From e0254ed71a496620f3de7665de85b62280f7adb2 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Thu, 30 Nov 2023 12:18:43 +0100 Subject: [PATCH] BC-5423 - add pod affinity ruls to deployments and cronjob --- .../roles/clamav/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../dof_etherpad/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../templates/deployment.yml.j2 | 13 ++++++++ .../dof_mongo/templates/deployment.yml.j2 | 13 ++++++++ .../templates/deployment.yml.j2 | 13 ++++++++ .../dof_redis/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../erwin-idm/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../roles/hydra/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../maildrop/templates/deployment.yml.j2 | 13 ++++++++ .../oidcmock/templates/deployment.yml.j2 | 13 ++++++++ .../rocketchat/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../rocketchat/templates/fixup-job.yml.j2 | 13 ++++++++ .../roles/storage/templates/deployment.yml.j2 | 13 ++++++++ 14 files changed, 322 insertions(+) diff --git a/ansible/roles/clamav/templates/deployment.yml.j2 b/ansible/roles/clamav/templates/deployment.yml.j2 index d3ceefdf1..9b91b5ea2 100644 --- a/ansible/roles/clamav/templates/deployment.yml.j2 +++ b/ansible/roles/clamav/templates/deployment.yml.j2 @@ -46,3 +46,36 @@ spec: requests: cpu: {{ CLAMAV_CPU_MIN|default("100m", true) }} memory: {{ CLAMAV_MEMORY_MIN|default("1Gi", true) }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - clamav + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - clamav + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 index b43839709..c2c4c4e73 100644 --- a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 @@ -74,3 +74,36 @@ spec: items: - key: ETHERPAD_API_KEY path: APIKEY.txt + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 index 3f2745a27..a7edd0665 100644 --- a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 @@ -77,3 +77,36 @@ spec: items: - key: default.conf path: default.conf + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad-nginx + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad-nginx + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 index fc5fb5b96..757ac7783 100644 --- a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 @@ -53,3 +53,16 @@ spec: requests: cpu: {{ MAILCATCHER_CPU_REQUESTS|default("100m", true) }} memory: {{ MAILCATCHER_MEMORY_REQUESTS|default("256Mi", true) }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/dof_mongo/templates/deployment.yml.j2 b/ansible/roles/dof_mongo/templates/deployment.yml.j2 index 1674ce287..f03bc94c9 100644 --- a/ansible/roles/dof_mongo/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mongo/templates/deployment.yml.j2 @@ -83,3 +83,16 @@ spec: - name: mongodb-data-pv persistentVolumeClaim: claimName: mongo-pvc + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 index e4fd0d78c..0207477ff 100644 --- a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 +++ b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 @@ -67,3 +67,16 @@ spec: items: - key: 01_erwinidm.sql path: 01_erwinidm.sql + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/dof_redis/templates/deployment.yml.j2 b/ansible/roles/dof_redis/templates/deployment.yml.j2 index 291cedd76..1f220e6d2 100644 --- a/ansible/roles/dof_redis/templates/deployment.yml.j2 +++ b/ansible/roles/dof_redis/templates/deployment.yml.j2 @@ -58,3 +58,36 @@ spec: - name: redis-data-pv persistentVolumeClaim: claimName: redis-pvc + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - redis + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - redis + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/erwin-idm/templates/deployment.yml.j2 b/ansible/roles/erwin-idm/templates/deployment.yml.j2 index f9ee7600f..ebe3293df 100644 --- a/ansible/roles/erwin-idm/templates/deployment.yml.j2 +++ b/ansible/roles/erwin-idm/templates/deployment.yml.j2 @@ -85,3 +85,36 @@ spec: timeoutSeconds: 4 failureThreshold: 30 periodSeconds: 10 + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - erwinidm + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - erwinidm + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/hydra/templates/deployment.yml.j2 b/ansible/roles/hydra/templates/deployment.yml.j2 index 6972ba9cb..293c0f440 100644 --- a/ansible/roles/hydra/templates/deployment.yml.j2 +++ b/ansible/roles/hydra/templates/deployment.yml.j2 @@ -68,3 +68,36 @@ spec: requests: cpu: "{{ HYDRA_CPU_MIN|default("100m", true) }}" memory: "{{ HYDRA_MEM_MIN|default("128Mi", true) }}" + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - hydra + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - hydra + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/maildrop/templates/deployment.yml.j2 b/ansible/roles/maildrop/templates/deployment.yml.j2 index 24ce47eeb..3e672058a 100644 --- a/ansible/roles/maildrop/templates/deployment.yml.j2 +++ b/ansible/roles/maildrop/templates/deployment.yml.j2 @@ -61,3 +61,16 @@ spec: requests: cpu: {{ MAILDROP_CPU_REQUESTS|default("100m", true) }} memory: {{ MAILDROP_MEMORY_REQUESTS|default("128Mi", true) }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/oidcmock/templates/deployment.yml.j2 b/ansible/roles/oidcmock/templates/deployment.yml.j2 index 2d94a76ed..fe097e81d 100644 --- a/ansible/roles/oidcmock/templates/deployment.yml.j2 +++ b/ansible/roles/oidcmock/templates/deployment.yml.j2 @@ -85,3 +85,16 @@ spec: path: clientsConfigurationContent.json - name: config-directory emptyDir: {} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/rocketchat/templates/deployment.yml.j2 b/ansible/roles/rocketchat/templates/deployment.yml.j2 index 224dca4f7..1bd82ddb1 100644 --- a/ansible/roles/rocketchat/templates/deployment.yml.j2 +++ b/ansible/roles/rocketchat/templates/deployment.yml.j2 @@ -79,3 +79,36 @@ spec: volumes: - name: rocketchat-uploads-data emptyDir: {} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - rocketchat + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - rocketchat + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 index 7ae963325..c8207c205 100644 --- a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 +++ b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 @@ -47,6 +47,19 @@ spec: - key: update.sh path: update.sh restartPolicy: Never + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} metadata: labels: app: rocketchat diff --git a/ansible/roles/storage/templates/deployment.yml.j2 b/ansible/roles/storage/templates/deployment.yml.j2 index db4a153d0..c9d2bfcac 100644 --- a/ansible/roles/storage/templates/deployment.yml.j2 +++ b/ansible/roles/storage/templates/deployment.yml.j2 @@ -66,3 +66,16 @@ spec: - name: storage-pv persistentVolumeClaim: claimName: storage-pvc + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {}