feat: Deployment MinReadySeconds progressive delivery strategy

[Xio-Shark]

Summary

Implement a MinReadySeconds-based progressive delivery strategy for native Kubernetes Deployments, as described in proposal #341.

Instead of pausing the Deployment controller (Recreate style), this approach inflates minReadySeconds and progressDeadlineSeconds to take control of the rollout pace, then progressively adjusts maxUnavailable to drive batch-by-batch updates — while the native Deployment controller remains active.

Key Design Decisions

• No new API fields — routed entirely by the MinReadySecondsStrategy feature gate (per review feedback)
• True availability calculation — uses the original minReadySeconds and pod Ready condition LastTransitionTime to count genuinely available replicas, not just Ready pods
• Inflation persistence — three-layer protection: Initialize(), ensureInflatedDeploymentStrategy() before each batch, and webhook enforceMinReadyInflation() on every Deployment mutation
• PDB compatible — Deployment controller stays active, so PodDisruptionBudgets work normally
• maxSurge preserved — user-configured maxSurge > 0 is respected; only maxUnavailable is driven by the controller

Changes

Core Controller (pkg/controller/batchrelease/control/partitionstyle/deployment/)

• minready_control.go — Initialize / UpgradeBatch / Finalize / CalculateBatchContext
• minready_batch_context.go — pod availability calculation with original minReadySeconds
• minready_constants.go — annotations, inflated values, constants

Status & Metrics

• minready_status.go — Rollout condition updates (MinReadyInitialized/Batching/Degraded/Finalized)
• metrics/minready_metrics.go — Prometheus metrics for batch progress and timing

Routing & Webhook

• batchrelease_executor.go — feature gate routing to MinReady controller
• workload_update_handler.go — skip Paused mutation, enforce inflation on external edits

Feature Gate

• MinReadySecondsStrategy (alpha, default off)

Tests

• Unit: 24 MinReady-specific tests + updated existing package tests
• Integration: batch lifecycle, concurrency, feature-gate fallback
• E2E: basic rollout, multi-batch, PDB compatibility, degraded drift detection

Commits

1. feat: add deployment MinReady strategy — core implementation
2. fix: correct MinReady batch-ready semantics and feature-gate fallback — fix pod counting and executor routing
3. fix: align MinReady implementation with proposal review — address review feedback
4. fix: write BatchReleaseControlAnnotation and clean up finalize labels — proper controller ownership marking

Test Plan

• go test ./pkg/... — all unit tests pass
• CI: golangci-lint, unit-tests, E2E (Deployment/CloneSet/StatefulSet/DaemonSet on K8s 1.24/1.26/1.28)
• Manual: verify batch progression with kubectl rollout status
• Manual: verify Finalize restores original Deployment fields

Related

• Proposal: #341
• GSoC 2026 Project

[kruise-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zmberg for approval by writing /assign @zmberg in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

❌ Patch coverage is 69.29461% with 222 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.84%. Comparing base (56efb03) to head (6661336).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...trol/partitionstyle/deployment/minready_control.go	64.91%	72 Missing and 35 partials ⚠️
...tchrelease/control/partitionstyle/control_plane.go	59.37%	21 Missing and 5 partials ⚠️
pkg/util/parse_utils.go	40.62%	12 Missing and 7 partials ⚠️
...artitionstyle/deployment/minready_batch_context.go	45.45%	9 Missing and 9 partials ⚠️
...hrelease/control/partitionstyle/minready_status.go	82.05%	7 Missing and 7 partials ⚠️
...ontroller/batchrelease/metrics/minready_metrics.go	62.96%	5 Missing and 5 partials ⚠️
...ol/partitionstyle/deployment/minready_constants.go	76.92%	5 Missing and 4 partials ⚠️
...g/controller/batchrelease/batchrelease_executor.go	68.75%	4 Missing and 1 partial ⚠️
...bhook/workload/mutating/workload_update_handler.go	88.88%	3 Missing and 2 partials ⚠️
pkg/util/pod_utils.go	0.00%	4 Missing ⚠️
... and 2 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #343      +/-   ##
==========================================
+ Coverage   51.38%   52.84%   +1.46%     
==========================================
  Files          66       79      +13     
  Lines        8559     9605    +1046     
==========================================
+ Hits         4398     5076     +678     
- Misses       3575     3841     +266     
- Partials      586      688     +102     

Flag	Coverage Δ
unittests	52.84% <69.29%> (+1.46%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[furykerry]

L78, L106, L133, L269 — Every mc.client.Patch(context.TODO(), ...) in Initialize, UpgradeBatch, Finalize, and ensureInflatedDeploymentStrategy uses context.TODO() instead of the reconcile context, consider refactor the code to accept the context parameter

[furykerry]

recordMinReadyNormal/recordMinReadyDegraded fire for ALL partition-style releases, not just MinReady. While isMinReadyRelease() guards inside these methods, the check adds unnecessary overhead and recognition burden, consider moving the recording inside Initialize/UpgradeBatch/Finalize method, and remove other calling of recordMinReadyNormal/recordMinReadyDegraded by simply logging some informations

[furykerry]

Use klog.WarningS with structured key-value pairs: klog.WarningS(nil, "MinReady maxUnavailable exceeds target, reducing", "batch", ctx.CurrentBatch, "deployment", klog.KObj(mc.object), "maxUnavailable", current, "target", target). Note: the existing control_plane.go uses klog.Infof/klog.Warningf too, so this is a pre-existing pattern, but new code should aim higher.

[furykerry]

When the gate is OFF and a MinReady rollout is in progress, the executor correctly routes to MinReady (via annotation fallback), but the webhook's shouldSkipRecreateMutationForMinReady only checks the feature gate

consider also checking with DeploymentStrategyAnnotation symmetric with the executor:

[furykerry]

writeOriginalAnnotations already check for hasAnyOriginalAnnotation, consider extract the hasAnyOriginalAnnotation logic out of writeOriginalAnnotations

[furykerry]

per discussion in the proposal, it is not necessary to hack the maxSurge

[furykerry]

Before(now) || Equal(now) computes the same time.Time addition twice. Consider simplify to !After(now)

[furykerry]

it is not necessary to deepcopy the original object.

[furykerry]

it is not necessary to deepcopy the original object.

[furykerry]

it is not necessary to deepcopy the original object.

[furykerry]

consider rename to isMinReadySecondsStrategy

[furykerry]

many func in these patch over-used errors to control normal logic flow, consider remove unnecessary errors, for example, in this func, we can change error to an bool value (exist), if key does not exist, just return exist=false. In fact, is this func necessary in the first place, can we just use raw, ok := annotations[key]

[furykerry]

why treat AnnotationValueKubernetesDefault differently, and what is AnnotationValueKubernetesDefault means ?

[furykerry]

is this func really necessary? parseOriginalInt32 will return error anyway if required key does not exist

[furykerry]

in continous release case, the user specified min-ready seconds and progress deadline seconds can be updated, so we need update original annotations in such cases

[furykerry]

plz add e2e for continuous release (v1 -> v2 -> v3)

[Xio-Shark]

Added TC3 continuous release coverage for v1 -> v2 -> v3. The case updates user-owned minReadySeconds/progressDeadlineSeconds during an active MinReady rollout, verifies the original availability annotations are refreshed, then verifies final restore uses the v3 values.

[furykerry]

the e2e is not invoked in the github actions, consider duplicate .github/workflows/e2e-advanced-deployment-1.28.yaml and related yaml and add min-readyseconds tests

[Xio-Shark]

Added dedicated E2E-Deployment-MinReady workflows for Kubernetes 1.24, 1.26, and 1.28. They run ginkgo with --focus="Deployment MinReadySeconds" so the MinReadySeconds e2e suite is invoked by GitHub Actions.

[furykerry]

consider organizing related tests files in a sub-packages

[Xio-Shark]

Kept these tests in the existing e2e package for this PR. test/e2e currently uses a shared suite/client/helper setup and all existing workflows execute the flat test/e2e package; moving MinReady into a sub-package would require a broader e2e harness refactor. I think that is better handled separately from this feature fix.

[furykerry]

is it possible to reuse existing rollout condition such as RolloutConditionProgressing, RolloutConditionSucceeded and RolloutConditionTerminating

[furykerry]

plz replace deletiontimestamp checking with isPodActive

[furykerry]

consider simply logging an error and record condition in reconcileRolloutProgressing