From 742a730147284481b9892feb956c7ff67583c9f5 Mon Sep 17 00:00:00 2001 From: Matias Charriere Date: Fri, 17 Nov 2023 10:22:46 +0100 Subject: [PATCH] Add metrics-api and web PDB. Install them only if replicas > 1. Signed-off-by: Matias Charriere --- viz/charts/linkerd-viz/README.md | 2 +- .../linkerd-viz/templates/metrics-api.yaml | 21 +++++++++++++++++++ .../linkerd-viz/templates/tap-injector.yaml | 2 +- viz/charts/linkerd-viz/templates/tap.yaml | 2 +- viz/charts/linkerd-viz/templates/web.yaml | 21 +++++++++++++++++++ viz/charts/linkerd-viz/values.yaml | 2 +- 6 files changed, 46 insertions(+), 4 deletions(-) diff --git a/viz/charts/linkerd-viz/README.md b/viz/charts/linkerd-viz/README.md index 38740481fb557..9db1094a8a7d0 100644 --- a/viz/charts/linkerd-viz/README.md +++ b/viz/charts/linkerd-viz/README.md @@ -98,7 +98,7 @@ Kubernetes: `>=1.21.0-0` | defaultUID | int | `2103` | UID for all the viz components | | enablePSP | bool | `false` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 | | enablePodAntiAffinity | bool | `false` | Enables Pod Anti Affinity logic to balance the placement of replicas across hosts and zones for High Availability. Enable this only when you have multiple replicas of components. | -| enablePodDisruptionBudget | bool | `false` | enables the creation of pod disruption budgets for tap and tap-injector components | +| enablePodDisruptionBudget | bool | `false` | enables the creation of pod disruption budgets for tap, tap-injector, web and metrics-api components | | grafana.externalUrl | string | `nil` | url of a Grafana instance hosted off-cluster. Cannot be set if grafana.url is set. The reverse proxy will not be used for this URL. | | grafana.uidPrefix | string | `nil` | prefix for Grafana dashboard UID's, used when grafana.externalUrl is set. | | grafana.url | string | `nil` | url of an in-cluster Grafana instance with reverse proxy configured, used by the Linkerd viz web dashboard to provide direct links to specific Grafana dashboards. Cannot be set if grafana.externalUrl is set. See the [Linkerd documentation](https://linkerd.io/2/tasks/grafana) for more information | diff --git a/viz/charts/linkerd-viz/templates/metrics-api.yaml b/viz/charts/linkerd-viz/templates/metrics-api.yaml index 1a84f7fa0b88d..c58789a5b360c 100644 --- a/viz/charts/linkerd-viz/templates/metrics-api.yaml +++ b/viz/charts/linkerd-viz/templates/metrics-api.yaml @@ -123,3 +123,24 @@ spec: seccompProfile: type: RuntimeDefault serviceAccountName: metrics-api +{{- if and .Values.enablePodDisruptionBudget (gt (int .Values.metricsAPI.replicas) 1) }} +--- +kind: PodDisruptionBudget +apiVersion: policy/v1 +metadata: + name: metrics-api + namespace: {{ .Release.Namespace }} + labels: + linkerd.io/extension: viz + component: metrics-api + namespace: {{.Release.Namespace}} + {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} + annotations: + {{ include "partials.annotations.created-by" . }} +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/extension: viz + component: metrics-api +{{- end }} diff --git a/viz/charts/linkerd-viz/templates/tap-injector.yaml b/viz/charts/linkerd-viz/templates/tap-injector.yaml index ab00f031fc468..cd5b8dbb2aab6 100644 --- a/viz/charts/linkerd-viz/templates/tap-injector.yaml +++ b/viz/charts/linkerd-viz/templates/tap-injector.yaml @@ -127,7 +127,7 @@ spec: - name: tls secret: secretName: tap-injector-k8s-tls -{{- if .Values.enablePodDisruptionBudget }} +{{- if and .Values.enablePodDisruptionBudget (gt (int .Values.tapInjector.replicas) 1) }} --- kind: PodDisruptionBudget apiVersion: policy/v1 diff --git a/viz/charts/linkerd-viz/templates/tap.yaml b/viz/charts/linkerd-viz/templates/tap.yaml index 37a5589a37848..15535c0767c9d 100644 --- a/viz/charts/linkerd-viz/templates/tap.yaml +++ b/viz/charts/linkerd-viz/templates/tap.yaml @@ -142,7 +142,7 @@ spec: - name: tls secret: secretName: tap-k8s-tls -{{- if .Values.enablePodDisruptionBudget }} +{{- if and .Values.enablePodDisruptionBudget (gt (int .Values.tap.replicas) 1) }} --- kind: PodDisruptionBudget apiVersion: policy/v1 diff --git a/viz/charts/linkerd-viz/templates/web.yaml b/viz/charts/linkerd-viz/templates/web.yaml index 95ba27d261896..06d715110b9fe 100644 --- a/viz/charts/linkerd-viz/templates/web.yaml +++ b/viz/charts/linkerd-viz/templates/web.yaml @@ -139,3 +139,24 @@ spec: seccompProfile: type: RuntimeDefault serviceAccountName: web +{{- if and .Values.enablePodDisruptionBudget (gt (int .Values.dashboard.replicas) 1) }} +--- +kind: PodDisruptionBudget +apiVersion: policy/v1 +metadata: + name: web + namespace: {{ .Release.Namespace }} + labels: + linkerd.io/extension: viz + component: web + namespace: {{.Release.Namespace}} + {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} + annotations: + {{ include "partials.annotations.created-by" . }} +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/extension: viz + component: web +{{- end }} diff --git a/viz/charts/linkerd-viz/values.yaml b/viz/charts/linkerd-viz/values.yaml index 8eeb4fd99156c..2cf1aabc288d0 100644 --- a/viz/charts/linkerd-viz/values.yaml +++ b/viz/charts/linkerd-viz/values.yaml @@ -50,7 +50,7 @@ tolerations: &default_tolerations # Enable this only when you have multiple replicas of components. enablePodAntiAffinity: false -# -- enables the creation of pod disruption budgets for tap and tap-injector components +# -- enables the creation of pod disruption budgets for tap, tap-injector, web and metrics-api components enablePodDisruptionBudget: false # -- NodeAffinity section, See the