From b061249b8dceb84938cfd650afa797b4d15496ce Mon Sep 17 00:00:00 2001 From: Kavitha Thulasiraman Date: Mon, 29 Mar 2021 20:26:30 -0700 Subject: [PATCH] add affinity --- chart/templates/twistlock_console.yaml | 9 ++++ chart/values.yaml | 5 +- docs/affinity.md | 65 ++++++++++++++++++++++++++ tests/test-values.yml | 2 +- 4 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 docs/affinity.md diff --git a/chart/templates/twistlock_console.yaml b/chart/templates/twistlock_console.yaml index ca6f997..8cc0a35 100644 --- a/chart/templates/twistlock_console.yaml +++ b/chart/templates/twistlock_console.yaml @@ -74,6 +74,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + containers: - name: twistlock-console image: {{ .Values.console.image.repository }}:{{ .Values.console.image.tag }} diff --git a/chart/values.yaml b/chart/values.yaml index db55f16..0ac18b4 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -26,4 +26,7 @@ console: persistence: size: 100Gi - accessMode: ReadWriteOnce \ No newline at end of file + accessMode: ReadWriteOnce +nodeSelector: {} +affinity: {} + diff --git a/docs/affinity.md b/docs/affinity.md new file mode 100644 index 0000000..211554a --- /dev/null +++ b/docs/affinity.md @@ -0,0 +1,65 @@ +# Affinity + +* [kubernetes affinity ](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) + +Pod constraints for istio operator is implemented following the kubernetes affinity documentation. Istio Operator can constraint a pod using nodeSelector or Affinity/Antti-affinity feature + +## nodeSelector +in the values.yaml add nodeSelector like: +``` + nodeSelector: + : +``` + +## nodeAffinity +in the values of yaml. add nodeaffinity like: + +``` +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value +``` +## podAffinity +in the values.yaml add pod affinity/antiaffinity like: + +``` +affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S1 + topologyKey: topology.kubernetes.io/zone + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S2 + topologyKey: topology.kubernetes.io/zone +``` + + + diff --git a/tests/test-values.yml b/tests/test-values.yml index 26bab16..179bed2 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -2,7 +2,7 @@ istio: enabled: true imagePullSecrets: -- name: private-registry-mil +- name: private-registry console: persistence: -- GitLab