The Karydia Helm chart hard-codes 1 replica. As it registers webhooks that trigger for pods on CREATE/UPDATE operations, once the single Karydia pod is deleted, the system can never recover itself automatically.
Webhooks on CREATE/UPDATE for pods is dangerous in general if the server runs inside the cluster itself. So, what you should at least do is deploy the webhook server in high-availability mode (>= 3 replicas with pod anti-affinity) and with pod disruption budgets to ensure that at least one server is always reachable (to allow recreating the others).
Description
The Karydia Helm chart hard-codes
1
replica. As it registers webhooks that trigger forpods
onCREATE
/UPDATE
operations, once the single Karydia pod is deleted, the system can never recover itself automatically. Webhooks on CREATE/UPDATE for pods is dangerous in general if the server runs inside the cluster itself. So, what you should at least do is deploy the webhook server in high-availability mode (>= 3 replicas with pod anti-affinity) and with pod disruption budgets to ensure that at least one server is always reachable (to allow recreating the others).