Skip to content

Add PodDisruptionBudget to helm chart #517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 5, 2025
Merged

Add PodDisruptionBudget to helm chart #517

merged 6 commits into from
Sep 5, 2025

Conversation

frauniki
Copy link
Contributor

@cert-manager-prow cert-manager-prow bot added dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 13, 2025
@cert-manager-prow
Copy link
Contributor

Hi @frauniki. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@cert-manager-prow cert-manager-prow bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 13, 2025
@cert-manager-prow cert-manager-prow bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels Mar 13, 2025
@frauniki
Copy link
Contributor Author

frauniki commented Sep 3, 2025

@erikgb @wallrj @SgtCoDFish
Hello, could you please review this pull request?
Or, if you know who would be appropriate to ask for a review, could you let me know?

@erikgb
Copy link
Member

erikgb commented Sep 3, 2025

/ok-to-test

@cert-manager-prow cert-manager-prow bot added ok-to-test and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 3, 2025
@frauniki
feat(poddisruptionbudget): add PodDisruptionBudget configuration to e…
06a266d 
…nhance application availability during maintenance

feat(values.schema.json): extend schema to include podDisruptionBudget properties for better validation
chore(values.yaml): add default podDisruptionBudget configuration with examples for user guidance

Signed-off-by: frauniki <[email protected]>
@frauniki
docs(istio-csr): add documentation for podDisruptionBudget configurat…
c46d6b4 
…ion to provide users with guidance on setting disruption budgets

Signed-off-by: frauniki <[email protected]>
@hawksight
Copy link
Member

/cc @hawksight

@frauniki
run make generate
35d85d7 
Signed-off-by: frauniki <[email protected]>
hawksight
hawksight suggested changes Sep 3, 2025
View reviewed changes
Copy link
Member

@hawksight hawksight left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @frauniki, thank you for noticing the pdb isn't present in the chart. Really appreciate the PR to get this in place.

I would however like to consider if you could make the values and configuration match the pattern used by cert-manager and trust-manager, so that we have a consistent configuration approach where possible.

Basically, this would mean:

  1. adding an enabled key defaulting to false - consistent with your default
  2. having config keys for both minAvailable & maxUnavailable as doscumented propertirs.
  3. Copy the login in the other charts to prevent a user configuring both and getting a k8s error further down the stack, eg: https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/templates/poddisruptionbudget.yaml#L20-L28

Let me know if that makes sense or you have other reasons to keep it as it, I think it's a trade off but I'd go towards consistency where it makes sense.

@frauniki frauniki requested a review from hawksight September 3, 2025 18:11
@frauniki
Copy link
Contributor Author

frauniki commented Sep 4, 2025

@hawksight
I fixed the error that was occurring in CI.
Could you please run the test CI again?

@hawksight
Copy link
Member

/retest

erikgb
erikgb reviewed Sep 4, 2025
View reviewed changes
erikgb
erikgb reviewed Sep 4, 2025
View reviewed changes
@frauniki
fix: pdb default values
3c92c35 
- Set default
- Leave  unset (documented only)
- Regenerate README and values schema to match

This keeps templates simple (with-blocks) and lints clean.

Signed-off-by: frauniki <[email protected]>
@frauniki frauniki requested review from ajvn and erikgb September 5, 2025 07:16
@hawksight
Copy link
Member

/lgtm

I think in the current state it's safe to merge. People have to opt into this, at which point they should make their own choice about what setting is best for their installation.

Thank you @ajvn for the lengthy input on this topic too for getting a good default.

At this point we diverge from cert-manager docs, but I think we can revisit that if important later on.

@cert-manager-prow
Copy link
Contributor

@hawksight: adding LGTM is restricted to approvers and reviewers in OWNERS files.

In response to this:

/lgtm

I think in the current state it's safe to merge. People have to opt into this, at which point they should make their own choice about what setting is best for their installation.

Thank you @ajvn for the lengthy input on this topic too for getting a good default.

At this point we diverge from cert-manager docs, but I think we can revisit that if important later on.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

hawksight
hawksight approved these changes Sep 5, 2025
View reviewed changes
Copy link
Member

@hawksight hawksight left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't approve, so back to maybe @erikgb?

@erikgb
Copy link
Member

erikgb commented Sep 5, 2025

I will review this later today or tomorrow. The generated Helm docs can be improved, I think, but I need to find out exactly how. Maybe @frauniki can take a look at https://github.com/cert-manager/helm-tool?

erikgb
erikgb requested changes Sep 5, 2025
View reviewed changes
Copy link
Member

@erikgb erikgb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just added some suggestions that I hope will fix the Helm docs and schema.

@frauniki frauniki requested a review from erikgb September 5, 2025 13:04
erikgb
erikgb approved these changes Sep 5, 2025
View reviewed changes
Copy link
Member

@erikgb erikgb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot, @frauniki. Especially for the last-minute adjustments. 🚀

/label tide/merge-method-squash
/lgtm
/approve

@cert-manager-prow
Copy link
Contributor

@erikgb: The label(s) /label tide/merge-method-squash cannot be applied. These labels are supported: ``. Is this label configured under labels -> additional_labels or `labels -> restricted_labels` in `plugin.yaml`?

In response to this:

Thanks a lot, @frauniki. Especially for the last-minute adjustments. 🚀

/label tide/merge-method-squash
/lgtm
/approve

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@cert-manager-prow cert-manager-prow bot added the lgtm Indicates that a PR is ready to be merged. label Sep 5, 2025
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erikgb, hawksight

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 5, 2025
@cert-manager-prow cert-manager-prow bot merged commit 31882da into cert-manager:main Sep 5, 2025
14 checks passed
@erikgb
Copy link
Member

erikgb commented Sep 5, 2025

/label tide/squash

@cert-manager-prow
Copy link
Contributor

@erikgb: The label(s) /label tide/squash cannot be applied. These labels are supported: ``. Is this label configured under labels -> additional_labels or `labels -> restricted_labels` in `plugin.yaml`?

In response to this:

/label tide/squash

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@erikgb erikgb mentioned this pull request Sep 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erikgb erikgb erikgb approved these changes

@ajvn ajvn Awaiting requested review from ajvn

+1 more reviewer

@hawksight hawksight hawksight approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. ok-to-test size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add PodDisruptionBudget to helm chart
4 participants
@frauniki @erikgb @hawksight @ajvn