From e2e0879bd02c5576f8f0b559b8aa70448e73d4dd Mon Sep 17 00:00:00 2001 From: Shashank Ram Date: Wed, 26 May 2021 14:10:08 -0700 Subject: [PATCH] charts/osm: add pod disruption budgets for control plane Adds pod disruption budgets for osm-controller and osm-injector that can be optionally enabled. This is an HA feature that ensures replicated control plane apps always maintain a certain number of healthy replicas at any given time, to account for voluntary outages such as a node being drained. Part of #3390 Signed-off-by: Shashank Ram --- charts/osm/README.md | 4 +++- .../osm-controller-pod-disruption-budget.yaml | 14 ++++++++++++++ .../osm-injector-pod-disruption-budget.yaml | 14 ++++++++++++++ charts/osm/values.schema.json | 18 ++++++++++++++++++ charts/osm/values.yaml | 5 +++++ 5 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 charts/osm/templates/osm-controller-pod-disruption-budget.yaml create mode 100644 charts/osm/templates/osm-injector-pod-disruption-budget.yaml diff --git a/charts/osm/README.md b/charts/osm/README.md index b8ae8078a3..bdb2e27a1d 100644 --- a/charts/osm/README.md +++ b/charts/osm/README.md @@ -98,11 +98,13 @@ The following table lists the configurable parameters of the osm chart and their | OpenServiceMesh.image.tag | string | `"v0.9.0"` | Container image tag | | OpenServiceMesh.imagePullSecrets | list | `[]` | `osm-controller` image pull secret | | OpenServiceMesh.inboundPortExclusionList | list | `[]` | Specifies a global list of ports to exclude from inbound traffic interception by the sidecar proxy. If specified, must be a list of positive integers. | -| OpenServiceMesh.injector.podLabels | object | `{}` | | +| OpenServiceMesh.injector.enablePodDisruptionBudget | bool | `false` | Enable Pod Disruption Budget | +| OpenServiceMesh.injector.podLabels | object | `{}` | Sidecar injector's pod labels | | OpenServiceMesh.injector.replicaCount | int | `1` | Sidecar injector's replica count | | OpenServiceMesh.injector.resource | object | `{"limits":{"cpu":"0.5","memory":"64M"},"requests":{"cpu":"0.3","memory":"64M"}}` | Sidecar injector's container resource parameters | | OpenServiceMesh.maxDataPlaneConnections | int | `0` | Sets the max data plane connections allowed for an instance of osm-controller, set to 0 to not enforce limits | | OpenServiceMesh.meshName | string | `"osm"` | Identifier for the instance of a service mesh within a cluster | +| OpenServiceMesh.osmController.enablePodDisruptionBudget | bool | `false` | Enable Pod Disruption Budget | | OpenServiceMesh.osmController.podLabels | object | `{}` | OSM controller's pod labels | | OpenServiceMesh.osmController.replicaCount | int | `1` | OSM controller's replica count | | OpenServiceMesh.osmController.resource | object | `{"limits":{"cpu":"1.5","memory":"512M"},"requests":{"cpu":"0.5","memory":"128M"}}` | OSM controller's container resource parameters | diff --git a/charts/osm/templates/osm-controller-pod-disruption-budget.yaml b/charts/osm/templates/osm-controller-pod-disruption-budget.yaml new file mode 100644 index 0000000000..13d8f4bd1f --- /dev/null +++ b/charts/osm/templates/osm-controller-pod-disruption-budget.yaml @@ -0,0 +1,14 @@ +{{- if .Values.OpenServiceMesh.osmController.enablePodDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: osm-controller-pdb + namespace: {{ include "osm.namespace" . }} + labels: + app: osm-controller +spec: + minAvailable: 1 + selector: + matchLabels: + app: osm-controller +{{- end }} diff --git a/charts/osm/templates/osm-injector-pod-disruption-budget.yaml b/charts/osm/templates/osm-injector-pod-disruption-budget.yaml new file mode 100644 index 0000000000..1c0e236bf4 --- /dev/null +++ b/charts/osm/templates/osm-injector-pod-disruption-budget.yaml @@ -0,0 +1,14 @@ +{{- if .Values.OpenServiceMesh.injector.enablePodDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: osm-injector-pdb + namespace: {{ include "osm.namespace" . }} + labels: + app: osm-injector +spec: + minAvailable: 1 + selector: + matchLabels: + app: osm-injector +{{- end }} diff --git a/charts/osm/values.schema.json b/charts/osm/values.schema.json index 9bf4635ee7..eb9e234a9a 100644 --- a/charts/osm/values.schema.json +++ b/charts/osm/values.schema.json @@ -130,6 +130,15 @@ "title": "The podLabels schema", "description": "Labels for the osmController pod.", "default": {} + }, + "enablePodDisruptionBudget": { + "$id": "#/properties/OpenServiceMesh/properties/osmController/properties/enablePodDisruptionBudget", + "type": "boolean", + "title": "The enablePodDisruptionBudget schema", + "description": "Indicates whether Pod Disruption Budget should be enabled or not.", + "examples": [ + false + ] } }, "additionalProperties": false @@ -588,6 +597,15 @@ "title": "The podLabels schema", "description": "Labels for the osm-injector pod.", "default": {} + }, + "enablePodDisruptionBudget": { + "$id": "#/properties/OpenServiceMesh/properties/injector/properties/enablePodDisruptionBudget", + "type": "boolean", + "title": "The enablePodDisruptionBudget schema", + "description": "Indicates whether Pod Disruption Budget should be enabled or not.", + "examples": [ + false + ] } }, "additionalProperties": false diff --git a/charts/osm/values.yaml b/charts/osm/values.yaml index 77b043ba2f..5703d41ebf 100644 --- a/charts/osm/values.yaml +++ b/charts/osm/values.yaml @@ -34,6 +34,8 @@ OpenServiceMesh: memory: "128M" # -- OSM controller's pod labels podLabels: {} + # -- Enable Pod Disruption Budget + enablePodDisruptionBudget: false # # -- Prometheus parameters @@ -208,7 +210,10 @@ OpenServiceMesh: requests: cpu: "0.3" memory: "64M" + # -- Sidecar injector's pod labels podLabels: {} + # -- Enable Pod Disruption Budget + enablePodDisruptionBudget: false # -- Run init container in privileged mode enablePrivilegedInitContainer: false