tigera · caseydavenport · Apr 20, 2026 · May 13, 2026 · May 13, 2026 · May 13, 2026
@@ -201,6 +201,12 @@ type InstallationSpec struct {
 	// +optional
 	TyphaDeployment *TyphaDeployment `json:"typhaDeployment,omitempty"`
 
+	// TyphaPodDisruptionBudget configures the PodDisruptionBudget for the calico-typha
+	// Deployment. Fields left unset fall back to the operator's defaults. The PDB's
+	// selector is managed by the operator and cannot be overridden.
+	// +optional
+	TyphaPodDisruptionBudget *PodDisruptionBudgetOverride `json:"typhaPodDisruptionBudget,omitempty"`
+
 	// Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future.
 	// CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.
 	CalicoWindowsUpgradeDaemonSet *CalicoWindowsUpgradeDaemonSet `json:"calicoWindowsUpgradeDaemonSet,omitempty"`

@@ -0,0 +1,56 @@
+// Copyright (c) 2026 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	policyv1 "k8s.io/api/policy/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+// PodDisruptionBudgetOverride allows overriding select fields on an operator-managed
+// PodDisruptionBudget. The PDB's selector, name, and namespace are managed by the
+// operator and cannot be overridden.
+type PodDisruptionBudgetOverride struct {
+	// Metadata is a subset of a Kubernetes object's metadata that is added to the PodDisruptionBudget.
+	// +optional
+	Metadata *Metadata `json:"metadata,omitempty"`
+
+	// Spec is the specification of the PodDisruptionBudget.
+	// +optional
+	Spec *PodDisruptionBudgetOverrideSpec `json:"spec,omitempty"`
+}
+
+// PodDisruptionBudgetOverrideSpec defines the desired state of an operator-managed PodDisruptionBudget.
+// +kubebuilder:validation:XValidation:rule="!(has(self.minAvailable) && has(self.maxUnavailable))",message="minAvailable and maxUnavailable are mutually exclusive"
+type PodDisruptionBudgetOverrideSpec struct {
+	// MinAvailable is the minimum number of pods (as an integer or percentage) that
+	// must remain available during a disruption. Mutually exclusive with MaxUnavailable.
+	// +optional
+	MinAvailable *intstr.IntOrString `json:"minAvailable,omitempty"`
+
+	// MaxUnavailable is the maximum number of pods (as an integer or percentage) that
+	// can be unavailable during a disruption. Mutually exclusive with MinAvailable.
+	// If neither MinAvailable nor MaxUnavailable is set, the operator applies its
+	// default (MaxUnavailable=1 for calico-typha).
+	// +optional
+	MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"`
+
+	// UnhealthyPodEvictionPolicy defines when unhealthy pods should be considered
+	// for eviction. Defaults to IfHealthyBudget (the Kubernetes default) when unset.
+	// See https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy.
+	// +kubebuilder:validation:Enum=IfHealthyBudget;AlwaysAllow
+	// +optional
+	UnhealthyPodEvictionPolicy *policyv1.UnhealthyPodEvictionPolicyType `json:"unhealthyPodEvictionPolicy,omitempty"`
+}
@@ -185,6 +185,11 @@ func OverrideInstallationSpec(cfg, override operatorv1.InstallationSpec) operato
 		inst.TyphaDeployment = mergeTyphaDeployment(inst.TyphaDeployment, override.TyphaDeployment)
 	}
 
+	switch compareFields(inst.TyphaPodDisruptionBudget, override.TyphaPodDisruptionBudget) {
+	case BOnlySet, Different:
+		inst.TyphaPodDisruptionBudget = override.TyphaPodDisruptionBudget.DeepCopy()
+	}
+
 	switch compareFields(inst.CalicoWindowsUpgradeDaemonSet, override.CalicoWindowsUpgradeDaemonSet) {
 	case BOnlySet:
 		inst.CalicoWindowsUpgradeDaemonSet = override.CalicoWindowsUpgradeDaemonSet.DeepCopy()

@@ -9177,6 +9177,69 @@ spec:
                     prometheus metrics on. By default, metrics are not enabled.
                   format: int32
                   type: integer
+                typhaPodDisruptionBudget:
+                  description: |-
+                    TyphaPodDisruptionBudget configures the PodDisruptionBudget for the calico-typha
+                    Deployment. Fields left unset fall back to the operator's defaults. The PDB's
+                    selector is managed by the operator and cannot be overridden.
+                  properties:
+                    metadata:
+                      description:
+                        Metadata is a subset of a Kubernetes object's metadata
+                        that is added to the PodDisruptionBudget.
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            Annotations is a map of arbitrary non-identifying metadata. Each of these
+                            key/value pairs are added to the object's annotations provided the key does not
+                            already exist in the object's annotations.
+                          type: object
+                        labels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            Labels is a map of string keys and values that may match replicaset and
+                            service selectors. Each of these key/value pairs are added to the
+                            object's labels provided the key does not already exist in the object's labels.
+                          type: object
+                      type: object
+                    spec:
+                      description: Spec is the specification of the PodDisruptionBudget.
+                      properties:
+                        maxUnavailable:
+                          anyOf:
+                            - type: integer
+                            - type: string
+                          description: |-
+                            MaxUnavailable is the maximum number of pods (as an integer or percentage) that
+                            can be unavailable during a disruption. Mutually exclusive with MinAvailable.
+                            If neither MinAvailable nor MaxUnavailable is set, the operator applies its
+                            default (MaxUnavailable=1 for calico-typha).
+                          x-kubernetes-int-or-string: true
+                        minAvailable:
+                          anyOf:
+                            - type: integer
+                            - type: string
+                          description: |-
+                            MinAvailable is the minimum number of pods (as an integer or percentage) that
+                            must remain available during a disruption. Mutually exclusive with MaxUnavailable.
+                          x-kubernetes-int-or-string: true
+                        unhealthyPodEvictionPolicy:
+                          description: |-
+                            UnhealthyPodEvictionPolicy defines when unhealthy pods should be considered
+                            for eviction. Defaults to IfHealthyBudget (the Kubernetes default) when unset.
+                            See https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy.
+                          enum:
+                            - IfHealthyBudget
+                            - AlwaysAllow
+                          type: string
+                      type: object
+                      x-kubernetes-validations:
+                        - message: minAvailable and maxUnavailable are mutually exclusive
+                          rule: "!(has(self.minAvailable) && has(self.maxUnavailable))"
+                  type: object
                 variant:
                   description: |-
                     Variant is the product to install - one of Calico or CalicoEnterprise.
@@ -18529,6 +18592,69 @@ spec:
                         serves prometheus metrics on. By default, metrics are not enabled.
                       format: int32
                       type: integer
+                    typhaPodDisruptionBudget:
+                      description: |-
+                        TyphaPodDisruptionBudget configures the PodDisruptionBudget for the calico-typha
+                        Deployment. Fields left unset fall back to the operator's defaults. The PDB's
+                        selector is managed by the operator and cannot be overridden.
+                      properties:
+                        metadata:
+                          description:
+                            Metadata is a subset of a Kubernetes object's
+                            metadata that is added to the PodDisruptionBudget.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations is a map of arbitrary non-identifying metadata. Each of these
+                                key/value pairs are added to the object's annotations provided the key does not
+                                already exist in the object's annotations.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels is a map of string keys and values that may match replicaset and
+                                service selectors. Each of these key/value pairs are added to the
+                                object's labels provided the key does not already exist in the object's labels.
+                              type: object
+                          type: object
+                        spec:
+                          description: Spec is the specification of the PodDisruptionBudget.
+                          properties:
+                            maxUnavailable:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              description: |-
+                                MaxUnavailable is the maximum number of pods (as an integer or percentage) that
+                                can be unavailable during a disruption. Mutually exclusive with MinAvailable.
+                                If neither MinAvailable nor MaxUnavailable is set, the operator applies its
+                                default (MaxUnavailable=1 for calico-typha).
+                              x-kubernetes-int-or-string: true
+                            minAvailable:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              description: |-
+                                MinAvailable is the minimum number of pods (as an integer or percentage) that
+                                must remain available during a disruption. Mutually exclusive with MaxUnavailable.
+                              x-kubernetes-int-or-string: true
+                            unhealthyPodEvictionPolicy:
+                              description: |-
+                                UnhealthyPodEvictionPolicy defines when unhealthy pods should be considered
+                                for eviction. Defaults to IfHealthyBudget (the Kubernetes default) when unset.
+                                See https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy.
+                              enum:
+                                - IfHealthyBudget
+                                - AlwaysAllow
+                              type: string
+                          type: object
+                          x-kubernetes-validations:
+                            - message: minAvailable and maxUnavailable are mutually exclusive
+                              rule: "!(has(self.minAvailable) && has(self.maxUnavailable))"
+                      type: object
                     variant:
                       description: |-
                         Variant is the product to install - one of Calico or CalicoEnterprise.

@@ -28,6 +28,7 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	policyv1 "k8s.io/api/policy/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -540,6 +541,43 @@ func ApplyJobOverrides(job *batchv1.Job, overrides any) {
 	job.Spec.Template = *r.podTemplateSpec
 }
 
+// ApplyPodDisruptionBudgetOverrides applies the overrides to the given PodDisruptionBudget.
+// Overrides that are nil leave the corresponding field on the PDB untouched, preserving
+// the operator's default. Setting Spec.MinAvailable clears Spec.MaxUnavailable and vice
+// versa (the PDB API mandates these are mutually exclusive). The PDB's selector is never
+// modified. Labels and annotations from Metadata are merged into the PDB's existing
+// labels and annotations.
+func ApplyPodDisruptionBudgetOverrides(pdb *policyv1.PodDisruptionBudget, overrides *operator.PodDisruptionBudgetOverride) {
+	if pdb == nil || overrides == nil {
+		return
+	}
+	if md := overrides.Metadata; md != nil {
+		if len(md.Labels) > 0 {
+			pdb.Labels = common.MapExistsOrInitialize(pdb.Labels)
+			common.MergeMaps(md.Labels, pdb.Labels)
+		}
+		if len(md.Annotations) > 0 {
+			pdb.Annotations = common.MapExistsOrInitialize(pdb.Annotations)
+			common.MergeMaps(md.Annotations, pdb.Annotations)
+		}
+	}
+	spec := overrides.Spec
+	if spec == nil {
+		return
+	}
+	if spec.MinAvailable != nil {
+		pdb.Spec.MinAvailable = spec.MinAvailable
+		pdb.Spec.MaxUnavailable = nil
+	}
+	if spec.MaxUnavailable != nil {
+		pdb.Spec.MaxUnavailable = spec.MaxUnavailable
+		pdb.Spec.MinAvailable = nil
+	}
+	if spec.UnhealthyPodEvictionPolicy != nil {
+		pdb.Spec.UnhealthyPodEvictionPolicy = spec.UnhealthyPodEvictionPolicy
+	}
+}
+
 // ApplyStatefulSetOverrides applies the overrides to the given DaemonSet.
 // Note: overrides must not be nil pointer.
 func ApplyStatefulSetOverrides(s *appsv1.StatefulSet, overrides any) {