From fd625c819728e76fbe1480eb0b7e2b5561006eba Mon Sep 17 00:00:00 2001
From: MM53 <28218664+MM53@users.noreply.github.com>
Date: Wed, 28 Aug 2024 17:25:46 +0200
Subject: [PATCH 1/3] Add helm template for PodDisruptionBudget of controller
 Deployment

---
 chart/templates/poddisruptionbudget.yaml | 26 ++++++++++++++++++++++++
 chart/values.yaml                        | 17 ++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 chart/templates/poddisruptionbudget.yaml

diff --git a/chart/templates/poddisruptionbudget.yaml b/chart/templates/poddisruptionbudget.yaml
new file mode 100644
index 00000000..1fe8b8b7
--- /dev/null
+++ b/chart/templates/poddisruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{/*
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+*/}}
+
+{{- if and (gt (int .Values.controller.replicas) 1) .Values.controller.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "vso.chart.fullname" . }}
+  labels:
+    app.kubernetes.io/component: controller-manager
+    control-plane: controller-manager
+    {{- include "vso.chart.labels" . | nindent 4 }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  {{- if (gt (int .Values.controller.podDisruptionBudget.maxUnavailable) 0) }}
+  maxUnavailable: {{ .Values.controller.podDisruptionBudget.maxUnavailable }}
+  {{- end }}
+  {{- if (gt (int .Values.controller.podDisruptionBudget.minAvailable) 0) }}
+  minAvailable: {{ .Values.controller.podDisruptionBudget.minAvailable }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "vso.chart.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 7623176e..93da7bd4 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -66,6 +66,23 @@ controller:
   #           - antarctica-west1
   affinity: {}
 
+  # Configure the PodDisruptionBudget for the controller deployment.
+  podDisruptionBudget:
+
+    # toggles the deployment of the PodDisruptionBudget for the controller.
+    # @type: boolean
+    enabled: false
+
+    # Sets the maximum number of pods that can be unavailable during the eviction.
+    # This field cannot be set if minAvailable is set.
+    # @type: integer
+    maxUnavailable: 0
+
+    # Sets the numer of pods that must be available during the eviction.
+    # This field cannot be set if maxUnavailable is set.
+    # @type: integer
+    minAvailable: 1
+
   rbac:
     # clusterRoleAggregation defines the roles included in the aggregated ClusterRole.
     clusterRoleAggregation:

From 9fd8504c9b446acf3de70aaab2b9bc15238eec57 Mon Sep 17 00:00:00 2001
From: MM53 <28218664+MM53@users.noreply.github.com>
Date: Wed, 28 Aug 2024 17:26:06 +0200
Subject: [PATCH 2/3] Add values to configure topologySpreadConstraints of
 controller Deployment

---
 chart/templates/_helpers.tpl    | 14 ++++++++++++++
 chart/templates/deployment.yaml |  4 ++++
 chart/values.yaml               | 11 +++++++++++
 3 files changed, 29 insertions(+)

diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index 11efbce8..0bf04794 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -334,3 +334,17 @@ vaultAuthGlobalRef generates the default VaultAuth spec.vaultAuthGlobalRef.
 {{- $ret | toYaml | nindent 4 -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+topologySpreadConstraints appends the "vso.chart.selectorLabels" to .Values.controller.topologySpreadConstraints if no labelSelector was specified
+*/}}
+{{- define "vso.topologySpreadConstraints" -}}
+{{- $defaultLabelSelector := dict "labelSelector" (dict "matchLabels" (include "vso.chart.selectorLabels" . | fromYaml)) -}}
+{{- range $topologySpreadConstraint := .Values.controller.topologySpreadConstraints -}}
+{{- if hasKey $topologySpreadConstraint "labelSelector" -}}
+{{- $topologySpreadConstraint | list | toYaml -}}
+{{- else -}}
+{{- merge $topologySpreadConstraint $defaultLabelSelector | list | toYaml -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
index 3489ea49..78c5952b 100644
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -152,6 +152,10 @@ spec:
       affinity:
       {{- toYaml .Values.controller.affinity | nindent 8 }}
       {{- end }}
+      {{- if .Values.controller.topologySpreadConstraints }}
+      topologySpreadConstraints:
+      {{- include "vso.topologySpreadConstraints" . | nindent 8 }}
+      {{- end }}
       volumes:
       - downwardAPI:
           items:
diff --git a/chart/values.yaml b/chart/values.yaml
index 93da7bd4..0334f3b1 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -66,6 +66,17 @@ controller:
   #           - antarctica-west1
   affinity: {}
 
+  # TopologySpreadConstraints settings for vault-secrets-operator pod.
+  # The value is an array of PodSpec TopologySpreadConstraint maps.
+  # A labelSelector for the pods will be added automatically to the template in case it is not set.
+  # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  # Example:
+  # topologySpreadConstraints:
+  # - maxSkew: 1
+  #   topologyKey: zone
+  #   whenUnsatisfiable: DoNotSchedule
+  topologySpreadConstraints: []
+
   # Configure the PodDisruptionBudget for the controller deployment.
   podDisruptionBudget:
 

From be653f93743c867abf7b8293aa01fb9818b137b8 Mon Sep 17 00:00:00 2001
From: MM53 <28218664+MM53@users.noreply.github.com>
Date: Thu, 29 Aug 2024 09:47:59 +0200
Subject: [PATCH 3/3] Add value for priorityClassName

---
 chart/templates/deployment.yaml        | 6 ++++++
 chart/templates/hook-upgrade-crds.yaml | 3 +++
 chart/values.yaml                      | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
index 78c5952b..d33e6a76 100644
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -132,6 +132,9 @@ spec:
         volumeMounts:
         - mountPath: /var/run/podinfo
           name: podinfo
+      {{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+      {{- end }}
       securityContext:
         {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
       serviceAccountName: {{ include "vso.chart.fullname" . }}-controller-manager
@@ -215,6 +218,9 @@ spec:
         securityContext:
         {{- toYaml .| nindent 10 }}
         {{- end}}
+      {{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+      {{- end }}
       restartPolicy: Never
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:
diff --git a/chart/templates/hook-upgrade-crds.yaml b/chart/templates/hook-upgrade-crds.yaml
index 3f5b3b13..699806e7 100644
--- a/chart/templates/hook-upgrade-crds.yaml
+++ b/chart/templates/hook-upgrade-crds.yaml
@@ -106,6 +106,9 @@ spec:
         securityContext:
         {{- toYaml .| nindent 10 }}
         {{- end}}
+      {{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+      {{- end }}
       restartPolicy: Never
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:
diff --git a/chart/values.yaml b/chart/values.yaml
index 0334f3b1..42e4301b 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -8,6 +8,10 @@ controller:
   # @type: integer
   replicas: 1
 
+  # Set the priority class for the operator.
+  # @type: string
+  priorityClassName: ""
+
   # Configure update strategy for multi-replica deployments.
   # Kubernetes supports types Recreate, and RollingUpdate
   # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy