[LFXV2-1166] Add pod disruption budget support

[bramwelt]

Summary

• Add podDisruptionBudget values to Helm chart (disabled by default)
• Create PodDisruptionBudget template supporting minAvailable and maxUnavailable

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 16ee5e3a-24f5-484b-b485-44c5529cf587

📥 Commits

Reviewing files that changed from the base of the PR and between 999f7ba and 3098018.

📒 Files selected for processing (2)

• charts/lfx-v2-auth-service/templates/pdb.yaml
• charts/lfx-v2-auth-service/values.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• charts/lfx-v2-auth-service/templates/pdb.yaml

---

Walkthrough

Adds PodDisruptionBudget support to the LFX v2 auth service Helm chart: a new conditional template renders a policy/v1 PodDisruptionBudget when values.podDisruptionBudget.enabled is true, with optional minAvailable or maxUnavailable (mutually exclusive) and selector/metadata populated from the chart/release.

Changes

Cohort / File(s)	Summary
PodDisruptionBudget Template charts/lfx-v2-auth-service/templates/pdb.yaml	New Helm template that conditionally creates a policy/v1 PodDisruptionBudget. Populates metadata.name and metadata.namespace from the chart/release, sets spec.selector.matchLabels.app to the chart name, includes minAvailable or maxUnavailable only if present, and errors if both are set.
Helm Configuration charts/lfx-v2-auth-service/values.yaml	Adds podDisruptionBudget block with enabled: false and placeholders/commented examples for minAvailable and maxUnavailable to guide configuration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding pod disruption budget support to the Helm chart, which is the primary focus of the changeset.
Description check	✅ Passed	The description is directly related to the changeset, detailing the addition of podDisruptionBudget values and the PodDisruptionBudget template supporting minAvailable and maxUnavailable configurations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch tbramwell/LFXV2-1166-pod-disruption-budget

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds optional PodDisruptionBudget (PDB) support to the lfx-v2-auth-service Helm chart to control voluntary disruptions for the auth-service pods.

Changes:

• Introduces podDisruptionBudget configuration in values.yaml (disabled by default).
• Adds a new PodDisruptionBudget manifest template supporting minAvailable / maxUnavailable.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
charts/lfx-v2-auth-service/values.yaml	Adds values for enabling/configuring a PDB.
charts/lfx-v2-auth-service/templates/pdb.yaml	New PDB template gated by podDisruptionBudget.enabled.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

PodDisruptionBudget requires exactly one of spec.minAvailable or spec.maxUnavailable. As written, enabling the PDB without setting either value will render an invalid manifest, and setting both will also be rejected by the Kubernetes API. Consider adding a Helm validation (e.g., fail) to enforce “one of” semantics, and render the field(s) based on key presence rather than with so explicit 0 values don’t get dropped.

[Copilot]

The values comments don’t indicate that exactly one of minAvailable or maxUnavailable must be set when podDisruptionBudget.enabled=true. Adding a short note here would help prevent users from enabling the feature and getting an invalid PDB rendered.

Suggested change

	enabled: false
	enabled: false
	# Exactly one of minAvailable or maxUnavailable must be set when enabled is true.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

charts/lfx-v2-auth-service/values.yaml (1)

7-10: Document minAvailable vs maxUnavailable as mutually exclusive.

A short inline note here would prevent invalid PDB configurations from being set in user overrides.

Suggested values comment tweak

 podDisruptionBudget:
   enabled: false
+  # Set exactly one of the following fields:
   # minAvailable: 1
   # maxUnavailable: 1

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@charts/lfx-v2-auth-service/values.yaml` around lines 7 - 10, Add a short
inline comment under podDisruptionBudget in values.yaml documenting that
minAvailable and maxUnavailable are mutually exclusive and only one should be
set in overrides (include guidance to prefer one over the other or leave both
commented to use the chart default), referencing the exact keys minAvailable and
maxUnavailable so users cannot accidentally provide both; keep the note concise
and colocated with the existing commented example lines.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/lfx-v2-auth-service/templates/pdb.yaml`:
- Around line 14-19: Replace the current `with` blocks with presence checks that
treat 0 as a valid value and ensure mutual exclusivity: use `hasKey` (or
equivalent presence test) against `.Values.podDisruptionBudget` to render
`minAvailable` only if `hasKey .Values.podDisruptionBudget "minAvailable"` and
otherwise render `maxUnavailable` only if `hasKey .Values.podDisruptionBudget
"maxUnavailable"`, i.e. implement an if / else-if around those keys so you never
render both fields and zero values are emitted correctly.

---

Nitpick comments:
In `@charts/lfx-v2-auth-service/values.yaml`:
- Around line 7-10: Add a short inline comment under podDisruptionBudget in
values.yaml documenting that minAvailable and maxUnavailable are mutually
exclusive and only one should be set in overrides (include guidance to prefer
one over the other or leave both commented to use the chart default),
referencing the exact keys minAvailable and maxUnavailable so users cannot
accidentally provide both; keep the note concise and colocated with the existing
commented example lines.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bb43b6ea-a9e0-44a2-9534-796eaef43585

📥 Commits

Reviewing files that changed from the base of the PR and between 9374f25 and 999f7ba.

📒 Files selected for processing (2)

• charts/lfx-v2-auth-service/templates/pdb.yaml
• charts/lfx-v2-auth-service/values.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In Kubernetes policy/v1 PodDisruptionBudget, are minAvailableandmaxUnavailable mutually exclusive, and is at least one of them required?

💡 Result:

Yes—minAvailable and maxUnavailable are mutually exclusive in a policy/v1 PodDisruptionBudget; you can set only one of them. [1][2]

Is at least one required?
They are not strictly required by the API schema (both fields are optional), but a PDB is only meaningful if you set one or the other; older kubectl behavior even defaulted minAvailable: 1 when neither was specified (Kubernetes v1.8 and earlier). [1][3]

Sources
[1] Kubernetes docs – Specifying a Disruption Budget for your Application (PDB has fields; only one of minAvailable/maxUnavailable; historical default note)
[2] Kubernetes API reference – PodDisruptionBudgetSpec.maxUnavailable (“mutually exclusive with minAvailable”)
[3] Older Kubernetes task doc mirror noting kubectl defaulting minAvailable when neither field set (v1.8 and earlier)

---

🏁 Script executed:

cd /tmp && find . -name "pdb.yaml" -type f 2>/dev/null | head -20

Repository: linuxfoundation/lfx-v2-auth-service

Length of output: 61

---

🏁 Script executed:

find . -path "*lfx-v2-auth-service*" -name "pdb.yaml" -type f 2>/dev/null

Repository: linuxfoundation/lfx-v2-auth-service

Length of output: 126

---

🏁 Script executed:

git ls-files | grep -i "pdb.yaml"

Repository: linuxfoundation/lfx-v2-auth-service

Length of output: 124

---

🏁 Script executed:

cat -n charts/lfx-v2-auth-service/templates/pdb.yaml

Repository: linuxfoundation/lfx-v2-auth-service

Length of output: 746

---

Guard PDB field rendering to avoid invalid specs.

Lines 14–19 use with, which treats 0 as empty and won't render. The current logic can emit both minAvailable and maxUnavailable fields (or neither) when enabled, which violates Kubernetes' policy/v1 PodDisruptionBudget spec that requires these fields to be mutually exclusive and at least one to be present.

Proposed Helm guard + rendering fix

 {{- if .Values.podDisruptionBudget.enabled }}
+{{- $pdb := .Values.podDisruptionBudget }}
+{{- $hasMin := hasKey $pdb "minAvailable" }}
+{{- $hasMax := hasKey $pdb "maxUnavailable" }}
+{{- if and $hasMin $hasMax }}
+{{- fail "Set only one of podDisruptionBudget.minAvailable or podDisruptionBudget.maxUnavailable" }}
+{{- end }}
+{{- if not (or $hasMin $hasMax) }}
+{{- fail "Set one of podDisruptionBudget.minAvailable or podDisruptionBudget.maxUnavailable when podDisruptionBudget.enabled=true" }}
+{{- end }}
 ---
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ .Chart.Name }}
   namespace: {{ .Release.Namespace }}
 spec:
   selector:
     matchLabels:
       app: {{ .Chart.Name }}
-  {{- with .Values.podDisruptionBudget.minAvailable }}
-  minAvailable: {{ . }}
-  {{- end }}
-  {{- with .Values.podDisruptionBudget.maxUnavailable }}
-  maxUnavailable: {{ . }}
-  {{- end }}
+  {{- if $hasMin }}
+  minAvailable: {{ $pdb.minAvailable }}
+  {{- end }}
+  {{- if $hasMax }}
+  maxUnavailable: {{ $pdb.maxUnavailable }}
+  {{- end }}
 {{- end }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- with .Values.podDisruptionBudget.minAvailable }}
	minAvailable: {{ . }}
	{{- end }}
	{{- with .Values.podDisruptionBudget.maxUnavailable }}
	maxUnavailable: {{ . }}
	{{- end }}
	{{- if .Values.podDisruptionBudget.enabled }}
	{{- $pdb := .Values.podDisruptionBudget }}
	{{- $hasMin := hasKey $pdb "minAvailable" }}
	{{- $hasMax := hasKey $pdb "maxUnavailable" }}
	{{- if and $hasMin $hasMax }}
	{{- fail "Set only one of podDisruptionBudget.minAvailable or podDisruptionBudget.maxUnavailable" }}
	{{- end }}
	{{- if not (or $hasMin $hasMax) }}
	{{- fail "Set one of podDisruptionBudget.minAvailable or podDisruptionBudget.maxUnavailable when podDisruptionBudget.enabled=true" }}
	{{- end }}
	---
	apiVersion: policy/v1
	kind: PodDisruptionBudget
	metadata:
	name: {{ .Chart.Name }}
	namespace: {{ .Release.Namespace }}
	spec:
	selector:
	matchLabels:
	app: {{ .Chart.Name }}
	{{- if $hasMin }}
	minAvailable: {{ $pdb.minAvailable }}
	{{- end }}
	{{- if $hasMax }}
	maxUnavailable: {{ $pdb.maxUnavailable }}
	{{- end }}
	{{- end }}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@charts/lfx-v2-auth-service/templates/pdb.yaml` around lines 14 - 19, Replace
the current `with` blocks with presence checks that treat 0 as a valid value and
ensure mutual exclusivity: use `hasKey` (or equivalent presence test) against
`.Values.podDisruptionBudget` to render `minAvailable` only if `hasKey
.Values.podDisruptionBudget "minAvailable"` and otherwise render
`maxUnavailable` only if `hasKey .Values.podDisruptionBudget "maxUnavailable"`,
i.e. implement an if / else-if around those keys so you never render both fields
and zero values are emitted correctly.

[asithade]

LGTM