From 5a9545170392f117a094494f67f0efe31e7aad24 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Thu, 30 Nov 2023 12:17:05 +0100 Subject: [PATCH 1/4] BC-5423 - add pod affinity ruls to deployments --- .../templates/scanfile-deployment.yml.j2 | 33 +++++++++++++++++++ .../templates/web-deployment.yml.j2 | 33 +++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 index 1ee780b..afc4e19 100644 --- a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 @@ -66,3 +66,36 @@ spec: volumes: - name: shared emptyDir: {} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - scanfile + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - scanfile + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 index 8c3f602..0d672b4 100644 --- a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 @@ -63,3 +63,36 @@ spec: requests: cpu: {{ ANTIVIRUS_WEBSERVER_CPU_REQUESTS|default("100m", true) }} memory: {{ ANTIVIRUS_WEBSERVER_MEMORY_REQUESTS|default("128Mi", true) }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - webserver + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - webserver + topologyKey: "topology.kubernetes.io/zone" From 2f350a70f45cccd19fb8efe8ea63e922b8be50a4 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:51:25 +0100 Subject: [PATCH 2/4] BC-5423 - Adjusted weighting for pod Inter-pod affinity and anti-affinity --- .../templates/scanfile-deployment.yml.j2 | 4 ++-- .../antivirus_check_service/templates/web-deployment.yml.j2 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 index afc4e19..b1aed05 100644 --- a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 @@ -69,7 +69,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -90,7 +90,7 @@ spec: values: - scanfile topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 index 0d672b4..3155985 100644 --- a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 @@ -66,7 +66,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -87,7 +87,7 @@ spec: values: - webserver topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: From d860c36a425aefe517d86ae6c2bf5f36070d46da Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Fri, 1 Dec 2023 15:52:39 +0100 Subject: [PATCH 3/4] BC-5423 - Make pod anti affinity rule configurable and optional --- .../templates/scanfile-deployment.yml.j2 | 4 +++- .../antivirus_check_service/templates/web-deployment.yml.j2 | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 index b1aed05..ec2496f 100644 --- a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 @@ -81,6 +81,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -89,7 +90,8 @@ spec: operator: In values: - scanfile - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 index 3155985..dcfcc0d 100644 --- a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 @@ -78,6 +78,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -86,7 +87,8 @@ spec: operator: In values: - webserver - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: From 34f312efbf53c9d6b9e2a1f8321f10c43089381e Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Mon, 4 Dec 2023 12:49:18 +0100 Subject: [PATCH 4/4] BC-5423 - make affinity optional for all --- .../templates/scanfile-deployment.yml.j2 | 2 ++ .../antivirus_check_service/templates/web-deployment.yml.j2 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 index ec2496f..307a2cc 100644 --- a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 @@ -66,6 +66,7 @@ spec: volumes: - name: shared emptyDir: {} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -101,3 +102,4 @@ spec: values: - scanfile topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 index dcfcc0d..421f8e9 100644 --- a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 +++ b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 @@ -63,6 +63,7 @@ spec: requests: cpu: {{ ANTIVIRUS_WEBSERVER_CPU_REQUESTS|default("100m", true) }} memory: {{ ANTIVIRUS_WEBSERVER_MEMORY_REQUESTS|default("128Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -98,3 +99,4 @@ spec: values: - webserver topologyKey: "topology.kubernetes.io/zone" +{% endif %}