PodDisruptionBudget helm template bug with maxUnavailable

[linusyong]

Describe the bug
The an override values.yaml is provided with podDisruptionBudget.maxUnavailable, the podDisruptionBudget.minAvailable will still be rendered in spec.minAvailable of PodDisruptionBudget CR and cause a failure.

To Reproduce
Steps to reproduce the behavior:

1. Create values-test.yaml file with

   podDisruptionBudget:
     enabled: true
     maxUnavailable: 1
   

2. Use helm template to render the PodDisruptionBudget CR

   helm template -s templates/poddisruptionbudget.yaml test external-secrets/external-secrets -f values-test.yaml
   ---
   # Source: external-secrets/templates/poddisruptionbudget.yaml
   apiVersion: policy/v1
   kind: PodDisruptionBudget
   metadata:
     name: test-external-secrets-pdb
     namespace: kube-system
     labels:
       helm.sh/chart: external-secrets-0.17.0
       app.kubernetes.io/name: external-secrets
       app.kubernetes.io/instance: test
       app.kubernetes.io/version: "v0.17.0"
       app.kubernetes.io/managed-by: Helm
   spec:
     minAvailable: 1
     maxUnavailable: 1
     selector:
       matchLabels:
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: test
   

3. The same issue should exists in cert-controller-poddisruptionbudget.yaml and webhook-poddisruptionbudget.yaml
4. The issue should be easily fixed by updating the poddisruptionbudget.yaml with:

   diff --git a/deploy/charts/external-secrets/templates/poddisruptionbudget.yaml b/deploy/charts/external-secrets/templates/poddisruptionbudget.yaml
   index 7b75ca3f4..a563ca0fe 100644
   --- a/deploy/charts/external-secrets/templates/poddisruptionbudget.yaml
   +++ b/deploy/charts/external-secrets/templates/poddisruptionbudget.yaml
   @@ -7,11 +7,12 @@ metadata:
      labels:
        {{- include "external-secrets.labels" . | nindent 4 }}
    spec:
   -  {{- if .Values.podDisruptionBudget.minAvailable }}
   -  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
   -  {{- end }}
      {{- if .Values.podDisruptionBudget.maxUnavailable }}
      maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
   +  {{- else }}
   +    {{- if .Values.podDisruptionBudget.minAvailable }}
   +  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
   +    {{- end }}
      {{- end }}
      selector:
        matchLabels:
   

5. The full poddisruptionbudget.yaml should be as follows

   {{- if .Values.podDisruptionBudget.enabled }}
   apiVersion: policy/v1
   kind: PodDisruptionBudget
   metadata:
     name: {{ include "external-secrets.fullname" . }}-pdb
     namespace: {{ template "external-secrets.namespace" . }}
     labels:
       {{- include "external-secrets.labels" . | nindent 4 }}
   spec:
     {{- if .Values.podDisruptionBudget.maxUnavailable }}
     maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
     {{- else }}
     {{- if .Values.podDisruptionBudget.minAvailable }}
     minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
     {{- end }}
     {{- end }}
     selector:
       matchLabels:
         {{- include "external-secrets.selectorLabels" . | nindent 6 }}
   {{- end }}
   

6. Kubernetes version 1.32
7. ESO version v0.17.0
   The expectation is that with specifying podDisruptionBudget.maxUnavailable, the helm chart should render a correct PodDisruptionBudget CR.

Screenshots

Additional context

[gusfcarvalho]

Hi @linusyong ! do you mind contributing a fix for it?

[linusyong]

Hey @gusfcarvalho, definitely. I'll do a fix, my apologies first if I'm not familiar with the process. Let me arrange a PR soon.

[linusyong]

@gusfcarvalho are you able to review the PR? Thanks

[Skarlso]

@linusyong I reviewed it.

[thecosmicfrog]

Hi folks. I just ran into this issue myself. Glad to see there's a fix contributed. Thanks @linusyong!