mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
Added PodDisruptionBudget in kustomize & helm (Rebased) (#2463)
* added pdb in helm & kustomize Signed-off-by: Christopher Haar <chhaar30@googlemail.com> * added pdb in helm & kustomize Signed-off-by: Christopher Haar <chhaar30@googlemail.com> * changed for comments Signed-off-by: Christopher Haar <chhaar30@googlemail.com> * Updating minAvailable Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Removed redundant lines Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Updated README Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Updated README Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Christopher Haar <christopher@DKBs-MBP.localdomain> Co-authored-by: Christopher Haar <chhaar30@googlemail.com>
This commit is contained in:
Kumar Mallikarjuna
GitHub
parent
9541d2be3e
commit
aba2e58f09
8 changed files with 86 additions and 0 deletions
|
|
@ -92,6 +92,9 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| `podAnnotations` | annotations to add to each pod | `{}` |
|
||||
| `podLabels` | additional labels to add to each pod | `{}` |
|
||||
| `podSecurityContext` | security context for the pod | `{}` |
|
||||
| `podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the kyverno deployment | `false` |
|
||||
| `podDisruptionBudget.minAvailable` | Configures the minimum available pods for kyverno disruptions. Cannot used if `maxUnavailable` is set. | `0` |
|
||||
| `podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for kyverno disruptions. Cannot used if `minAvailable` is set. | `nil` |
|
||||
| `priorityClassName` | priorityClassName | `nil` |
|
||||
| `rbac.create` | create ClusterRoles, ClusterRoleBindings, and ServiceAccount | `true` |
|
||||
| `rbac.serviceAccount.create` | create a ServiceAccount | `true` |
|
||||
|
|
|
|||
|
|
@ -91,3 +91,16 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||
{{ default "default" .Values.rbac.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the default PodDisruptionBudget to use */}}
|
||||
{{- define "podDisruptionBudget.spec" -}}
|
||||
{{- if and .Values.podDisruptionBudget.minAvailable .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- fail "Cannot set both .Values.podDisruptionBudget.minAvailable and .Values.podDisruptionBudget.maxUnavailable" -}}
|
||||
{{- end }}
|
||||
{{- if not .Values.podDisruptionBudget.maxUnavailable }}
|
||||
minAvailable: {{ default 0 .Values.podDisruptionBudget.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
14
charts/kyverno/templates/poddisruptionbudget.yaml
Normal file
14
charts/kyverno/templates/poddisruptionbudget.yaml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{{- if .Values.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kyverno.fullname" . }}
|
||||
labels: {{ include "kyverno.labels" . | nindent 4 }}
|
||||
app: kyverno
|
||||
namespace: {{ template "kyverno.namespace" . }}
|
||||
spec:
|
||||
{{- include "podDisruptionBudget.spec" . | indent 2 }}
|
||||
selector:
|
||||
matchLabels: {{ include "kyverno.matchLabels" . | nindent 6 }}
|
||||
app: kyverno
|
||||
{{- end }}
|
||||
|
|
@ -52,6 +52,14 @@ antiAffinity:
|
|||
# Changing this to a region would allow you to spread pods across regions
|
||||
topologyKey: "kubernetes.io/hostname"
|
||||
|
||||
podDisruptionBudget:
|
||||
enabled: false
|
||||
# minAvailable: 1
|
||||
# maxUnavailable: 1
|
||||
|
||||
# minAvailable and maxUnavailable can either be set to an integer (e.g. 1)
|
||||
# or a percentage value (e.g. 25%)
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
|
||||
|
|
|
|||
|
|
@ -4986,3 +4986,22 @@ spec:
|
|||
securityContext:
|
||||
runAsNonRoot: true
|
||||
serviceAccountName: kyverno-service-account
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
labels:
|
||||
app: kyverno
|
||||
app.kubernetes.io/component: kyverno
|
||||
app.kubernetes.io/instance: kyverno
|
||||
app.kubernetes.io/managed-by: Kustomize
|
||||
app.kubernetes.io/name: kyverno
|
||||
app.kubernetes.io/part-of: kyverno
|
||||
name: kyverno
|
||||
namespace: kyverno
|
||||
spec:
|
||||
minAvailable: 0
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kyverno
|
||||
app.kubernetes.io/name: kyverno
|
||||
|
|
|
|||
|
|
@ -4679,3 +4679,17 @@ spec:
|
|||
selector:
|
||||
app: kyverno
|
||||
app.kubernetes.io/name: kyverno
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
labels:
|
||||
app: kyverno
|
||||
name: kyverno
|
||||
namespace: kyverno
|
||||
spec:
|
||||
minAvailable: 0
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kyverno
|
||||
app.kubernetes.io/name: kyverno
|
||||
|
|
|
|||
|
|
@ -8,3 +8,4 @@ resources:
|
|||
- ./metricsconfigmap.yaml
|
||||
- ./service.yaml
|
||||
- ./serviceaccount.yaml
|
||||
- ./poddisruptionbudget.yaml
|
||||
|
|
|
|||
14
definitions/k8s-resource/poddisruptionbudget.yaml
Normal file
14
definitions/k8s-resource/poddisruptionbudget.yaml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: kyverno
|
||||
labels:
|
||||
app: kyverno
|
||||
namespace: kyverno
|
||||
spec:
|
||||
minAvailable: 0
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kyverno
|
||||
# do not remove
|
||||
app.kubernetes.io/name: kyverno
|
||||
Loading…
Reference in a new issue