Getting Started • Configuration • Contributing
Helm chart for PDB Operator, a Kubernetes operator that automatically creates and manages PodDisruptionBudgets based on PDBPolicy custom resources. For full documentation, visit pdboperator.io.
- Kubernetes >= 1.26
- Helm >= 3.x
- cert-manager (required when webhooks are enabled)
# Install from OCI registry
helm install pdb-operator oci://ghcr.io/pdb-operator/charts/pdb-operator \
--namespace pdb-operator-system \
--create-namespace
# Verify the operator is running
kubectl get pods -n pdb-operator-systemCreate a PDBPolicy:
apiVersion: availability.pdboperator.io/v1alpha1
kind: PDBPolicy
metadata:
name: my-pdb-policy
spec:
targetReference:
kind: Deployment
pdbSpec:
minAvailable: "50%"
selector:
matchLabels:
app: my-app| Parameter | Description | Default |
|---|---|---|
replicaCount |
Number of operator replicas | 2 |
image.repository |
Container image repository | ghcr.io/pdb-operator/pdb-operator |
image.tag |
Image tag (defaults to appVersion) | "" |
image.pullPolicy |
Image pull policy | IfNotPresent |
| Parameter | Description | Default |
|---|---|---|
controller.maxConcurrentReconciles |
Max concurrent reconcile loops | 5 |
controller.watchNamespace |
Watch only this namespace (empty = all) | "" |
controller.syncPeriod |
Sync period for re-reconciliation | 10h |
controller.logLevel |
Log level: debug, info, warn, error | info |
| Parameter | Description | Default |
|---|---|---|
cache.policyCacheTTL |
Policy cache TTL | 5m |
cache.policyCacheSize |
Policy cache max size | 100 |
cache.maintenanceWindowCacheTTL |
Maintenance window cache TTL | 1m |
| Parameter | Description | Default |
|---|---|---|
retry.maxAttempts |
Max retry attempts | 5 |
retry.initialDelay |
Initial delay between retries | 100ms |
retry.maxDelay |
Max delay between retries | 30s |
retry.backoffFactor |
Backoff multiplier | 2.0 |
| Parameter | Description | Default |
|---|---|---|
tracing.enabled |
Enable OpenTelemetry tracing | true |
tracing.endpoint |
OTLP collector endpoint | "" |
tracing.sampleRate |
Trace sampling rate (0.0-1.0) | "" |
| Parameter | Description | Default |
|---|---|---|
webhooks.enabled |
Enable admission webhooks | true |
webhooks.failurePolicy |
Failure policy: Fail or Ignore | Fail |
webhooks.timeoutSeconds |
Webhook timeout | 10 |
certManager.enabled |
Use cert-manager for TLS | true |
certManager.selfSigned |
Use self-signed issuer | true |
| Parameter | Description | Default |
|---|---|---|
metrics.bindAddress |
Metrics bind address | :8443 |
metrics.secure |
Serve metrics over HTTPS | true |
serviceMonitor.enabled |
Create ServiceMonitor | false |
prometheusRule.enabled |
Create PrometheusRule with alerts | false |
networkPolicy.enabled |
Create NetworkPolicy for metrics | false |
| Parameter | Description | Default |
|---|---|---|
autoscaling.enabled |
Enable HPA | true |
autoscaling.minReplicas |
Minimum replicas | 2 |
autoscaling.maxReplicas |
Maximum replicas | 4 |
podDisruptionBudget.enabled |
Enable PDB for the operator | true |
podDisruptionBudget.minAvailable |
Min available pods | 1 |
leaderElection.enabled |
Enable leader election | true |
strategy.type |
Deployment strategy | RollingUpdate |
| Parameter | Description | Default |
|---|---|---|
crds.install |
Manage CRDs as Helm templates | false |
crdRoles.enabled |
Create admin/editor/viewer ClusterRoles | true |
For the full list of values, see values.yaml.
By default, CRDs are placed in the crds/ directory and installed only on first helm install (Helm does not upgrade CRDs automatically). To upgrade CRDs after a chart update:
kubectl apply -f charts/pdb-operator/crds/Alternatively, set crds.install=true to manage CRDs as Helm templates. This allows Helm (and Flux) to upgrade and delete CRDs as part of the release lifecycle.
Example GitOps configuration is available in charts/pdb-operator/ci/:
Full documentation is available at pdboperator.io:
- GitHub Issues for bug reports and feature requests
Contributions are welcome. Please read CONTRIBUTING.md for guidelines.
To report a security vulnerability, please see SECURITY.md.
Copyright 2025 The PDB Operator Authors.
Licensed under the Apache License, Version 2.0. See LICENSE for details.