Pod Disruption Budget for server is broken in OpenShift

[Sekuraz]

Describe the bug
When deploying with the openshift.values.yaml, the readiness probe is overwritten to use HTTP and this returns 429 "errors" for unsealed standby replicas. The PDB requires 1 unavailable, but with 3 replicas it can never be fulfilled.

Offending file: here (line 24)

To Reproduce
Steps to reproduce the behavior:

1. Install chart using openshift.values.yaml and ha
2. Unseal all instances
3. PDB is violated

Expected behavior
The PDB is okay when all the replicas are unsealed and ready

Environment

• Kubernetes version:
  • OpenShift 4.20
• vault-helm version: "0.32.0"

Chart values:

    helm:
      valueFiles:
        - values.openshift.yaml
      valuesObject:
        global:
          serverTelemetry:
            prometheusOperator: true
        injector:
          metrics:
            enabled: true
          resources:
            requests:
              memory: "128Mi"
              cpu: "25m"
            limits:
              memory: "256Mi"
              cpu: "50m"
        server:
          ha:
            enabled: true
            raft:
              enabled: true
            replicas: 3
          resources:
            requests:
              memory: "128Mi"
              cpu: "25m"
            limits:
              memory: "256Mi"
              cpu: "50m"
          route:
            enabled: true
            host: vault.apps.****
            tls:
              termination: edge
              insecureEdgeTerminationPolicy: Redirect
          dataStorage:
            storageClass: lvms-usbstick
          persistentVolumeClaimRetentionPolicy:
            whenDeleted: Retain
            whenScaled: Retain
          auditStorage:
            enabled: true
            storageClass: lvms-usbstick
          ui:
            enabled: true
          csi:
            enabled: true
            resources:
              requests:
                memory: "128Mi"
                cpu: "25m"
              limits:
                memory: "256Mi"
                cpu: "50m"
            agent:
              resources:
                requests:
                  memory: "128Mi"
                  cpu: "25m"
                limits:
                  memory: "256Mi"
                  cpu: "50m"

Readiness probe failed: HTTP probe failed with statuscode: 429

kind: PodDisruptionBudget
apiVersion: policy/v1
metadata:
  namespace: vault
  labels:
    app.kubernetes.io/instance: vault
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: vault
    helm.sh/chart: vault-0.32.0
spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: vault
      app.kubernetes.io/name: vault
      component: server
  maxUnavailable: 1
status:
  observedGeneration: 1
  disruptionsAllowed: 0
  currentHealthy: 1
  desiredHealthy: 2
  expectedPods: 3
  conditions:
    - type: DisruptionAllowed
      status: 'False'
      observedGeneration: 1
      lastTransitionTime: '2026-02-02T17:42:28Z'
      reason: InsufficientPods
      message: ''

[Sekuraz]

In understand that this conflicts with automatic certification of the chart, maybe it is necessary to find a more intelligent solution, eg by adding standby=ok to the request