diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml index 4a16e9fa2..9c60da3a6 100644 --- a/charts/shield/Chart.yaml +++ b/charts/shield/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: mavimo email: marcovito.moscaritolo@sysdig.com type: application -version: 1.10.0 +version: 1.11.0 appVersion: "1.0.0" diff --git a/charts/shield/README.md b/charts/shield/README.md index 69fdc4714..fb79bdeb8 100644 --- a/charts/shield/README.md +++ b/charts/shield/README.md @@ -246,6 +246,8 @@ The following table lists the configurable parameters of the `shield` chart and | cluster.env | The custom environment variables for cluster shield | [] | | cluster.volumes | The custom volumes for cluster shield | [] | | cluster.volume_mounts | The custom volume mounts for cluster shield | [] | +| cluster.pod_disruption_budget.create | Create the PodDisruptionBudget for the cluster shield | true | +| cluster.pod_disruption_budget.min_available | The minimum number of available pods for the cluster shield | 1 | | ssl.verify | Enable SSL verification | true | | ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | [] | | ssl.ca.key_name | Filename that is used when creating the secret. Required if cert is provided. | | diff --git a/charts/shield/templates/cluster/poddisruptionbudget.yaml b/charts/shield/templates/cluster/poddisruptionbudget.yaml new file mode 100644 index 000000000..a44a36af2 --- /dev/null +++ b/charts/shield/templates/cluster/poddisruptionbudget.yaml @@ -0,0 +1,12 @@ +{{- if dig "pod_disruption_budget" "create" true .Values.cluster }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "cluster.fullname" . | trunc 59 }}-pdb + namespace: {{ .Release.Namespace }} +spec: + minAvailable: {{ dig "pod_disruption_budget" "min_available" 1 .Values.cluster }} + selector: + matchLabels: + {{ include "cluster.selector_labels" . | nindent 6 }} +{{- end }} diff --git a/charts/shield/tests/cluster/poddisruptionbudget_test.yaml b/charts/shield/tests/cluster/poddisruptionbudget_test.yaml new file mode 100644 index 000000000..7cd6f36ef --- /dev/null +++ b/charts/shield/tests/cluster/poddisruptionbudget_test.yaml @@ -0,0 +1,56 @@ +suite: Cluster - PodDisruptionBudget +templates: + - templates/cluster/poddisruptionbudget.yaml +release: + name: release-name + namespace: shield-namespace +values: + - ../values/base.yaml +tests: + - it: PodDisruptionBudget is created + asserts: + - isKind: + of: PodDisruptionBudget + - isSubset: + path: metadata + content: + name: release-name-shield-cluster-pdb + namespace: shield-namespace + - equal: + path: spec.minAvailable + value: 1 + - isSubset: + path: spec.selector.matchLabels + content: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: shield + sysdig/component: cluster + + - it: PodDisruptionBudget is not created when disabled + set: + cluster: + pod_disruption_budget: + create: false + asserts: + - hasDocuments: + count: 0 + + - it: PodDisruptionBudget minAvailable is configurable + set: + cluster: + pod_disruption_budget: + min_available: 2 + asserts: + - equal: + path: spec.minAvailable + value: 2 + + - it: PodDisruptionBudget can use percentage values when provided + set: + cluster: + pod_disruption_budget: + min_available: 50% + asserts: + - equal: + path: spec.minAvailable + value: 50% diff --git a/charts/shield/values.schema.json b/charts/shield/values.schema.json index bc5495129..2ac753b2a 100644 --- a/charts/shield/values.schema.json +++ b/charts/shield/values.schema.json @@ -329,6 +329,24 @@ "env": { "$ref": "#/$defs/EnvVars" }, + "pod_disruption_budget": { + "type": "object", + "description": "Pod disruption budget configuration for the Cluster Shield pods", + "properties": { + "create": { + "type": "boolean", + "description": "Create a Pod Disruption Budget for the Cluster Shield pods", + "default": true + }, + "min_available": { + "type": ["integer", "string"], + "description": "Minimum number of pods that must be available", + "default": 1, + "minimum": 1 + } + }, + "additionalProperties": false + }, "security_context": { "type": "object" }, diff --git a/charts/shield/values.yaml b/charts/shield/values.yaml index 201d5c46f..2e3abcce2 100644 --- a/charts/shield/values.yaml +++ b/charts/shield/values.yaml @@ -495,6 +495,13 @@ cluster: # The custom volume mounts for cluster shield volume_mounts: [] + # Defines the PodDisruptionBudget for the cluster shield + pod_disruption_budget: + # Create the PodDisruptionBudget for the cluster shield + create: true + # The minimum number of available pods for the cluster shield + min_available: 1 + ssl: # Enable SSL verification verify: true