From 20281b90716270a3d6369a83a52b3814ac58ddca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Wed, 27 Mar 2024 16:47:41 -0300 Subject: [PATCH 1/2] feat: PolicyServer PodDisruptionBudget documentation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add documentation to describe the `minAvailable` and `maxUnavailable` fields in the policy server spec. Signed-off-by: José Guilherme Vanz --- .../03-pod-disruption-budget.md | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 docs/howtos/policy-servers/03-pod-disruption-budget.md diff --git a/docs/howtos/policy-servers/03-pod-disruption-budget.md b/docs/howtos/policy-servers/03-pod-disruption-budget.md new file mode 100644 index 0000000000..6ef47bf1d1 --- /dev/null +++ b/docs/howtos/policy-servers/03-pod-disruption-budget.md @@ -0,0 +1,72 @@ +--- +sidebar_label: Defining PodDisruptionBudget +title: Configuring PodDisruptionBudget for PolicyServers +description: Configuring PodDisruptionBudget for Kubewarden PolicyServers.j +keywords: [kubewarden, kubernetes, policyservers, poddisruptionbudget] +doc-persona: [kubewarden-operator, kubewarden-integrator] +doc-type: [howto] +doc-topic: [operator-manual, policy-servers, poddisruptionbudget] +--- + +To enhance the resilience of Kubewarden policy server deployments, two fields +can be used: `minAvailable` and `maxUnavailable`. These fields are used by the +Kubewarden controller to create a +[PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) +(PDB) for the policy server pods, thus ensuring high availability and +controlled eviction in case of node maintenance or scaling operations. + +## Understanding minAvailable and maxUnavailable + +The `minAvailable` field specifies the minimum number of policy server pods +that must be available at all times. This is crucial for maintaining the +operational integrity of the Kubewarden policy server, ensuring that policies +are continuously enforced without interruption. It can be defined as an integer or a +percentage. + +When set, the Kubewarden controller creates a `PodDisruptionBudget` object that prevents +voluntary disruptions from causing the number of available replicas to fall +below this threshold. This is particularly important during operations such as +cluster upgrades or maintenance. + +The `maxUnavailable` field dictates the maximum number of policy server pods +that can be unavailable at any given time. This setting allows for a controlled +degree of unavailability, which can be useful for performing rolling updates or +partial maintenance without fully halting the policy enforcement mechanism. It +can also be defined as integer or percentage. + +When configured, it informs the creation of a `PodDisruptionBudget` object that limits +the number of pods that can be voluntarily disrupted. This ensures that even +during disruptions, a certain level of service is maintained. + +## Configuring minAvailable and maxUnavailable + +When deploying or updating the Kubewarden policy server, you can specify these +fields in your configuration to ensure the desired level of availability. It's +important to note that you can specify only one of `maxUnavailable` and +`minAvailable`. + +``` yaml +apiVersion: policies.kubewarden.io/v1 +kind: PolicyServer +metadata: + name: your-policy-server +spec: + # Other configuration fields + minAvailable: 2 +``` + +This configuration ensures that either at least two policy server pods are +available at all times. + +In the same way, you can specify the `maxUnavailable` field to ensure that no +more than 30% of the policy server pods are unavailable at any given time. + +``` yaml +apiVersion: policies.kubewarden.io/v1 +kind: PolicyServer +metadata: + name: your-policy-server +spec: + # Other configuration fields + maxUnavailable: "30%" +``` From 155ebcf5c7cb8733fec530155af12b83df6b1f7b Mon Sep 17 00:00:00 2001 From: Flavio Castelli Date: Mon, 8 Apr 2024 12:01:07 +0200 Subject: [PATCH 2/2] Update docs/howtos/policy-servers/03-pod-disruption-budget.md Co-authored-by: John Krug Signed-off-by: Flavio Castelli --- docs/howtos/policy-servers/03-pod-disruption-budget.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howtos/policy-servers/03-pod-disruption-budget.md b/docs/howtos/policy-servers/03-pod-disruption-budget.md index 6ef47bf1d1..fc987294fd 100644 --- a/docs/howtos/policy-servers/03-pod-disruption-budget.md +++ b/docs/howtos/policy-servers/03-pod-disruption-budget.md @@ -1,7 +1,7 @@ --- sidebar_label: Defining PodDisruptionBudget title: Configuring PodDisruptionBudget for PolicyServers -description: Configuring PodDisruptionBudget for Kubewarden PolicyServers.j +description: Configuring PodDisruptionBudget for Kubewarden PolicyServers. keywords: [kubewarden, kubernetes, policyservers, poddisruptionbudget] doc-persona: [kubewarden-operator, kubewarden-integrator] doc-type: [howto]