From 549a77962f7913e75cfcffb82a9a2d10c8970695 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy <35498075+elizabethhealy@users.noreply.github.com> Date: Thu, 17 Oct 2024 12:12:05 -0400 Subject: [PATCH] feat: Add pod disruption budget capability (#87) adds pod disruption budget, ability to enable/disable, set max/min --- charts/platform/README.md | 6 ++- .../templates/poddisruptionbudget.yaml | 19 +++++++ charts/platform/values.yaml | 8 +++ tests/chart_platform_template_test.go | 49 +++++++++++++++++++ tests/go.mod | 6 +-- 5 files changed, 84 insertions(+), 4 deletions(-) create mode 100644 charts/platform/templates/poddisruptionbudget.yaml diff --git a/charts/platform/README.md b/charts/platform/README.md index ad765ed..fd0920a 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -1,6 +1,6 @@ # platform -![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: nightly](https://img.shields.io/badge/AppVersion-nightly-informational?style=flat-square) +![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: nightly](https://img.shields.io/badge/AppVersion-nightly-informational?style=flat-square) A Helm Chart for OpenTDF Platform @@ -177,6 +177,9 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat | nodeSelector | object | `{}` | Target specific nodes in the cluster | | playground | bool | `false` | | | podAnnotations | object | `{}` | Extra annotations to add to the pod | +| podDisruptionBudget.enabled | bool | `false` | Enable pod disruption budget | +| podDisruptionBudget.maxUnavailable | string | `nil` | Maximum number of pods that can be unavailble | +| podDisruptionBudget.minAvailable | string | `nil` | Minimum number of pods that must be available | | podLabels | object | `{}` | Extra labels to add to the pod | | podSecurityContext | object | `{"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | The pod security context (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | | postgresql.auth.database | string | `"opentdf"` | | @@ -205,6 +208,7 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat | server.auth.policy.csv | string | `nil` | | | server.auth.policy.default | string | `nil` | | | server.auth.policy.map | string | `nil` | | +| server.auth.public_client_id | string | `"opentdf-public"` | The oidc client id, leveraged by otdfctl | | server.auth.skew | string | `"1m"` | The amount of drift allowed between the server and the client for the Access Token | | server.cors.allowcredentials | bool | `true` | Allow credentials | | server.cors.allowedheaders | list | `["Accept","Authorization","Content-Type","X-CSRF-Token","X-Request-ID"]` | The allowed request headers | diff --git a/charts/platform/templates/poddisruptionbudget.yaml b/charts/platform/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000..4ee9490 --- /dev/null +++ b/charts/platform/templates/poddisruptionbudget.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podDisruptionBudget.enabled}} +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "chart.fullname" . }}-pdb + namespace: {{ .Release.Namespace }} + labels: +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "chart.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 2ae7a32..15df35c 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -119,6 +119,14 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +podDisruptionBudget: + # -- Enable pod disruption budget + enabled: false + # -- Maximum number of pods that can be unavailble + maxUnavailable: + # -- Minimum number of pods that must be available + minAvailable: + # -- Add ability for downstream chart to merge additional volumes volumeTemplate: "platform.volumesEmpty.tpl" # -- Additional volumes on the output Deployment definition. diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go index ada428b..338bf4e 100644 --- a/tests/chart_platform_template_test.go +++ b/tests/chart_platform_template_test.go @@ -7,7 +7,9 @@ import ( "github.com/stretchr/testify/suite" yaml3 "gopkg.in/yaml.v3" appv1 "k8s.io/api/apps/v1" + policyv1 "k8s.io/api/policy/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" "path/filepath" "strings" "testing" @@ -658,3 +660,50 @@ func (s *PlatformChartTemplateSuite) Test_DB_Not_Required_Expect_EnvVars_Not_Set } s.Require().False(envVarFound) } + +func (s *PlatformChartTemplateSuite) Test_PBD_Not_Enabled() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "sdk_config.client_secret": "test", + "podDisruptionBudget.enabled": "false", + }, + } + + _, err := helm.RenderTemplateE(s.T(), options, s.chartPath, releaseName, []string{"templates/poddisruptionbudget.yaml"}) + s.Require().Error(err) + s.Require().ErrorContains(err, "could not find template templates/poddisruptionbudget.yaml in chart") +} + +func (s *PlatformChartTemplateSuite) Test_PBD_Enabled() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "sdk_config.client_secret": "test", + "podDisruptionBudget.enabled": "true", + "podDisruptionBudget.minAvailable": "1", + }, + } + + output := helm.RenderTemplate(s.T(), options, s.chartPath, releaseName, []string{"templates/poddisruptionbudget.yaml"}) + + var pdb policyv1.PodDisruptionBudget + helm.UnmarshalK8SYaml(s.T(), output, &pdb) + + s.Require().Equal(pdb.Spec.Selector.MatchLabels["app.kubernetes.io/name"], "platform") + s.Require().Equal(pdb.Spec.Selector.MatchLabels["app.kubernetes.io/instance"], releaseName) + oneIntStr := intstr.FromInt(1) + s.Require().Equal(pdb.Spec.MinAvailable, &oneIntStr) + var nilIntOrString *intstr.IntOrString = nil + s.Require().Equal(pdb.Spec.MaxUnavailable, nilIntOrString) +} \ No newline at end of file diff --git a/tests/go.mod b/tests/go.mod index 377cc3d..b8b1a2d 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -5,6 +5,9 @@ go 1.22.5 require ( github.com/gruntwork-io/terratest v0.47.0 github.com/stretchr/testify v1.9.0 + gopkg.in/yaml.v3 v3.0.1 + k8s.io/api v0.28.4 + k8s.io/apimachinery v0.28.4 ) require ( @@ -73,9 +76,6 @@ require ( google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.28.4 // indirect - k8s.io/apimachinery v0.28.4 // indirect k8s.io/client-go v0.28.4 // indirect k8s.io/klog/v2 v2.100.1 // indirect k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect