Added missing PodDisruptionBudget, upgrade cert-manager to latest (#656)

deployment/services/graphql.ts

@@ -79,6 +79,7 @@ export function deployGraphQL({
     {
       storageContainer,
       replicas: 2,
+      pdb: true,
       readinessProbe: '/_readiness',
       livenessProbe: '/_health',
       env: {

deployment/services/schema.ts

@@ -1,7 +1,6 @@
 import * as pulumi from '@pulumi/pulumi';
 import * as azure from '@pulumi/azure';
 import { RemoteArtifactAsServiceDeployment } from '../utils/remote-artifact-as-service';
-import { isProduction } from '../utils/helpers';
 import { DeploymentEnvironment } from '../types';
 import { Redis } from './redis';
 import { PackageHelper } from '../utils/pack';
@@ -46,7 +45,8 @@ export function deploySchema({
       livenessProbe: '/_health',
       exposesMetrics: true,
       packageInfo: packageHelper.npmPack('@hive/schema'),
-      replicas: isProduction(deploymentEnv) ? 2 : 1,
+      replicas: 2,
+      pdb: true,
     },
     [redis.deployment, redis.service]
   ).deploy();

deployment/services/usage-ingestor.ts

@@ -78,6 +78,7 @@ export function deployUsageIngestor({
       exposesMetrics: true,
       packageInfo: packageHelper.npmPack('@hive/usage-ingestor'),
       port: 4000,
+      pdb: true,
       autoScaling: {
         cpu: {
           cpuAverageToScale: 60,

deployment/services/usage.ts

@@ -64,6 +64,7 @@ export function deployUsage({
       exposesMetrics: true,
       packageInfo: packageHelper.npmPack('@hive/usage'),
       port: 4000,
+      pdb: true,
       autoScaling: {
         cpu: {
           cpuAverageToScale: 60,

deployment/utils/cert-manager.ts

@@ -3,7 +3,7 @@ import * as k8s from '@pulumi/kubernetes';
 export class CertManager {
   public deployCertManagerAndIssuer() {
     const certManager = new k8s.yaml.ConfigFile('cert-manager', {
-      file: 'https://github.com/jetstack/cert-manager/releases/download/v1.8.0/cert-manager.yaml',
+      file: 'https://github.com/jetstack/cert-manager/releases/download/v1.10.0/cert-manager.yaml',
     });
 
     const issuerName = 'letsencrypt-prod';

deployment/utils/redis.ts

@@ -108,6 +108,14 @@ fi
         }
       ),
     });
+
+    new k8s.policy.v1.PodDisruptionBudget('redis-pdb', {
+      spec: {
+        minAvailable: 1,
+        selector: deployment.spec.selector,
+      },
+    });
+
     const service = deployment.createService({});
 
     return { deployment, service, port: PORT };

deployment/utils/remote-artifact-as-service.ts

@@ -27,6 +27,7 @@ export class RemoteArtifactAsServiceDeployment {
        */
       exposesMetrics?: boolean;
       replicas?: number;
+      pdb?: boolean;
       autoScaling?: {
         minReplicas?: number;
         maxReplicas: number;
@@ -221,6 +222,16 @@ export class RemoteArtifactAsServiceDeployment {
         parent: this.parent ?? undefined,
       }
     );
+
+    if (this.options.pdb) {
+      new k8s.policy.v1.PodDisruptionBudget(`${this.name}-pdb`, {
+        spec: {
+          minAvailable: 1,
+          selector: deployment.spec.selector,
+        },
+      });
+    }
+
     const service = deployment.createService({});
 
     if (this.options.autoScaling) {
@@ -248,8 +259,8 @@ export class RemoteArtifactAsServiceDeployment {
                 },
               },
             ],
-            maxReplicas: this.options.autoScaling.maxReplicas,
             minReplicas: this.options.autoScaling.minReplicas || this.options.replicas || 1,
+            maxReplicas: this.options.autoScaling.maxReplicas,
           },
         },
         {

deployment/utils/reverse-proxy.ts

@@ -183,6 +183,22 @@ export class Proxy {
 
     this.lbService = proxyController.getResource('v1/Service', 'contour/contour-proxy-envoy');
 
+    const contourDeployment = proxyController.getResource('apps/v1/Deployment', 'contour/contour-proxy-contour');
+    new k8s.policy.v1.PodDisruptionBudget('contour-pdb', {
+      spec: {
+        minAvailable: 1,
+        selector: contourDeployment.spec.selector,
+      },
+    });
+
+    const envoyDaemonset = proxyController.getResource('apps/v1/ReplicaSet', 'contour/contour-proxy-envoy');
+    new k8s.policy.v1.PodDisruptionBudget('envoy-pdb', {
+      spec: {
+        minAvailable: 1,
+        selector: envoyDaemonset.spec.selector,
+      },
+    });
+
     new k8s.apiextensions.CustomResource(
       'secret-delegation',
       {

tsconfig.eslint.json

@@ -1,5 +1,5 @@
 {
   "extends": "./tsconfig.json",
-  "include": ["packages", "integration-tests", ".eslintrc.cjs"],
+  "include": ["deployment", "packages", "integration-tests", ".eslintrc.cjs"],
   "exclude": ["**/node_modules/**", "**/dist", "**/temp", "**/tmp"]
 }