From c9d789156c4de098fbfad010cce8e6120ae415d7 Mon Sep 17 00:00:00 2001 From: Raphael Taylor-Davies <1781103+tustvold@users.noreply.github.com> Date: Wed, 6 Jan 2021 14:19:15 +0000 Subject: [PATCH] Add PodDisruptionBudgets to control plane (#5398) (#5406) Closes #5398 * Add PodDisruptionBudget to controller deployments * Add .yaml to editorconfig Signed-off-by: Raphael Taylor-Davies --- .editorconfig | 3 + charts/linkerd2/templates/controller.yaml | 18 +++++ charts/linkerd2/templates/destination.yaml | 18 +++++ charts/linkerd2/templates/identity.yaml | 18 +++++ charts/linkerd2/templates/proxy-injector.yaml | 18 +++++ charts/linkerd2/templates/sp-validator.yaml | 18 +++++ cli/cmd/testdata/install_ha_output.golden | 80 +++++++++++++++++++ .../install_ha_with_overrides_output.golden | 80 +++++++++++++++++++ .../testdata/install_helm_output_ha.golden | 80 +++++++++++++++++++ .../install_helm_output_ha_labels.golden | 80 +++++++++++++++++++ ...l_helm_output_ha_namespace_selector.golden | 80 +++++++++++++++++++ 11 files changed, 493 insertions(+) diff --git a/.editorconfig b/.editorconfig index 80f0001b6..00bfa6a08 100644 --- a/.editorconfig +++ b/.editorconfig @@ -29,6 +29,9 @@ indent_style = space [*.yml] indent_size = 2 +[*.yaml] +indent_size = 2 + [*.proto] indent_size = 2 indent_style = space diff --git a/charts/linkerd2/templates/controller.yaml b/charts/linkerd2/templates/controller.yaml index 06477f197..a4f880a98 100644 --- a/charts/linkerd2/templates/controller.yaml +++ b/charts/linkerd2/templates/controller.yaml @@ -21,6 +21,24 @@ spec: - name: http port: 8085 targetPort: 8085 +{{- if .Values.enablePodAntiAffinity }} +--- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-controller-api + namespace: {{.Values.global.namespace}} + labels: + {{.Values.global.controllerComponentLabel}}: controller + {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}} + annotations: + {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{.Values.global.controllerComponentLabel}}: controller +{{- end }} --- {{- $tree := deepCopy . }} {{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}} diff --git a/charts/linkerd2/templates/destination.yaml b/charts/linkerd2/templates/destination.yaml index e68ec7f3d..e26a0b94c 100644 --- a/charts/linkerd2/templates/destination.yaml +++ b/charts/linkerd2/templates/destination.yaml @@ -40,6 +40,24 @@ spec: - name: grpc port: 8086 targetPort: 8086 +{{- if .Values.enablePodAntiAffinity }} +--- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-dst + namespace: {{.Values.global.namespace}} + labels: + {{.Values.global.controllerComponentLabel}}: destination + {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}} + annotations: + {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{.Values.global.controllerComponentLabel}}: destination +{{- end }} --- {{- $tree := deepCopy . }} {{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}} diff --git a/charts/linkerd2/templates/identity.yaml b/charts/linkerd2/templates/identity.yaml index 3821957f2..12a7f3d9f 100644 --- a/charts/linkerd2/templates/identity.yaml +++ b/charts/linkerd2/templates/identity.yaml @@ -60,6 +60,24 @@ spec: - name: grpc port: 8080 targetPort: 8080 +{{- if .Values.enablePodAntiAffinity }} +--- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-identity + namespace: {{.Values.global.namespace}} + labels: + {{.Values.global.controllerComponentLabel}}: identity + {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}} + annotations: + {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{.Values.global.controllerComponentLabel}}: identity +{{- end }} --- {{- $tree := deepCopy . }} {{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}} diff --git a/charts/linkerd2/templates/proxy-injector.yaml b/charts/linkerd2/templates/proxy-injector.yaml index 21d0194d2..1feff26df 100644 --- a/charts/linkerd2/templates/proxy-injector.yaml +++ b/charts/linkerd2/templates/proxy-injector.yaml @@ -127,3 +127,21 @@ spec: - name: proxy-injector port: 443 targetPort: proxy-injector +{{- if .Values.enablePodAntiAffinity }} +--- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-proxy-injector + namespace: {{.Values.global.namespace}} + labels: + {{.Values.global.controllerComponentLabel}}: proxy-injector + {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}} + annotations: + {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{.Values.global.controllerComponentLabel}}: proxy-injector +{{- end }} diff --git a/charts/linkerd2/templates/sp-validator.yaml b/charts/linkerd2/templates/sp-validator.yaml index d3723822c..00d33cd3d 100644 --- a/charts/linkerd2/templates/sp-validator.yaml +++ b/charts/linkerd2/templates/sp-validator.yaml @@ -21,6 +21,24 @@ spec: - name: sp-validator port: 443 targetPort: sp-validator +{{- if .Values.enablePodAntiAffinity }} +--- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-sp-validator + namespace: {{.Values.global.namespace}} + labels: + {{.Values.global.controllerComponentLabel}}: sp-validator + {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}} + annotations: + {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{.Values.global.controllerComponentLabel}}: sp-validator +{{- end }} --- {{- $tree := deepCopy . }} {{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}} diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index a537c7a74..262b9134e 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -809,6 +809,22 @@ spec: port: 8080 targetPort: 8080 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-identity + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: identity +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1081,6 +1097,22 @@ spec: port: 8085 targetPort: 8085 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-controller-api + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: controller +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1364,6 +1396,22 @@ spec: port: 8086 targetPort: 8086 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-dst + namespace: linkerd + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: destination +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1930,6 +1978,22 @@ spec: port: 443 targetPort: proxy-injector --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-proxy-injector + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: proxy-injector +--- ### ### Service Profile Validator ### @@ -1953,6 +2017,22 @@ spec: port: 443 targetPort: sp-validator --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-sp-validator + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: sp-validator +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index efa561a9f..e19da9e03 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -809,6 +809,22 @@ spec: port: 8080 targetPort: 8080 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-identity + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: identity +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1081,6 +1097,22 @@ spec: port: 8085 targetPort: 8085 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-controller-api + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: controller +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1364,6 +1396,22 @@ spec: port: 8086 targetPort: 8086 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-dst + namespace: linkerd + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: destination +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1930,6 +1978,22 @@ spec: port: 443 targetPort: proxy-injector --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-proxy-injector + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: proxy-injector +--- ### ### Service Profile Validator ### @@ -1953,6 +2017,22 @@ spec: port: 443 targetPort: sp-validator --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-sp-validator + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: sp-validator +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cli/cmd/testdata/install_helm_output_ha.golden b/cli/cmd/testdata/install_helm_output_ha.golden index c385be75c..a9dab5938 100644 --- a/cli/cmd/testdata/install_helm_output_ha.golden +++ b/cli/cmd/testdata/install_helm_output_ha.golden @@ -813,6 +813,22 @@ spec: port: 8080 targetPort: 8080 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-identity + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: identity +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1076,6 +1092,22 @@ spec: port: 8085 targetPort: 8085 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-controller-api + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: controller +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1350,6 +1382,22 @@ spec: port: 8086 targetPort: 8086 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-dst + namespace: linkerd + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: destination +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1898,6 +1946,22 @@ spec: port: 443 targetPort: proxy-injector --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-proxy-injector + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: proxy-injector +--- # Source: linkerd2/templates/sp-validator.yaml --- ### @@ -1923,6 +1987,22 @@ spec: port: 443 targetPort: sp-validator --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-sp-validator + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: sp-validator +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index 1a37c9edb..1129319f4 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -817,6 +817,22 @@ spec: port: 8080 targetPort: 8080 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-identity + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: identity +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1084,6 +1100,22 @@ spec: port: 8085 targetPort: 8085 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-controller-api + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: controller +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1362,6 +1394,22 @@ spec: port: 8086 targetPort: 8086 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-dst + namespace: linkerd + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: destination +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1922,6 +1970,22 @@ spec: port: 443 targetPort: proxy-injector --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-proxy-injector + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: proxy-injector +--- # Source: linkerd2/templates/sp-validator.yaml --- ### @@ -1947,6 +2011,22 @@ spec: port: 443 targetPort: sp-validator --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-sp-validator + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: sp-validator +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index ffdbdda6a..a7d069ef3 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -813,6 +813,22 @@ spec: port: 8080 targetPort: 8080 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-identity + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: identity +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1076,6 +1092,22 @@ spec: port: 8085 targetPort: 8085 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-controller-api + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: controller +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1350,6 +1382,22 @@ spec: port: 8086 targetPort: 8086 --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-dst + namespace: linkerd + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: destination +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1898,6 +1946,22 @@ spec: port: 443 targetPort: proxy-injector --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-proxy-injector + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: proxy-injector +--- # Source: linkerd2/templates/sp-validator.yaml --- ### @@ -1923,6 +1987,22 @@ spec: port: 443 targetPort: sp-validator --- +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: linkerd-sp-validator + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/helm linkerd-version +spec: + maxUnavailable: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: sp-validator +--- apiVersion: apps/v1 kind: Deployment metadata: