weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Added PodDisruptionBudgets to helm chart

Browse Source 
Signed-off-by: Eike Wichern <13048266+e96wic@users.noreply.github.com>
This commit is contained in:
Eike Wichern 2021-04-28 10:11:01 +02:00 committed by Tim Ramlot
parent 860b143c05
commit 9c16cdd711
No known key found for this signature in database
GPG Key ID: 47428728E0C2878D
5 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
deploy/charts/cert-manager/templates/_helpers.tpl
View File

@ -34,6 +34,21 @@ Create the name of the service account to use
{{- end -}}
{{- end -}}
{{/*
Create the default PodDisruptionBudget to use
*/}}
{{- define "podDisruptionBudget.spec" -}}
{{- if and .Values.global.podDisruptionBudget.minAvailable .Values.global.podDisruptionBudget.maxUnavailable }}
{{- fail "Cannot set both .Values.global.podDisruptionBudget.minAvailable and .Values.global.podDisruptionBudget.maxUnavailable" -}}
{{- end }}
{{- if not .Values.global.podDisruptionBudget.maxUnavailable }}
minAvailable: {{ default 1 .Values.global.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.global.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.global.podDisruptionBudget.maxUnavailable }}
{{- end }}
{{- end }}
{{/*
Webhook templates
*/}}

18
deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.global.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ include "cainjector.name" . }}
app.kubernetes.io/name: {{ include "cainjector.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
helm.sh/chart: {{ template "cert-manager.chart" . }}
name: {{ include "cainjector.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
spec:
{{- include "podDisruptionBudget.spec" . | indent 2 }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "cainjector.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

18
deploy/charts/cert-manager/templates/poddisruptionbudget.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.global.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ template "cert-manager.name" . }}
app.kubernetes.io/name: {{ template "cert-manager.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
helm.sh/chart: {{ template "cert-manager.chart" . }}
name: {{ template "cert-manager.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
spec:
{{- include "podDisruptionBudget.spec" . | indent 2 }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "cert-manager.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

18
deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.global.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ include "webhook.name" . }}
app.kubernetes.io/name: {{ include "webhook.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
helm.sh/chart: {{ template "cert-manager.chart" . }}
name: {{ include "webhook.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
spec:
{{- include "podDisruptionBudget.spec" . | indent 2 }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "webhook.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

5
deploy/charts/cert-manager/values.yaml
View File

@ -24,6 +24,11 @@ global:
# Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
aggregateClusterRoles: true
podDisruptionBudget:
enabled: true
# minAvailable: 1
# maxUnavailable: 1
podSecurityPolicy:
enabled: false
useAppArmor: true