Helm: Support minAvailable on connect injector PDB #1557
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It looks like the PDB for the connect injector has copied the logic from the Server PDB.
In that it is extremely conservative and attempts to maintain n+1 pods, which makes complete sense for Consul Servers as you do want to maintain a quorum at all times.
The injector deployment uses leader election and only 1 pod is actually active at any one time, requiring n/2-1 pods to be available is unnecessary.
Furthermore, with the default 2 replicas
maxUnavailable
is set at 0, which requires manual human operator intervention to, for example, drain a node running an injector pod.See Single-instance Stateful Application
For the connect injector deployment a
minAvailable
configuration makes much more sense.These changes do not change the default behaviour, although I think the default behaviour probably should be changed.
This is opt-in only, users must configure the new value explicitly.
Changes proposed in this PR:
connectInject.disruptionBudget.minAvailable
to valuesminAvailable
is null by defaultminAvailable
takes precedence over themaxUnavailable
configurationHow I've tested this PR:
How I expect reviewers to test this PR:
Checklist: