From 1a5149e8e4d0f979683654d48f0ef73fd46224c1 Mon Sep 17 00:00:00 2001 From: Tristan Keen Date: Fri, 9 Jul 2021 12:28:51 +0100 Subject: [PATCH] Add optional PodDisruptionBudgets --- Chart.yaml | 2 +- README.md | 2 ++ templates/auth-poddisruptionbudget.yaml | 20 ++++++++++++++++++++ templates/proxy-poddisruptionbudget.yaml | 20 ++++++++++++++++++++ values.yaml | 2 ++ 5 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 templates/auth-poddisruptionbudget.yaml create mode 100644 templates/proxy-poddisruptionbudget.yaml diff --git a/Chart.yaml b/Chart.yaml index e6c0cac..ea1037c 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Single sign-on for your Kubernetes services using Google OAuth name: buzzfeed-sso -version: 0.2.11 +version: 0.2.12 appVersion: 2.1.0 home: https://github.com/buzzfeed/sso sources: diff --git a/README.md b/README.md index d4fb15a..7f60331 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ Parameter | Description | Default `auth.nodeSelector` | node selector logic for auth pods | `{}` `auth.tolerations` | resource tolerations for auth pods | `{}` `auth.affinity` | node affinity for auth pods | `{}` +`auth.podDisruptionBudget` | PodDisruptionBudget for auth pods | `{}` `auth.service.type` | type of auth service to create | `ClusterIP` `auth.service.port` | port for the http auth service | `80` `auth.secret` | secrets to be generated randomly with `openssl rand -base64 32 | head -c 32`. | REQUIRED if `auth.customSecret` is not set @@ -84,6 +85,7 @@ Parameter | Description | Default `proxy.nodeSelector` | node selector logic for proxy pods | `{}` `proxy.tolerations` | resource tolerations for proxy pods | `{}` `proxy.affinity` | node affinity for proxy pods | `{}` +`proxy.podDisruptionBudget` | PodDisruptionBudget for proxy pods | `{}` `proxy.service.type` | type of proxy service to create | `ClusterIP` `proxy.service.port` | port for the http proxy service | `80` `proxy.secret` | secrets to be generated randomly with `openssl rand -base64 32 | head -c 32 | base64`. | REQUIRED if `proxy.customSecret` is not set diff --git a/templates/auth-poddisruptionbudget.yaml b/templates/auth-poddisruptionbudget.yaml new file mode 100644 index 0000000..273a46c --- /dev/null +++ b/templates/auth-poddisruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.auth.enabled .Values.auth.podDisruptionBudget -}} +{{- $name := include "buzzfeed-sso.name" . -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "buzzfeed-sso.fullname" . }}-auth + labels: + app: {{ $name }} + chart: {{ template "buzzfeed-sso.chart" . }} + component: {{ $name }}-auth + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- toYaml .Values.auth.podDisruptionBudget | nindent 2 }} + selector: + matchLabels: + app: {{ $name }} + component: {{ $name }}-auth + release: {{ .Release.Name }} +{{- end }} diff --git a/templates/proxy-poddisruptionbudget.yaml b/templates/proxy-poddisruptionbudget.yaml new file mode 100644 index 0000000..ee2910b --- /dev/null +++ b/templates/proxy-poddisruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.proxy.enabled .Values.proxy.podDisruptionBudget -}} +{{- $name := include "buzzfeed-sso.name" . -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "buzzfeed-sso.fullname" . }}-proxy + labels: + app: {{ $name }} + chart: {{ template "buzzfeed-sso.chart" . }} + component: {{ $name }}-proxy + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- toYaml .Values.proxy.podDisruptionBudget | nindent 2 }} + selector: + matchLabels: + app: {{ $name }} + component: {{ $name }}-proxy + release: {{ .Release.Name }} +{{- end }} diff --git a/values.yaml b/values.yaml index dbfc7a6..18621f7 100644 --- a/values.yaml +++ b/values.yaml @@ -18,6 +18,7 @@ auth: nodeSelector: {} tolerations: [] affinity: {} + podDisruptionBudget: {} service: type: ClusterIP port: 80 @@ -55,6 +56,7 @@ proxy: nodeSelector: {} tolerations: [] affinity: {} + podDisruptionBudget: {} service: type: ClusterIP port: 80