Document the safe-to-evict annotation on the webhook deployment

The annotation is set by default because by default we assume Tekton will be installed in a small cluster with only one replica of the webhook deployment, and that replica should not be disturbed. If an operator configures multiple replicas they can remove the annotation to give a Cluster Autoscaler more freedom to scale down nodes.
tektoncd · May 19, 2021 · 8ebea4e · 8ebea4e
1 parent 55ae856
commit 8ebea4e
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/docs/enabling-ha.md b/docs/enabling-ha.md
@@ -88,6 +88,9 @@ spec:
   minReplicas: 1
 ```
 
+By default, the Webhook deployment is configured to block a [Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) from scaling down the node that's running the only replica of the deployment using the `cluster-autoscaler.kubernetes.io/safe-to-evict` annotation -- when the Webhook service is unreachable, Tekton resources can't be created, updated or deleted.
+If you configure more than one replica, you can remove the annotation to allow the Cluster Autoscaler more freedom to scale down nodes, without disrupting the Webhook service.
+
 ### Avoiding Disruptions
 
 To avoid the Webhook Service becoming unavailable during node unavailability (e.g., during node upgrades), you can ensure that a minimum number of Webhook replicas are available at time by defining a [`PodDisruptionBudget`](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) which sets a `minAvailable` greater than zero: