feat(deployment): add high-availability controller resource type

Updated the deployment to include a high-availability controller resource type for better control plane resilience. Added a new pod disruption budget template to ensure high availability during node disruptions.

Author: jastBytes

charts/internal/seed-controlplane/charts/stackit-pod-identity-webhook/templates/deployment.yaml

@@ -16,6 +16,7 @@ spec:
         {{- include "stackit-pod-identity-webhook.selectorLabels" . | nindent 8 }}
         workload-identity.stackit.cloud/skip-pod-identity-webhook: "true"
         gardener.cloud/role: controlplane
+        high-availability-config.resources.gardener.cloud/type: controller
         networking.gardener.cloud/to-dns: allowed
         networking.gardener.cloud/to-public-networks: allowed
         networking.gardener.cloud/to-private-networks: allowed

charts/internal/seed-controlplane/charts/stackit-pod-identity-webhook/templates/poddisruptionbudget.yaml

@@ -0,0 +1,13 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "stackit-pod-identity-webhook.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "stackit-pod-identity-webhook.labels" . | nindent 4 }}
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      {{- include "stackit-pod-identity-webhook.selectorLabels" . | nindent 6 }}
+  unhealthyPodEvictionPolicy: AlwaysAllow

charts/internal/seed-controlplane/charts/stackit-pod-identity-webhook/values.yaml

@@ -18,11 +18,10 @@ service:
 
 resources:
   limits:
-    cpu: 100m
     memory: 128Mi
   requests:
-    cpu: 100m
-    memory: 128Mi
+    cpu: 50m
+    memory: 64Mi
 
 serviceAccount:
   create: true