From 35e26527149e1ae8cd1bb0d7ee8c640ae67a910b Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Mon, 15 Aug 2022 16:04:50 +0100 Subject: [PATCH] feat(helm chart): node affinities, tolerations etc. are configurable (#926) * feat(helm chart): node affinities, tolerations etc. are configurable Kubernetes operators should be able to configure Speckle to be deployed on certain nodes based on rules they provide. This commit allows affinity, nodeSelector, tolerations, and topologySpreadConstrains to be provided by the operator. fixes https://github.com/specklesystems/speckle-server/issues/861 --- .../speckle-server/templates/_helpers.tpl | 13 +++ .../fileimport_service/deployment.yml | 16 ++- .../templates/frontend/deployment.yml | 12 +++ .../templates/monitoring/deployment.yml | 12 +++ .../templates/preview_service/deployment.yml | 12 +++ .../templates/server/deployment.yml | 12 +++ .../templates/webhook_service/deployment.yml | 13 +++ utils/helm/speckle-server/values.yaml | 97 ++++++++++++++++++- 8 files changed, 184 insertions(+), 3 deletions(-) diff --git a/utils/helm/speckle-server/templates/_helpers.tpl b/utils/helm/speckle-server/templates/_helpers.tpl index 5927ac7ef..e2f2b28f3 100644 --- a/utils/helm/speckle-server/templates/_helpers.tpl +++ b/utils/helm/speckle-server/templates/_helpers.tpl @@ -228,3 +228,16 @@ Params: {{- printf "false" -}} {{- end -}} {{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "speckle.renderTpl" ( dict "value" .Values.path.to.value "context" $) }} +*/}} +{{- define "speckle.renderTpl" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/utils/helm/speckle-server/templates/fileimport_service/deployment.yml b/utils/helm/speckle-server/templates/fileimport_service/deployment.yml index 744b1b07f..66a55136f 100644 --- a/utils/helm/speckle-server/templates/fileimport_service/deployment.yml +++ b/utils/helm/speckle-server/templates/fileimport_service/deployment.yml @@ -65,7 +65,7 @@ spec: env: - name: SPECKLE_SERVER_URL value: "http://speckle-server:3000" - + - name: PG_CONNECTION_STRING valueFrom: secretKeyRef: @@ -83,6 +83,19 @@ spec: - name: FILE_IMPORT_TIME_LIMIT_MIN value: {{ .Values.fileimport_service.time_limit_min | quote }} + {{- if .Values.fileimport_service.affinity }} + affinity: {{- include "speckle.renderTpl" (dict "value" .Values.fileimport_service.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fileimport_service.nodeSelector }} + nodeSelector: {{- include "speckle.renderTpl" (dict "value" .Values.fileimport_service.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fileimport_service.tolerations }} + tolerations: {{- include "speckle.renderTpl" (dict "value" .Values.fileimport_service.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fileimport_service.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "speckle.renderTpl" (dict "value" .Values.fileimport_service.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + securityContext: runAsNonRoot: true runAsUser: 20000 @@ -91,7 +104,6 @@ spec: runAsGroup: 30000 seccompProfile: type: RuntimeDefault - priorityClassName: low-priority volumes: diff --git a/utils/helm/speckle-server/templates/frontend/deployment.yml b/utils/helm/speckle-server/templates/frontend/deployment.yml index 7b521d0ed..c66993978 100644 --- a/utils/helm/speckle-server/templates/frontend/deployment.yml +++ b/utils/helm/speckle-server/templates/frontend/deployment.yml @@ -52,3 +52,15 @@ spec: value: {{ .Values.file_size_limit_mb | quote }} priorityClassName: high-priority + {{- if .Values.frontend.affinity }} + affinity: {{- include "speckle.renderTpl" (dict "value" .Values.frontend.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.frontend.nodeSelector }} + nodeSelector: {{- include "speckle.renderTpl" (dict "value" .Values.frontend.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.frontend.tolerations }} + tolerations: {{- include "speckle.renderTpl" (dict "value" .Values.frontend.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.frontend.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "speckle.renderTpl" (dict "value" .Values.frontend.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} diff --git a/utils/helm/speckle-server/templates/monitoring/deployment.yml b/utils/helm/speckle-server/templates/monitoring/deployment.yml index 3711838f8..1be1e8997 100644 --- a/utils/helm/speckle-server/templates/monitoring/deployment.yml +++ b/utils/helm/speckle-server/templates/monitoring/deployment.yml @@ -81,3 +81,15 @@ spec: {{- end }} terminationGracePeriodSeconds: 10 + {{- if .Values.monitoring.affinity }} + affinity: {{- include "speckle.renderTpl" (dict "value" .Values.monitoring.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.monitoring.nodeSelector }} + nodeSelector: {{- include "speckle.renderTpl" (dict "value" .Values.monitoring.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.monitoring.tolerations }} + tolerations: {{- include "speckle.renderTpl" (dict "value" .Values.monitoring.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.monitoring.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "speckle.renderTpl" (dict "value" .Values.monitoring.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} diff --git a/utils/helm/speckle-server/templates/preview_service/deployment.yml b/utils/helm/speckle-server/templates/preview_service/deployment.yml index 2ce33c418..3289a7052 100644 --- a/utils/helm/speckle-server/templates/preview_service/deployment.yml +++ b/utils/helm/speckle-server/templates/preview_service/deployment.yml @@ -76,6 +76,18 @@ spec: value: "/postgres-certificate/ca-certificate.crt" {{- end }} + {{- if .Values.preview_service.affinity }} + affinity: {{- include "speckle.renderTpl" (dict "value" .Values.preview_service.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.preview_service.nodeSelector }} + nodeSelector: {{- include "speckle.renderTpl" (dict "value" .Values.preview_service.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.preview_service.tolerations }} + tolerations: {{- include "speckle.renderTpl" (dict "value" .Values.preview_service.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.preview_service.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "speckle.renderTpl" (dict "value" .Values.preview_service.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} priorityClassName: low-priority securityContext: diff --git a/utils/helm/speckle-server/templates/server/deployment.yml b/utils/helm/speckle-server/templates/server/deployment.yml index c9449eab6..1a4372525 100644 --- a/utils/helm/speckle-server/templates/server/deployment.yml +++ b/utils/helm/speckle-server/templates/server/deployment.yml @@ -255,6 +255,18 @@ spec: name: {{ .Values.secretName }} key: apollo_key {{- end }} + {{- if .Values.server.affinity }} + affinity: {{- include "speckle.renderTpl" (dict "value" .Values.server.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.server.nodeSelector }} + nodeSelector: {{- include "speckle.renderTpl" (dict "value" .Values.server.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: {{- include "speckle.renderTpl" (dict "value" .Values.server.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.server.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "speckle.renderTpl" (dict "value" .Values.server.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} priorityClassName: high-priority securityContext: diff --git a/utils/helm/speckle-server/templates/webhook_service/deployment.yml b/utils/helm/speckle-server/templates/webhook_service/deployment.yml index 9c090d879..5c8b71cd4 100644 --- a/utils/helm/speckle-server/templates/webhook_service/deployment.yml +++ b/utils/helm/speckle-server/templates/webhook_service/deployment.yml @@ -76,6 +76,19 @@ spec: value: "/postgres-certificate/ca-certificate.crt" {{- end }} + {{- if .Values.webhook_service.affinity }} + affinity: {{- include "speckle.renderTpl" (dict "value" .Values.webhook_service.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webhook_service.nodeSelector }} + nodeSelector: {{- include "speckle.renderTpl" (dict "value" .Values.webhook_service.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webhook_service.tolerations }} + tolerations: {{- include "speckle.renderTpl" (dict "value" .Values.webhook_service.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webhook_service.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "speckle.renderTpl" (dict "value" .Values.webhook_service.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + priorityClassName: low-priority securityContext: diff --git a/utils/helm/speckle-server/values.yaml b/utils/helm/speckle-server/values.yaml index 5d89ceb83..876ed33fb 100644 --- a/utils/helm/speckle-server/values.yaml +++ b/utils/helm/speckle-server/values.yaml @@ -94,9 +94,24 @@ server: sentry_dns: '' disable_tracking: false disable_tracing: false - networkPolicy: enabled: false + ## @param server.affinity Affinity for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param server.nodeSelector Node labels for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param server.tolerations Tolerations for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param server.topologySpreadConstraints Spread Constraints for Speckle server pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] frontend: replicas: 1 @@ -108,6 +123,22 @@ frontend: memory: 512Mi networkPolicy: enabled: false + ## @param server.affinity Affinity for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param server.nodeSelector Node labels for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param server.tolerations Tolerations for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param server.topologySpreadConstraints Spread Constraints for Speckle server pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] preview_service: replicas: 1 @@ -119,6 +150,22 @@ preview_service: memory: 4Gi networkPolicy: enabled: false + ## @param server.affinity Affinity for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param server.nodeSelector Node labels for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param server.tolerations Tolerations for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param server.topologySpreadConstraints Spread Constraints for Speckle server pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] webhook_service: replicas: 1 @@ -130,6 +177,22 @@ webhook_service: memory: 512Mi networkPolicy: enabled: false + ## @param server.affinity Affinity for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param server.nodeSelector Node labels for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param server.tolerations Tolerations for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param server.topologySpreadConstraints Spread Constraints for Speckle server pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] fileimport_service: replicas: 1 @@ -142,6 +205,22 @@ fileimport_service: time_limit_min: 10 networkPolicy: enabled: false + ## @param server.affinity Affinity for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param server.nodeSelector Node labels for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param server.tolerations Tolerations for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param server.topologySpreadConstraints Spread Constraints for Speckle server pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] monitoring: replicas: 1 @@ -153,6 +232,22 @@ monitoring: memory: 512Mi networkPolicy: enabled: false + ## @param server.affinity Affinity for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param server.nodeSelector Node labels for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param server.tolerations Tolerations for Speckle server pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param server.topologySpreadConstraints Spread Constraints for Speckle server pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] test: requests: