Injector pod stuck in pending state when upgraded from 0.9.0 to 0.13.0

[gau31rav]

Describe the bug
On 1 Node kubernetes cluster, if you upgrade the vault from 0.9.0 to 0.13.0, the agent injector pod is stuck in pending state

To Reproduce
Steps to reproduce the behavior:

1. Install vault 0.9.0 on 1 node Kubernetes cluster
2. Try upgrading to 0.13.0

Events:
Type Reason Age From Message

---

Warning FailedScheduling default-scheduler 0/1 nodes are available: 1 node(s) didn't match pod affinity/anti-affinity.
Warning FailedScheduling default-scheduler 0/1 nodes are available: 1 node(s) didn't match pod affinity/anti-affinity.

Other useful info to include: vault pod logs, kubectl describe statefulset vault and kubectl get statefulset vault -o yaml output

Expected behavior
Should be able to upgrade from 0.9.0 to 0.13.0

Additional context
Seems that because of this check in
53f31be#diff-8377b3e3740a3fcd9f682e5fb55425f2fdbece1791854b9e5013e7f1a5e60e7e

Kubernetes is looking for an node where web hook component is not present. Since this is 1 node, it's always stuck in pending state.

[gau31rav]

Proposed solution or Workaround:
If we have one replica, then the current workaround is to disable the anti-affinity rule.

We will be happy to contribute.

[antonblr]

Running into the same issue with 0.28.1 trying to update a single-instance deployment. affinity was added in #436 to support multi-injector replicas deployments.

I think it should be empty by default and enabled only for multi-replicas case.