From 7b7c9f509e34f26e9a7ea998916742cb1780219e Mon Sep 17 00:00:00 2001
From: "lobiyed.karim" <lobiyed.karim@gmail.com>
Date: Tue, 16 Jan 2024 10:04:47 +0100
Subject: [PATCH] Add PodDisruptionBudget for CoreDNS deployment. Allows users
 to control disruption behavior and set maximum unavailable pods (#10557)

---
 roles/kubernetes-apps/ansible/defaults/main.yml          | 5 +++++
 roles/kubernetes-apps/ansible/tasks/coredns.yml          | 4 ++++
 .../ansible/templates/coredns-poddisruptionbudget.yml.j2 | 9 +++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 roles/kubernetes-apps/ansible/templates/coredns-poddisruptionbudget.yml.j2

diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index 52444b087..0050ce05b 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -18,6 +18,11 @@ coredns_default_zone_cache_block: |
   cache 30
 coredns_host_network: false
 coredns_port: 53
+
+coredns_pod_disruption_budget: false
+# value for coredns pdb
+coredns_pod_disruption_budget_max_unavailable: "30%"
+
 # coredns_additional_configs adds any extra configuration to coredns
 # coredns_additional_configs: |
 #   whoami
diff --git a/roles/kubernetes-apps/ansible/tasks/coredns.yml b/roles/kubernetes-apps/ansible/tasks/coredns.yml
index a5f7b198c..8d5aad255 100644
--- a/roles/kubernetes-apps/ansible/tasks/coredns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml
@@ -14,6 +14,7 @@
     - { name: dns-autoscaler, file: dns-autoscaler.yml, type: deployment }
     - { name: dns-autoscaler, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
     - { name: dns-autoscaler, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
+    - { name: coredns, file: coredns-poddisruptionbudget.yml, type: poddisruptionbudget, condition: coredns_pod_disruption_budget }
     - { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa }
   register: coredns_manifests
   vars:
@@ -22,6 +23,7 @@
     - dns_mode in ['coredns', 'coredns_dual']
     - inventory_hostname == groups['kube_control_plane'][0]
     - enable_dns_autoscaler or item.name != 'dns-autoscaler'
+    - item.condition | default(True)
   tags:
     - coredns
 
@@ -34,6 +36,7 @@
     - { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
     - { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }
     - { name: dns-autoscaler, src: dns-autoscaler.yml, file: coredns-autoscaler-secondary.yml, type: deployment }
+    - { name: coredns, file: coredns-poddisruptionbudget.yml, type: poddisruptionbudget, condition: coredns_pod_disruption_budget }
   register: coredns_secondary_manifests
   vars:
     clusterIP: "{{ skydns_server_secondary }}"
@@ -42,5 +45,6 @@
     - dns_mode == 'coredns_dual'
     - inventory_hostname == groups['kube_control_plane'][0]
     - enable_dns_autoscaler or item.name != 'dns-autoscaler'
+    - item.condition | default(True)
   tags:
     - coredns
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-poddisruptionbudget.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-poddisruptionbudget.yml.j2
new file mode 100644
index 000000000..7df6b2621
--- /dev/null
+++ b/roles/kubernetes-apps/ansible/templates/coredns-poddisruptionbudget.yml.j2
@@ -0,0 +1,9 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: coredns{{ coredns_ordinal_suffix }}
+spec:
+  maxUnavailable: {{ coredns_pod_disruption_budget_max_unavailable }}
+  selector:
+    matchLabels:
+      k8s-app: kube-dns{{ coredns_ordinal_suffix }}
-- 
GitLab