Add flag for toggling PDBs (#247)

* Add flag for toggling PDBs * enablePDB: add missing omitempty
kartverket · Jun 21, 2023 · 51e3acc · 51e3acc
1 parent 3601bbd
commit 51e3acc
Show file tree

Hide file tree

Showing 10 changed files with 88 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -203,6 +203,8 @@ spec:
       cpu: 25m
       # Number of bytes of RAM
       memory: 250M
+  # Whether to enable automatic Pod Disruption Budget creation for this application. Defaults to true and may be omitted.
+  enablePDB: true
   # Zero trust dictates that only applications with a reason for being able
   # to access another resource should be able to reach it. This is set up by
   # default by denying all ingress and egress traffic from the pods in the

diff --git a/api/v1alpha1/application.go b/api/v1alpha1/application.go
@@ -78,6 +78,12 @@ type ApplicationSpec struct {
 	//+kubebuilder:default:=true
 	RedirectToHTTPS *bool `json:"redirectToHTTPS,omitempty"`
 
+	// Whether to enable automatic Pod Disruption Budget creation for this application.
+	//
+	//+kubebuilder:validation:Optional
+	//+kubebuilder:default=true
+	EnablePDB *bool `json:"enablePDB,omitempty"`
+
 	//+kubebuilder:validation:Optional
 	AccessPolicy AccessPolicy `json:"accessPolicy,omitempty"`
 

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/skiperator.kartverket.no_applications.yaml b/config/crd/skiperator.kartverket.no_applications.yaml
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.3
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: applications.skiperator.kartverket.no
 spec:
   group: skiperator.kartverket.no
@@ -151,6 +150,11 @@ spec:
                 items:
                   type: string
                 type: array
+              enablePDB:
+                default: true
+                description: Whether to enable automatic Pod Disruption Budget creation
+                  for this application.
+                type: boolean
               env:
                 items:
                   description: EnvVar represents an environment variable present in

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -2,7 +2,6 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: skiperator
 rules:
 - apiGroups:

diff --git a/controllers/application/pod_disruption_budget.go b/controllers/application/pod_disruption_budget.go
@@ -2,12 +2,12 @@ package applicationcontroller
 
 import (
 	"context"
-
 	skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1"
 	"github.com/kartverket/skiperator/pkg/util"
 	policyv1 "k8s.io/api/policy/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	ctrlutil "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
@@ -17,30 +17,41 @@ func (r *ApplicationReconciler) reconcilePodDisruptionBudget(ctx context.Context
 	_, _ = r.SetControllerProgressing(ctx, application, controllerName)
 
 	pdb := policyv1.PodDisruptionBudget{ObjectMeta: metav1.ObjectMeta{Namespace: application.Namespace, Name: application.Name}}
-	_, err := ctrlutil.CreateOrPatch(ctx, r.GetClient(), &pdb, func() error {
-		// Set application as owner of the PDB
-		err := ctrlutil.SetControllerReference(application, &pdb, r.GetScheme())
-		if err != nil {
-			_, _ = r.SetControllerError(ctx, application, controllerName, err)
-			return err
-		}
 
-		r.SetLabelsFromApplication(ctx, &pdb, *application)
-		util.SetCommonAnnotations(&pdb)
+	if *application.Spec.EnablePDB {
+		_, err := ctrlutil.CreateOrPatch(ctx, r.GetClient(), &pdb, func() error {
+			// Set application as owner of the PDB
+			err := ctrlutil.SetControllerReference(application, &pdb, r.GetScheme())
+			if err != nil {
+				_, _ = r.SetControllerError(ctx, application, controllerName, err)
+				return err
+			}
 
-		pdb.Spec = policyv1.PodDisruptionBudgetSpec{
-			Selector: &metav1.LabelSelector{
-				MatchLabels: util.GetApplicationSelector(application.Name),
-			},
-			MinAvailable: determineMinAvailable(application.Spec.Replicas.Min),
-		}
+			r.SetLabelsFromApplication(ctx, &pdb, *application)
+			util.SetCommonAnnotations(&pdb)
+
+			pdb.Spec = policyv1.PodDisruptionBudgetSpec{
+				Selector: &metav1.LabelSelector{
+					MatchLabels: util.GetApplicationSelector(application.Name),
+				},
+				MinAvailable: determineMinAvailable(application.Spec.Replicas.Min),
+			}
 
-		return nil
-	})
+			return nil
+		})
 
-	_, _ = r.SetControllerFinishedOutcome(ctx, application, controllerName, err)
+		_, _ = r.SetControllerFinishedOutcome(ctx, application, controllerName, err)
 
-	return reconcile.Result{}, err
+		return reconcile.Result{}, err
+	} else {
+		err := r.GetClient().Delete(ctx, &pdb)
+		err = client.IgnoreNotFound(err)
+		if err != nil {
+			r.SetControllerError(ctx, application, controllerName, err)
+			return reconcile.Result{}, err
+		}
+		return reconcile.Result{}, nil
+	}
 }
 
 func determineMinAvailable(replicasAvailable uint) *intstr.IntOrString {

diff --git a/tests/pdb/01-patch-app.yaml b/tests/pdb/01-patch-app.yaml
@@ -0,0 +1,10 @@
+apiVersion: skiperator.kartverket.no/v1alpha1
+kind: Application
+metadata:
+  name: no-disruption-2
+spec:
+  enablePDB: false
+  image: image
+  port: 8080
+  replicas:
+    min: 10
diff --git a/tests/pdb/02-assert.yaml b/tests/pdb/02-assert.yaml
@@ -0,0 +1,19 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: no-disruption-1
+spec:
+  minAvailable: 50%
+  selector:
+    matchLabels:
+      app: no-disruption-1
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: yes-disruption
+spec:
+  minAvailable: 0
+  selector:
+    matchLabels:
+      app: yes-disruption
diff --git a/tests/pdb/02-errors.yaml b/tests/pdb/02-errors.yaml
@@ -0,0 +1,9 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: no-disruption-2
+spec:
+  minAvailable: 50%
+  selector:
+    matchLabels:
+      app: no-disruption-2
diff --git a/tests/pdb/01-delete-application.yaml → tests/pdb/03-delete-application.yaml b/tests/pdb/01-delete-application.yaml → tests/pdb/03-delete-application.yaml