[BUG] Linter reporting a low number of replicas for deployments with PDB and HPA minReplicas

gerodriguez-fan commented 11 months ago

System info:

OS: Linux

Describe the bug When linting a deployment that contains a PodDisruptionBudget with maxUnavailable: 1 and an HPA with minReplicas: 4 the tool reports:

The current number of replicas for deployment ecomprod-master-c1-sink-vector-worker is equal to or lower than the minimum number of replicas specified by its PDB.

It request to update the minAvailable field on the PDB which cannot be set if the maxUnavailable field is used. This is a common scenario, we want an HPA to start with a certain number of replicas and we do not want it to be disrupted more than 1 pod at the time.

To Reproduce run kube-linter on any deployment with a PodDisruptionBudget with maxUnavailable of 1 and and HPA with minReplicas:4

Sample YAML input

Expected behavior The linter should not trigger a failure as this is a common scenario.

janisz commented 11 months ago

@gerodriguez-fan Thank you for reporting this. Could you please add an example yaml (you can use our test yaml`s as a base) just to make sure we are talking about same thing.

From the description the problem could be the replicas we are using. So we are comparing replicas not minReplicas in PDB.

https://github.com/stackrox/kube-linter/blob/e2c0cdbf13ea811a864d857c50d961f370e5732c/pkg/templates/pdbminavailable/template.go#L105-L112

@gerodriguez-fan Would you like to work on this issue?

jpedrobf commented 11 months ago

I'm having a similar issue even when I use a percentage value on minAvailable. My deployment spec doesn't have .spec.replicas declared as I use the HPA min/max parameters and any value I put on the pdb ends up with an error.

my pdb spec:

spec:
  minAvailable: 75%
  selector:
    matchLabels:
      app: example

my deployment spec (to show it doesn't have replicas):

spec:
  revisionHistoryLimit: 3
  progressDeadlineSeconds: 600
  strategy:
    rollingUpdate:
      maxSurge: 10%
      maxUnavailable: 0
    type: RollingUpdate
  selector:
    matchLabels:
      app: example
  template: [...]

What I've noticed:

This started to happen when I updated the pdb apiVersion from policy/v1beta1 to policy/v1.
If I force a .spec.replicas on my deployment, the minAvailable percentage needs to result in at least 1 available disruption (which makes sense). In this example, the minimal replicas to avoid the error is 4 (75% results in 3 disruptions, leaving 1 available disruption); The thing is, my hpa minReplicas is 60.

I'm using KubeLinter 0.6.4 both on Mac (local) and Linux (pipeline)

gerodriguez-fan commented 11 months ago

@gerodriguez-fan Thank you for reporting this. Could you please add an example yaml (you can use our test yaml`s as a base) just to make sure we are talking about same thing.

From the description the problem could be the replicas we are using. So we are comparing replicas not minReplicas in PDB.

https://github.com/stackrox/kube-linter/blob/e2c0cdbf13ea811a864d857c50d961f370e5732c/pkg/templates/pdbminavailable/template.go#L105-L112

@gerodriguez-fan Would you like to work on this issue?

I can give it a try,

janisz commented 7 months ago

Closed with #688

stackrox / kube-linter

[BUG] Linter reporting a low number of replicas for deployments with PDB and HPA minReplicas #637