From 11a9eb528d95b05c23bfb9cb718579c13e83d342 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Thu, 30 Nov 2023 12:18:43 +0100 Subject: [PATCH 1/5] BC-5423 - add pod affinity ruls to deployments and cronjob --- .../roles/clamav/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../dof_etherpad/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../templates/deployment.yml.j2 | 13 ++++++++ .../dof_mongo/templates/deployment.yml.j2 | 13 ++++++++ .../templates/deployment.yml.j2 | 13 ++++++++ .../dof_redis/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../erwin-idm/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../roles/hydra/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../maildrop/templates/deployment.yml.j2 | 13 ++++++++ .../oidcmock/templates/deployment.yml.j2 | 13 ++++++++ .../rocketchat/templates/deployment.yml.j2 | 33 +++++++++++++++++++ .../rocketchat/templates/fixup-job.yml.j2 | 13 ++++++++ .../roles/storage/templates/deployment.yml.j2 | 13 ++++++++ 14 files changed, 322 insertions(+) diff --git a/ansible/roles/clamav/templates/deployment.yml.j2 b/ansible/roles/clamav/templates/deployment.yml.j2 index d3ceefdf1..9b91b5ea2 100644 --- a/ansible/roles/clamav/templates/deployment.yml.j2 +++ b/ansible/roles/clamav/templates/deployment.yml.j2 @@ -46,3 +46,36 @@ spec: requests: cpu: {{ CLAMAV_CPU_MIN|default("100m", true) }} memory: {{ CLAMAV_MEMORY_MIN|default("1Gi", true) }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - clamav + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - clamav + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 index b43839709..c2c4c4e73 100644 --- a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 @@ -74,3 +74,36 @@ spec: items: - key: ETHERPAD_API_KEY path: APIKEY.txt + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 index 3f2745a27..a7edd0665 100644 --- a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 @@ -77,3 +77,36 @@ spec: items: - key: default.conf path: default.conf + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad-nginx + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - etherpad-nginx + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 index fc5fb5b96..757ac7783 100644 --- a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 @@ -53,3 +53,16 @@ spec: requests: cpu: {{ MAILCATCHER_CPU_REQUESTS|default("100m", true) }} memory: {{ MAILCATCHER_MEMORY_REQUESTS|default("256Mi", true) }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/dof_mongo/templates/deployment.yml.j2 b/ansible/roles/dof_mongo/templates/deployment.yml.j2 index 1674ce287..f03bc94c9 100644 --- a/ansible/roles/dof_mongo/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mongo/templates/deployment.yml.j2 @@ -83,3 +83,16 @@ spec: - name: mongodb-data-pv persistentVolumeClaim: claimName: mongo-pvc + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 index e4fd0d78c..0207477ff 100644 --- a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 +++ b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 @@ -67,3 +67,16 @@ spec: items: - key: 01_erwinidm.sql path: 01_erwinidm.sql + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/dof_redis/templates/deployment.yml.j2 b/ansible/roles/dof_redis/templates/deployment.yml.j2 index 291cedd76..1f220e6d2 100644 --- a/ansible/roles/dof_redis/templates/deployment.yml.j2 +++ b/ansible/roles/dof_redis/templates/deployment.yml.j2 @@ -58,3 +58,36 @@ spec: - name: redis-data-pv persistentVolumeClaim: claimName: redis-pvc + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - redis + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - redis + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/erwin-idm/templates/deployment.yml.j2 b/ansible/roles/erwin-idm/templates/deployment.yml.j2 index f9ee7600f..ebe3293df 100644 --- a/ansible/roles/erwin-idm/templates/deployment.yml.j2 +++ b/ansible/roles/erwin-idm/templates/deployment.yml.j2 @@ -85,3 +85,36 @@ spec: timeoutSeconds: 4 failureThreshold: 30 periodSeconds: 10 + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - erwinidm + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - erwinidm + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/hydra/templates/deployment.yml.j2 b/ansible/roles/hydra/templates/deployment.yml.j2 index 6972ba9cb..293c0f440 100644 --- a/ansible/roles/hydra/templates/deployment.yml.j2 +++ b/ansible/roles/hydra/templates/deployment.yml.j2 @@ -68,3 +68,36 @@ spec: requests: cpu: "{{ HYDRA_CPU_MIN|default("100m", true) }}" memory: "{{ HYDRA_MEM_MIN|default("128Mi", true) }}" + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - hydra + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - hydra + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/maildrop/templates/deployment.yml.j2 b/ansible/roles/maildrop/templates/deployment.yml.j2 index 24ce47eeb..3e672058a 100644 --- a/ansible/roles/maildrop/templates/deployment.yml.j2 +++ b/ansible/roles/maildrop/templates/deployment.yml.j2 @@ -61,3 +61,16 @@ spec: requests: cpu: {{ MAILDROP_CPU_REQUESTS|default("100m", true) }} memory: {{ MAILDROP_MEMORY_REQUESTS|default("128Mi", true) }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/oidcmock/templates/deployment.yml.j2 b/ansible/roles/oidcmock/templates/deployment.yml.j2 index 2d94a76ed..fe097e81d 100644 --- a/ansible/roles/oidcmock/templates/deployment.yml.j2 +++ b/ansible/roles/oidcmock/templates/deployment.yml.j2 @@ -85,3 +85,16 @@ spec: path: clientsConfigurationContent.json - name: config-directory emptyDir: {} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} diff --git a/ansible/roles/rocketchat/templates/deployment.yml.j2 b/ansible/roles/rocketchat/templates/deployment.yml.j2 index 224dca4f7..1bd82ddb1 100644 --- a/ansible/roles/rocketchat/templates/deployment.yml.j2 +++ b/ansible/roles/rocketchat/templates/deployment.yml.j2 @@ -79,3 +79,36 @@ spec: volumes: - name: rocketchat-uploads-data emptyDir: {} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - rocketchat + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - rocketchat + topologyKey: "topology.kubernetes.io/zone" diff --git a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 index 7ae963325..c8207c205 100644 --- a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 +++ b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 @@ -47,6 +47,19 @@ spec: - key: update.sh path: update.sh restartPolicy: Never + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} metadata: labels: app: rocketchat diff --git a/ansible/roles/storage/templates/deployment.yml.j2 b/ansible/roles/storage/templates/deployment.yml.j2 index db4a153d0..c9d2bfcac 100644 --- a/ansible/roles/storage/templates/deployment.yml.j2 +++ b/ansible/roles/storage/templates/deployment.yml.j2 @@ -66,3 +66,16 @@ spec: - name: storage-pv persistentVolumeClaim: claimName: storage-pvc + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} From 7a60d26f0b2165fa2f14bdbf142aac074bdade18 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:52:11 +0100 Subject: [PATCH 2/5] BC-5423 - Adjusted weighting for pod Inter-pod affinity and anti-affinity --- .../roles/clamav/templates/deployment.yml.j2 | 4 ++-- .../dof_etherpad/templates/deployment.yml.j2 | 4 ++-- .../templates/deployment.yml.j2 | 4 ++-- .../dof_redis/templates/deployment.yml.j2 | 4 ++-- .../erwin-idm/templates/deployment.yml.j2 | 4 ++-- .../roles/hydra/templates/deployment.yml.j2 | 4 ++-- .../rocketchat/templates/deployment.yml.j2 | 4 ++-- .../roles/storage/templates/deployment.yml.j2 | 22 ++++++++++++++++++- 8 files changed, 35 insertions(+), 15 deletions(-) diff --git a/ansible/roles/clamav/templates/deployment.yml.j2 b/ansible/roles/clamav/templates/deployment.yml.j2 index 9b91b5ea2..3102e441d 100644 --- a/ansible/roles/clamav/templates/deployment.yml.j2 +++ b/ansible/roles/clamav/templates/deployment.yml.j2 @@ -49,7 +49,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -70,7 +70,7 @@ spec: values: - clamav topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 index c2c4c4e73..8c03d70ac 100644 --- a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 @@ -77,7 +77,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -98,7 +98,7 @@ spec: values: - etherpad topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 index a7edd0665..119129963 100644 --- a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 @@ -80,7 +80,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -101,7 +101,7 @@ spec: values: - etherpad-nginx topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/dof_redis/templates/deployment.yml.j2 b/ansible/roles/dof_redis/templates/deployment.yml.j2 index 1f220e6d2..bd7e1c4b4 100644 --- a/ansible/roles/dof_redis/templates/deployment.yml.j2 +++ b/ansible/roles/dof_redis/templates/deployment.yml.j2 @@ -61,7 +61,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -82,7 +82,7 @@ spec: values: - redis topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/erwin-idm/templates/deployment.yml.j2 b/ansible/roles/erwin-idm/templates/deployment.yml.j2 index ebe3293df..6f0cab253 100644 --- a/ansible/roles/erwin-idm/templates/deployment.yml.j2 +++ b/ansible/roles/erwin-idm/templates/deployment.yml.j2 @@ -88,7 +88,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -109,7 +109,7 @@ spec: values: - erwinidm topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/hydra/templates/deployment.yml.j2 b/ansible/roles/hydra/templates/deployment.yml.j2 index 293c0f440..c7ed41511 100644 --- a/ansible/roles/hydra/templates/deployment.yml.j2 +++ b/ansible/roles/hydra/templates/deployment.yml.j2 @@ -71,7 +71,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -92,7 +92,7 @@ spec: values: - hydra topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/rocketchat/templates/deployment.yml.j2 b/ansible/roles/rocketchat/templates/deployment.yml.j2 index 1bd82ddb1..98d8fe613 100644 --- a/ansible/roles/rocketchat/templates/deployment.yml.j2 +++ b/ansible/roles/rocketchat/templates/deployment.yml.j2 @@ -82,7 +82,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -103,7 +103,7 @@ spec: values: - rocketchat topologyKey: "cloud.ionos.com/nodepool-name" - - weight: 10 + - weight: 20 podAffinityTerm: labelSelector: matchExpressions: diff --git a/ansible/roles/storage/templates/deployment.yml.j2 b/ansible/roles/storage/templates/deployment.yml.j2 index c9d2bfcac..66241e75a 100644 --- a/ansible/roles/storage/templates/deployment.yml.j2 +++ b/ansible/roles/storage/templates/deployment.yml.j2 @@ -69,7 +69,7 @@ spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 + - weight: 9 podAffinityTerm: labelSelector: matchExpressions: @@ -79,3 +79,23 @@ spec: - schulcloud-verbund topologyKey: "kubernetes.io/hostname" namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - minio + topologyKey: "cloud.ionos.com/nodepool-name" + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - minio + topologyKey: "topology.kubernetes.io/zone" From cb1ce546e269b72014b67e20bc62d3d225f7624d Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Fri, 1 Dec 2023 15:26:50 +0100 Subject: [PATCH 3/5] BC-5423 - Make pod anti affinity rule configurable and optional --- ansible/group_vars/all/affinity.yml | 2 ++ ansible/roles/clamav/templates/deployment.yml.j2 | 4 +++- ansible/roles/dof_etherpad/templates/deployment.yml.j2 | 4 +++- ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 | 4 +++- ansible/roles/dof_redis/templates/deployment.yml.j2 | 4 +++- ansible/roles/erwin-idm/templates/deployment.yml.j2 | 4 +++- ansible/roles/hydra/templates/deployment.yml.j2 | 4 +++- ansible/roles/rocketchat/templates/deployment.yml.j2 | 4 +++- ansible/roles/storage/templates/deployment.yml.j2 | 4 +++- 9 files changed, 26 insertions(+), 8 deletions(-) create mode 100644 ansible/group_vars/all/affinity.yml diff --git a/ansible/group_vars/all/affinity.yml b/ansible/group_vars/all/affinity.yml new file mode 100644 index 000000000..acffab534 --- /dev/null +++ b/ansible/group_vars/all/affinity.yml @@ -0,0 +1,2 @@ +ANIT_AFFINITY_NODEPOOL_ENABLE = true +ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY = "cloud.ionos.com/nodepool-name" diff --git a/ansible/roles/clamav/templates/deployment.yml.j2 b/ansible/roles/clamav/templates/deployment.yml.j2 index 3102e441d..5fc8431e6 100644 --- a/ansible/roles/clamav/templates/deployment.yml.j2 +++ b/ansible/roles/clamav/templates/deployment.yml.j2 @@ -61,6 +61,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -69,7 +70,8 @@ spec: operator: In values: - clamav - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 index 8c03d70ac..416e6efb6 100644 --- a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 @@ -89,6 +89,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -97,7 +98,8 @@ spec: operator: In values: - etherpad - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 index 119129963..4511e853b 100644 --- a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 @@ -92,6 +92,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -100,7 +101,8 @@ spec: operator: In values: - etherpad-nginx - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/dof_redis/templates/deployment.yml.j2 b/ansible/roles/dof_redis/templates/deployment.yml.j2 index bd7e1c4b4..2a8b7d809 100644 --- a/ansible/roles/dof_redis/templates/deployment.yml.j2 +++ b/ansible/roles/dof_redis/templates/deployment.yml.j2 @@ -73,6 +73,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -81,7 +82,8 @@ spec: operator: In values: - redis - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/erwin-idm/templates/deployment.yml.j2 b/ansible/roles/erwin-idm/templates/deployment.yml.j2 index 6f0cab253..459ba2b3a 100644 --- a/ansible/roles/erwin-idm/templates/deployment.yml.j2 +++ b/ansible/roles/erwin-idm/templates/deployment.yml.j2 @@ -100,6 +100,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -108,7 +109,8 @@ spec: operator: In values: - erwinidm - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/hydra/templates/deployment.yml.j2 b/ansible/roles/hydra/templates/deployment.yml.j2 index c7ed41511..792bddb64 100644 --- a/ansible/roles/hydra/templates/deployment.yml.j2 +++ b/ansible/roles/hydra/templates/deployment.yml.j2 @@ -83,6 +83,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -91,7 +92,8 @@ spec: operator: In values: - hydra - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/rocketchat/templates/deployment.yml.j2 b/ansible/roles/rocketchat/templates/deployment.yml.j2 index 98d8fe613..69749e853 100644 --- a/ansible/roles/rocketchat/templates/deployment.yml.j2 +++ b/ansible/roles/rocketchat/templates/deployment.yml.j2 @@ -94,6 +94,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -102,7 +103,8 @@ spec: operator: In values: - rocketchat - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: diff --git a/ansible/roles/storage/templates/deployment.yml.j2 b/ansible/roles/storage/templates/deployment.yml.j2 index 66241e75a..2b5dc858a 100644 --- a/ansible/roles/storage/templates/deployment.yml.j2 +++ b/ansible/roles/storage/templates/deployment.yml.j2 @@ -81,6 +81,7 @@ spec: namespaceSelector: {} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - weight: 10 podAffinityTerm: labelSelector: @@ -89,7 +90,8 @@ spec: operator: In values: - minio - topologyKey: "cloud.ionos.com/nodepool-name" + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} - weight: 20 podAffinityTerm: labelSelector: From b64c3fc16b993fcd143902ac0176889457ed6294 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Fri, 1 Dec 2023 16:12:03 +0100 Subject: [PATCH 4/5] BC-5423 - fix ansible vars --- ansible/group_vars/all/affinity.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/group_vars/all/affinity.yml b/ansible/group_vars/all/affinity.yml index acffab534..fc15f0337 100644 --- a/ansible/group_vars/all/affinity.yml +++ b/ansible/group_vars/all/affinity.yml @@ -1,2 +1,2 @@ -ANIT_AFFINITY_NODEPOOL_ENABLE = true -ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY = "cloud.ionos.com/nodepool-name" +ANIT_AFFINITY_NODEPOOL_ENABLE: true +ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY: "cloud.ionos.com/nodepool-name" From 0b4652fe800dbcdace787d071eb5a507ed715fc0 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Mon, 4 Dec 2023 12:33:34 +0100 Subject: [PATCH 5/5] BC-5423 - make affinity optional for all --- ansible/group_vars/all/affinity.yml | 1 + ansible/roles/clamav/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_etherpad/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_mongo/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_postgresql/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_redis/templates/deployment.yml.j2 | 2 ++ ansible/roles/erwin-idm/templates/deployment.yml.j2 | 2 ++ ansible/roles/hydra/templates/deployment.yml.j2 | 2 ++ ansible/roles/maildrop/templates/deployment.yml.j2 | 2 ++ ansible/roles/oidcmock/templates/deployment.yml.j2 | 2 ++ ansible/roles/rocketchat/templates/deployment.yml.j2 | 2 ++ ansible/roles/rocketchat/templates/fixup-job.yml.j2 | 2 ++ ansible/roles/storage/templates/deployment.yml.j2 | 2 ++ 15 files changed, 29 insertions(+) diff --git a/ansible/group_vars/all/affinity.yml b/ansible/group_vars/all/affinity.yml index fc15f0337..9cb5c16e1 100644 --- a/ansible/group_vars/all/affinity.yml +++ b/ansible/group_vars/all/affinity.yml @@ -1,2 +1,3 @@ +AFFINITY_ENABLE: true ANIT_AFFINITY_NODEPOOL_ENABLE: true ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY: "cloud.ionos.com/nodepool-name" diff --git a/ansible/roles/clamav/templates/deployment.yml.j2 b/ansible/roles/clamav/templates/deployment.yml.j2 index 5fc8431e6..792f82e1e 100644 --- a/ansible/roles/clamav/templates/deployment.yml.j2 +++ b/ansible/roles/clamav/templates/deployment.yml.j2 @@ -46,6 +46,7 @@ spec: requests: cpu: {{ CLAMAV_CPU_MIN|default("100m", true) }} memory: {{ CLAMAV_MEMORY_MIN|default("1Gi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -81,3 +82,4 @@ spec: values: - clamav topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 index 416e6efb6..5157482b3 100644 --- a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 @@ -74,6 +74,7 @@ spec: items: - key: ETHERPAD_API_KEY path: APIKEY.txt +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -109,3 +110,4 @@ spec: values: - etherpad topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 index 4511e853b..567b14a8e 100644 --- a/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad_nginx/templates/deployment.yml.j2 @@ -77,6 +77,7 @@ spec: items: - key: default.conf path: default.conf +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -112,3 +113,4 @@ spec: values: - etherpad-nginx topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 index 757ac7783..15042e5d0 100644 --- a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 @@ -53,6 +53,7 @@ spec: requests: cpu: {{ MAILCATCHER_CPU_REQUESTS|default("100m", true) }} memory: {{ MAILCATCHER_MEMORY_REQUESTS|default("256Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -66,3 +67,4 @@ spec: - schulcloud-verbund topologyKey: "kubernetes.io/hostname" namespaceSelector: {} +{% endif %} diff --git a/ansible/roles/dof_mongo/templates/deployment.yml.j2 b/ansible/roles/dof_mongo/templates/deployment.yml.j2 index f03bc94c9..537b93b99 100644 --- a/ansible/roles/dof_mongo/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mongo/templates/deployment.yml.j2 @@ -83,6 +83,7 @@ spec: - name: mongodb-data-pv persistentVolumeClaim: claimName: mongo-pvc +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -96,3 +97,4 @@ spec: - schulcloud-verbund topologyKey: "kubernetes.io/hostname" namespaceSelector: {} +{% endif %} diff --git a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 index 0207477ff..26250db7e 100644 --- a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 +++ b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 @@ -67,6 +67,7 @@ spec: items: - key: 01_erwinidm.sql path: 01_erwinidm.sql +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -80,3 +81,4 @@ spec: - schulcloud-verbund topologyKey: "kubernetes.io/hostname" namespaceSelector: {} +{% endif %} diff --git a/ansible/roles/dof_redis/templates/deployment.yml.j2 b/ansible/roles/dof_redis/templates/deployment.yml.j2 index 2a8b7d809..ef3bfc0eb 100644 --- a/ansible/roles/dof_redis/templates/deployment.yml.j2 +++ b/ansible/roles/dof_redis/templates/deployment.yml.j2 @@ -58,6 +58,7 @@ spec: - name: redis-data-pv persistentVolumeClaim: claimName: redis-pvc +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -93,3 +94,4 @@ spec: values: - redis topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/erwin-idm/templates/deployment.yml.j2 b/ansible/roles/erwin-idm/templates/deployment.yml.j2 index 459ba2b3a..c6c26fa70 100644 --- a/ansible/roles/erwin-idm/templates/deployment.yml.j2 +++ b/ansible/roles/erwin-idm/templates/deployment.yml.j2 @@ -85,6 +85,7 @@ spec: timeoutSeconds: 4 failureThreshold: 30 periodSeconds: 10 +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -120,3 +121,4 @@ spec: values: - erwinidm topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/hydra/templates/deployment.yml.j2 b/ansible/roles/hydra/templates/deployment.yml.j2 index 792bddb64..58330eb91 100644 --- a/ansible/roles/hydra/templates/deployment.yml.j2 +++ b/ansible/roles/hydra/templates/deployment.yml.j2 @@ -68,6 +68,7 @@ spec: requests: cpu: "{{ HYDRA_CPU_MIN|default("100m", true) }}" memory: "{{ HYDRA_MEM_MIN|default("128Mi", true) }}" +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -103,3 +104,4 @@ spec: values: - hydra topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/maildrop/templates/deployment.yml.j2 b/ansible/roles/maildrop/templates/deployment.yml.j2 index 3e672058a..884374c36 100644 --- a/ansible/roles/maildrop/templates/deployment.yml.j2 +++ b/ansible/roles/maildrop/templates/deployment.yml.j2 @@ -61,6 +61,7 @@ spec: requests: cpu: {{ MAILDROP_CPU_REQUESTS|default("100m", true) }} memory: {{ MAILDROP_MEMORY_REQUESTS|default("128Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -74,3 +75,4 @@ spec: - schulcloud-verbund topologyKey: "kubernetes.io/hostname" namespaceSelector: {} +{% endif %} diff --git a/ansible/roles/oidcmock/templates/deployment.yml.j2 b/ansible/roles/oidcmock/templates/deployment.yml.j2 index fe097e81d..113575295 100644 --- a/ansible/roles/oidcmock/templates/deployment.yml.j2 +++ b/ansible/roles/oidcmock/templates/deployment.yml.j2 @@ -85,6 +85,7 @@ spec: path: clientsConfigurationContent.json - name: config-directory emptyDir: {} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -98,3 +99,4 @@ spec: - schulcloud-verbund topologyKey: "kubernetes.io/hostname" namespaceSelector: {} +{% endif %} diff --git a/ansible/roles/rocketchat/templates/deployment.yml.j2 b/ansible/roles/rocketchat/templates/deployment.yml.j2 index 69749e853..485486e84 100644 --- a/ansible/roles/rocketchat/templates/deployment.yml.j2 +++ b/ansible/roles/rocketchat/templates/deployment.yml.j2 @@ -79,6 +79,7 @@ spec: volumes: - name: rocketchat-uploads-data emptyDir: {} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -114,3 +115,4 @@ spec: values: - rocketchat topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 index c8207c205..dd33666f4 100644 --- a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 +++ b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 @@ -47,6 +47,7 @@ spec: - key: update.sh path: update.sh restartPolicy: Never +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -60,6 +61,7 @@ spec: - schulcloud-verbund topologyKey: "kubernetes.io/hostname" namespaceSelector: {} +{% endif %} metadata: labels: app: rocketchat diff --git a/ansible/roles/storage/templates/deployment.yml.j2 b/ansible/roles/storage/templates/deployment.yml.j2 index 2b5dc858a..dc3e18437 100644 --- a/ansible/roles/storage/templates/deployment.yml.j2 +++ b/ansible/roles/storage/templates/deployment.yml.j2 @@ -66,6 +66,7 @@ spec: - name: storage-pv persistentVolumeClaim: claimName: storage-pvc +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -101,3 +102,4 @@ spec: values: - minio topologyKey: "topology.kubernetes.io/zone" +{% endif %}