PDB update

hyperspike · Aug 4, 2024 · 39dd108 · 39dd108
1 parent cba3a12
commit 39dd108
Show file tree

Hide file tree

Showing 7 changed files with 219 additions and 41 deletions.
diff --git a/Makefile b/Makefile
@@ -25,8 +25,9 @@ CONTAINER_TOOL ?= docker
 SHELL = /usr/bin/env bash -o pipefail
 .SHELLFLAGS = -ec
 
-K8S_VERSION ?= 1.30.4
+K8S_VERSION ?= 1.30.3
 CILIUM_VERSION ?= 1.16.0
+CERTMANAGER_VERSION ?= 1.15.2
 
 V ?= 0
 ifeq ($(V), 1)
@@ -187,7 +188,10 @@ GOLANGCI_LINT_VERSION ?= v1.57.2
 
 .PHONY: minikube tunnel proxy
 minikube: ## Spool up a local minikube cluster for development
-	$QK8S_VERSION=$(K8S_VERSION) CILIUM_VERSION=$(CILIUM_VERSION) scripts/minikube.sh
+	$QK8S_VERSION=$(K8S_VERSION) \
+		CILIUM_VERSION=$(CILIUM_VERSION) \
+		CERTMANAGER_VERSION=$(CERTMANAGER_VERSION) \
+		scripts/minikube.sh
 
 tunnel: ## turn on minikube's tunnel to test ingress and get UI access
 	$Q$(MINIKUBE) tunnel -p north

diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: localhost:5000/controller
-  newTag: "2"
+  newName: ghcr.io/hyperspike/valkey-operator
+  newTag: v0.0.4
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -105,3 +105,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/dist/install.yaml b/dist/install.yaml
@@ -334,6 +334,18 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -445,7 +457,7 @@ spec:
         - --health-probe-bind-address=:8081
         command:
         - /manager
-        image: localhost:5000/controller:2
+        image: ghcr.io/hyperspike/valkey-operator:v0.0.4
         livenessProbe:
           httpGet:
             path: /healthz

diff --git a/internal/controller/valkey_controller.go b/internal/controller/valkey_controller.go
@@ -43,6 +43,7 @@ import (
 	hyperv1 "hyperspike.io/valkey-operator/api/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	policyv1 "k8s.io/api/policy/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -87,6 +88,7 @@ var scripts embed.FS
 // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch
 // +kubebuilder:rbac:groups="apps",resources=statefulsets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core,resources=events,verbs=create;patch
+// +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -121,6 +123,9 @@ func (r *ValkeyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	if err != nil {
 		return ctrl.Result{}, err
 	}
+	if err := r.upsertPodDisruptionBudget(ctx, valkey); err != nil {
+		return ctrl.Result{}, err
+	}
 	if err := r.upsertStatefulSet(ctx, valkey); err != nil {
 		return ctrl.Result{}, err
 	}
@@ -551,6 +556,47 @@ func getMasterNodes(valkey *hyperv1.Valkey) string {
 	return strings.Join(nodes, " ")
 }
 
+func (r *ValkeyReconciler) upsertPodDisruptionBudget(ctx context.Context, valkey *hyperv1.Valkey) error {
+	logger := log.FromContext(ctx)
+
+	logger.Info("upserting pod disruption budget", "valkey", valkey.Name, "namespace", valkey.Namespace)
+	pdb := &policyv1.PodDisruptionBudget{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      valkey.Name,
+			Namespace: valkey.Namespace,
+			Labels:    labels(valkey),
+		},
+		Spec: policyv1.PodDisruptionBudgetSpec{
+			MaxUnavailable: func(i intstr.IntOrString) *intstr.IntOrString { return &i }(intstr.FromInt(1)),
+			Selector: &metav1.LabelSelector{
+				MatchLabels: labels(valkey),
+			},
+		},
+	}
+	if err := controllerutil.SetControllerReference(valkey, pdb, r.Scheme); err != nil {
+		return err
+	}
+	err := r.Get(ctx, types.NamespacedName{Namespace: valkey.Namespace, Name: valkey.Name}, pdb)
+	if err != nil && errors.IsNotFound(err) {
+		if err := r.Create(ctx, pdb); err != nil {
+			logger.Error(err, "failed to create pod disruption budget", "valkey", valkey.Name, "namespace", valkey.Namespace)
+			return err
+		}
+		r.Recorder.Event(valkey, "Normal", "Created",
+			fmt.Sprintf("PodDisruptionBudget %s/%s is created", valkey.Namespace, valkey.Name))
+	} else if err != nil {
+		logger.Error(err, "failed to fetch pod disruption budget", "valkey", valkey.Name, "namespace", valkey.Namespace)
+		return err
+	} else if err == nil && pdb.Spec.MaxUnavailable.IntVal != int32(1) {
+		pdb.Spec.MaxUnavailable = func(i intstr.IntOrString) *intstr.IntOrString { return &i }(intstr.FromInt(1))
+		if err := r.Update(ctx, pdb); err != nil {
+			logger.Error(err, "failed to update pod disruption budget", "valkey", valkey.Name, "namespace", valkey.Namespace)
+			return err
+		}
+	}
+	return nil
+}
+
 func (r *ValkeyReconciler) upsertStatefulSet(ctx context.Context, valkey *hyperv1.Valkey) error {
 	logger := log.FromContext(ctx)
 

diff --git a/scripts/minikube.sh b/scripts/minikube.sh
@@ -100,26 +100,32 @@ data:
 	minikube kubectl  -p $name --  apply -f .cni-$name.yaml
 	minikube node add -p $name
 	minikube node add -p $name
-	sleep 15 #@TODO build a watch loop 
+	# sleep 15 #@TODO build a watch loop
+}
+
+addons() {
 	kubectl delete pod -l k8s-app=kube-dns -n kube-system
 	minikube addons enable registry -p north
 	# use the addon, but through a tunnel
-	minikube addons enable ingress  -p north
-	kubectl get svc -n ingress-nginx ingress-nginx-controller  -o yaml > .ingress.yaml
-	sed -i'' -e 's/NodePort/LoadBalancer/' -e '/allocateNode/d' .ingress.yaml
-	kubectl apply -f .ingress.yaml
-	kubectl apply -f scripts/ingress.yaml
-	kubectl delete po -n ingress-nginx -l app.kubernetes.io/component=controller
+	#minikube addons enable ingress  -p north
+	#kubectl get svc -n ingress-nginx ingress-nginx-controller  -o yaml > .ingress.yaml
+	#sed -i'' -e 's/NodePort/LoadBalancer/' -e '/allocateNode/d' .ingress.yaml
+	#kubectl apply -f .ingress.yaml
+	#kubectl apply -f scripts/ingress.yaml
+	#kubectl delete po -n ingress-nginx -l app.kubernetes.io/component=controller
 	kubectl delete pod -l k8s-app=kube-dns -n kube-system
 	kubectl get deployment -n kube-system coredns -o yaml > .coredns.yaml
 	sed -i'' -e 's/\(replicas:\).*/\1\ 2/' .coredns.yaml
 	kubectl apply -f .coredns.yaml
-	kubectl apply -f $SCRIPT_DIR/postgres-operator.yaml
+	#kubectl apply -f $SCRIPT_DIR/postgres-operator.yaml
 	kubectl apply -f $SCRIPT_DIR/minikube-pvc-hack.yaml
+	kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v${CERTMANAGER_VERSION}/cert-manager.yaml
 }
 
 helm repo add cilium https://helm.cilium.io/ || true
 helm repo update cilium
 helm pull cilium/cilium --untar
 
 bootcluster north 1 10.60.0.0/16 10.96.0.0/16
+
+addons