feat: add PodDisruptionBudget support for Karmada control plane components

Signed-off-by: baiyutang <[email protected]>

Author: baiyutang

charts/karmada-operator/templates/karmada-operator-clusterrole.yaml

@@ -28,5 +28,8 @@ rules:
   - apiGroups: ["apps"]
     resources: ["statefulsets", "deployments"] # to manage statefulsets, e.g. etcd, and deployments, e.g. karmada-operator
     verbs: ["get", "create", "update", "delete"]
+  - apiGroups: ["policy"]
+    resources: ["poddisruptionbudgets"] # to manage pod disruption budgets for karmada components
+    verbs: ["get", "create", "update", "delete"]
   - nonResourceURLs: ["/healthz"] # used to check whether the karmada apiserver is health
     verbs: ["get"]

operator/config/deploy/karmada-operator-clusterrole.yaml

@@ -29,5 +29,8 @@ rules:
   - apiGroups: ["apps"]
     resources: ["statefulsets", "deployments"] # to manage statefulsets, e.g. etcd, and deployments, e.g. karmada-operator
     verbs: ["get", "create", "update", "delete"]
+  - apiGroups: ["policy"]
+    resources: ["poddisruptionbudgets"] # to manage pod disruption budgets for karmada components
+    verbs: ["get", "create", "update", "delete"]
   - nonResourceURLs: ["/healthz"] # used to check whether the karmada apiserver is health
     verbs: ["get"]

operator/pkg/controlplane/apiserver/apiserver.go

@@ -1,6 +1,8 @@
 /*
 Copyright 2023 The Karmada Authors.
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
@@ -17,17 +19,21 @@ limitations under the License.
 package apiserver
 
 import (
+	"context"
 	"fmt"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	kuberuntime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	clientset "k8s.io/client-go/kubernetes"
 	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 
 	operatorv1alpha1 "github.com/karmada-io/karmada/operator/pkg/apis/operator/v1alpha1"
 	"github.com/karmada-io/karmada/operator/pkg/controlplane/etcd"
+	"github.com/karmada-io/karmada/operator/pkg/controlplane/pdb"
 	"github.com/karmada-io/karmada/operator/pkg/util"
 	"github.com/karmada-io/karmada/operator/pkg/util/apiclient"
 	"github.com/karmada-io/karmada/operator/pkg/util/patcher"
@@ -87,6 +93,18 @@ func installKarmadaAPIServer(client clientset.Interface, cfg *operatorv1alpha1.K
 	if err := apiclient.CreateOrUpdateDeployment(client, apiserverDeployment); err != nil {
 		return fmt.Errorf("error when creating deployment for %s, err: %w", apiserverDeployment.Name, err)
 	}
+
+	// Fetch persisted Deployment to get real UID
+	persisted, err := client.AppsV1().Deployments(namespace).Get(context.TODO(), apiserverDeployment.GetName(), metav1.GetOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to fetch Deployment %s/%s for PDB owner, err: %w", namespace, apiserverDeployment.GetName(), err)
+	}
+	gvk := schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "Deployment"}
+	ownerRef := *metav1.NewControllerRef(persisted, gvk)
+	if err := pdb.EnsurePodDisruptionBudget(client, util.KarmadaAPIServerName(name), namespace, cfg.CommonSettings.PodDisruptionBudgetConfig, apiserverDeployment.Spec.Template.Labels, []metav1.OwnerReference{ownerRef}); err != nil {
+		return fmt.Errorf("failed to ensure PDB for apiserver component %s, err: %w", util.KarmadaAPIServerName(name), err)
+	}
+
 	return nil
 }
 
@@ -158,6 +176,18 @@ func installKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operator
 	if err := apiclient.CreateOrUpdateDeployment(client, aggregatedAPIServerDeployment); err != nil {
 		return fmt.Errorf("error when creating deployment for %s, err: %w", aggregatedAPIServerDeployment.Name, err)
 	}
+
+	// Fetch persisted Deployment to get real UID
+	persistedAgg, err := client.AppsV1().Deployments(namespace).Get(context.TODO(), aggregatedAPIServerDeployment.GetName(), metav1.GetOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to fetch Deployment %s/%s for PDB owner, err: %w", namespace, aggregatedAPIServerDeployment.GetName(), err)
+	}
+	gvk2 := schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "Deployment"}
+	ownerRef2 := *metav1.NewControllerRef(persistedAgg, gvk2)
+	if err := pdb.EnsurePodDisruptionBudget(client, util.KarmadaAggregatedAPIServerName(name), namespace, cfg.CommonSettings.PodDisruptionBudgetConfig, aggregatedAPIServerDeployment.Spec.Template.Labels, []metav1.OwnerReference{ownerRef2}); err != nil {
+		return fmt.Errorf("failed to ensure PDB for aggregated apiserver component %s, err: %w", util.KarmadaAggregatedAPIServerName(name), err)
+	}
+
 	return nil
 }
 

operator/pkg/controlplane/apiserver/apiserver_test.go

@@ -67,8 +67,35 @@ func TestEnsureKarmadaAPIServer(t *testing.T) {
 	}
 
 	actions := fakeClient.Actions()
-	if len(actions) != 2 {
-		t.Fatalf("expected 2 actions, but got %d", len(actions))
+	// We now create deployment, service, and PDB, so expect 3 actions
+	if len(actions) != 3 {
+		t.Fatalf("expected 3 actions, but got %d", len(actions))
+	}
+
+	// Check that we have deployment, service, and PDB
+	deploymentCount := 0
+	serviceCount := 0
+	pdbCount := 0
+	for _, action := range actions {
+		if action.GetResource().Resource == "deployments" {
+			deploymentCount++
+		} else if action.GetResource().Resource == "services" {
+			serviceCount++
+		} else if action.GetResource().Resource == "poddisruptionbudgets" {
+			pdbCount++
+		}
+	}
+
+	if deploymentCount != 1 {
+		t.Errorf("expected 1 deployment action, but got %d", deploymentCount)
+	}
+
+	if serviceCount != 1 {
+		t.Errorf("expected 1 service action, but got %d", serviceCount)
+	}
+
+	if pdbCount != 1 {
+		t.Errorf("expected 1 PDB action, but got %d", pdbCount)
 	}
 }
 
@@ -108,8 +135,35 @@ func TestEnsureKarmadaAggregatedAPIServer(t *testing.T) {
 	}
 
 	actions := fakeClient.Actions()
-	if len(actions) != 2 {
-		t.Fatalf("expected 2 actions, but got %d", len(actions))
+	// We now create deployment, service, and PDB, so expect 3 actions
+	if len(actions) != 3 {
+		t.Fatalf("expected 3 actions, but got %d", len(actions))
+	}
+
+	// Check that we have deployment, service, and PDB
+	deploymentCount := 0
+	serviceCount := 0
+	pdbCount := 0
+	for _, action := range actions {
+		if action.GetResource().Resource == "deployments" {
+			deploymentCount++
+		} else if action.GetResource().Resource == "services" {
+			serviceCount++
+		} else if action.GetResource().Resource == "poddisruptionbudgets" {
+			pdbCount++
+		}
+	}
+
+	if deploymentCount != 1 {
+		t.Errorf("expected 1 deployment action, but got %d", deploymentCount)
+	}
+
+	if serviceCount != 1 {
+		t.Errorf("expected 1 service action, but got %d", serviceCount)
+	}
+
+	if pdbCount != 1 {
+		t.Errorf("expected 1 PDB action, but got %d", pdbCount)
 	}
 }
 
@@ -152,9 +206,14 @@ func TestInstallKarmadaAPIServer(t *testing.T) {
 		t.Fatalf("expected no error, but got: %v", err)
 	}
 
-	deployment, err := verifyDeploymentCreation(fakeClient, &replicas, imagePullPolicy, cfg.ExtraArgs, name, namespace, image, util.KarmadaAPIServerName(name), priorityClassName)
+	deployment, err := verifyDeploymentCreation(fakeClient)
 	if err != nil {
-		t.Fatalf("failed to verify karmada apiserver correct deployment creation correct details: %v", err)
+		t.Fatalf("failed to verify karmada apiserver deployment creation: %v", err)
+	}
+
+	// Verify deployment details using the existing function
+	if err := verifyDeploymentDetails(deployment, &replicas, imagePullPolicy, cfg.ExtraArgs, name, namespace, image, util.KarmadaAPIServerName(name), priorityClassName); err != nil {
+		t.Fatalf("failed to verify deployment details: %v", err)
 	}
 
 	err = verifyAPIServerDeploymentAdditionalDetails(deployment, name, serviceSubnet)
@@ -248,9 +307,9 @@ func TestInstallKarmadaAggregatedAPIServer(t *testing.T) {
 		t.Fatalf("Failed to install Karmada Aggregated API Server: %v", err)
 	}
 
-	deployment, err := verifyDeploymentCreation(fakeClient, &replicas, imagePullPolicy, cfg.ExtraArgs, name, namespace, image, util.KarmadaAggregatedAPIServerName(name), priorityClassName)
+	deployment, err := verifyDeploymentCreation(fakeClient)
 	if err != nil {
-		t.Fatalf("failed to verify karmada aggregated apiserver deployment creation correct details: %v", err)
+		t.Fatalf("failed to verify karmada aggregated apiserver deployment creation: %v", err)
 	}
 
 	err = verifyAggregatedAPIServerDeploymentAdditionalDetails(featureGates, deployment, name)
@@ -315,29 +374,32 @@ func contains(slice []string, item string) bool {
 // based on the given parameters. It ensures that the deployment has the correct
 // number of replicas, image pull policy, extra arguments, and labels, as well
 // as the correct image for the Karmada API server.
-func verifyDeploymentCreation(client *fakeclientset.Clientset, replicas *int32, imagePullPolicy corev1.PullPolicy, extraArgs map[string]string, name, namespace, image, expectedDeploymentName, priorityClassName string) (*appsv1.Deployment, error) {
-	// Assert that a Deployment was created.
+func verifyDeploymentCreation(client *fakeclientset.Clientset) (*appsv1.Deployment, error) {
+	// Assert that a Deployment and PDB were created.
 	actions := client.Actions()
-	if len(actions) != 1 {
-		return nil, fmt.Errorf("expected exactly 1 action either create or update, but got %d actions", len(actions))
-	}
-
-	// Check that the action was a Deployment creation.
-	createAction, ok := actions[0].(coretesting.CreateAction)
-	if !ok {
-		return nil, fmt.Errorf("expected a CreateAction, but got %T", actions[0])
+	// We now create both deployment and PDB, so expect 2 actions
+	if len(actions) != 2 {
+		return nil, fmt.Errorf("expected exactly 2 actions (deployment + PDB), but got %d actions", len(actions))
+	}
+
+	// Find the deployment action
+	var deployment *appsv1.Deployment
+	for _, action := range actions {
+		if action.GetResource().Resource == "deployments" {
+			createAction, ok := action.(coretesting.CreateAction)
+			if !ok {
+				return nil, fmt.Errorf("expected a CreateAction for deployment, but got %T", action)
+			}
+			deployment = createAction.GetObject().(*appsv1.Deployment)
+			break
+		}
 	}
 
-	// Check that the action was performed on the correct resource.
-	if createAction.GetResource().Resource != "deployments" {
-		return nil, fmt.Errorf("expected action on 'deployments', but got '%s'", createAction.GetResource().Resource)
+	if deployment == nil {
+		return nil, fmt.Errorf("expected deployment action, but none found")
 	}
 
-	deployment := createAction.GetObject().(*appsv1.Deployment)
-	err := verifyDeploymentDetails(deployment, replicas, imagePullPolicy, extraArgs, name, namespace, image, expectedDeploymentName, priorityClassName)
-	if err != nil {
-		return nil, err
-	}
+	// Don't validate details here, let the caller do it
 
 	return deployment, nil
 }

operator/pkg/controlplane/controlplane.go

@@ -1,7 +1,7 @@
 /*
 Copyright 2023 The Karmada Authors.
 
-Licensed under the Apache License, Version 2.0 (the "License");
+
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
@@ -17,16 +17,20 @@ limitations under the License.
 package controlplane
 
 import (
+	"context"
 	"fmt"
 
 	appsv1 "k8s.io/api/apps/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kuberuntime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	clientset "k8s.io/client-go/kubernetes"
 	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/klog/v2"
 
 	operatorv1alpha1 "github.com/karmada-io/karmada/operator/pkg/apis/operator/v1alpha1"
 	"github.com/karmada-io/karmada/operator/pkg/constants"
+	"github.com/karmada-io/karmada/operator/pkg/controlplane/pdb"
 	"github.com/karmada-io/karmada/operator/pkg/util"
 	"github.com/karmada-io/karmada/operator/pkg/util/apiclient"
 	"github.com/karmada-io/karmada/operator/pkg/util/patcher"
@@ -48,6 +52,50 @@ func EnsureControlPlaneComponent(component, name, namespace string, featureGates
 	if err := apiclient.CreateOrUpdateDeployment(client, deployment); err != nil {
 		return fmt.Errorf("failed to create deployment resource for component %s, err: %w", component, err)
 	}
+
+	// Ensure PDB for the component if configured
+	// Map PascalCase component constants to naming functions for PDB
+	var (
+		commonSettings *operatorv1alpha1.CommonSettings
+		pdbName        string
+	)
+	switch component {
+	case constants.KarmadaControllerManagerComponent:
+		if cfg.KarmadaControllerManager != nil {
+			commonSettings = &cfg.KarmadaControllerManager.CommonSettings
+			pdbName = util.KarmadaControllerManagerName(name)
+		}
+	case constants.KubeControllerManagerComponent:
+		if cfg.KubeControllerManager != nil {
+			commonSettings = &cfg.KubeControllerManager.CommonSettings
+			pdbName = util.KubeControllerManagerName(name)
+		}
+	case constants.KarmadaSchedulerComponent:
+		if cfg.KarmadaScheduler != nil {
+			commonSettings = &cfg.KarmadaScheduler.CommonSettings
+			pdbName = util.KarmadaSchedulerName(name)
+		}
+	case constants.KarmadaDeschedulerComponent:
+		if cfg.KarmadaDescheduler != nil {
+			commonSettings = &cfg.KarmadaDescheduler.CommonSettings
+			pdbName = util.KarmadaDeschedulerName(name)
+		}
+	}
+
+	if commonSettings != nil {
+		// Fetch the persisted Deployment to ensure UID is populated
+		persisted, err := client.AppsV1().Deployments(namespace).Get(context.TODO(), deployment.GetName(), metav1.GetOptions{})
+		if err != nil {
+			return fmt.Errorf("failed to fetch Deployment %s/%s for PDB owner, err: %w", namespace, deployment.GetName(), err)
+		}
+		// Build OwnerReference for controller with real UID
+		gvk := schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "Deployment"}
+		ownerRef := *metav1.NewControllerRef(persisted, gvk)
+		if err := pdb.EnsurePodDisruptionBudget(client, pdbName, namespace, commonSettings.PodDisruptionBudgetConfig, deployment.Spec.Template.Labels, []metav1.OwnerReference{ownerRef}); err != nil {
+			return fmt.Errorf("failed to ensure PDB for component %s (instance: %s), err: %w", component, pdbName, err)
+		}
+	}
+
 	return nil
 }
 

operator/pkg/controlplane/controlplane_test.go

@@ -20,7 +20,6 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	fakeclientset "k8s.io/client-go/kubernetes/fake"
-	coretesting "k8s.io/client-go/testing"
 	"k8s.io/utils/ptr"
 
 	operatorv1alpha1 "github.com/karmada-io/karmada/operator/pkg/apis/operator/v1alpha1"
@@ -111,19 +110,29 @@ func TestEnsureAllControlPlaneComponents(t *testing.T) {
 	}
 
 	actions := fakeClient.Actions()
-	if len(actions) != len(components) {
-		t.Fatalf("expected %d actions, but got %d", len(components), len(actions))
+	// We now create both deployments and PDBs, so expect 2 actions per component
+	expectedActions := len(components) * 2
+	if len(actions) != expectedActions {
+		t.Fatalf("expected %d actions, but got %d", expectedActions, len(actions))
 	}
 
+	// Check that we have both deployments and PDBs
+	deploymentCount := 0
+	pdbCount := 0
 	for _, action := range actions {
-		createAction, ok := action.(coretesting.CreateAction)
-		if !ok {
-			t.Errorf("expected CreateAction, but got %T", action)
+		if action.GetResource().Resource == "deployments" {
+			deploymentCount++
+		} else if action.GetResource().Resource == "poddisruptionbudgets" {
+			pdbCount++
 		}
+	}
 
-		if createAction.GetResource().Resource != "deployments" {
-			t.Errorf("expected action on 'deployments', but got '%s'", createAction.GetResource().Resource)
-		}
+	if deploymentCount != len(components) {
+		t.Errorf("expected %d deployment actions, but got %d", len(components), deploymentCount)
+	}
+
+	if pdbCount != len(components) {
+		t.Errorf("expected %d PDB actions, but got %d", len(components), pdbCount)
 	}
 }