How OpenKruise’s PodUnavailableBudget Boosts Application High Availability
This article explains how OpenKruise extends Kubernetes with PodUnavailableBudget to protect application availability during voluntary disruptions, compares it with native PodDisruptionBudget, and provides practical YAML examples for stateless, stateful, and single‑instance workloads.
Background
Application availability protection requires that the number of healthy Pods never drops below a required threshold. Native Kubernetes mechanisms such as maxUnavailable in Deployments or the ReplicaSet controller only guarantee a minimum during rolling updates and cannot ensure a constant minimum number of available replicas for all workloads.
Kubernetes provides a PodDisruptionBudget (PDB) that limits the number of Pods that can be evicted simultaneously. PDB protects only the eviction path (e.g., kubectl drain) and does not cover voluntary disruptions such as pod updates, deletions, or controller‑driven rollouts, which can still cause service interruption.
PodUnavailableBudget (PUB) Overview
OpenKruise introduces PodUnavailableBudget (PUB) , a custom resource that extends the PDB concept to voluntary disruptions. PUB defines either minAvailable (the minimum number of Pods that must stay ready) or maxUnavailable (the maximum number of Pods that may become unavailable). The controller evaluates a boolean field PodUnavailableAllowed to decide whether an incoming pod operation (Update, Delete, Eviction) can proceed.
Architecture
PUB is enforced by a Kubernetes Admission Webhook . The webhook intercepts the following API calls:
Pod Update (e.g., in‑place updates performed by CloneSet or SidecarSet)
Pod Delete (e.g., controller‑driven rollouts or manual deletions)
Pod Eviction (e.g., kubectl drain)
When a request arrives, the webhook retrieves the associated PUB object (identified by the targetRef field), reads its minAvailable / maxUnavailable settings, computes the current number of ready Pods, and returns allowed: true only if the operation would not violate the budget. Otherwise the request is rejected with an error.
Typical Use Cases
Stateless applications : Ensure that at least a percentage of replicas remain ready (e.g., minAvailable: 60%).
Stateful applications : Guarantee a fixed number of instances for quorum‑based services (e.g., maxUnavailable: 1 or minAvailable: N).
Single‑instance services : Prevent accidental deletion by setting maxUnavailable: 0. The PUB can be removed after explicit approval, allowing the deletion to proceed.
Example Manifests
apiVersion: apps.kruise.io/v1alpha1
kind: PodUnavailableBudget
metadata:
name: web-server-pub
namespace: web
spec:
targetRef:
apiVersion: apps.kruise.io/v1alpha1
kind: CloneSet
name: web-server
minAvailable: 60%apiVersion: apps.kruise.io/v1alpha1
kind: PodUnavailableBudget
metadata:
name: etcd-pub
namespace: etcd
spec:
targetRef:
apiVersion: apps.kruise.io/v1alpha1
kind: StatefulSet
name: etcd
maxUnavailable: 1apiVersion: apps.kruise.io/v1alpha1
kind: PodUnavailableBudget
metadata:
name: gameserver-pub
namespace: game
spec:
targetRef:
apiVersion: apps.kruise.io/v1alpha1
kind: StatefulSet
name: gameserver
maxUnavailable: 0Reference
OpenKruise source code and issue tracker: https://github.com/openkruise/kruise
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Alibaba Cloud Native
We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.