8 months ago · b798d6df99
--- a/deploy/charts/external-secrets/README.md
+++ b/deploy/charts/external-secrets/README.md
@@ -60,7 +60,7 @@ The command removes all the Kubernetes components associated with the chart and
 
																 | certController.nameOverride | string | `""` |  |
															
 
																 | certController.nodeSelector | object | `{}` |  |
															
 
																 | certController.podAnnotations | object | `{}` | Annotations to add to Pod |
															
 
																-| certController.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
															
 
																+| certController.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1,"nameOverride":""}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
															
 
																 | certController.podLabels | object | `{}` |  |
															
 
																 | certController.podSecurityContext.enabled | bool | `true` |  |
															
 
																 | certController.priorityClassName | string | `""` | Pod priority class name. |
															
@@ -136,7 +136,7 @@ The command removes all the Kubernetes components associated with the chart and
 
																 | nodeSelector | object | `{}` |  |
															
 
																 | openshiftFinalizers | bool | `true` | If true the OpenShift finalizer permissions will be added to RBAC |
															
 
																 | podAnnotations | object | `{}` | Annotations to add to Pod |
															
 
																-| podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
															
 
																+| podDisruptionBudget | object | `{"enabled":false,"minAvailable":1,"nameOverride":""}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
															
 
																 | podLabels | object | `{}` |  |
															
 
																 | podSecurityContext.enabled | bool | `true` |  |
															
 
																 | podSpecExtra | object | `{}` | Any extra pod spec on the deployment |
															
@@ -215,7 +215,7 @@ The command removes all the Kubernetes components associated with the chart and
 
																 | webhook.nameOverride | string | `""` |  |
															
 
																 | webhook.nodeSelector | object | `{}` |  |
															
 
																 | webhook.podAnnotations | object | `{}` | Annotations to add to Pod |
															
 
																-| webhook.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
															
 
																+| webhook.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1,"nameOverride":""}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
															
 
																 | webhook.podLabels | object | `{}` |  |
															
 
																 | webhook.podSecurityContext.enabled | bool | `true` |  |
															
 
																 | webhook.port | int | `10250` | The port the webhook will listen to |
															
--- a/deploy/charts/external-secrets/templates/_helpers.tpl
+++ b/deploy/charts/external-secrets/templates/_helpers.tpl
@@ -221,6 +221,25 @@ Render the securityContext based on the provided securityContext
 
																 {{- end -}}
															
 
																 {{/*
															
 
																+Create the name of the pod disruption budget to use
															
 
																+*/}}
															
 
																+{{- define "external-secrets.pdbName" -}}
															
 
																+{{- .Values.podDisruptionBudget.nameOverride | default (printf "%s-pdb" (include "external-secrets.fullname" .)) }}
															
 
																+{{- end }}
															
 
																+
															
 
																+{{/*
															
 
																+Create the name of the pod disruption budget to use in the cert controller
															
 
																+*/}}
															
 
																+{{- define "external-secrets.certControllerPdbName" -}}
															
 
																+{{- .Values.certController.podDisruptionBudget.nameOverride | default (printf "%s-cert-controller-pdb" (include "external-secrets.fullname" .)) }}
															
 
																+{{- end }}
															
 
																+
															
 
																+{{/*
															
 
																+Create the name of the pod disruption budget to use in the webhook
															
 
																+*/}}
															
 
																+{{- define "external-secrets.webhookPdbName" -}}
															
 
																+{{- .Values.webhook.podDisruptionBudget.nameOverride | default (printf "%s-webhook-pdb" (include "external-secrets.fullname" .)) }}
															
 
																+{{- end }}
															
 
																 Fail the install if a cluster scoped reconciler is enabled while its namespace scoped counterpart is disabled
															
 
																 */}}
															
 
																 {{- define "external-secrets.reconciler-sanity-test" -}}
															
--- a/deploy/charts/external-secrets/templates/cert-controller-poddisruptionbudget.yaml
+++ b/deploy/charts/external-secrets/templates/cert-controller-poddisruptionbudget.yaml
@@ -2,7 +2,7 @@
 
																 apiVersion: policy/v1
															
 
																 kind: PodDisruptionBudget
															
 
																 metadata:
															
 
																-  name: {{ include "external-secrets.fullname" . }}-cert-controller-pdb
															
 
																+  name: {{ include "external-secrets.certControllerPdbName" . | quote }}
															
 
																   namespace: {{ template "external-secrets.namespace" . }}
															
 
																   labels:
															
 
																     {{- include "external-secrets-cert-controller.labels" . | nindent 4 }}
															
--- a/deploy/charts/external-secrets/templates/poddisruptionbudget.yaml
+++ b/deploy/charts/external-secrets/templates/poddisruptionbudget.yaml
@@ -2,7 +2,7 @@
 
																 apiVersion: policy/v1
															
 
																 kind: PodDisruptionBudget
															
 
																 metadata:
															
 
																-  name: {{ include "external-secrets.fullname" . }}-pdb
															
 
																+  name: {{ include "external-secrets.pdbName" . | quote }}
															
 
																   namespace: {{ template "external-secrets.namespace" . }}
															
 
																   labels:
															
 
																     {{- include "external-secrets.labels" . | nindent 4 }}
															
--- a/deploy/charts/external-secrets/templates/webhook-poddisruptionbudget.yaml
+++ b/deploy/charts/external-secrets/templates/webhook-poddisruptionbudget.yaml
@@ -2,7 +2,7 @@
 
																 apiVersion: policy/v1
															
 
																 kind: PodDisruptionBudget
															
 
																 metadata:
															
 
																-  name: {{ include "external-secrets.fullname" . }}-webhook-pdb
															
 
																+  name: {{ include "external-secrets.webhookPdbName" . | quote }}
															
 
																   namespace: {{ template "external-secrets.namespace" . }}
															
 
																   labels:
															
 
																     {{- include "external-secrets-webhook.labels" . | nindent 4 }}
															
--- a/deploy/charts/external-secrets/tests/cert_controller_pod_disruption_budget_test.yaml
+++ b/deploy/charts/external-secrets/tests/cert_controller_pod_disruption_budget_test.yaml
@@ -0,0 +1,23 @@
 
																+suite: test cert controller pod distribution budget deployment
															
 
																+templates:
															
 
																+  - cert-controller-poddisruptionbudget.yaml
															
 
																+tests:
															
 
																+  - it: should set podDisruptionBudget to set value if given
															
 
																+    set:
															
 
																+      certController.create: true
															
 
																+      certController.podDisruptionBudget.enabled: true
															
 
																+      webhook.certManager.enabled: false
															
 
																+      certController.podDisruptionBudget.nameOverride: custom-overridden-name
															
 
																+    asserts:
															
 
																+      - equal:
															
 
																+          path: metadata.name
															
 
																+          value: custom-overridden-name
															
 
																+  - it: should default podDisruptionBudget if not set
															
 
																+    set:
															
 
																+      certController.create: true
															
 
																+      certController.podDisruptionBudget.enabled: true
															
 
																+      certController.certManager.enabled: false
															
 
																+    asserts:
															
 
																+      - equal:
															
 
																+          path: metadata.name
															
 
																+          value: RELEASE-NAME-external-secrets-cert-controller-pdb
															
--- a/deploy/charts/external-secrets/tests/pod_disruption_budget_test.yaml
+++ b/deploy/charts/external-secrets/tests/pod_disruption_budget_test.yaml
@@ -0,0 +1,19 @@
 
																+suite: test pod distribution budget deployment
															
 
																+templates:
															
 
																+  - poddisruptionbudget.yaml
															
 
																+tests:
															
 
																+  - it: should set podDisruptionBudget to set value if given
															
 
																+    set:
															
 
																+      podDisruptionBudget.enabled: true
															
 
																+      podDisruptionBudget.nameOverride: custom-overridden-name
															
 
																+    asserts:
															
 
																+      - equal:
															
 
																+          path: metadata.name
															
 
																+          value: custom-overridden-name
															
 
																+  - it: should default podDisruptionBudget if not set
															
 
																+    set:
															
 
																+      podDisruptionBudget.enabled: true
															
 
																+    asserts:
															
 
																+      - equal:
															
 
																+          path: metadata.name
															
 
																+          value: RELEASE-NAME-external-secrets-pdb
															
--- a/deploy/charts/external-secrets/tests/webhook_pod_disruption_budget_test.yaml
+++ b/deploy/charts/external-secrets/tests/webhook_pod_disruption_budget_test.yaml
@@ -0,0 +1,21 @@
 
																+suite: test webhook pod distribution budget deployment
															
 
																+templates:
															
 
																+  - webhook-poddisruptionbudget.yaml
															
 
																+tests:
															
 
																+  - it: should set podDisruptionBudget to set value if given
															
 
																+    set:
															
 
																+      webhook.create: true
															
 
																+      webhook.podDisruptionBudget.enabled: true
															
 
																+      webhook.podDisruptionBudget.nameOverride: custom-overridden-name
															
 
																+    asserts:
															
 
																+      - equal:
															
 
																+          path: metadata.name
															
 
																+          value: custom-overridden-name
															
 
																+  - it: should default podDisruptionBudget if not set
															
 
																+    set:
															
 
																+      webhook.create: true
															
 
																+      webhook.podDisruptionBudget.enabled: true
															
 
																+    asserts:
															
 
																+      - equal:
															
 
																+          path: metadata.name
															
 
																+          value: RELEASE-NAME-external-secrets-webhook-pdb
															
--- a/deploy/charts/external-secrets/values.yaml
+++ b/deploy/charts/external-secrets/values.yaml
@@ -272,6 +272,7 @@ priorityClassName: ""
 
																 podDisruptionBudget:
															
 
																   enabled: false
															
 
																   minAvailable: 1    # @schema type:[integer, string]
															
 
																+  nameOverride: ""
															
 
																   # maxUnavailable: "50%"
															
 
																 # -- Run the controller on the host network
															
@@ -383,6 +384,7 @@ webhook:
 
																   podDisruptionBudget:
															
 
																     enabled: false
															
 
																     minAvailable: 1    # @schema type:[integer, string]
															
 
																+    nameOverride: ""
															
 
																     # maxUnavailable: "50%"
															
 
																   metrics:
															
@@ -525,6 +527,7 @@ certController:
 
																   podDisruptionBudget:
															
 
																     enabled: false
															
 
																     minAvailable: 1    # @schema type:[integer, string]
															
 
																+    nameOverride: ""
															
 
																     # maxUnavailable: "50%"
															
 
																   metrics: