Skip to content

Commit cad564b

Browse files
aroberts87aroberts87
committed
feat(shield): pod disruption budget support for the cluster shield
1 parent 447a0a9 commit cad564b

File tree

6 files changed

+86
-1
lines changed

6 files changed

+86
-1
lines changed

charts/shield/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,5 @@ maintainers:
1313
- name: mavimo
1414
email: [email protected]
1515
type: application
16-
version: 1.8.0
16+
version: 1.9.0
1717
appVersion: "1.0.0"

charts/shield/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,8 @@ The following table lists the configurable parameters of the `shield` chart and
246246
| cluster.env | The custom environment variables for cluster shield | <code>[]</code> |
247247
| cluster.volumes | The custom volumes for cluster shield | <code>[]</code> |
248248
| cluster.volume_mounts | The custom volume mounts for cluster shield | <code>[]</code> |
249+
| cluster.pod_disruption_budget.create | Create the PodDisruptionBudget for the cluster shield | <code>true</code> |
250+
| cluster.pod_disruption_budget.min_available | The minimum number of available pods for the cluster shield | <code>1</code> |
249251
| ssl.verify | Enable SSL verification | <code>true</code> |
250252
| ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | <code>[]</code> |
251253
| ssl.ca.key_name | Filename that is used when creating the secret. Required if cert is provided. | <code></code> |

charts/shield/templates/cluster/poddisruptionbudget.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
{{- if .Values.cluster.pod_disruption_budget.create }}
2+
apiVersion: policy/v1
3+
kind: PodDisruptionBudget
4+
metadata:
5+
name: {{ include "cluster.fullname" . | trunc 60 }}-pdb
6+
namespace: {{ .Release.Namespace }}
7+
spec:
8+
minAvailable: {{ .Values.cluster.pod_disruption_budget.min_available }}
9+
selector:
10+
matchLabels:
11+
{{ include "cluster.selector_labels" . | nindent 6 }}
12+
{{- end }}

charts/shield/tests/cluster/poddisruptionbudget_test.yaml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
suite: Cluster - PodDisruptionBudget
2+
templates:
3+
- templates/cluster/poddisruptionbudget.yaml
4+
release:
5+
name: release-name
6+
namespace: shield-namespace
7+
values:
8+
- ../values/base.yaml
9+
tests:
10+
- it: PodDisruptionBudget is created
11+
asserts:
12+
- isKind:
13+
of: PodDisruptionBudget
14+
- isSubset:
15+
path: metadata
16+
content:
17+
name: release-name-shield-cluster-pdb
18+
namespace: shield-namespace
19+
- equal:
20+
path: spec.minAvailable
21+
value: 1
22+
- isSubset:
23+
path: spec.selector.matchLabels
24+
content:
25+
app.kubernetes.io/instance: release-name
26+
app.kubernetes.io/name: shield
27+
sysdig/component: cluster
28+
29+
- it: PodDisruptionBudget is not created when disabled
30+
set:
31+
cluster:
32+
pod_disruption_budget:
33+
create: false
34+
asserts:
35+
- hasDocuments:
36+
count: 0
37+
38+
- it: PodDisruptionBudget minAvailable is configurable
39+
set:
40+
cluster:
41+
pod_disruption_budget:
42+
min_available: 2
43+
asserts:
44+
- equal:
45+
path: spec.minAvailable
46+
value: 2

charts/shield/values.schema.json

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -329,6 +329,24 @@
329329
"env": {
330330
"$ref": "#/$defs/EnvVars"
331331
},
332+
"pod_disruption_budget": {
333+
"type": "object",
334+
"description": "Pod disruption budget configuration for the Cluster Shield pods",
335+
"properties": {
336+
"create": {
337+
"type": "boolean",
338+
"description": "Create a Pod Disruption Budget for the Cluster Shield pods",
339+
"default": true
340+
},
341+
"min_available": {
342+
"type": ["integer"],
343+
"description": "Minimum number of pods that must be available",
344+
"default": 1,
345+
"minimum": 1
346+
}
347+
},
348+
"additionalProperties": false
349+
},
332350
"security_context": {
333351
"type": "object"
334352
},

charts/shield/values.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -495,6 +495,13 @@ cluster:
495495
# The custom volume mounts for cluster shield
496496
volume_mounts: []
497497

498+
# Defines the PodDisruptionBudget for the cluster shield
499+
pod_disruption_budget:
500+
# Create the PodDisruptionBudget for the cluster shield
501+
create: true
502+
# The minimum number of available pods for the cluster shield
503+
min_available: 1
504+
498505
ssl:
499506
# Enable SSL verification
500507
verify: true

0 commit comments

Comments
 (0)