diff --git a/chart/templates/twistlock_console.yaml b/chart/templates/twistlock_console.yaml index ca6f99740bd594f0415d04ae2ab35abfcfefc93c..8cc0a35fa90756e5a4df93ea203a12db58f522d2 100644 --- a/chart/templates/twistlock_console.yaml +++ b/chart/templates/twistlock_console.yaml @@ -74,6 +74,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + containers: - name: twistlock-console image: {{ .Values.console.image.repository }}:{{ .Values.console.image.tag }} diff --git a/chart/values.yaml b/chart/values.yaml index db55f169647e5a26e35fbef7e560b1415d39061b..0ac18b427da0e9624a91ed6d47d1e39c59c5e65f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -26,4 +26,7 @@ console: persistence: size: 100Gi - accessMode: ReadWriteOnce \ No newline at end of file + accessMode: ReadWriteOnce +nodeSelector: {} +affinity: {} + diff --git a/docs/affinity.md b/docs/affinity.md new file mode 100644 index 0000000000000000000000000000000000000000..211554a010251b93f158a836d3ff7974fbedd244 --- /dev/null +++ b/docs/affinity.md @@ -0,0 +1,65 @@ +# Affinity + +* [kubernetes affinity ](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) + +Pod constraints for istio operator is implemented following the kubernetes affinity documentation. Istio Operator can constraint a pod using nodeSelector or Affinity/Antti-affinity feature + +## nodeSelector +in the values.yaml add nodeSelector like: +``` + nodeSelector: + : +``` + +## nodeAffinity +in the values of yaml. add nodeaffinity like: + +``` +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value +``` +## podAffinity +in the values.yaml add pod affinity/antiaffinity like: + +``` +affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S1 + topologyKey: topology.kubernetes.io/zone + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S2 + topologyKey: topology.kubernetes.io/zone +``` + + + diff --git a/tests/test-values.yml b/tests/test-values.yml index 26bab169e12e50d908dcbe4ebf8ec5e381347f27..179bed25ae29cb521afb408cf582d77b361d09b9 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -2,7 +2,7 @@ istio: enabled: true imagePullSecrets: -- name: private-registry-mil +- name: private-registry console: persistence: