From b4f71792418f3d33c46ba864f752db6771c57ffb Mon Sep 17 00:00:00 2001 From: joey Date: Thu, 19 Sep 2024 13:47:53 +0800 Subject: [PATCH] Chart: Implement `unhealthyPodEvictionPolicy`. --- charts/ingress-nginx/README.md | 2 ++ .../templates/controller-poddisruptionbudget.yaml | 3 +++ .../default-backend-poddisruptionbudget.yaml | 3 +++ .../tests/controller-poddisruptionbudget_test.yaml | 13 +++++++++++++ .../default-backend-poddisruptionbudget_test.yaml | 14 ++++++++++++++ charts/ingress-nginx/values.yaml | 6 ++++++ 6 files changed, 41 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4b62feb99e..1cc269afe2 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -484,6 +484,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # | | controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap | | controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) | +| controller.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ | | controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false | | defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | @@ -543,6 +544,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.serviceAccount.name | string | `""` | | | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | | defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | +| defaultBackend.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ | | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 8e0181f9f1..a1f5fbba2a 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -32,5 +32,8 @@ spec: {{- else if .Values.controller.maxUnavailable }} maxUnavailable: {{ .Values.controller.maxUnavailable }} {{- end }} + {{- if .Values.controller.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ .Values.controller.unhealthyPodEvictionPolicy }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml index 42055f8196..e399ea8a42 100644 --- a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -25,5 +25,8 @@ spec: {{- else if .Values.defaultBackend.maxUnavailable }} maxUnavailable: {{ .Values.defaultBackend.maxUnavailable }} {{- end }} + {{- if .Values.defaultBackend.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ .Values.defaultBackend.unhealthyPodEvictionPolicy }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml index f215f35207..5ac986fc70 100644 --- a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml +++ b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml @@ -87,3 +87,16 @@ tests: - equal: path: spec.maxUnavailable value: 1 + + - it: should create a PodDisruptionBudget with `unhealthyPodEvictionPolicy` if `controller.unhealthyPodEvictionPolicy` is set + set: + controller.replicaCount: 2 + controller.unhealthyPodEvictionPolicy: IfHealthyBudget + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - equal: + path: spec.unhealthyPodEvictionPolicy + value: IfHealthyBudget diff --git a/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml b/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml index 9ca837dcab..bfe98e8835 100644 --- a/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml +++ b/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml @@ -63,3 +63,17 @@ tests: - equal: path: spec.maxUnavailable value: 1 + + - it: should create a PodDisruptionBudget with `unhealthyPodEvictionPolicy` if `defaultBackend.unhealthyPodEvictionPolicy` is set + set: + defaultBackend.enabled: true + defaultBackend.replicaCount: 2 + defaultBackend.unhealthyPodEvictionPolicy: IfHealthyBudget + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - equal: + path: spec.unhealthyPodEvictionPolicy + value: IfHealthyBudget diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index ffb8a4ae30..c7be2bcc20 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -374,6 +374,9 @@ controller: minAvailable: 1 # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 @@ -1101,6 +1104,9 @@ defaultBackend: minAvailable: 1 # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" resources: {} # limits: