From 2d74e3922e2abbda51ea87f9eb2c6481972f8515 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 6 Apr 2021 14:54:32 +0000 Subject: [PATCH] Standardize Affinity --- CHANGELOG.md | 4 +++ chart/Chart.yaml | 2 +- chart/templates/deployment.yaml | 15 +++++------ chart/values.yaml | 31 +++++++++++++---------- docs/AFFINITY.md | 45 ++++++++++++++++++++------------- 5 files changed, 56 insertions(+), 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93ea1ac..87805a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [0.0.3-bb.3] - 2021-04-05 +### Changed +- Affinity values modified to standardize + ## [0.0.3-bb.2] - 2021-03-31 ### Added - Values passthroughs for affinity and anti-affinity added diff --git a/chart/Chart.yaml b/chart/Chart.yaml index f64111d..6824c66 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v2 name: twistlock -version: 0.0.3-bb.2 +version: 0.0.3-bb.3 appVersion: 20.12.531 diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index d671f67..ff9eb7c 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -25,16 +25,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if or .Values.antiAffinity .Values.nodeAffinity }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} affinity: - {{- with .Values.antiAffinity }} - podAntiAffinity: - {{ toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.nodeAffinity }} - nodeAffinity: - {{ toYaml . | nindent 10 }} - {{- end }} + {{ toYaml .Values.affinity | nindent 8 }} {{- end }} containers: - name: twistlock-console diff --git a/chart/values.yaml b/chart/values.yaml index 61e8a85..10b5185 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -28,18 +28,21 @@ console: size: 100Gi accessMode: ReadWriteOnce -antiAffinity: {} - # requiredDuringSchedulingIgnoredDuringExecution: - # - topologyKey: "kubernetes.io/hostname" - # labelSelector: - # matchLabels: - # dont-schedule-with: twistlock +affinity: {} + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - topologyKey: "kubernetes.io/hostname" + # labelSelector: + # matchLabels: + # dont-schedule-with: twistlock" + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: node-type + # operator: In + # values: + # - "twistlock" -nodeAffinity: {} - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: node-type - # operator: In - # values: - # - "twistlock" +nodeSelector: {} + # node-type: twistlock" diff --git a/docs/AFFINITY.md b/docs/AFFINITY.md index f24af8d..7e643ac 100644 --- a/docs/AFFINITY.md +++ b/docs/AFFINITY.md @@ -1,33 +1,44 @@ # Node Affinity & Anti-Affinity with Twistlock -Affinity is exposed through values options for Twistlock. If you want to schedule your pods to deploy on specific nodes you can do that through the `nodeAffinity` value and as needed the `antiAffinity` value. Additional info is provided below as well to help in configuring this. +Affinity is exposed through values options for this package. If you want to schedule your pods to deploy on specific nodes you can do that through the `nodeSelector` value and as needed the `affinity` value. Additional info is provided below as well to help in configuring this. It is good to have a basic knowledge of node affinity and available options to you before customizing in this way - the upstream kubernetes documentation [has a good walkthrough of this](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). +## Values for NodeSelector + +The `nodeSelector` value at the top level can be set to do basic node selection for deployments. See the below example for an example to schedule pods to only nodes with the label `node-type` equal to `twistlock`: + +```yaml +nodeSelector: + node-type: twistlock +``` + ## Values for Affinity -The `nodeAffinity` value at the top level for Twistlock should be used to specify affinity. The format to include follows what you'd specify at a pod/deployment level. See the example below for scheduling the operator pods only to nodes with the label `node-type` equal to `operator`: +The `affinity` value at the top level should be used to specify affinity. The format to include follows what you'd specify at a pod/deployment level. See the example below for scheduling the operator pods only to nodes with the label `node-type` equal to `twistlock`: ```yaml -nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-type - operator: In - values: - - operator +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-type + operator: In + values: + - twistlock ``` ## Values for Anti-Affinity -The `antiAffinity` value at the top level for Twistlock can be set in the same way to schedule pods based on anti-affinity. See the below example to schedule Twistlock pods to not be present on the nodes that already have pods with the `dont-schedule-with: twistlock` label. +The `affinity` value at the top level can be set in the same way to schedule pods based on anti-affinity. See the below example to schedule pods to not be present on the nodes that already have pods with the `dont-schedule-with: twistlock` label: ```yaml -antiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchLabels: - dont-schedule-with: twistlock +affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + dont-schedule-with: twistlock ``` -- GitLab