diff --git a/filebeat/README.md b/filebeat/README.md index 71189704a..782c489f7 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -108,6 +108,7 @@ as a reference. They are also used in the automated testing of this chart. | `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat DaemonSet | `[]` | | `daemonset.hostNetworking` | Enable filebeat DaemonSet to use `hostNetwork` | `false` | | `daemonset.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | | `daemonset.nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | | `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | | `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment | see [values.yaml][] | @@ -258,6 +259,7 @@ about our development and testing process. [kafka output]: https://www.elastic.co/guide/en/beats/filebeat/7.x/kafka-output.html [kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ [labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget [nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector [podSecurityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ [priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index 923e90e3f..2989e36c2 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -30,6 +30,10 @@ spec: app: "{{ template "filebeat.fullname" . }}" release: {{ .Release.Name | quote }} updateStrategy: + {{- if eq .Values.updateStrategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.daemonset.maxUnavailable }} + {{- end }} type: {{ .Values.updateStrategy }} template: metadata: diff --git a/filebeat/tests/filebeat_test.py b/filebeat/tests/filebeat_test.py index 9460e8ec6..0a1c100dc 100644 --- a/filebeat/tests/filebeat_test.py +++ b/filebeat/tests/filebeat_test.py @@ -51,6 +51,13 @@ def test_defaults(): assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "RollingUpdate" + assert ( + r["daemonset"][name]["spec"]["updateStrategy"]["rollingUpdate"][ + "maxUnavailable" + ] + == 1 + ) + assert ( r["daemonset"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name ) @@ -404,7 +411,21 @@ def test_adding_deprecated_tolerations(): def test_override_the_default_update_strategy(): config = """ -updateStrategy: OnDelete + daemonset: + maxUnavailable: 2 +""" + + r = helm_template(config) + assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "RollingUpdate" + assert ( + r["daemonset"][name]["spec"]["updateStrategy"]["rollingUpdate"][ + "maxUnavailable" + ] + == 2 + ) + + config = """ + updateStrategy: OnDelete """ r = helm_template(config) diff --git a/filebeat/values.yaml b/filebeat/values.yaml index f8de289bc..e1ee3e416 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -40,6 +40,8 @@ daemonset: output.elasticsearch: host: '${NODE_NAME}' hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + # Only used when updateStrategy is set to "RollingUpdate" + maxUnavailable: 1 nodeSelector: {} # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security other sensitive values