Merge pull request #149 from justdan96/main

Add Configurable Common Labels and Add a PDB
cert-manager · Feb 26, 2024 · caad594 · caad594
2 parents dd7ec0d + fa578bf
commit caad594
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 1 deletion.
diff --git a/deploy/charts/trust-manager/README.md b/deploy/charts/trust-manager/README.md
@@ -420,5 +420,33 @@ The timeout for a metrics scrape.
 > ```
 
 Additional labels to add to the ServiceMonitor.
+#### **podDisruptionBudget.enabled** ~ `bool`
+> Default value:
+> ```yaml
+> false
+> ```
+
+Enable or disable the PodDisruptionBudget resource.  
+  
+This prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager  
+Pod is currently running.
+#### **podDisruptionBudget.minAvailable** ~ `unknown`
+
+This configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).  
+It cannot be used if `maxUnavailable` is set.
+
+
+#### **podDisruptionBudget.maxUnavailable** ~ `unknown`
+
+This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). it cannot be used if `minAvailable` is set.
+
+
+#### **commonLabels** ~ `object`
+> Default value:
+> ```yaml
+> {}
+> ```
+
+Labels to apply to all resources
 
 <!-- /AUTO-GENERATED -->
diff --git a/deploy/charts/trust-manager/templates/_helpers.tpl b/deploy/charts/trust-manager/templates/_helpers.tpl
@@ -24,6 +24,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.commonLabels}}
+{{ toYaml .Values.commonLabels }}
+{{- end }}
 {{- end -}}
 
 {{/*

diff --git a/deploy/charts/trust-manager/templates/poddisruptionbudget.yaml b/deploy/charts/trust-manager/templates/poddisruptionbudget.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "trust-manager.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "trust-manager.name" . }}
+    {{- include "trust-manager.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "trust-manager.name" . }}
+
+  {{- if not (or (hasKey .Values.podDisruptionBudget "minAvailable") (hasKey .Values.podDisruptionBudget "maxUnavailable")) }}
+  minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set
+  {{- end }}
+  {{- if hasKey .Values.podDisruptionBudget "minAvailable" }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+  {{- end }}
+  {{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }}
+  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/charts/trust-manager/values.schema.json b/deploy/charts/trust-manager/values.schema.json
@@ -11,6 +11,9 @@
         "app": {
           "$ref": "#/$defs/helm-values.app"
         },
+        "commonLabels": {
+          "$ref": "#/$defs/helm-values.commonLabels"
+        },
         "crds": {
           "$ref": "#/$defs/helm-values.crds"
         },
@@ -35,6 +38,9 @@
         "nodeSelector": {
           "$ref": "#/$defs/helm-values.nodeSelector"
         },
+        "podDisruptionBudget": {
+          "$ref": "#/$defs/helm-values.podDisruptionBudget"
+        },
         "priorityClassName": {
           "$ref": "#/$defs/helm-values.priorityClassName"
         },
@@ -348,6 +354,11 @@
       "type": "boolean",
       "default": false
     },
+    "helm-values.commonLabels": {
+      "description": "Labels to apply to all resources",
+      "type": "object",
+      "default": {}
+    },
     "helm-values.crds": {
       "type": "object",
       "properties": {
@@ -503,6 +514,32 @@
         "kubernetes.io/os": "linux"
       }
     },
+    "helm-values.podDisruptionBudget": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "$ref": "#/$defs/helm-values.podDisruptionBudget.enabled"
+        },
+        "maxUnavailable": {
+          "$ref": "#/$defs/helm-values.podDisruptionBudget.maxUnavailable"
+        },
+        "minAvailable": {
+          "$ref": "#/$defs/helm-values.podDisruptionBudget.minAvailable"
+        }
+      },
+      "additionalProperties": false
+    },
+    "helm-values.podDisruptionBudget.enabled": {
+      "description": "Enable or disable the PodDisruptionBudget resource.\n\nThis prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager\nPod is currently running.",
+      "type": "boolean",
+      "default": false
+    },
+    "helm-values.podDisruptionBudget.maxUnavailable": {
+      "description": "This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). it cannot be used if `minAvailable` is set."
+    },
+    "helm-values.podDisruptionBudget.minAvailable": {
+      "description": "This configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `maxUnavailable` is set."
+    },
     "helm-values.priorityClassName": {
       "description": "Configure the priority class of the pod. For more information, see [PriorityClass](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass).",
       "type": "string",

diff --git a/deploy/charts/trust-manager/values.yaml b/deploy/charts/trust-manager/values.yaml
@@ -230,4 +230,30 @@ app:
         # The timeout for a metrics scrape.
         scrapeTimeout: 5s
         # Additional labels to add to the ServiceMonitor.
-        labels: {}
+        labels: {}
+
+podDisruptionBudget:
+  # Enable or disable the PodDisruptionBudget resource.
+  #
+  # This prevents downtime during voluntary disruptions such as during a Node upgrade.
+  # For example, the PodDisruptionBudget will block `kubectl drain`
+  # if it is used on the Node where the only remaining cert-manager
+  # Pod is currently running.
+  enabled: false
+
+  # This configures the minimum available pods for disruptions. It can either be set to
+  # an integer (e.g. 1) or a percentage value (e.g. 25%).
+  # It cannot be used if `maxUnavailable` is set.
+  # +docs:type=unknown
+  # +docs:property
+  # minAvailable: 1
+
+  # This configures the maximum unavailable pods for disruptions. It can either be set to
+  # an integer (e.g. 1) or a percentage value (e.g. 25%).
+  # it cannot be used if `minAvailable` is set.
+  # +docs:type=unknown
+  # +docs:property
+  # maxUnavailable: 1
+
+# Labels to apply to all resources
+commonLabels: {}