From aba2e58f09a28fbe71c56510b38e9ba61df7c5a0 Mon Sep 17 00:00:00 2001 From: Kumar Mallikarjuna Date: Tue, 5 Oct 2021 11:09:24 +0530 Subject: [PATCH] Added PodDisruptionBudget in kustomize & helm (Rebased) (#2463) * added pdb in helm & kustomize Signed-off-by: Christopher Haar * added pdb in helm & kustomize Signed-off-by: Christopher Haar * changed for comments Signed-off-by: Christopher Haar * Updating minAvailable Signed-off-by: Kumar Mallikarjuna * Removed redundant lines Signed-off-by: Kumar Mallikarjuna * Updated README Signed-off-by: Kumar Mallikarjuna * Updated README Signed-off-by: Kumar Mallikarjuna Co-authored-by: Christopher Haar Co-authored-by: Christopher Haar --- charts/kyverno/README.md | 3 +++ charts/kyverno/templates/_helpers.tpl | 13 +++++++++++++ .../templates/poddisruptionbudget.yaml | 14 ++++++++++++++ charts/kyverno/values.yaml | 8 ++++++++ definitions/install.yaml | 19 +++++++++++++++++++ definitions/install_debug.yaml | 14 ++++++++++++++ definitions/k8s-resource/kustomization.yaml | 1 + .../k8s-resource/poddisruptionbudget.yaml | 14 ++++++++++++++ 8 files changed, 86 insertions(+) create mode 100644 charts/kyverno/templates/poddisruptionbudget.yaml create mode 100644 definitions/k8s-resource/poddisruptionbudget.yaml diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 5c4cf5fccd..5943f0e900 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -92,6 +92,9 @@ The following table lists the configurable parameters of the kyverno chart and t | `podAnnotations` | annotations to add to each pod | `{}` | | `podLabels` | additional labels to add to each pod | `{}` | | `podSecurityContext` | security context for the pod | `{}` | +| `podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the kyverno deployment | `false` | +| `podDisruptionBudget.minAvailable` | Configures the minimum available pods for kyverno disruptions. Cannot used if `maxUnavailable` is set. | `0` | +| `podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for kyverno disruptions. Cannot used if `minAvailable` is set. | `nil` | | `priorityClassName` | priorityClassName | `nil` | | `rbac.create` | create ClusterRoles, ClusterRoleBindings, and ServiceAccount | `true` | | `rbac.serviceAccount.create` | create a ServiceAccount | `true` | diff --git a/charts/kyverno/templates/_helpers.tpl b/charts/kyverno/templates/_helpers.tpl index dc08df3e40..0ead33fb0a 100644 --- a/charts/kyverno/templates/_helpers.tpl +++ b/charts/kyverno/templates/_helpers.tpl @@ -91,3 +91,16 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{ default "default" .Values.rbac.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* Create the default PodDisruptionBudget to use */}} +{{- define "podDisruptionBudget.spec" -}} +{{- if and .Values.podDisruptionBudget.minAvailable .Values.podDisruptionBudget.maxUnavailable }} +{{- fail "Cannot set both .Values.podDisruptionBudget.minAvailable and .Values.podDisruptionBudget.maxUnavailable" -}} +{{- end }} +{{- if not .Values.podDisruptionBudget.maxUnavailable }} +minAvailable: {{ default 0 .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} +maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} +{{- end }} diff --git a/charts/kyverno/templates/poddisruptionbudget.yaml b/charts/kyverno/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..4cd6c23515 --- /dev/null +++ b/charts/kyverno/templates/poddisruptionbudget.yaml @@ -0,0 +1,14 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kyverno.fullname" . }} + labels: {{ include "kyverno.labels" . | nindent 4 }} + app: kyverno + namespace: {{ template "kyverno.namespace" . }} +spec: +{{- include "podDisruptionBudget.spec" . | indent 2 }} + selector: + matchLabels: {{ include "kyverno.matchLabels" . | nindent 6 }} + app: kyverno +{{- end }} \ No newline at end of file diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 94ccb3912c..809510d338 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -52,6 +52,14 @@ antiAffinity: # Changing this to a region would allow you to spread pods across regions topologyKey: "kubernetes.io/hostname" +podDisruptionBudget: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1 + + # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) + # or a percentage value (e.g. 25%) + nodeSelector: {} tolerations: [] diff --git a/definitions/install.yaml b/definitions/install.yaml index ce4da86064..42c273bbf7 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -4986,3 +4986,22 @@ spec: securityContext: runAsNonRoot: true serviceAccountName: kyverno-service-account +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: kyverno + app.kubernetes.io/component: kyverno + app.kubernetes.io/instance: kyverno + app.kubernetes.io/managed-by: Kustomize + app.kubernetes.io/name: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno + namespace: kyverno +spec: + minAvailable: 0 + selector: + matchLabels: + app: kyverno + app.kubernetes.io/name: kyverno diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 9da4f8765f..4d06fa3e67 100755 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -4679,3 +4679,17 @@ spec: selector: app: kyverno app.kubernetes.io/name: kyverno +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: kyverno + name: kyverno + namespace: kyverno +spec: + minAvailable: 0 + selector: + matchLabels: + app: kyverno + app.kubernetes.io/name: kyverno diff --git a/definitions/k8s-resource/kustomization.yaml b/definitions/k8s-resource/kustomization.yaml index b55b4b834f..2f0516dc26 100755 --- a/definitions/k8s-resource/kustomization.yaml +++ b/definitions/k8s-resource/kustomization.yaml @@ -8,3 +8,4 @@ resources: - ./metricsconfigmap.yaml - ./service.yaml - ./serviceaccount.yaml +- ./poddisruptionbudget.yaml diff --git a/definitions/k8s-resource/poddisruptionbudget.yaml b/definitions/k8s-resource/poddisruptionbudget.yaml new file mode 100644 index 0000000000..887a2adff6 --- /dev/null +++ b/definitions/k8s-resource/poddisruptionbudget.yaml @@ -0,0 +1,14 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: kyverno + labels: + app: kyverno + namespace: kyverno +spec: + minAvailable: 0 + selector: + matchLabels: + app: kyverno + # do not remove + app.kubernetes.io/name: kyverno \ No newline at end of file