From e4ff8eb6df90e5badc4dde978efe69e99b0020a5 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 15 Jan 2022 02:25:20 +0100
Subject: [PATCH] fix(kube-system): Repair quorum idea for masters

This patch fixes the usage of the PodDisruptionBudget (PDB) in order to
achieve a quorum functionality for the master nodes by deploying a pause
container on all of them. Main reason to do that, is the inability of a
PDB to operate on static-pods or daemonsets. Therefore this deployment
will make sure, that only one master node will become unavailable at the
time.
---
 .../kube-system/poddisruptionbudget.yaml      |  4 +-
 infrastructure/kube-system/quorum.yaml        | 43 +++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 infrastructure/kube-system/quorum.yaml

diff --git a/infrastructure/kube-system/poddisruptionbudget.yaml b/infrastructure/kube-system/poddisruptionbudget.yaml
index d394efaa2..cfe2b4b1e 100644
--- a/infrastructure/kube-system/poddisruptionbudget.yaml
+++ b/infrastructure/kube-system/poddisruptionbudget.yaml
@@ -12,12 +12,12 @@ spec:
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
-  name: etcd
+  name: quorum
   namespace: kube-system
 spec:
   maxUnavailable: 1
   selector:
     matchLabels:
-      component: etcd
+      component: quorum
       tier: control-plane
 
diff --git a/infrastructure/kube-system/quorum.yaml b/infrastructure/kube-system/quorum.yaml
new file mode 100644
index 000000000..4b95c6e12
--- /dev/null
+++ b/infrastructure/kube-system/quorum.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: quorum
+  namespace: kube-system
+  labels:
+    component: quorum
+    tier: control-plane
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      component: quorum
+      tier: control-plane
+  template:
+    metadata:
+      labels:
+        component: quorum
+        tier: control-plane
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                 - key: node-role.kubernetes.io/control-plane
+                   operator: Exists
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: component
+                    operator: In
+                    values:
+                    - quorum
+              topologyKey: kubernetes.io/hostname
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+          effect: NoSchedule
+      containers:
+        - name: pause
+          image: k8s.gcr.io/pause
-- 
GitLab