Skip to content

Add support for PDB with the teleport-cluster helm chart #7138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
webvictim merged 18 commits into from
Aug 19, 2021
Merged

Add support for PDB with the teleport-cluster helm chart #7138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
058e996
Add support for PDB with the teleport-cluster helm chart
stefansedich Jun 2, 2021
b54637d
Better apiVersion
stefansedich Jun 2, 2021
51d12aa
Add to schema
stefansedich Jun 3, 2021
6e26403
Merge branch 'master' of https://github.com/gravitational/teleport in…
stefansedich Jun 25, 2021
b4ab200
docs
stefansedich Jun 25, 2021
5610502
Merge branch 'master' of https://github.com/gravitational/teleport in…
stefansedich Jun 29, 2021
7ede544
Add lint test
stefansedich Jun 29, 2021
4c9389a
Update examples/chart/teleport-cluster/values.schema.json
stefansedich Jun 29, 2021
07ac900
Merge branch 'master' into teleport-cluster-pdb
stefansedich Jun 29, 2021
f620142
Set chartmode
stefansedich Jun 30, 2021
b8fda6e
Merge branch 'teleport-cluster-pdb' of github.com:stefansedich/telepo…
stefansedich Jun 30, 2021
b5cab27
Merge branch 'master' of https://github.com/gravitational/teleport in…
stefansedich Jun 30, 2021
98eea14
Merge branch 'master' into teleport-cluster-pdb
webvictim Jul 5, 2021
f14f031
Merge branch 'master' into teleport-cluster-pdb
stefansedich Jul 28, 2021
b1cb431
Merge branch 'master' into teleport-cluster-pdb
webvictim Jul 29, 2021
8fa2e57
Merge branch 'master' into teleport-cluster-pdb
stefansedich Aug 18, 2021
1082a67
Merge branch 'master' into teleport-cluster-pdb
webvictim Aug 18, 2021
5c760c5
Merge branch 'master' into teleport-cluster-pdb
webvictim Aug 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions docs/pages/kubernetes-access/helm/reference.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -408,6 +408,58 @@ Teleport pods must not be scheduled on the same physical host.
</TabItem>
</Tabs>

## `highAvailability.podDisruptionBudget`

### `highAvailability.podDisruptionBudget.enabled`

| Type | Default value | Can be used in `custom` mode? |
| - | - | - |
| `bool` | `false` | ✅ (when using HA storage) |

Copy link
Copy Markdown
Contributor

@inertial-frame inertial-frame Jun 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs-wise this is great thanks for the helpful reference update!

[Kubernetes reference](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)

Enable a Pod Disruption Budget for the Teleport Pod to ensure HA during voluntary disruptions.

<Tabs>
<TabItem label="values.yaml">
```yaml
highAvailability:
podDisruptionBudget:
enabled: true
```
</TabItem>
<TabItem label="--set">
```shell
--set highAvailability.podDisruptionBudget.enabled=true
```
</TabItem>
</Tabs>

### `highAvailability.podDisruptionBudget.minAvailable`

| Type | Default value | Can be used in `custom` mode? |
| - | - | - |
| `int` | `1` | ✅ (when using HA storage) |

[Kubernetes reference](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)

Ensures that this number of replicas is available during voluntary disruptions, can be a number of replicas or a percentage.

<Tabs>
<TabItem label="values.yaml">
```yaml
highAvailability:
podDisruptionBudget:
minAvailable: 1
```
</TabItem>
<TabItem label="--set">
```shell
--set highAvailability.podDisruptionBudget.minAvailable=1
```
</TabItem>
</Tabs>

## `highAvailability.certManager`

See the [cert-manager](https://cert-manager.io/docs/) docs for more information.
Expand Down
7 changes: 7 additions & 0 deletions examples/chart/teleport-cluster/.lint/pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
clusterName: helm-lint
chartMode: custom
highAvailability:
Comment thread
webvictim marked this conversation as resolved.
replicaCount: 3
podDisruptionBudget:
enabled: true
minAvailable: 2
18 changes: 18 additions & 0 deletions examples/chart/teleport-cluster/templates/pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{{- if .Values.highAvailability.podDisruptionBudget.enabled }}
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
Comment thread
stefansedich marked this conversation as resolved.
labels:
app: {{ .Release.Name }}
spec:
minAvailable: {{ .Values.highAvailability.podDisruptionBudget.minAvailable }}
selector:
matchLabels:
app: {{ .Release.Name }}
{{- end }}
23 changes: 22 additions & 1 deletion examples/chart/teleport-cluster/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,8 @@
"required": [
"replicaCount",
"requireAntiAffinity",
"certManager"
"certManager",
"podDisruptionBudget"
],
"properties": {
"replicaCount": {
Expand Down Expand Up @@ -204,6 +205,26 @@
"default": "Issuer"
}
}
},
"podDisruptionBudget": {
"$id": "#/properties/highAvailability/properties/podDisruptionBudget",
"type": "object",
"required": [
"enabled",
"minAvailable"
],
"properties": {
"enabled": {
"$id": "#/properties/highAvailability/properties/podDisruptionBudget/properties/enabled",
"type": "boolean",
"default": false
},
"minAvailable": {
"$id": "#/properties/highAvailability/properties/podDisruptionBudget/properties/minAvailable",
"type": "integer",
"default": 1
}
}
}
}
},
Expand Down
5 changes: 5 additions & 0 deletions examples/chart/teleport-cluster/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,11 @@ highAvailability:
# Setting 'requireAntiAffinity' to false (the default) uses 'preferredDuringSchedulingIgnoredDuringExecution' to make this a soft requirement.
# This setting only has any effect when replicaCount is greater than 1.
requireAntiAffinity: false
# If enabled will create a Pod Disruption Budget
# https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: false
minAvailable: 1
# Settings for cert-manager (can be used for provisioning TLS certs in HA mode)
certManager:
# If set to true, use cert-manager to get certificates for Teleport to use for TLS termination
Expand Down