From 659c95e2020fbddeb9535671ce8f32877489dbed Mon Sep 17 00:00:00 2001 From: Rouke Broersma Date: Mon, 22 May 2023 11:11:11 +0200 Subject: [PATCH 1/7] Allow maxUnavailable in cainjector pdb Signed-off-by: Rouke Broersma --- .../cert-manager/templates/cainjector-poddisruptionbudget.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml index f080b753a5a..044eb1a1308 100644 --- a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml @@ -17,7 +17,7 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "cainjector" - {{- with .Values.cainjector.podDisruptionBudget.minAvailable }} + {{- with and .Values.cainjector.podDisruptionBudget.minAvailable (not .Values.cainjector.podDisruptionBudget.maxUnavailable) }} minAvailable: {{ . }} {{- end }} {{- with .Values.cainjector.podDisruptionBudget.maxUnavailable }} From eb2b4d8fbcde149a13d59626501a95e23c2d7ff5 Mon Sep 17 00:00:00 2001 From: Rouke Broersma Date: Mon, 22 May 2023 11:13:21 +0200 Subject: [PATCH 2/7] Allow maxUnavailable in webhook pdb Signed-off-by: Rouke Broersma --- .../cert-manager/templates/webhook-poddisruptionbudget.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml index c8a357cb16a..61b47bd23b6 100644 --- a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml @@ -17,7 +17,7 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" - {{- with .Values.webhook.podDisruptionBudget.minAvailable }} + {{- with and .Values.webhook.podDisruptionBudget.minAvailable (not .Values.webhook.podDisruptionBudget.maxUnavailable) }} minAvailable: {{ . }} {{- end }} {{- with .Values.webhook.podDisruptionBudget.maxUnavailable }} From 773afd3da4026ee996d9684a8c6bfd4869f3c810 Mon Sep 17 00:00:00 2001 From: Rouke Broersma Date: Mon, 22 May 2023 11:14:15 +0200 Subject: [PATCH 3/7] Allow maxUnavailable in certmanager pdb Signed-off-by: Rouke Broersma --- deploy/charts/cert-manager/templates/poddisruptionbudget.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml index dab75ce6881..3b80a05e2e7 100644 --- a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml @@ -17,7 +17,7 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "controller" - {{- with .Values.podDisruptionBudget.minAvailable }} + {{- with and .Values.podDisruptionBudget.minAvailable (not .Values.podDisruptionBudget.maxUnavailable) }} minAvailable: {{ . }} {{- end }} {{- with .Values.podDisruptionBudget.maxUnavailable }} From 5c5b1c6551b861b2102366053c5ee85bd4e1c861 Mon Sep 17 00:00:00 2001 From: Rouke Broersma Date: Thu, 25 May 2023 08:39:23 +0200 Subject: [PATCH 4/7] Fix pdb conditions Signed-off-by: Rouke Broersma --- .../templates/cainjector-poddisruptionbudget.yaml | 4 ++-- deploy/charts/cert-manager/templates/poddisruptionbudget.yaml | 4 ++-- .../cert-manager/templates/webhook-poddisruptionbudget.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml index 044eb1a1308..db9ff6da505 100644 --- a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml @@ -17,8 +17,8 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "cainjector" - {{- with and .Values.cainjector.podDisruptionBudget.minAvailable (not .Values.cainjector.podDisruptionBudget.maxUnavailable) }} - minAvailable: {{ . }} + {{- if and .Values.cainjector.podDisruptionBudget.minAvailable (not .Values.cainjector.podDisruptionBudget.maxUnavailable) }} + minAvailable: {{ .Values.cainjector.podDisruptionBudget.minAvailable }} {{- end }} {{- with .Values.cainjector.podDisruptionBudget.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml index 3b80a05e2e7..5550b84a8bf 100644 --- a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml @@ -17,8 +17,8 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "controller" - {{- with and .Values.podDisruptionBudget.minAvailable (not .Values.podDisruptionBudget.maxUnavailable) }} - minAvailable: {{ . }} + {{- if and .Values.podDisruptionBudget.minAvailable (not .Values.podDisruptionBudget.maxUnavailable) }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} {{- end }} {{- with .Values.podDisruptionBudget.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml index 61b47bd23b6..62c76b3e776 100644 --- a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml @@ -17,8 +17,8 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" - {{- with and .Values.webhook.podDisruptionBudget.minAvailable (not .Values.webhook.podDisruptionBudget.maxUnavailable) }} - minAvailable: {{ . }} + {{- if and .Values.webhook.podDisruptionBudget.minAvailable (not .Values.webhook.podDisruptionBudget.maxUnavailable) }} + minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }} {{- end }} {{- with .Values.webhook.podDisruptionBudget.maxUnavailable }} maxUnavailable: {{ . }} From 29c270cf794a86f8ed878e2e68581bd6de3c68e4 Mon Sep 17 00:00:00 2001 From: Rouke Broersma Date: Thu, 25 May 2023 16:35:13 +0200 Subject: [PATCH 5/7] Fix conditions if maxUnavailable 0 Signed-off-by: Rouke Broersma --- .../templates/cainjector-poddisruptionbudget.yaml | 6 +++--- .../charts/cert-manager/templates/poddisruptionbudget.yaml | 6 +++--- .../cert-manager/templates/webhook-poddisruptionbudget.yaml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml index db9ff6da505..da6b06fe2ac 100644 --- a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml @@ -17,10 +17,10 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "cainjector" - {{- if and .Values.cainjector.podDisruptionBudget.minAvailable (not .Values.cainjector.podDisruptionBudget.maxUnavailable) }} + {{- if and .Values.cainjector.podDisruptionBudget.minAvailable (not (hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable")) }} minAvailable: {{ .Values.cainjector.podDisruptionBudget.minAvailable }} {{- end }} - {{- with .Values.cainjector.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.cainjector.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml index 5550b84a8bf..af0ccda23d5 100644 --- a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml @@ -17,10 +17,10 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "controller" - {{- if and .Values.podDisruptionBudget.minAvailable (not .Values.podDisruptionBudget.maxUnavailable) }} + {{- if and .Values.podDisruptionBudget.minAvailable (not (hasKey .Values.podDisruptionBudget "maxUnavailable")) }} minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} {{- end }} - {{- with .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml index 62c76b3e776..06ff483013b 100644 --- a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml @@ -17,10 +17,10 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" - {{- if and .Values.webhook.podDisruptionBudget.minAvailable (not .Values.webhook.podDisruptionBudget.maxUnavailable) }} + {{- if and .Values.webhook.podDisruptionBudget.minAvailable (not (hasKey .Values.webhook.podDisruptionBudget "maxUnavailable")) }} minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }} {{- end }} - {{- with .Values.webhook.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.webhook.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.webhook.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} From 314163d461d3a5747c871a345aa15512b5baf399 Mon Sep 17 00:00:00 2001 From: Rouke Broersma Date: Thu, 25 May 2023 16:35:30 +0200 Subject: [PATCH 6/7] Document that maxUnavailable takes precedence over minAvailable Signed-off-by: Rouke Broersma --- deploy/charts/cert-manager/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 54018f7d68b..ddb303ab1a4 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -68,6 +68,7 @@ podDisruptionBudget: # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) + # maxUnavailable takes precedence over minAvailable if set # Comma separated list of feature gates that should be enabled on the # controller pod. @@ -310,6 +311,7 @@ webhook: # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) + # maxUnavailable takes precedence over minAvailable if set # Container Security Context to be set on the webhook component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -495,6 +497,7 @@ cainjector: # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) + # maxUnavailable takes precedence over minAvailable if set # Container Security Context to be set on the cainjector component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ From a819025a4b16c6b05ba2beaa66ce24a2192e6fdc Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 14 Jul 2023 16:43:32 +0200 Subject: [PATCH 7/7] the chart will now disallow you to specify both the minAvailable and maxUnavailable values without issues Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../cainjector-poddisruptionbudget.yaml | 5 ++++- .../templates/poddisruptionbudget.yaml | 5 ++++- .../webhook-poddisruptionbudget.yaml | 5 ++++- deploy/charts/cert-manager/values.yaml | 21 ++++++++----------- 4 files changed, 21 insertions(+), 15 deletions(-) diff --git a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml index da6b06fe2ac..6a7d60913fd 100644 --- a/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml @@ -17,7 +17,10 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "cainjector" - {{- if and .Values.cainjector.podDisruptionBudget.minAvailable (not (hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable")) }} + {{- if not (or (hasKey .Values.cainjector.podDisruptionBudget "minAvailable") (hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set + {{- end }} + {{- if hasKey .Values.cainjector.podDisruptionBudget "minAvailable" }} minAvailable: {{ .Values.cainjector.podDisruptionBudget.minAvailable }} {{- end }} {{- if hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable" }} diff --git a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml index af0ccda23d5..ae71eed29cf 100644 --- a/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml @@ -17,7 +17,10 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "controller" - {{- if and .Values.podDisruptionBudget.minAvailable (not (hasKey .Values.podDisruptionBudget "maxUnavailable")) }} + {{- if not (or (hasKey .Values.podDisruptionBudget "minAvailable") (hasKey .Values.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set + {{- end }} + {{- if hasKey .Values.podDisruptionBudget "minAvailable" }} minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} {{- end }} {{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }} diff --git a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml index 06ff483013b..ab2a48109e4 100644 --- a/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml +++ b/deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml @@ -17,7 +17,10 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" - {{- if and .Values.webhook.podDisruptionBudget.minAvailable (not (hasKey .Values.webhook.podDisruptionBudget "maxUnavailable")) }} + {{- if not (or (hasKey .Values.webhook.podDisruptionBudget "minAvailable") (hasKey .Values.webhook.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set + {{- end }} + {{- if hasKey .Values.webhook.podDisruptionBudget "minAvailable" }} minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }} {{- end }} {{- if hasKey .Values.webhook.podDisruptionBudget "maxUnavailable" }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index ddb303ab1a4..d0f7c78181e 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -63,12 +63,11 @@ strategy: {} podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) - # maxUnavailable takes precedence over minAvailable if set + # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` + # minAvailable: 1 + # maxUnavailable: 1 # Comma separated list of feature gates that should be enabled on the # controller pod. @@ -306,12 +305,11 @@ webhook: podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) - # maxUnavailable takes precedence over minAvailable if set + # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` + # minAvailable: 1 + # maxUnavailable: 1 # Container Security Context to be set on the webhook component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -492,12 +490,11 @@ cainjector: podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) - # maxUnavailable takes precedence over minAvailable if set + # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` + # minAvailable: 1 + # maxUnavailable: 1 # Container Security Context to be set on the cainjector component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/