Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configurable PodDisruptionBudget for Injector (#653)

Browse source
This commit is contained in:
Eric Miller 2021-12-14 01:38:00 -06:00 committed by GitHub
parent 48eebb0b09
commit 609444d9d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 64 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -1,5 +1,8 @@
## Unreleased ## Unreleased
Features:
* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
## 0.18.0 (November 17th, 2021) ## 0.18.0 (November 17th, 2021)
CHANGES: CHANGES:

20
templates/injector-disruptionbudget.yaml Normal file
View file

@ -0,0 +1,20 @@
{{- if .Values.injector.podDisruptionBudget }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "vault.fullname" . }}-agent-injector
namespace: {{ .Release.Namespace }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
component: webhook
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}
component: webhook
{{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
{{- end -}}

32
test/unit/injector-disruptionbudget.bats Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env bats
load _helpers
@test "injector/DisruptionBudget: disabled by default" {
cd `chart_dir`
local actual=$( (helm template \
--show-only templates/injector-disruptionbudget.yaml \
. || echo "---") | tee /dev/stderr |
yq 'length > 0' | tee /dev/stderr)
[ "${actual}" = "false" ]
}
@test "injector/DisruptionBudget: configure with injector.podDisruptionBudget maxUnavailable" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-disruptionbudget.yaml \
--set 'injector.podDisruptionBudget.maxUnavailable=3' \
. | tee /dev/stderr |
yq '.spec.maxUnavailable == 3' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
@test "injector/DisruptionBudget: configure with injector.podDisruptionBudget minAvailable" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-disruptionbudget.yaml \
--set 'injector.podDisruptionBudget.minAvailable=2' \
. | tee /dev/stderr |
yq '.spec.minAvailable == 2' | tee /dev/stderr)
[ "${actual}" = "true" ]
}

3
values.schema.json
View file

@ -320,6 +320,9 @@
"objectSelector": { "objectSelector": {
"type": "object" "type": "object"
}, },
"podDisruptionBudget": {
"type": "object"
},
"port": { "port": {
"type": "integer" "type": "integer"
}, },

6
values.yaml
View file

@ -199,6 +199,12 @@ injector:
# Extra annotations to attach to the injector service # Extra annotations to attach to the injector service
annotations: {} annotations: {}
# A disruption budget limits the number of pods of a replicated application
# that are down simultaneously from voluntary disruptions
podDisruptionBudget: {}
# podDisruptionBudget:
# maxUnavailable: 1
server: server:
# If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details
enabled: true enabled: true