Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Node Selector and Affinity Support #2305

Merged
merged 4 commits into from
Apr 8, 2024
Merged

Add Node Selector and Affinity Support #2305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e1fd576
Add affinity support for APK
pubudu538 Apr 7, 2024
c5e99a2
Add node selector support for the APK
pubudu538 Apr 7, 2024
546fe73
Make gateway.service.type configurable other than LB type
pubudu538 Apr 7, 2024
3d564be
Update helm docs
pubudu538 Apr 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion helm-charts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# apk-helm

![Version: 1.1.0-beta](https://img.shields.io/badge/Version-1.1.0--beta-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
![Version: 1.1.0-rc](https://img.shields.io/badge/Version-1.1.0--rc-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)

A Helm chart for APK components

Expand Down Expand Up @@ -60,6 +60,7 @@ A Helm chart for APK components
| wso2.apk.dp.gateway.autoscaling.maxReplicas | int | `2` | Maximum number of replicas for Gateway |
| wso2.apk.dp.gateway.autoscaling.targetMemory | int | `80` | Target memory utilization percentage for Gateway |
| wso2.apk.dp.gateway.autoscaling.targetCPU | int | `80` | Target CPU utilization percentage for Gateway |
| wso2.apk.dp.gateway.service | object | `{"type":"LoadBalancer"}` | Kubernetes service type for Gateway |
| wso2.apk.dp.redis.type | string | `"single"` | Redis type |
| wso2.apk.dp.redis.url | string | `"redis-master:6379"` | Redis URL |
| wso2.apk.dp.redis.tls | bool | `false` | TLS enabled |
Expand All @@ -73,6 +74,8 @@ A Helm chart for APK components
| wso2.apk.dp.partitionServer.tls.secretName | string | `"managetment-server-cert"` | TLS secret name for Partition Server Public Certificate. |
| wso2.apk.dp.partitionServer.tls.fileName | string | `"certificate.crt"` | TLS certificate file name. |
| wso2.apk.dp.configdeployer.enabled | bool | `true` | |
| wso2.apk.dp.configdeployer.deployment.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/app","operator":"In","values":["config-ds"]}]}}}]}}` | Configure Affinity for the deployment. |
| wso2.apk.dp.configdeployer.deployment.nodeSelector | object | `{}` | Configure Node Selector for the deployment. |
| wso2.apk.dp.configdeployer.deployment.resources.requests.memory | string | `"128Mi"` | CPU request for the container |
| wso2.apk.dp.configdeployer.deployment.resources.requests.cpu | string | `"100m"` | Memory request for the container |
| wso2.apk.dp.configdeployer.deployment.resources.limits.memory | string | `"1028Mi"` | CPU limit for the container |
Expand Down Expand Up @@ -108,6 +111,8 @@ A Helm chart for APK components
| wso2.apk.dp.adapter.deployment.imagePullPolicy | string | `"Always"` | Image pull policy |
| wso2.apk.dp.adapter.deployment.image | string | `"wso2/apk-adapter:1.1.0-beta"` | Image |
| wso2.apk.dp.adapter.deployment.security.sslHostname | string | `"adapter"` | Enable security for adapter. |
| wso2.apk.dp.adapter.deployment.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/app","operator":"In","values":["adapter"]}]}}}]}}` | Configure Affinity for the deployment. |
| wso2.apk.dp.adapter.deployment.nodeSelector | object | `{}` | Configure Node Selector for the deployment. |
| wso2.apk.dp.adapter.configs.apiNamespaces | string | `nil` | Optionally configure namespaces to watch for apis. |
| wso2.apk.dp.adapter.configs.tls.secretName | string | `""` | TLS secret name for adapter public certificate. |
| wso2.apk.dp.adapter.configs.tls.certKeyFilename | string | `""` | TLS certificate file name. |
Expand All @@ -131,6 +136,8 @@ A Helm chart for APK components
| wso2.apk.dp.commonController.deployment.image | string | `"wso2/apk-common-controller:1.1.0-beta"` | Image |
| wso2.apk.dp.commonController.deployment.security.sslHostname | string | `"commoncontroller"` | hostname for the common controller |
| wso2.apk.dp.commonController.deployment.configs.apiNamespaces | list | `["apk-v12"]` | Optionally configure namespaces to watch for apis,ratelimitpolicies,etc. |
| wso2.apk.dp.commonController.deployment.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/app","operator":"In","values":["common-controller"]}]}}}]}}` | Configure Affinity for the deployment. |
| wso2.apk.dp.commonController.deployment.nodeSelector | object | `{}` | Configure Node Selector for the deployment. |
| wso2.apk.dp.commonController.deployment.redis.host | string | `"redis-master"` | Redis host |
| wso2.apk.dp.commonController.deployment.redis.port | string | `"6379"` | Redis port |
| wso2.apk.dp.commonController.deployment.redis.username | string | `"default"` | Redis user name |
Expand Down Expand Up @@ -174,8 +181,12 @@ A Helm chart for APK components
| wso2.apk.dp.ratelimiter.deployment.configs.tls.certKeyFilename | string | `""` | TLS certificate file name. |
| wso2.apk.dp.ratelimiter.deployment.configs.tls.certFilename | string | `""` | TLS certificate file name. |
| wso2.apk.dp.ratelimiter.deployment.configs.tls.certCAFilename | string | `""` | TLS CA certificate file name. |
| wso2.apk.dp.ratelimiter.deployment.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/app","operator":"In","values":["rate-limiter"]}]}}}]}}` | Configure Affinity for the deployment. |
| wso2.apk.dp.ratelimiter.deployment.nodeSelector | object | `{}` | Configure Node Selector for the deployment. |
| wso2.apk.dp.gatewayRuntime.service.annotations | string | `nil` | Gateway service related annotations. |
| wso2.apk.dp.gatewayRuntime.deployment.replicas | int | `1` | Number of replicas |
| wso2.apk.dp.gatewayRuntime.deployment.nodeSelector | object | `{}` | Configure Node Selector for the deployment. |
| wso2.apk.dp.gatewayRuntime.deployment.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/app","operator":"In","values":["gateway-runtime"]}]}}}]}}` | Configure Affinity for the deployment. |
| wso2.apk.dp.gatewayRuntime.deployment.router.resources.requests.memory | string | `"128Mi"` | CPU request for the container |
| wso2.apk.dp.gatewayRuntime.deployment.router.resources.requests.cpu | string | `"100m"` | Memory request for the container |
| wso2.apk.dp.gatewayRuntime.deployment.router.resources.limits.memory | string | `"1028Mi"` | CPU limit for the container |
Expand Down Expand Up @@ -322,6 +333,10 @@ A Helm chart for APK components
| gatewaySystem.enableClusterRoleCreation | bool | `true` | |
| gatewaySystem.serviceAccountName | string | `"gateway-api-admission"` | |
| gatewaySystem.applyGatewayWehbhookJobs | bool | `true` | |
| gatewaySystem.deployment.image | string | `"registry.k8s.io/gateway-api/admission-server:v1.0.0"` | |
| gatewaySystem.deployment.imagePullPolicy | string | `"Always"` | |
| gatewaySystem.deployment.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/app","operator":"In","values":["gateway-api-ad-server"]}]}}}]}}` | Configure Affinity for the deployment. |
| gatewaySystem.deployment.nodeSelector | object | `{}` | Configure Node Selector for the deployment. |
| certmanager.enabled | bool | `true` | Enable certificate manager to generate certificates |
| certmanager.enableClusterIssuer | bool | `true` | Enable cluster issuer to generate certificates |
| certmanager.enableRootCa | bool | `true` | Enable root CA to generate certificates |
Expand Down
28 changes: 28 additions & 0 deletions helm-charts/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,35 @@ app.kubernetes.io/app: {{ .app }}
app.kubernetes.io/release: {{ .root.Release.Name }}
{{- end }}

{{- define "apk-helm.deployment.affinity" -}}
{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
{{- if (not .value) -}}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/app
operator: In
values:
- {{ .app }}
topologyKey: "topology.kubernetes.io/zone"
weight: 100
{{- else if contains "{{" (toJson .value) }}
{{- tpl $value .context }}
{{- else }}
{{- $value }}
{{- end }}
{{- end -}}

{{- define "apk-helm.deployment.nodeSelector" -}}
{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
{{- if contains "{{" (toJson .value) }}
{{- tpl $value .context }}
{{- else }}
{{- $value }}
{{- end }}
{{- end -}}

{{- define "apk-helm.deployment.readinessProbe.http" -}}
readinessProbe:
Expand Down
4 changes: 4 additions & 0 deletions helm-charts/templates/data-plane/config-deployer/config-ds-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/data-plane/config-deployer/config-ds-configmap.yaml") . | sha256sum }}
spec:
affinity: {{- include "apk-helm.deployment.affinity" ( dict "value" .Values.wso2.apk.dp.configdeployer.deployment.affinity "app" "config-ds" "context" $) | nindent 8 }}
{{- if .Values.wso2.apk.dp.configdeployer.deployment.nodeSelector }}
nodeSelector: {{- include "apk-helm.deployment.nodeSelector" ( dict "value" .Values.wso2.apk.dp.configdeployer.deployment.nodeSelector "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.wso2.apk.auth.serviceAccountName }}
containers:
- name: config-ds
Expand Down
8 changes: 6 additions & 2 deletions helm-charts/templates/data-plane/gateway-api/gateway-api.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,14 @@ spec:
labels:
name: gateway-api-admission-server
spec:
affinity: {{- include "apk-helm.deployment.affinity" ( dict "value" .Values.gatewaySystem.deployment.affinity "app" "gateway-api-ad-server" "context" $) | nindent 8 }}
{{- if .Values.gatewaySystem.deployment.nodeSelector }}
nodeSelector: {{- include "apk-helm.deployment.nodeSelector" ( dict "value" .Values.gatewaySystem.deployment.nodeSelector "context" $) | nindent 8 }}
{{- end }}
containers:
- name: webhook
image: registry.k8s.io/gateway-api/admission-server:v1.0.0
imagePullPolicy: Always
image: {{ .Values.gatewaySystem.deployment.image }}
imagePullPolicy: {{ .Values.gatewaySystem.deployment.imagePullPolicy }}
args:
- -logtostderr
- --tlsCertFile=/etc/certs/cert
Expand Down
4 changes: 4 additions & 0 deletions helm-charts/templates/data-plane/gateway-components/adapter/adapter-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/data-plane/gateway-components/log-conf.yaml") . | sha256sum }}
spec:
affinity: {{- include "apk-helm.deployment.affinity" ( dict "value" .Values.wso2.apk.dp.adapter.deployment.affinity "app" "adapter" "context" $) | nindent 8 }}
{{- if .Values.wso2.apk.dp.adapter.deployment.nodeSelector }}
nodeSelector: {{- include "apk-helm.deployment.nodeSelector" ( dict "value" .Values.wso2.apk.dp.adapter.deployment.nodeSelector "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.wso2.apk.auth.serviceAccountName }}
containers:
- name: adapter
Expand Down
4 changes: 4 additions & 0 deletions ...mplates/data-plane/gateway-components/common-controller/common-controller-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/data-plane/gateway-components/common-log-conf.yaml") . | sha256sum }}
spec:
affinity: {{- include "apk-helm.deployment.affinity" ( dict "value" .Values.wso2.apk.dp.commonController.deployment.affinity "app" "common-controller" "context" $) | nindent 8 }}
{{- if .Values.wso2.apk.dp.commonController.deployment.nodeSelector }}
nodeSelector: {{- include "apk-helm.deployment.nodeSelector" ( dict "value" .Values.wso2.apk.dp.commonController.deployment.nodeSelector "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.wso2.apk.auth.serviceAccountName }}
containers:
- name: commoncontroller
Expand Down
4 changes: 4 additions & 0 deletions ...s/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/data-plane/gateway-components/log-conf.yaml") . | sha256sum }}
spec:
affinity: {{- include "apk-helm.deployment.affinity" ( dict "value" .Values.wso2.apk.dp.gatewayRuntime.deployment.affinity "app" "gateway-runtime" "context" $) | nindent 8 }}
{{- if .Values.wso2.apk.dp.gatewayRuntime.deployment.nodeSelector }}
nodeSelector: {{- include "apk-helm.deployment.nodeSelector" ( dict "value" .Values.wso2.apk.dp.gatewayRuntime.deployment.nodeSelector "context" $) | nindent 8 }}
{{- end }}
automountServiceAccountToken: false
containers:
- name: enforcer
Expand Down
2 changes: 1 addition & 1 deletion helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ metadata:
{{ toYaml .Values.wso2.apk.dp.gatewayRuntime.service.annotations | indent 4 }}
{{ end }}
spec:
type: LoadBalancer
type: {{ .Values.wso2.apk.dp.gateway.service.type | default "LoadBalancer" }}
# label keys and values that must match in order to receive traffic for this service
selector:
{{ include "apk-helm.pod.selectorLabels" (dict "root" . "app" "gateway" ) | indent 4}}
Expand Down
4 changes: 4 additions & 0 deletions helm-charts/templates/data-plane/ratelimiter/ratelimiter-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,10 @@ spec:
labels:
{{ include "apk-helm.pod.selectorLabels" (dict "root" . "app" "ratelimiter" ) | indent 8}}
spec:
affinity: {{- include "apk-helm.deployment.affinity" ( dict "value" .Values.wso2.apk.dp.ratelimiter.deployment.affinity "app" "rate-limiter" "context" $) | nindent 8 }}
{{- if .Values.wso2.apk.dp.ratelimiter.deployment.nodeSelector }}
nodeSelector: {{- include "apk-helm.deployment.nodeSelector" ( dict "value" .Values.wso2.apk.dp.ratelimiter.deployment.nodeSelector "context" $) | nindent 8 }}
{{- end }}
automountServiceAccountToken: false
serviceAccountName: {{ .Values.wso2.apk.auth.serviceAccountName }}
containers:
Expand Down
6 changes: 5 additions & 1 deletion helm-charts/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ wso2:
gateway:
listener:
hostname: "gw.wso2.com"
service: {}
# secretName: "idp-tls"
# partitionServer:
# enabled: false
Expand Down Expand Up @@ -344,7 +345,10 @@ gatewaySystem:
enableClusterRoleCreation: true
serviceAccountName: gateway-api-admission
applyGatewayWehbhookJobs: true

deployment:
image: registry.k8s.io/gateway-api/admission-server:v1.0.0
imagePullPolicy: Always

certmanager:
enabled: true
enableClusterIssuer: true
Expand Down
87 changes: 86 additions & 1 deletion helm-charts/values.yaml.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,9 @@ wso2:
targetMemory: 80
# -- Target CPU utilization percentage for Gateway
targetCPU: 80
# -- Kubernetes service type for Gateway
service:
type: "LoadBalancer"
redis:
# -- Redis type
type: "single"
Expand Down Expand Up @@ -152,6 +155,19 @@ wso2:
configdeployer:
enabled: true
deployment:
# -- Configure Affinity for the deployment.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/app
operator: In
values:
- config-ds
# -- Configure Node Selector for the deployment.
nodeSelector: {}
resources:
requests:
# -- CPU request for the container
Expand Down Expand Up @@ -243,6 +259,21 @@ wso2:
security:
# -- Enable security for adapter.
sslHostname: "adapter"
# -- Configure Affinity for the deployment.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/app
operator: In
values:
- adapter
# - "{{ .Template.Name }}"
# - "{{ .Values.somevalue }}"
# -- Configure Node Selector for the deployment.
nodeSelector: {}
configs:
# -- Optionally configure namespaces to watch for apis.
apiNamespaces:
Expand Down Expand Up @@ -303,6 +334,19 @@ wso2:
# -- Optionally configure namespaces to watch for apis,ratelimitpolicies,etc.
apiNamespaces:
- "apk-v12"
# -- Configure Affinity for the deployment.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/app
operator: In
values:
- common-controller
# -- Configure Node Selector for the deployment.
nodeSelector: {}
redis:
# -- Redis host
host: "redis-master"
Expand Down Expand Up @@ -394,13 +438,39 @@ wso2:
certFilename: ""
# -- TLS CA certificate file name.
certCAFilename: ""
# -- Configure Affinity for the deployment.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/app
operator: In
values:
- rate-limiter
# -- Configure Node Selector for the deployment.
nodeSelector: {}
gatewayRuntime:
service:
# -- Gateway service related annotations.
annotations:
deployment:
# -- Number of replicas
replicas: 1
# -- Configure Node Selector for the deployment.
nodeSelector: {}
# -- Configure Affinity for the deployment.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/app
operator: In
values:
- gateway-runtime
router:
resources:
requests:
Expand Down Expand Up @@ -774,7 +844,22 @@ gatewaySystem:
enableClusterRoleCreation: true
serviceAccountName: gateway-api-admission
applyGatewayWehbhookJobs: true

deployment:
image: registry.k8s.io/gateway-api/admission-server:v1.0.0
imagePullPolicy: Always
# -- Configure Affinity for the deployment.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/app
operator: In
values:
- gateway-api-ad-server
# -- Configure Node Selector for the deployment.
nodeSelector: {}
certmanager:
# -- Enable certificate manager to generate certificates
enabled: true
Expand Down
Loading