From 7ee1d6bcdb038c81bc6c266f44f0bad7c24c88d9 Mon Sep 17 00:00:00 2001 From: Roee Landesman <66971969+roeelandesman@users.noreply.github.com> Date: Mon, 15 Nov 2021 11:07:23 -0800 Subject: [PATCH] Add podDistruptionBudget resource for controller pods (#805) * Add podDistruptionBudget resource for controller pods * Add PDB to GithubWebhookServer * Fix truncation on pdb naming Co-authored-by: Roee Landesman --- charts/actions-runner-controller/README.md | 8 +++++++- .../_github_webhook_server_helpers.tpl | 4 ++++ .../templates/_helpers.tpl | 4 ++++ .../templates/controller.pdb.yaml | 19 +++++++++++++++++++ .../templates/githubwebhook.pdb.yaml | 19 +++++++++++++++++++ charts/actions-runner-controller/values.yaml | 12 ++++++++++++ 6 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 charts/actions-runner-controller/templates/controller.pdb.yaml create mode 100644 charts/actions-runner-controller/templates/githubwebhook.pdb.yaml diff --git a/charts/actions-runner-controller/README.md b/charts/actions-runner-controller/README.md index ce2719df..44587c55 100644 --- a/charts/actions-runner-controller/README.md +++ b/charts/actions-runner-controller/README.md @@ -54,7 +54,10 @@ All additional docs are kept in the `docs/` folder, this README is solely for do | `topologySpreadConstraints` | Set the controller pod topologySpreadConstraints | | | `nodeSelector` | Set the controller pod nodeSelector | | | `resources` | Set the controller pod resources | | -| `affinity` | Set the controller pod affinity rules | | +| `affinity` | Set the controller pod affinity rules | +| `podDisruptionBudget.enabled` | Enables a PDB to ensure HA of controller pods | false | +| `podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | | +| `podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | | | `tolerations` | Set the controller pod tolerations | | | `env` | Set environment variables for the controller container | | | `priorityClassName` | Set the controller pod priorityClassName | | @@ -89,3 +92,6 @@ All additional docs are kept in the `docs/` folder, this README is solely for do | `githubWebhookServer.ingress.annotations` | Set annotations for the ingress kind | | | `githubWebhookServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` | | `githubWebhookServer.ingress.tls` | Set tls configuration for ingress | | +| `githubWebhookServer.podDisruptionBudget.enabled` | Enables a PDB to ensure HA of githubwebhook pods | false | +| `githubWebhookServer.podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | | +| `githubWebhookServer.podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | | \ No newline at end of file diff --git a/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl b/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl index 29640459..3255b007 100644 --- a/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl +++ b/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl @@ -58,3 +58,7 @@ Create the name of the service account to use {{- define "actions-runner-controller-github-webhook-server.serviceMonitorName" -}} {{- include "actions-runner-controller-github-webhook-server.fullname" . | trunc 47 }}-service-monitor {{- end }} + +{{- define "actions-runner-controller-github-webhook-server.pdbName" -}} +{{- include "actions-runner-controller-github-webhook-server.fullname" . | trunc 59 }}-pdb +{{- end }} \ No newline at end of file diff --git a/charts/actions-runner-controller/templates/_helpers.tpl b/charts/actions-runner-controller/templates/_helpers.tpl index 1aa9eabd..3bbe94cf 100644 --- a/charts/actions-runner-controller/templates/_helpers.tpl +++ b/charts/actions-runner-controller/templates/_helpers.tpl @@ -107,3 +107,7 @@ Create the name of the service account to use {{- define "actions-runner-controller.servingCertName" -}} {{- include "actions-runner-controller.fullname" . }}-serving-cert {{- end }} + +{{- define "actions-runner-controller.pdbName" -}} +{{- include "actions-runner-controller.fullname" . | trunc 59 }}-pdb +{{- end }} \ No newline at end of file diff --git a/charts/actions-runner-controller/templates/controller.pdb.yaml b/charts/actions-runner-controller/templates/controller.pdb.yaml new file mode 100644 index 00000000..e12a703b --- /dev/null +++ b/charts/actions-runner-controller/templates/controller.pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "actions-runner-controller.labels" . | nindent 4 }} + name: {{ include "actions-runner-controller.pdbName" . }} + namespace: {{ .Release.Namespace }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "actions-runner-controller.selectorLabels" . | nindent 6 }} +{{- end -}} diff --git a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml new file mode 100644 index 00000000..14a88fcd --- /dev/null +++ b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.githubWebhookServer.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "actions-runner-controller.labels" . | nindent 4 }} + name: {{ include "actions-runner-controller-github-webhook-server.pdbName" . }} + namespace: {{ .Release.Namespace }} +spec: + {{- if .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.githubWebhookServer.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.githubWebhookServer.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }} +{{- end -}} diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index a0ec7f3b..db35c2ff 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -109,6 +109,12 @@ tolerations: [] affinity: {} +# Only one of minAvailable or maxUnavailable can be set +podDisruptionBudget: + enabled: false + # minAvailable: 1 + # maxUnavailable: 3 + # Leverage a PriorityClass to ensure your pods survive resource shortages # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ # PriorityClass: system-cluster-critical @@ -179,3 +185,9 @@ githubWebhookServer: # - secretName: chart-example-tls # hosts: # - chart-example.local + + # Only one of minAvailable or maxUnavailable can be set + podDisruptionBudget: + enabled: false + # minAvailable: 1 + # maxUnavailable: 3 \ No newline at end of file