod.status.startTime`). Once expired, the pod becomes eligible for disruption.
+
+If you want to terminate a node with a `do-not-disrupt` pod, you can either:
+- Remove the annotation and the deprovisioning process will continue
+- Wait for duration-based annotations to expire naturally
 
 #### Scheduling Constraints (Consolidation Only)