From 9a0fd367f8526d6e2c637e5c5512b4762da732b1 Mon Sep 17 00:00:00 2001
From: Caleb Woodbine <calebwoodbine.public@gmail.com>
Date: Sat, 22 Jul 2023 12:14:25 +1200
Subject: [PATCH] feat: add pdb to policy-controller

Signed-off-by: Caleb Woodbine <calebwoodbine.public@gmail.com>
---
 charts/policy-controller/README.md            |  3 +++
 .../webhook/poddisruptionbudget.yaml          | 27 +++++++++++++++++++
 charts/policy-controller/values.yaml          |  4 +++
 3 files changed, 34 insertions(+)
 create mode 100644 charts/policy-controller/templates/webhook/poddisruptionbudget.yaml

diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md
index 2fd0efb0..97b49b61 100644
--- a/charts/policy-controller/README.md
+++ b/charts/policy-controller/README.md
@@ -54,6 +54,9 @@ The Helm chart for Policy  Controller
 | webhook.resources.requests.memory | string | `"128Mi"` |  |
 | webhook.securityContext.enabled | bool | `false` |  |
 | webhook.securityContext.runAsUser | int | `65532` |  |
+| webhook.podDisruptionBudget.enabled | bool | `true` |  |
+| webhook.podDisruptionBudget.minAvailable | int | `1` |  |
+| webhook.podDisruptionBudget.maxUnavailable | int | `null` |  |
 | webhook.service.annotations | object | `{}` |  |
 | webhook.service.port | int | `443` |  |
 | webhook.service.type | string | `"ClusterIP"` |  |
diff --git a/charts/policy-controller/templates/webhook/poddisruptionbudget.yaml b/charts/policy-controller/templates/webhook/poddisruptionbudget.yaml
new file mode 100644
index 00000000..2a811156
--- /dev/null
+++ b/charts/policy-controller/templates/webhook/poddisruptionbudget.yaml
@@ -0,0 +1,27 @@
+{{ if .Values.webhook.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "policy-controller.fullname" . }}-webhook
+  labels:
+    {{- include "policy-controller.labels" . | nindent 4 }}
+    control-plane: {{ template "policy-controller.fullname" . }}-webhook
+{{- if .Values.labels }}
+{{- with .Values.labels }}
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
+  annotations:
+{{- if .Values.annotations }}
+{{- with .Values.annotations }}
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
+spec:
+  minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }}
+  maxUnavailable: {{ .Values.webhook.podDisruptionBudget.maxUnavailable }}
+  selector:
+    matchLabels:
+      {{- include "policy-controller.selectorLabels" . | nindent 6 }}
+      control-plane: {{ template "policy-controller.fullname" . }}-webhook
+{{- end }}
diff --git a/charts/policy-controller/values.yaml b/charts/policy-controller/values.yaml
index 04ffde0b..af29164a 100644
--- a/charts/policy-controller/values.yaml
+++ b/charts/policy-controller/values.yaml
@@ -37,6 +37,10 @@ webhook:
     capabilities:
       drop:
         - ALL
+  podDisruptionBudget:
+    enabled: true
+    minAvailable: 1
+    # maxUnavailable: 3
   serviceAccount:
     annotations: {}
     create: true