From eefbd7393b7591bcaa3af441787957d8d489c71c Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Mon, 4 Dec 2023 16:22:00 +0100 Subject: [PATCH] BC-5423 - Add POD affinity and anti-affinity (#47) To Improve the distribution of PODs to the least number of kubernetes worker nodes who is Required but also to secure that the PODs of one Deployment are distributed over the Fault Zones and Node pools the pod affinity and anti affinity are set. Affernety number calculation: Assign Number for an host = 0 - 20 X Fault Zone - 10 X Node Pool + 9 X Host Host = 1 if on the host runs an POD from the Schulcloud-Verbund on any namespace Host = 0 if on the host runs no POD from the Schulcloud-Verbund on any namespace Node Pool = 1 if on a host of this node pool runs an POD from the Deployment Node Pool = 0 if on no host of this node pool runs an POD from the Deployment Fault Pool = 1 if on a host of this fault zone runs an POD from the Deployment Fault Pool = 0 if on no host of this fault zone uns an POD from the Deployment --- .../templates/scanfile-deployment.yml.j2 | 37 +++++++++++++++++++ .../templates/web-deployment.yml.j2 | 37 +++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 index 1ee780b..307a2cc 100644 --- a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 @@ -66,3 +66,40 @@ spec: volumes: - name: shared emptyDir: {} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - scanfile + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - scanfile + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 index 8c3f602..421f8e9 100644 --- a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 @@ -63,3 +63,40 @@ spec: requests: cpu: {{ ANTIVIRUS_WEBSERVER_CPU_REQUESTS|default("100m", true) }} memory: {{ ANTIVIRUS_WEBSERVER_MEMORY_REQUESTS|default("128Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - webserver + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - webserver + topologyKey: "topology.kubernetes.io/zone" +{% endif %}