From 40bf42f8fa3a09b10905998bf58f3c36a5f02b69 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Mon, 4 Dec 2023 16:27:24 +0100 Subject: [PATCH] BC-5423 - Add POD affinity and anti-affinity (#4606) To Improve the distribution of PODs to the least number of kubernetes worker nodes who is Required but also to secure that the PODs of one Deployment are distributed over the Fault Zones and Node pools the pod affinity and anti affinity are set. Affernety number calculation: Assign Number for an host = 0 - 20 X Fault Zone - 10 X Node Pool + 9 X Host Host = 1 if on the host runs an POD from the Schulcloud-Verbund on any namespace Host = 0 if on the host runs no POD from the Schulcloud-Verbund on any namespace Node Pool = 1 if on a host of this node pool runs an POD from the Deployment Node Pool = 0 if on no host of this node pool runs an POD from the Deployment Fault Pool = 1 if on a host of this fault zone runs an POD from the Deployment Fault Pool = 0 if on no host of this fault zone uns an POD from the Deployment --- .../api-h5p-library-management-cronjob.yml.j2 | 32 +++++++++++++++ .../admin-api-server-deployment.yml.j2 | 39 ++++++++++++++++++- .../templates/amqp-files-deployment.yml.j2 | 39 +++++++++++++++++++ .../api-delete-s3-files-cronjob.yml.j2 | 15 +++++++ .../templates/api-files-deployment.yml.j2 | 37 ++++++++++++++++++ .../templates/api-fwu-deployment.yml.j2 | 37 ++++++++++++++++++ .../data-deletion-trigger-cronjob.yml.j2 | 15 +++++++ .../templates/deployment.yml.j2 | 37 ++++++++++++++++++ .../preview-generator-deployment.yml.j2 | 37 ++++++++++++++++++ .../templates/tldraw-deployment.yml.j2 | 37 ++++++++++++++++++ .../templates/api-h5p-deployment.yml.j2 | 37 ++++++++++++++++++ .../templates/management-deployment.yml.j2 | 37 ++++++++++++++++++ .../api-ldap-sync-full-cronjob.yml.j2 | 15 +++++++ .../api-ldap-worker-deployment.yml.j2 | 37 ++++++++++++++++++ .../api-tsp-sync-base-cronjob.yml.j2 | 15 +++++++ .../templates/api-tsp-sync-deployment.yml.j2 | 37 ++++++++++++++++++ .../api-tsp-sync-school-cronjob.yml.j2 | 15 +++++++ 17 files changed, 517 insertions(+), 1 deletion(-) diff --git a/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 b/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 index 6e5b36fa91b..a578a23d796 100644 --- a/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 +++ b/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 @@ -4,6 +4,13 @@ metadata: namespace: {{ NAMESPACE }} labels: app: api-library-management-cronjob + app.kubernetes.io/part-of: schulcloud-verbund + app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }} + app.kubernetes.io/name: api-library-management-cronjob + app.kubernetes.io/component: h5p + app.kubernetes.io/managed-by: ansible + git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }} + git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }} name: api-library-management-cronjob spec: schedule: "{{ SERVER_H5P_LIBRARY_MANAGEMENT_CRONJOB|default("0 3 * * 3,6", true) }}" @@ -12,6 +19,16 @@ spec: spec: activeDeadlineSeconds: {{ SERVER_H5P_LIBRARY_MANAGEMENT_CRONJOB_TIMEOUT|default("39600", true) }} template: + metadata: + labels: + app: api-library-management-cronjob + app.kubernetes.io/part-of: schulcloud-verbund + app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }} + app.kubernetes.io/name: api-library-management-cronjob + app.kubernetes.io/component: h5p + app.kubernetes.io/managed-by: ansible + git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }} + git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }} spec: containers: - name: api-h5p-library-management-cronjob @@ -31,3 +48,18 @@ spec: cpu: {{ API_H5P_LIBRARY_MANAGEMENT_CPU_REQUESTS|default("100m", true) }} memory: {{ API_H5P_LIBRARY_MANAGEMENT_MEMORY_REQUESTS|default("150Mi", true) }} restartPolicy: OnFailure +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} +{% endif %} diff --git a/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 index c191916fe2d..ef0076fd15e 100644 --- a/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 @@ -61,4 +61,41 @@ spec: memory: {{ ADMIN_API_SERVER_MEMORY_LIMITS|default("4Gi", true) }} requests: cpu: {{ ADMIN_API_SERVER_CPU_REQUESTS|default("100m", true) }} - memory: {{ ADMIN_API_SERVER_MEMORY_REQUESTS|default("150Mi", true) }} \ No newline at end of file + memory: {{ ADMIN_API_SERVER_MEMORY_REQUESTS|default("150Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-admin + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-admin + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-core/templates/amqp-files-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/amqp-files-deployment.yml.j2 index e3843effc48..66f60f06b39 100644 --- a/ansible/roles/schulcloud-server-core/templates/amqp-files-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/amqp-files-deployment.yml.j2 @@ -58,3 +58,42 @@ spec: requests: cpu: {{ AMQP_FILE_STORAGE_CPU_REQUESTS|default("100m", true) }} memory: {{ AMQP_FILE_STORAGE_MEMORY_REQUESTS|default("50Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - amqp-files + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - amqp-files + topologyKey: "topology.kubernetes.io/zone" +{% endif %} + + diff --git a/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 index 2eb0fdd4094..075f1dc7227 100644 --- a/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 @@ -38,6 +38,21 @@ spec: cpu: {{ API_CPU_REQUESTS|default("100m", true) }} memory: {{ API_MEMORY_REQUESTS|default("150Mi", true) }} restartPolicy: OnFailure +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} +{% endif %} metadata: labels: app: api diff --git a/ansible/roles/schulcloud-server-core/templates/api-files-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/api-files-deployment.yml.j2 index 7866e23dcc3..3c0401150a5 100644 --- a/ansible/roles/schulcloud-server-core/templates/api-files-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/api-files-deployment.yml.j2 @@ -84,3 +84,40 @@ spec: requests: cpu: {{ API_FILE_STORAGE_CPU_REQUESTS|default("100m", true) }} memory: {{ API_FILE_STORAGE_MEMORY_REQUESTS|default("50Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-files + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-files + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-core/templates/api-fwu-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/api-fwu-deployment.yml.j2 index 5fe3f528bde..f0fd9fe5c24 100644 --- a/ansible/roles/schulcloud-server-core/templates/api-fwu-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/api-fwu-deployment.yml.j2 @@ -84,3 +84,40 @@ spec: requests: cpu: {{ API_FWU_LEARNING_CONTENTS_CPU_REQUESTS|default("100m", true) }} memory: {{ API_FWU_LEARNING_CONTENTS_MEMORY_REQUESTS|default("50Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-fwu + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-fwu + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 index a0807973c43..d800475c380 100644 --- a/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 @@ -45,6 +45,21 @@ spec: cpu: {{ API_CPU_REQUESTS|default("100m", true) }} memory: {{ API_MEMORY_REQUESTS|default("150Mi", true) }} restartPolicy: OnFailure +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} +{% endif %} metadata: labels: app: data-deletion-trigger diff --git a/ansible/roles/schulcloud-server-core/templates/deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/deployment.yml.j2 index a18102bb55d..4aa16f23dd5 100644 --- a/ansible/roles/schulcloud-server-core/templates/deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/deployment.yml.j2 @@ -86,3 +86,40 @@ spec: requests: cpu: {{ API_CPU_REQUESTS|default("100m", true) }} memory: {{ API_MEMORY_REQUESTS|default("150Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-core/templates/preview-generator-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/preview-generator-deployment.yml.j2 index cffa1dc02b8..1297956c9f3 100644 --- a/ansible/roles/schulcloud-server-core/templates/preview-generator-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/preview-generator-deployment.yml.j2 @@ -58,3 +58,40 @@ spec: requests: cpu: {{ AMQP_FILE_PREVIEW_CPU_REQUESTS|default("100m", true) }} memory: {{ AMQP_FILE_PREVIEW_MEMORY_REQUESTS|default("250Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - preview-generator + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - preview-generator + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2 index f9dc4f09d9e..e6e45a1fd33 100644 --- a/ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2 @@ -65,3 +65,40 @@ spec: requests: cpu: {{ TLDRAW_EDITOR_CPU_REQUESTS|default("100m", true) }} memory: {{ TLDRAW_EDITOR_MEMORY_REQUESTS|default("150Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - tldraw-server + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - tldraw-server + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-h5p/templates/api-h5p-deployment.yml.j2 b/ansible/roles/schulcloud-server-h5p/templates/api-h5p-deployment.yml.j2 index e5923a2e1b9..782fd01bf1e 100644 --- a/ansible/roles/schulcloud-server-h5p/templates/api-h5p-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-h5p/templates/api-h5p-deployment.yml.j2 @@ -84,3 +84,40 @@ spec: requests: cpu: {{ API_H5P_EDITOR_CPU_REQUESTS|default("100m", true) }} memory: {{ API_H5P_EDITOR_MEMORY_REQUESTS|default("50Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-h5p + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-h5p + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-init/templates/management-deployment.yml.j2 b/ansible/roles/schulcloud-server-init/templates/management-deployment.yml.j2 index 93378069cc9..e76ac009555 100644 --- a/ansible/roles/schulcloud-server-init/templates/management-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-init/templates/management-deployment.yml.j2 @@ -83,3 +83,40 @@ spec: requests: cpu: {{ API_MANAGEMENT_CPU_REQUESTS|default("100m", true) }} memory: {{ API_MANAGEMENT_MEMORY_REQUESTS|default("50Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - management-deployment + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - management-deployment + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 index db852a7081f..d8b16938b86 100644 --- a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 @@ -37,6 +37,21 @@ spec: cpu: {{ API_CPU_REQUESTS|default("100m", true) }} memory: {{ API_MEMORY_REQUESTS|default("150Mi", true) }} restartPolicy: OnFailure +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} +{% endif %} metadata: labels: app: api-ldapsync-cronjob diff --git a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-worker-deployment.yml.j2 b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-worker-deployment.yml.j2 index 9f03dbee883..f4d6ba016dc 100644 --- a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-worker-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-worker-deployment.yml.j2 @@ -82,3 +82,40 @@ spec: requests: cpu: {{ API_CPU_REQUESTS|default("100m", true) }} memory: {{ API_MEMORY_REQUESTS|default("150Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-worker + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-worker + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-base-cronjob.yml.j2 b/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-base-cronjob.yml.j2 index e46dac14330..87a8d205398 100644 --- a/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-base-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-base-cronjob.yml.j2 @@ -27,6 +27,21 @@ spec: command: ['/bin/sh','-c'] args: ['curl -H "X-API-Key: $SYNC_API_KEY" "http://{{ API_TSP_SYNC_SVC|default("api-tsp-sync-svc", true) }}:3030/api/v1/sync?target=tsp-base" | python3 -m json.tool'] restartPolicy: OnFailure +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} +{% endif %} metadata: labels: app: api-tsp-sync-cronjob diff --git a/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-deployment.yml.j2 b/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-deployment.yml.j2 index 614db8cf1f9..526b6160384 100644 --- a/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-deployment.yml.j2 @@ -83,3 +83,40 @@ spec: requests: cpu: {{ API_CPU_REQUESTS|default("100m", true) }} memory: {{ API_MEMORY_REQUESTS|default("150Mi", true) }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-tsp-sync + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-tsp-sync + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-school-cronjob.yml.j2 b/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-school-cronjob.yml.j2 index e47ae85fab1..c09907c1656 100644 --- a/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-school-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-school-cronjob.yml.j2 @@ -27,6 +27,21 @@ spec: command: ['/bin/sh','-c'] args: ['curl -H "X-API-Key: $SYNC_API_KEY" "http://{{ API_TSP_SYNC_SVC|default("api-tsp-sync-svc", true) }}:3030/api/v1/sync?target=tsp-school" | python3 -m json.tool'] restartPolicy: OnFailure +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} +{% endif %} metadata: labels: app: api-tsp-sync-cronjob