Kuadrant · adam-cattermole · Aug 30, 2023 · Aug 11, 2023 · Aug 16, 2023 · Aug 17, 2023
diff --git a/Makefile b/Makefile
@@ -303,14 +303,25 @@ local-setup: ## Deploy operator in local kind cluster
 	$(MAKE) docker-build
 	@echo "Deploying Limitador control plane"
 	$(KIND) load docker-image ${IMG} --name ${KIND_CLUSTER_NAME}
-	make deploy-develmode
+	$(MAKE) deploy-develmode
 	@echo "Wait for all deployments to be up"
 	kubectl -n limitador-operator-system wait --timeout=300s --for=condition=Available deployments --all
 
 .PHONY: local-cleanup
 local-cleanup: ## Clean up local kind cluster
 	$(MAKE) kind-delete-cluster
 
+.PHONY: local-redeploy
+local-redeploy: export IMG := limitador-operator:dev
+local-redeploy: ## re-deploy operator in local kind cluster
+	$(MAKE) docker-build
+	@echo "Deploying Limitador control plane"
+	$(KIND) load docker-image ${IMG} --name ${KIND_CLUSTER_NAME}
+	make deploy-develmode
+	kubectl rollout restart deployment -n limitador-operator-system limitador-operator-controller-manager
+	@echo "Wait for all deployments to be up"
+	kubectl -n limitador-operator-system wait --timeout=300s --for=condition=Available deployments --all
+
 ##@ Code Style
 
 .PHONY: run-lint

diff --git a/api/v1alpha1/limitador_types.go b/api/v1alpha1/limitador_types.go
@@ -23,6 +23,7 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/google/go-cmp/cmp"
 	corev1 "k8s.io/api/core/v1"
+	policyv1 "k8s.io/api/policy/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/kuadrant/limitador-operator/pkg/helpers"
@@ -61,6 +62,9 @@ type LimitadorSpec struct {
 
 	// +optional
 	Limits []RateLimit `json:"limits,omitempty"`
+
+	// +optional
+	PodDisruptionBudget *policyv1.PodDisruptionBudgetSpec `json:"pdb,omitempty"`
 }
 
 //+kubebuilder:object:root=true

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/limitador-operator.clusterserviceversion.yaml b/bundle/manifests/limitador-operator.clusterserviceversion.yaml
@@ -118,6 +118,17 @@ spec:
           - get
           - patch
           - update
+        - apiGroups:
+          - policy
+          resources:
+          - poddisruptionbudgets
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - update
+          - watch
         serviceAccountName: limitador-operator-controller-manager
       deployments:
       - label:

diff --git a/bundle/manifests/limitador.kuadrant.io_limitadors.yaml b/bundle/manifests/limitador.kuadrant.io_limitadors.yaml
@@ -75,6 +75,78 @@ spec:
                         type: integer
                     type: object
                 type: object
+              pdb:
+                description: PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
+                properties:
+                  maxUnavailable:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: An eviction is allowed if at most "maxUnavailable"
+                      pods selected by "selector" are unavailable after the eviction,
+                      i.e. even in absence of the evicted pod. For example, one can
+                      prevent all voluntary evictions by specifying 0. This is a mutually
+                      exclusive setting with "minAvailable".
+                    x-kubernetes-int-or-string: true
+                  minAvailable:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: An eviction is allowed if at least "minAvailable"
+                      pods selected by "selector" will still be available after the
+                      eviction, i.e. even in the absence of the evicted pod.  So for
+                      example you can prevent all voluntary evictions by specifying
+                      "100%".
+                    x-kubernetes-int-or-string: true
+                  selector:
+                    description: Label query over pods whose evictions are managed
+                      by the disruption budget. A null selector will match no pods,
+                      while an empty ({}) selector will select all pods within the
+                      namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector
+                          requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector
+                            that contains values, a key, and an operator that relates
+                            the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship
+                                to a set of values. Valid operators are In, NotIn,
+                                Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If
+                                the operator is In or NotIn, the values array must
+                                be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced
+                                during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A
+                          single {key,value} in the matchLabels map is equivalent
+                          to an element of matchExpressions, whose key field is "key",
+                          the operator is "In", and the values array contains only
+                          "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                type: object
               rateLimitHeaders:
                 description: RateLimitHeadersType defines the valid options for the
                   --rate-limit-headers arg

diff --git a/config/crd/bases/limitador.kuadrant.io_limitadors.yaml b/config/crd/bases/limitador.kuadrant.io_limitadors.yaml
@@ -76,6 +76,78 @@ spec:
                         type: integer
                     type: object
                 type: object
+              pdb:
+                description: PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
+                properties:
+                  maxUnavailable:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: An eviction is allowed if at most "maxUnavailable"
+                      pods selected by "selector" are unavailable after the eviction,
+                      i.e. even in absence of the evicted pod. For example, one can
+                      prevent all voluntary evictions by specifying 0. This is a mutually
+                      exclusive setting with "minAvailable".
+                    x-kubernetes-int-or-string: true
+                  minAvailable:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: An eviction is allowed if at least "minAvailable"
+                      pods selected by "selector" will still be available after the
+                      eviction, i.e. even in the absence of the evicted pod.  So for
+                      example you can prevent all voluntary evictions by specifying
+                      "100%".
+                    x-kubernetes-int-or-string: true
+                  selector:
+                    description: Label query over pods whose evictions are managed
+                      by the disruption budget. A null selector will match no pods,
+                      while an empty ({}) selector will select all pods within the
+                      namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector
+                          requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector
+                            that contains values, a key, and an operator that relates
+                            the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship
+                                to a set of values. Valid operators are In, NotIn,
+                                Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If
+                                the operator is In or NotIn, the values array must
+                                be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced
+                                during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A
+                          single {key,value} in the matchLabels map is equivalent
+                          to an element of matchExpressions, whose key field is "key",
+                          the operator is "In", and the values array contains only
+                          "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                type: object
               rateLimitHeaders:
                 description: RateLimitHeadersType defines the valid options for the
                   --rate-limit-headers arg

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -25,35 +25,35 @@ spec:
       securityContext:
         runAsNonRoot: true
       containers:
-      - command:
-        - /manager
-        args:
-        - --leader-elect
-        env:
-        - name: RELATED_IMAGE_LIMITADOR
-          value: "quay.io/kuadrant/limitador:latest"
-        image: controller:latest
-        name: manager
-        securityContext:
-          allowPrivilegeEscalation: false
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        resources:
-          limits:
-            cpu: 200m
-            memory: 300Mi
-          requests:
-            cpu: 200m
-            memory: 200Mi
+        - command:
+            - /manager
+          args:
+            - --leader-elect
+          env:
+            - name: RELATED_IMAGE_LIMITADOR
+              value: "quay.io/kuadrant/limitador:latest"
+          image: controller:latest
+          name: manager
+          securityContext:
+            allowPrivilegeEscalation: false
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            limits:
+              cpu: 200m
+              memory: 300Mi
+            requests:
+              cpu: 200m
+              memory: 200Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -65,3 +65,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch