feat: Add pod disruption budget capability (#87)

adds pod disruption budget, ability to enable/disable, set max/min
opentdf · Oct 17, 2024 · 549a779 · 549a779
1 parent 9bdd63f
commit 549a779
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 4 deletions.
diff --git a/charts/platform/README.md b/charts/platform/README.md
@@ -1,6 +1,6 @@
 # platform
 
-![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: nightly](https://img.shields.io/badge/AppVersion-nightly-informational?style=flat-square)
+![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: nightly](https://img.shields.io/badge/AppVersion-nightly-informational?style=flat-square)
 
 A Helm Chart for OpenTDF Platform
 
@@ -177,6 +177,9 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat
 | nodeSelector | object | `{}` | Target specific nodes in the cluster |
 | playground | bool | `false` |  |
 | podAnnotations | object | `{}` | Extra annotations to add to the pod |
+| podDisruptionBudget.enabled | bool | `false` | Enable pod disruption budget |
+| podDisruptionBudget.maxUnavailable | string | `nil` | Maximum number of pods that can be unavailble |
+| podDisruptionBudget.minAvailable | string | `nil` | Minimum number of pods that must be available |
 | podLabels | object | `{}` | Extra labels to add to the pod |
 | podSecurityContext | object | `{"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | The pod security context (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
 | postgresql.auth.database | string | `"opentdf"` |  |
@@ -205,6 +208,7 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat
 | server.auth.policy.csv | string | `nil` |  |
 | server.auth.policy.default | string | `nil` |  |
 | server.auth.policy.map | string | `nil` |  |
+| server.auth.public_client_id | string | `"opentdf-public"` | The oidc client id, leveraged by otdfctl |
 | server.auth.skew | string | `"1m"` | The amount of drift allowed between the server and the client for the Access Token |
 | server.cors.allowcredentials | bool | `true` | Allow credentials |
 | server.cors.allowedheaders | list | `["Accept","Authorization","Content-Type","X-CSRF-Token","X-Request-ID"]` | The allowed request headers |

diff --git a/charts/platform/templates/poddisruptionbudget.yaml b/charts/platform/templates/poddisruptionbudget.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.podDisruptionBudget.enabled}}
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "chart.fullname" . }}-pdb
+  namespace: {{ .Release.Namespace }}
+  labels:
+spec:
+{{- if .Values.podDisruptionBudget.minAvailable }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}
+{{- if .Values.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+{{- end }}
+  selector:
+    matchLabels:
+      {{- include "chart.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml
@@ -119,6 +119,14 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
 
+podDisruptionBudget:
+  # -- Enable pod disruption budget
+  enabled: false
+  # -- Maximum number of pods that can be unavailble
+  maxUnavailable:
+  # -- Minimum number of pods that must be available
+  minAvailable:
+
 # -- Add ability for downstream chart to merge additional volumes
 volumeTemplate: "platform.volumesEmpty.tpl"
 # -- Additional volumes on the output Deployment definition.

diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go
@@ -7,7 +7,9 @@ import (
 	"github.com/stretchr/testify/suite"
 	yaml3 "gopkg.in/yaml.v3"
 	appv1 "k8s.io/api/apps/v1"
+	policyv1 "k8s.io/api/policy/v1"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -658,3 +660,50 @@ func (s *PlatformChartTemplateSuite) Test_DB_Not_Required_Expect_EnvVars_Not_Set
 	}
 	s.Require().False(envVarFound)
 }
+
+func (s *PlatformChartTemplateSuite) Test_PBD_Not_Enabled() {
+	releaseName := "basic"
+
+	namespaceName := "opentdf-" + strings.ToLower(random.UniqueId())
+
+	options := &helm.Options{
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+		SetValues: map[string]string{
+			"image.tag":                "latest",
+			"sdk_config.client_secret": "test",
+			"podDisruptionBudget.enabled": "false",
+		},
+	}
+
+	_, err := helm.RenderTemplateE(s.T(), options, s.chartPath, releaseName, []string{"templates/poddisruptionbudget.yaml"})
+	s.Require().Error(err)
+	s.Require().ErrorContains(err, "could not find template templates/poddisruptionbudget.yaml in chart")
+}
+
+func (s *PlatformChartTemplateSuite) Test_PBD_Enabled() {
+	releaseName := "basic"
+
+	namespaceName := "opentdf-" + strings.ToLower(random.UniqueId())
+
+	options := &helm.Options{
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+		SetValues: map[string]string{
+			"image.tag":                "latest",
+			"sdk_config.client_secret": "test",
+			"podDisruptionBudget.enabled": "true",
+			"podDisruptionBudget.minAvailable": "1",
+		},
+	}
+
+	output := helm.RenderTemplate(s.T(), options, s.chartPath, releaseName, []string{"templates/poddisruptionbudget.yaml"})
+
+	var pdb policyv1.PodDisruptionBudget
+	helm.UnmarshalK8SYaml(s.T(), output, &pdb)
+
+	s.Require().Equal(pdb.Spec.Selector.MatchLabels["app.kubernetes.io/name"], "platform")
+	s.Require().Equal(pdb.Spec.Selector.MatchLabels["app.kubernetes.io/instance"], releaseName)
+	oneIntStr := intstr.FromInt(1)
+	s.Require().Equal(pdb.Spec.MinAvailable, &oneIntStr)
+	var nilIntOrString *intstr.IntOrString = nil
+	s.Require().Equal(pdb.Spec.MaxUnavailable, nilIntOrString)
+}
diff --git a/tests/go.mod b/tests/go.mod
@@ -5,6 +5,9 @@ go 1.22.5
 require (
 	github.com/gruntwork-io/terratest v0.47.0
 	github.com/stretchr/testify v1.9.0
+	gopkg.in/yaml.v3 v3.0.1
+	k8s.io/api v0.28.4
+	k8s.io/apimachinery v0.28.4
 )
 
 require (
@@ -73,9 +76,6 @@ require (
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.28.4 // indirect
-	k8s.io/apimachinery v0.28.4 // indirect
 	k8s.io/client-go v0.28.4 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect