HGKeeper

Add pod disruption budgets to every SINGLE deployment

2020-09-07, Gary Kramlich

97a6cd7e07f8

Parents 58eeb38652fe
Children 75162d105cb7

Add pod disruption budgets to every SINGLE deployment

18 files changed, 546 insertions(+), 6 deletions(-)

+12 -0

05-kube-state-metrics.yaml

+12 -0

20-ingress.yaml

+11 -0

50-carrier.pidgin.im.yaml

+24 -0

50-ci.imfreedom.org.yaml

+11 -0

50-data.imfreedom.org.yaml

+72 -0

50-docs.pidgin.im.yaml

+11 -0

50-gaim.pidgin.im.yaml

+11 -0

50-hub.imfreedom.org.yaml

+11 -0

50-imfreedom.org.yaml

+12 -0

50-issues.imfreedom.org.yaml

+11 -0

50-keep.imfreedom.org.yaml

+11 -0

50-monitoring.imfreedom.org.yaml

+22 -0

50-nest.pidgin.im.yaml

+11 -0

50-reaperworld.com.yaml

+36 -0

50-reviews.imfreedom.org.yaml

+11 -0

50-wasdead.yaml

+245 -6

50-wiki.imfreedom.org.yaml

+12 -0

50-xmpp.imfreedom.org.yaml

~~--- a/05-kube-state-metrics.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/05-kube-state-metrics.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -148,6 +148,18 @@

name: kube-state-metrics

namespace: kube-system

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: kube-system

+ name: kube-state-metrics

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app.kubernetes.io/name: kube-state-metrics

+ app.kubernetes.io/version: 1.9.7

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/20-ingress.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/20-ingress.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -156,6 +156,18 @@

- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

sniStrict: true

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ name: traefik

+ namespace: kube-public

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: traefik

+ role: controller

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-carrier.pidgin.im.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-carrier.pidgin.im.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -90,6 +90,17 @@

- port: 3333

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: carrier

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: carrier

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-ci.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-ci.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -40,6 +40,18 @@

- port: 5432

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: imfreedom

+ name: ci-postgres

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: ci

+ role: db

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -221,6 +233,18 @@

- port: 8111

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: imfreedom

+ name: ci

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: ci

+ role: app

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-data.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-data.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -100,6 +100,17 @@

- port: 9000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: imfreedom

+ name: data

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: data

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-docs.pidgin.im.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-docs.pidgin.im.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -135,6 +135,18 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: docs-gplugin-latest

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: gplugin

+ version: latest

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -227,6 +239,18 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: docs-gplugin-gtk-latest

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: gplugin-gtk

+ version: latest

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -319,6 +343,18 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: docs-libgnt-latest

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: libgnt

+ version: latest

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -411,6 +447,18 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: docs-libgnt-next

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: libgnt

+ version: next

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -503,6 +551,18 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: docs-pidgin-2-x-y

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: pidgin

+ version: 2.x.y

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -595,6 +655,18 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: docs-talkatu-latest

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: talkatu

+ version: latest

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-gaim.pidgin.im.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-gaim.pidgin.im.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -89,6 +89,17 @@

- port: 80

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: gaim

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: gaim

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-hub.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-hub.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -91,6 +91,17 @@

- port: 8080

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: imfreedom

+ name: hub

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: hub

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -68,6 +68,17 @@

selector:

app: imfreedom-org

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: imfreedom-org

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: imfreedom-org

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-issues.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-issues.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -106,6 +106,18 @@

- port: 8080

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: imfreedom

+ name: issues

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: issues

+ role: app

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-keep.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-keep.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -129,6 +129,17 @@

- port: 22222

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: keep

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: hgkeeper

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-monitoring.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-monitoring.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -109,6 +109,17 @@

dnsNames:

- monitoring.imfreedom.org

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: monitoring

+ name: traefik-forward-auth

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: traefik-forward-auth

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-nest.pidgin.im.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-nest.pidgin.im.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -194,6 +194,17 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: nest

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: nest

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -278,6 +289,17 @@

- port: 80

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: oldsite

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: oldsite

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-reaperworld.com.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-reaperworld.com.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -110,6 +110,17 @@

- port: 3000

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: reaperworld

+ name: www

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: www

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-reviews.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-reviews.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -92,6 +92,18 @@

- port: memcached

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: reviews-memcached

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: reviews

+ role: memcached

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -172,6 +184,18 @@

- port: postgres

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: reviews-postgres

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: reviews

+ role: postgres

+---

apiVersion: apps/v1

kind: Deployment

metadata:

@@ -293,6 +317,18 @@

- port: http

protocol: TCP

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: reviews-reviewboard

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: reviews

+ role: reviewboard

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-wasdead.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-wasdead.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -1,5 +1,16 @@

# wasdead is a discord bot that auto announces live stream updates.

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: reaperworld

+ name: wasdead

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: wasdead

+---

apiVersion: apps/v1

kind: Deployment

metadata:

~~--- a/50-wiki.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-wiki.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -13,13 +13,48 @@

protocol: TCP

selector:

app: wiki

~~- role: wiki-database~~

+ role: database

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ namespace: imfreedom

+ name: wiki-database

+ labels:

+ app: wiki

+ role: database

+spec:

+ podSelector:

+ matchLabels:

+ app: wiki

+ role: database

+ ingress:

+ - from:

+ - podSelector:

+ matchLabels:

+ app: wiki

+ role: app

+ ports:

+ - port: 3306

+ protocol: TCP

+---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: imfreedom

+ name: wiki-database

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: wiki

+ role: database

---

apiVersion: apps/v1

kind: Deployment

metadata:

namespace: imfreedom

~~- name: wiki~~

+ name: wiki-database

labels:

app: wiki

role: database

@@ -29,6 +64,8 @@

matchLabels:

app: wiki

role: database

+ strategy:

+ type: Recreate

template:

metadata:

labels:

@@ -36,19 +73,48 @@

role: database

spec:

containers:

~~- - name: mariadb~~

~~- image: mariadb:10~~

+ - name: mysql

+ image: docker.io/mysql:5

imagePullPolicy: Always

+ resources:

+ limits:

+ cpu: 200m

+ memory: 384Mi

+ requests:

+ cpu: 100m

+ memory: 192Mi

ports:

- containerPort: 3306

volumeMounts:

- mountPath: /var/lib/mysql/

name: data

readOnly: false

+ subPath: mysql

+ env:

+ - name: MYSQL_ROOT_PASSWORD

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: root_password

+ - name: MYSQL_USER

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: user

+ - name: MYSQL_PASSWORD

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: password

+ - name: MYSQL_DATABASE

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: database

volumes:

- name: data

persistentVolumeClaim:

~~- claimName: wiki-data~~

+ claimName: wiki-database

---

apiVersion: v1

kind: PersistentVolumeClaim

@@ -63,5 +129,178 @@

- ReadWriteOnce

resources:

requests:

~~- storage: 2Gi~~

+ storage: 1Gi

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: wiki-http

+ namespace: imfreedom

+spec:

+ entryPoints:

+ - http

+ routes:

+ - match: Host(`wiki.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: wiki-app

+ port: 80

+ middlewares:

+ - name: https-redirect

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: wiki-https

+ namespace: imfreedom

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`wiki.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: wiki-app

+ port: 80

+ middlewares:

+ # - name: ci-body-size

+ - name: common-headers

+ tls:

+ secretName: wiki-tls

+ options:

+ name: default

+ namespace: kube-public

+---

+apiVersion: cert-manager.io/v1alpha2

+kind: Certificate

+metadata:

+ namespace: imfreedom

+ name: wiki-tls

+spec:

+ secretName: wiki-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: wiki.imfreedom.org

+ dnsNames:

+ - wiki.imfreedom.org

+---

+apiVersion: v1

+kind: Service

+metadata:

+ name: wiki-app

+ namespace: imfreedom

+ labels:

+ app: wiki

+ role: app

+spec:

+ ports:

+ - port: 80

+ protocol: TCP

+ selector:

+ app: wiki

+ role: app

---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ namespace: imfreedom

+ name: wiki-app

+ labels:

+ app: wiki

+ role: app

+spec:

+ podSelector:

+ matchLabels:

+ app: wiki

+ role: app

+ ingress:

+ - from:

+ - namespaceSelector:

+ matchLabels:

+ name: kube-public

+ podSelector:

+ matchLabels:

+ app: traefik

+ role: controller

+ ports:

+ - port: 80

+ protocol: TCP

+---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: imfreedom

+ name: wiki-app

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: wiki

+ role: app

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ namespace: imfreedom

+ name: wiki-app

+ labels:

+ app: wiki

+ role: app

+spec:

+ replicas: 1

+ selector:

+ matchLabels:

+ app: wiki

+ role: app

+ strategy:

+ type: Recreate

+ template:

+ metadata:

+ labels:

+ app: wiki

+ role: app

+ spec:

+ containers:

+ - name: mediawiki

+ image: docker.io/imfreedom/wiki:latest

+ imagePullPolicy: Always

+ resources:

+ limits:

+ cpu: 200m

+ memory: 256Mi

+ requests:

+ cpu: 100m

+ memory: 128Mi

+ ports:

+ - containerPort: 80

+ volumeMounts:

+ - mountPath: /var/www/html/images/

+ name: uploads

+ readOnly: false

+ subPath: uploads

+ - mountPath: /config

+ name: config

+ readOnly: true

+ volumes:

+ - name: uploads

+ persistentVolumeClaim:

+ claimName: wiki-uploads

+ - name: config

+ secret:

+ secretName: wiki-app

+---

+apiVersion: v1

+kind: PersistentVolumeClaim

+metadata:

+ namespace: imfreedom

+ name: wiki-uploads

+ labels:

+ app: wiki

+ role: app

+spec:

+ accessModes:

+ - ReadWriteOnce

+ resources:

+ requests:

+ storage: 1Gi

+---

~~--- a/50-xmpp.imfreedom.org.yaml Mon Sep 07 03:26:27 2020 -0500~~

+++ b/50-xmpp.imfreedom.org.yaml Mon Sep 07 03:26:47 2020 -0500

@@ -228,6 +228,18 @@

http_host = "xmpp.pidgin.im"

modules_enabled = {"bosh"}

---

+apiVersion: policy/v1beta1

+kind: PodDisruptionBudget

+metadata:

+ namespace: roost

+ name: prosody

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: prosody

+ role: app

+---

apiVersion: apps/v1

kind: Deployment

metadata:

imfreedom/k8s-cluster