From 644f24de9fe71d67bb67cddd1e21987f106663ed Mon Sep 17 00:00:00 2001 From: fullykubed Date: Mon, 21 Oct 2024 10:57:16 -0400 Subject: [PATCH] fix: replace instance_type_spread_required with instance_type_anti_affinity_required to resolve Karpenter scheduling issues --- packages/infrastructure/kube_argo/main.tf | 100 +++---- .../kube_argo_event_bus/main.tf | 14 +- .../kube_argo_event_bus/vars.tf | 4 +- .../kube_argo_event_source/main.tf | 6 +- .../kube_argo_event_source/vars.tf | 4 +- .../infrastructure/kube_argo_sensor/main.tf | 10 +- .../infrastructure/kube_authentik/main.tf | 74 +++--- .../infrastructure/kube_aws_ebs_csi/main.tf | 14 +- packages/infrastructure/kube_bastion/main.tf | 14 +- packages/infrastructure/kube_buildkit/main.tf | 6 +- .../infrastructure/kube_cert_manager/main.tf | 14 +- packages/infrastructure/kube_cilium/main.tf | 14 +- .../kube_cloudnative_pg/main.tf | 14 +- packages/infrastructure/kube_core_dns/main.tf | 16 +- packages/infrastructure/kube_cron_job/main.tf | 34 +-- .../infrastructure/kube_deployment/main.tf | 34 +-- .../infrastructure/kube_deployment/vars.tf | 4 +- .../infrastructure/kube_descheduler/main.tf | 14 +- .../infrastructure/kube_external_dns/main.tf | 16 +- .../kube_external_snapshotter/main.tf | 28 +- packages/infrastructure/kube_fledged/main.tf | 28 +- packages/infrastructure/kube_gha/main.tf | 14 +- .../infrastructure/kube_gha_runners/main.tf | 36 +-- .../infrastructure/kube_ingress_nginx/main.tf | 4 +- packages/infrastructure/kube_linkerd/main.tf | 42 +-- packages/infrastructure/kube_logging/main.tf | 76 +++--- .../kube_metrics_server/main.tf | 14 +- .../infrastructure/kube_monitoring/main.tf | 250 +++++++++--------- .../infrastructure/kube_open_cost/main.tf | 26 +- .../infrastructure/kube_pg_cluster/main.tf | 42 +-- .../infrastructure/kube_pg_cluster/vars.tf | 4 +- packages/infrastructure/kube_pod/main.tf | 34 +-- packages/infrastructure/kube_pod/vars.tf | 4 +- .../kube_pvc_autoresizer/main.tf | 14 +- .../kube_redis_sentinel/main.tf | 22 +- .../kube_redis_sentinel/vars.tf | 4 +- .../infrastructure/kube_reflector/main.tf | 14 +- packages/infrastructure/kube_reloader/main.tf | 14 +- .../infrastructure/kube_scheduler/main.tf | 14 +- .../infrastructure/kube_stateful_set/main.tf | 34 +-- .../infrastructure/kube_stateful_set/vars.tf | 4 +- packages/infrastructure/kube_vault/main.tf | 14 +- .../infrastructure/kube_vault_proxy/main.tf | 14 +- .../infrastructure/kube_vault_proxy/vars.tf | 4 +- packages/infrastructure/kube_velero/main.tf | 14 +- packages/infrastructure/kube_vpa/main.tf | 36 +-- .../kube_workload_utility/main.tf | 21 +- .../kube_workload_utility/vars.tf | 4 +- .../test_kube_pg_cluster/main.tf | 22 +- .../vault_core_resources/main.tf | 14 +- packages/infrastructure/wf_spec/main.tf | 30 +-- .../infrastructure/pf_website/main.tf | 1 + .../website/src/app/changelog/edge/page.mdx | 8 +- .../deploying-workloads/basics/page.mdx | 8 +- .../high-availability/page.mdx | 2 +- .../kubernetes/kube_argo_event_bus/page.mdx | 4 +- .../kube_argo_event_source/page.mdx | 4 +- .../kubernetes/kube_deployment/page.mdx | 4 +- .../kubernetes/kube_pg_cluster/page.mdx | 4 +- .../submodule/kubernetes/kube_pod/page.mdx | 4 +- .../kubernetes/kube_redis_sentinel/page.mdx | 4 +- .../kubernetes/kube_stateful_set/page.mdx | 4 +- .../kubernetes/kube_vault_proxy/page.mdx | 4 +- .../kubernetes/kube_workload_utility/page.mdx | 4 +- 64 files changed, 679 insertions(+), 677 deletions(-) diff --git a/packages/infrastructure/kube_argo/main.tf b/packages/infrastructure/kube_argo/main.tf index e5756880..4b8cefe6 100644 --- a/packages/infrastructure/kube_argo/main.tf +++ b/packages/infrastructure/kube_argo/main.tf @@ -52,51 +52,51 @@ module "pull_through" { } module "util_controller" { - source = "../kube_workload_utility" - workload_name = "argo-controller" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - az_spread_required = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + source = "../kube_workload_utility" + workload_name = "argo-controller" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + az_spread_required = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "util_server" { - source = "../kube_workload_utility" - workload_name = "argo-server" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - az_spread_required = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + source = "../kube_workload_utility" + workload_name = "argo-server" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + az_spread_required = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "util_events_controller" { - source = "../kube_workload_utility" - workload_name = "argo-events-controller" - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - az_spread_required = var.enhanced_ha_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + source = "../kube_workload_utility" + workload_name = "argo-events-controller" + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + az_spread_required = var.enhanced_ha_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "util_webhook" { - source = "../kube_workload_utility" - workload_name = "argo-webhook" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - az_spread_required = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + source = "../kube_workload_utility" + workload_name = "argo-webhook" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + az_spread_required = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { @@ -247,20 +247,20 @@ resource "kubernetes_config_map" "artifacts" { module "database" { source = "../kube_pg_cluster" - eks_cluster_name = var.eks_cluster_name - pg_cluster_namespace = local.namespace - pg_initial_storage_gb = 2 - pg_memory_mb = 1000 - pg_cpu_millicores = 250 - pg_instances = 2 - pg_smart_shutdown_timeout = 2 - aws_iam_ip_allow_list = var.aws_iam_ip_allow_list - pull_through_cache_enabled = var.pull_through_cache_enabled - burstable_nodes_enabled = true - backups_force_delete = true - monitoring_enabled = var.monitoring_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled + eks_cluster_name = var.eks_cluster_name + pg_cluster_namespace = local.namespace + pg_initial_storage_gb = 2 + pg_memory_mb = 1000 + pg_cpu_millicores = 250 + pg_instances = 2 + pg_smart_shutdown_timeout = 2 + aws_iam_ip_allow_list = var.aws_iam_ip_allow_list + pull_through_cache_enabled = var.pull_through_cache_enabled + burstable_nodes_enabled = true + backups_force_delete = true + monitoring_enabled = var.monitoring_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled pg_recovery_mode_enabled = var.db_recovery_mode_enabled pg_recovery_directory = var.db_recovery_directory diff --git a/packages/infrastructure/kube_argo_event_bus/main.tf b/packages/infrastructure/kube_argo_event_bus/main.tf index a21ca1fe..ce3678f8 100644 --- a/packages/infrastructure/kube_argo_event_bus/main.tf +++ b/packages/infrastructure/kube_argo_event_bus/main.tf @@ -38,13 +38,13 @@ data "pf_kube_labels" "labels" { } module "util" { - source = "../kube_workload_utility" - workload_name = "argo-event-bus" - instance_type_spread_required = var.instance_type_spread_required - burstable_nodes_enabled = true - controller_nodes_enabled = true - az_spread_required = true // stateful workload - extra_labels = data.pf_kube_labels.labels.labels + source = "../kube_workload_utility" + workload_name = "argo-event-bus" + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required + burstable_nodes_enabled = true + controller_nodes_enabled = true + az_spread_required = true // stateful workload + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_argo_event_bus/vars.tf b/packages/infrastructure/kube_argo_event_bus/vars.tf index e370514f..bc788f97 100644 --- a/packages/infrastructure/kube_argo_event_bus/vars.tf +++ b/packages/infrastructure/kube_argo_event_bus/vars.tf @@ -31,8 +31,8 @@ variable "event_bus_initial_volume_size" { default = "1Gi" } -variable "instance_type_spread_required" { - description = "Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule)" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = true } diff --git a/packages/infrastructure/kube_argo_event_source/main.tf b/packages/infrastructure/kube_argo_event_source/main.tf index 583de513..fde826c3 100644 --- a/packages/infrastructure/kube_argo_event_source/main.tf +++ b/packages/infrastructure/kube_argo_event_source/main.tf @@ -41,9 +41,9 @@ module "util" { source = "../kube_workload_utility" workload_name = var.name - host_anti_affinity_required = var.replicas > 1 - instance_type_spread_required = var.replicas > 1 && var.instance_type_spread_required - az_spread_preferred = var.replicas > 1 && var.az_spread_preferred + host_anti_affinity_required = var.replicas > 1 + instance_type_anti_affinity_required = var.replicas > 1 && var.instance_type_anti_affinity_required + az_spread_preferred = var.replicas > 1 && var.az_spread_preferred burstable_nodes_enabled = true controller_nodes_enabled = true diff --git a/packages/infrastructure/kube_argo_event_source/vars.tf b/packages/infrastructure/kube_argo_event_source/vars.tf index dd93e63c..bcb032db 100644 --- a/packages/infrastructure/kube_argo_event_source/vars.tf +++ b/packages/infrastructure/kube_argo_event_source/vars.tf @@ -43,8 +43,8 @@ variable "spot_nodes_enabled" { default = true } -variable "instance_type_spread_required" { - description = "Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule)" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = true } diff --git a/packages/infrastructure/kube_argo_sensor/main.tf b/packages/infrastructure/kube_argo_sensor/main.tf index 1dc8ee2f..655fb9b1 100644 --- a/packages/infrastructure/kube_argo_sensor/main.tf +++ b/packages/infrastructure/kube_argo_sensor/main.tf @@ -56,11 +56,11 @@ module "util" { # HA not needed b/c this can be offline for a minute or two # without causing any major disruptions - host_anti_affinity_required = false - instance_type_spread_required = false - az_anti_affinity_required = false - az_spread_preferred = false - az_spread_required = false + host_anti_affinity_required = false + instance_type_anti_affinity_required = false + az_anti_affinity_required = false + az_spread_preferred = false + az_spread_required = false burstable_nodes_enabled = true controller_nodes_enabled = true diff --git a/packages/infrastructure/kube_authentik/main.tf b/packages/infrastructure/kube_authentik/main.tf index d0540133..32e32b99 100644 --- a/packages/infrastructure/kube_authentik/main.tf +++ b/packages/infrastructure/kube_authentik/main.tf @@ -56,25 +56,25 @@ module "constants" { module "util_server" { source = "../kube_workload_utility" - workload_name = "authentik-server" - instance_type_spread_required = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - az_spread_preferred = var.enhanced_ha_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "authentik-server" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + az_spread_preferred = var.enhanced_ha_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "util_worker" { source = "../kube_workload_utility" - workload_name = "authentik-worker" - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "authentik-worker" + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "namespace" { @@ -90,20 +90,20 @@ module "namespace" { module "database" { source = "../kube_pg_cluster" - eks_cluster_name = var.eks_cluster_name - pg_cluster_namespace = local.namespace - pg_initial_storage_gb = 10 - pg_memory_mb = 1000 - pg_cpu_millicores = 250 - pg_instances = 2 - pg_smart_shutdown_timeout = 1 - aws_iam_ip_allow_list = var.aws_iam_ip_allow_list - pull_through_cache_enabled = var.pull_through_cache_enabled - pgbouncer_pool_mode = "transaction" // See https://github.com/goauthentik/authentik/issues/9152 - burstable_nodes_enabled = true - monitoring_enabled = var.monitoring_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled + eks_cluster_name = var.eks_cluster_name + pg_cluster_namespace = local.namespace + pg_initial_storage_gb = 10 + pg_memory_mb = 1000 + pg_cpu_millicores = 250 + pg_instances = 2 + pg_smart_shutdown_timeout = 1 + aws_iam_ip_allow_list = var.aws_iam_ip_allow_list + pull_through_cache_enabled = var.pull_through_cache_enabled + pgbouncer_pool_mode = "transaction" // See https://github.com/goauthentik/authentik/issues/9152 + burstable_nodes_enabled = true + monitoring_enabled = var.monitoring_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled pg_recovery_mode_enabled = var.db_recovery_mode_enabled pg_recovery_directory = var.db_recovery_directory @@ -118,15 +118,15 @@ module "database" { module "redis" { source = "../kube_redis_sentinel" - namespace = local.namespace - replica_count = 3 - burstable_nodes_enabled = true - controller_nodes_enabled = true - pull_through_cache_enabled = var.pull_through_cache_enabled - vpa_enabled = var.vpa_enabled - monitoring_enabled = var.monitoring_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled + namespace = local.namespace + replica_count = 3 + burstable_nodes_enabled = true + controller_nodes_enabled = true + pull_through_cache_enabled = var.pull_through_cache_enabled + vpa_enabled = var.vpa_enabled + monitoring_enabled = var.monitoring_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled } /*************************************** diff --git a/packages/infrastructure/kube_aws_ebs_csi/main.tf b/packages/infrastructure/kube_aws_ebs_csi/main.tf index 141370aa..e6b7b756 100644 --- a/packages/infrastructure/kube_aws_ebs_csi/main.tf +++ b/packages/infrastructure/kube_aws_ebs_csi/main.tf @@ -55,13 +55,13 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "ebs-csi-controller" - burstable_nodes_enabled = true - controller_nodes_enabled = true - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "ebs-csi-controller" + burstable_nodes_enabled = true + controller_nodes_enabled = true + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_bastion/main.tf b/packages/infrastructure/kube_bastion/main.tf index 504eb9e5..8f5ca81e 100644 --- a/packages/infrastructure/kube_bastion/main.tf +++ b/packages/infrastructure/kube_bastion/main.tf @@ -145,13 +145,13 @@ module "bastion" { namespace = module.namespace.namespace name = local.name - replicas = 2 - burstable_nodes_enabled = true - controller_nodes_enabled = true - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - priority_class_name = module.constants.cluster_important_priority_class_name - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + replicas = 2 + burstable_nodes_enabled = true + controller_nodes_enabled = true + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + priority_class_name = module.constants.cluster_important_priority_class_name + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled // https://superuser.com/questions/1547888/is-sshd-hard-coded-to-require-root-access // SSHD requires root to run unfortunately. However, we drop all capability except diff --git a/packages/infrastructure/kube_buildkit/main.tf b/packages/infrastructure/kube_buildkit/main.tf index 6a1be056..e9b273b6 100644 --- a/packages/infrastructure/kube_buildkit/main.tf +++ b/packages/infrastructure/kube_buildkit/main.tf @@ -133,9 +133,9 @@ module "buildkit" { pull_through_cache_enabled = var.pull_through_cache_enabled # High availability is not required - instance_type_spread_required = false - az_spread_required = false - az_spread_preferred = false + instance_type_anti_affinity_required = false + az_spread_required = false + az_spread_preferred = false # Ensure that we are using the appropriate CPU architectures arm_nodes_enabled = each.key == "arm64" diff --git a/packages/infrastructure/kube_cert_manager/main.tf b/packages/infrastructure/kube_cert_manager/main.tf index c53e17dd..1399a421 100644 --- a/packages/infrastructure/kube_cert_manager/main.tf +++ b/packages/infrastructure/kube_cert_manager/main.tf @@ -58,13 +58,13 @@ module "util_controller" { module "util_webhook" { source = "../kube_workload_utility" - workload_name = "cert-manager-webhook" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "cert-manager-webhook" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "util_ca_injector" { diff --git a/packages/infrastructure/kube_cilium/main.tf b/packages/infrastructure/kube_cilium/main.tf index 3d40ca57..cfc4cdfd 100644 --- a/packages/infrastructure/kube_cilium/main.tf +++ b/packages/infrastructure/kube_cilium/main.tf @@ -45,13 +45,13 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "cilium-operator" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "cilium-operator" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "util_agent" { diff --git a/packages/infrastructure/kube_cloudnative_pg/main.tf b/packages/infrastructure/kube_cloudnative_pg/main.tf index 68f6a245..a8e92510 100644 --- a/packages/infrastructure/kube_cloudnative_pg/main.tf +++ b/packages/infrastructure/kube_cloudnative_pg/main.tf @@ -47,13 +47,13 @@ module "pull_through" { module "util" { source = "../kube_workload_utility" - workload_name = "cnpg-operator" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "cnpg-operator" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_core_dns/main.tf b/packages/infrastructure/kube_core_dns/main.tf index 1faae8f5..d4f4c215 100644 --- a/packages/infrastructure/kube_core_dns/main.tf +++ b/packages/infrastructure/kube_core_dns/main.tf @@ -122,14 +122,14 @@ module "core_dns" { "linkerd.io/inject" = "disabled" } - replicas = 2 - burstable_nodes_enabled = true - controller_nodes_enabled = true - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - priority_class_name = "system-cluster-critical" - dns_policy = "Default" + replicas = 2 + burstable_nodes_enabled = true + controller_nodes_enabled = true + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + priority_class_name = "system-cluster-critical" + dns_policy = "Default" containers = concat( [ { diff --git a/packages/infrastructure/kube_cron_job/main.tf b/packages/infrastructure/kube_cron_job/main.tf index 61e5a789..5407481b 100644 --- a/packages/infrastructure/kube_cron_job/main.tf +++ b/packages/infrastructure/kube_cron_job/main.tf @@ -57,23 +57,23 @@ module "pod_template" { mount_owner = var.mount_owner # Scheduling params - priority_class_name = var.priority_class_name - burstable_nodes_enabled = var.burstable_nodes_enabled - spot_nodes_enabled = var.spot_nodes_enabled - arm_nodes_enabled = var.arm_nodes_enabled - controller_nodes_enabled = var.controller_nodes_enabled - instance_type_spread_required = false - az_anti_affinity_required = false - host_anti_affinity_required = false - extra_tolerations = var.extra_tolerations - controller_nodes_required = false - node_requirements = var.node_requirements - node_preferences = var.node_preferences - az_spread_preferred = false - az_spread_required = false - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - termination_grace_period_seconds = var.termination_grace_period_seconds - restart_policy = var.restart_policy + priority_class_name = var.priority_class_name + burstable_nodes_enabled = var.burstable_nodes_enabled + spot_nodes_enabled = var.spot_nodes_enabled + arm_nodes_enabled = var.arm_nodes_enabled + controller_nodes_enabled = var.controller_nodes_enabled + instance_type_anti_affinity_required = false + az_anti_affinity_required = false + host_anti_affinity_required = false + extra_tolerations = var.extra_tolerations + controller_nodes_required = false + node_requirements = var.node_requirements + node_preferences = var.node_preferences + az_spread_preferred = false + az_spread_required = false + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + termination_grace_period_seconds = var.termination_grace_period_seconds + restart_policy = var.restart_policy } resource "kubernetes_service_account" "service_account" { diff --git a/packages/infrastructure/kube_deployment/main.tf b/packages/infrastructure/kube_deployment/main.tf index dfd0cbcd..29d2f3a9 100644 --- a/packages/infrastructure/kube_deployment/main.tf +++ b/packages/infrastructure/kube_deployment/main.tf @@ -66,23 +66,23 @@ module "pod_template" { mount_owner = var.mount_owner # Scheduling params - priority_class_name = var.priority_class_name - burstable_nodes_enabled = var.burstable_nodes_enabled - spot_nodes_enabled = var.spot_nodes_enabled - arm_nodes_enabled = var.arm_nodes_enabled - controller_nodes_enabled = var.controller_nodes_enabled - instance_type_spread_required = var.instance_type_spread_required - az_anti_affinity_required = var.az_anti_affinity_required - host_anti_affinity_required = var.host_anti_affinity_required - extra_tolerations = var.extra_tolerations - controller_nodes_required = var.controller_nodes_required - node_requirements = var.node_requirements - node_preferences = var.node_preferences - az_spread_preferred = var.az_spread_preferred - az_spread_required = var.az_spread_required - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - termination_grace_period_seconds = var.termination_grace_period_seconds - restart_policy = var.restart_policy + priority_class_name = var.priority_class_name + burstable_nodes_enabled = var.burstable_nodes_enabled + spot_nodes_enabled = var.spot_nodes_enabled + arm_nodes_enabled = var.arm_nodes_enabled + controller_nodes_enabled = var.controller_nodes_enabled + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required + az_anti_affinity_required = var.az_anti_affinity_required + host_anti_affinity_required = var.host_anti_affinity_required + extra_tolerations = var.extra_tolerations + controller_nodes_required = var.controller_nodes_required + node_requirements = var.node_requirements + node_preferences = var.node_preferences + az_spread_preferred = var.az_spread_preferred + az_spread_required = var.az_spread_required + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + termination_grace_period_seconds = var.termination_grace_period_seconds + restart_policy = var.restart_policy } resource "kubernetes_service_account" "service_account" { diff --git a/packages/infrastructure/kube_deployment/vars.tf b/packages/infrastructure/kube_deployment/vars.tf index e2725785..fe7b27ad 100644 --- a/packages/infrastructure/kube_deployment/vars.tf +++ b/packages/infrastructure/kube_deployment/vars.tf @@ -212,8 +212,8 @@ variable "dns_policy" { default = "ClusterFirst" } -variable "instance_type_spread_required" { - description = "Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule)" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = false } diff --git a/packages/infrastructure/kube_descheduler/main.tf b/packages/infrastructure/kube_descheduler/main.tf index b2f99969..22c595c3 100644 --- a/packages/infrastructure/kube_descheduler/main.tf +++ b/packages/infrastructure/kube_descheduler/main.tf @@ -67,13 +67,13 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "descheduler" - instance_type_spread_required = false - az_spread_preferred = false - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "descheduler" + instance_type_anti_affinity_required = false + az_spread_preferred = false + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_external_dns/main.tf b/packages/infrastructure/kube_external_dns/main.tf index 3b0aaa1e..8333b114 100644 --- a/packages/infrastructure/kube_external_dns/main.tf +++ b/packages/infrastructure/kube_external_dns/main.tf @@ -100,14 +100,14 @@ module "util" { for_each = local.config source = "../kube_workload_utility" - workload_name = "external-dns" - match_labels = { id = random_id.ids[each.key].hex } - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false - az_spread_preferred = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "external-dns" + match_labels = { id = random_id.ids[each.key].hex } + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false + az_spread_preferred = false + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_external_snapshotter/main.tf b/packages/infrastructure/kube_external_snapshotter/main.tf index 76e1863f..e25c1a2c 100644 --- a/packages/infrastructure/kube_external_snapshotter/main.tf +++ b/packages/infrastructure/kube_external_snapshotter/main.tf @@ -44,25 +44,25 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "external-snapshotter-controller" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "external-snapshotter-controller" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "util_webhook" { source = "../kube_workload_utility" - workload_name = "external-snapshotter-webhook" - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - burstable_nodes_enabled = true - controller_nodes_enabled = true - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "external-snapshotter-webhook" + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + burstable_nodes_enabled = true + controller_nodes_enabled = true + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_fledged/main.tf b/packages/infrastructure/kube_fledged/main.tf index 8c51778f..aa4e6b09 100644 --- a/packages/infrastructure/kube_fledged/main.tf +++ b/packages/infrastructure/kube_fledged/main.tf @@ -48,25 +48,25 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "kube-fledged-controller" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false - az_spread_preferred = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "kube-fledged-controller" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false + az_spread_preferred = false + extra_labels = data.pf_kube_labels.labels.labels } module "util_webhook" { source = "../kube_workload_utility" - workload_name = "kube-fledged-webhook" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false - az_spread_preferred = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "kube-fledged-webhook" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false + az_spread_preferred = false + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_gha/main.tf b/packages/infrastructure/kube_gha/main.tf index 9f8d86c2..4110d0e1 100644 --- a/packages/infrastructure/kube_gha/main.tf +++ b/packages/infrastructure/kube_gha/main.tf @@ -45,13 +45,13 @@ module "pull_through" { module "util" { source = "../kube_workload_utility" - workload_name = "gha-scale-set-controller" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false - az_spread_preferred = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "gha-scale-set-controller" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false + az_spread_preferred = false + extra_labels = data.pf_kube_labels.labels.labels } /*************************************** diff --git a/packages/infrastructure/kube_gha_runners/main.tf b/packages/infrastructure/kube_gha_runners/main.tf index b1080393..7d08eadf 100644 --- a/packages/infrastructure/kube_gha_runners/main.tf +++ b/packages/infrastructure/kube_gha_runners/main.tf @@ -51,30 +51,30 @@ module "util" { for_each = var.runners source = "../kube_workload_utility" - workload_name = each.key - burstable_nodes_enabled = false - spot_nodes_enabled = each.value.spot_nodes_enabled - arm_nodes_enabled = each.value.arm_nodes_enabled - controller_nodes_enabled = false - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false - az_spread_preferred = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = each.key + burstable_nodes_enabled = false + spot_nodes_enabled = each.value.spot_nodes_enabled + arm_nodes_enabled = each.value.arm_nodes_enabled + controller_nodes_enabled = false + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false + az_spread_preferred = false + extra_labels = data.pf_kube_labels.labels.labels } module "util_listener" { for_each = var.runners source = "../kube_workload_utility" - workload_name = each.key - burstable_nodes_enabled = true - spot_nodes_enabled = true - arm_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false - az_spread_preferred = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = each.key + burstable_nodes_enabled = true + spot_nodes_enabled = true + arm_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false + az_spread_preferred = false + extra_labels = data.pf_kube_labels.labels.labels } resource "kubernetes_secret" "creds" { diff --git a/packages/infrastructure/kube_ingress_nginx/main.tf b/packages/infrastructure/kube_ingress_nginx/main.tf index 5a23b070..af6e60ca 100644 --- a/packages/infrastructure/kube_ingress_nginx/main.tf +++ b/packages/infrastructure/kube_ingress_nginx/main.tf @@ -87,8 +87,8 @@ module "util" { // This does need to be spread across AZs in order to not end up // withe constant service disruptions - az_spread_preferred = true - instance_type_spread_required = var.enhanced_ha_enabled + az_spread_preferred = true + instance_type_anti_affinity_required = var.enhanced_ha_enabled extra_labels = data.pf_kube_labels.labels.labels } diff --git a/packages/infrastructure/kube_linkerd/main.tf b/packages/infrastructure/kube_linkerd/main.tf index 587a370c..5e793292 100644 --- a/packages/infrastructure/kube_linkerd/main.tf +++ b/packages/infrastructure/kube_linkerd/main.tf @@ -51,37 +51,37 @@ module "pull_through" { module "util_destination" { source = "../kube_workload_utility" - workload_name = "linkerd-destination" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "linkerd-destination" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_identity" { source = "../kube_workload_utility" - workload_name = "linkerd-identity" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "linkerd-identity" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_proxy_injector" { source = "../kube_workload_utility" - workload_name = "linkerd-proxy-injector" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "linkerd-proxy-injector" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_proxy" { diff --git a/packages/infrastructure/kube_logging/main.tf b/packages/infrastructure/kube_logging/main.tf index e938865e..2f74c2ef 100644 --- a/packages/infrastructure/kube_logging/main.tf +++ b/packages/infrastructure/kube_logging/main.tf @@ -71,48 +71,48 @@ module "pull_through" { module "util_read" { source = "../kube_workload_utility" - workload_name = "loki-read" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "loki-read" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_write" { source = "../kube_workload_utility" - workload_name = "loki-write" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "loki-write" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful + extra_labels = data.pf_kube_labels.labels.labels } module "util_backend" { source = "../kube_workload_utility" - workload_name = "loki-backend" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "loki-backend" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful + extra_labels = data.pf_kube_labels.labels.labels } module "util_canary" { source = "../kube_workload_utility" - workload_name = "loki-canary" - burstable_nodes_enabled = true - controller_nodes_enabled = true - instance_type_spread_required = false - az_spread_preferred = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "loki-canary" + burstable_nodes_enabled = true + controller_nodes_enabled = true + instance_type_anti_affinity_required = false + az_spread_preferred = false + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { @@ -136,17 +136,17 @@ module "namespace" { module "redis_cache" { source = "../kube_redis_sentinel" - namespace = local.namespace - replica_count = 3 - lfu_cache_enabled = true - burstable_nodes_enabled = true - controller_nodes_enabled = true - pull_through_cache_enabled = var.pull_through_cache_enabled - vpa_enabled = var.vpa_enabled - minimum_memory_mb = 50 - monitoring_enabled = var.monitoring_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled + namespace = local.namespace + replica_count = 3 + lfu_cache_enabled = true + burstable_nodes_enabled = true + controller_nodes_enabled = true + pull_through_cache_enabled = var.pull_through_cache_enabled + vpa_enabled = var.vpa_enabled + minimum_memory_mb = 50 + monitoring_enabled = var.monitoring_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled } /*************************************** diff --git a/packages/infrastructure/kube_metrics_server/main.tf b/packages/infrastructure/kube_metrics_server/main.tf index 01a021f8..c9456eac 100644 --- a/packages/infrastructure/kube_metrics_server/main.tf +++ b/packages/infrastructure/kube_metrics_server/main.tf @@ -41,13 +41,13 @@ module "pull_through" { module "util" { source = "../kube_workload_utility" - workload_name = "metrics-server" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "metrics-server" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_monitoring/main.tf b/packages/infrastructure/kube_monitoring/main.tf index 044e8904..dfc89192 100644 --- a/packages/infrastructure/kube_monitoring/main.tf +++ b/packages/infrastructure/kube_monitoring/main.tf @@ -164,159 +164,159 @@ module "pull_through" { module "util_webhook" { source = "../kube_workload_utility" - workload_name = "prometheus-operator-webhook" - burstable_nodes_enabled = true - arm_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "prometheus-operator-webhook" + burstable_nodes_enabled = true + arm_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_operator" { source = "../kube_workload_utility" - workload_name = "prometheus-operator" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false // only runs one copy - az_spread_preferred = false // only runs one copy - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "prometheus-operator" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false // only runs one copy + az_spread_preferred = false // only runs one copy + extra_labels = data.pf_kube_labels.labels.labels } module "util_grafana" { source = "../kube_workload_utility" - workload_name = "grafana" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "grafana" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful + extra_labels = data.pf_kube_labels.labels.labels } module "util_prometheus" { source = "../kube_workload_utility" - workload_name = "prometheus" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = false // Does not support custom schedulers yet - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful - lifetime_evictions_enabled = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "prometheus" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = false // Does not support custom schedulers yet + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful + lifetime_evictions_enabled = false + extra_labels = data.pf_kube_labels.labels.labels } module "util_node_exporter" { source = "../kube_workload_utility" - workload_name = "node-exporter" - burstable_nodes_enabled = true - controller_nodes_enabled = true - az_spread_preferred = false // daemonset - instance_type_spread_required = false // daemonset - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "node-exporter" + burstable_nodes_enabled = true + controller_nodes_enabled = true + az_spread_preferred = false // daemonset + instance_type_anti_affinity_required = false // daemonset + extra_labels = data.pf_kube_labels.labels.labels } module "util_ksm" { source = "../kube_workload_utility" - workload_name = "kube-state-metrics" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "kube-state-metrics" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_thanos_compactor" { source = "../kube_workload_utility" - workload_name = "thanos-compactor" - burstable_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - az_spread_preferred = false // single pod - instance_type_spread_required = false // single pod - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "thanos-compactor" + burstable_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + az_spread_preferred = false // single pod + instance_type_anti_affinity_required = false // single pod + extra_labels = data.pf_kube_labels.labels.labels } module "util_thanos_store_gateway" { source = "../kube_workload_utility" - workload_name = "thanos-store-gateway" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful so always on - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "thanos-store-gateway" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful so always on + extra_labels = data.pf_kube_labels.labels.labels } module "util_thanos_ruler" { source = "../kube_workload_utility" - workload_name = "thanos-ruler" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful so always on - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "thanos-ruler" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful so always on + extra_labels = data.pf_kube_labels.labels.labels } module "util_thanos_query" { source = "../kube_workload_utility" - workload_name = "thanos-query" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "thanos-query" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_thanos_frontend" { source = "../kube_workload_utility" - workload_name = "thanos-frontend" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "thanos-frontend" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_thanos_bucket_web" { source = "../kube_workload_utility" - workload_name = "thanos-bucket-web" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "thanos-bucket-web" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + extra_labels = data.pf_kube_labels.labels.labels } module "util_alertmanager" { source = "../kube_workload_utility" - workload_name = "alertmanager" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = false // Does not support custom schedulers yet - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful so always on - lifetime_evictions_enabled = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "alertmanager" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = false // Does not support custom schedulers yet + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful so always on + lifetime_evictions_enabled = false + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { @@ -340,20 +340,20 @@ module "namespace" { module "grafana_db" { source = "../kube_pg_cluster" - eks_cluster_name = var.eks_cluster_name - pg_cluster_namespace = local.namespace - pg_initial_storage_gb = 1 - pg_memory_mb = 500 - pg_cpu_millicores = 250 - pg_instances = 2 - aws_iam_ip_allow_list = var.aws_iam_ip_allow_list - pull_through_cache_enabled = var.pull_through_cache_enabled - pgbouncer_pool_mode = "session" - burstable_nodes_enabled = true - backups_force_delete = true - monitoring_enabled = var.monitoring_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled + eks_cluster_name = var.eks_cluster_name + pg_cluster_namespace = local.namespace + pg_initial_storage_gb = 1 + pg_memory_mb = 500 + pg_cpu_millicores = 250 + pg_instances = 2 + aws_iam_ip_allow_list = var.aws_iam_ip_allow_list + pull_through_cache_enabled = var.pull_through_cache_enabled + pgbouncer_pool_mode = "session" + burstable_nodes_enabled = true + backups_force_delete = true + monitoring_enabled = var.monitoring_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled pg_recovery_mode_enabled = var.grafana_db_recovery_mode_enabled pg_recovery_directory = var.grafana_db_recovery_directory @@ -367,17 +367,17 @@ module "grafana_db" { module "thanos_redis_cache" { source = "../kube_redis_sentinel" - namespace = local.namespace - replica_count = 3 - lfu_cache_enabled = true - burstable_nodes_enabled = true - controller_nodes_enabled = true - pull_through_cache_enabled = var.pull_through_cache_enabled - vpa_enabled = var.vpa_enabled - minimum_memory_mb = 1000 - monitoring_enabled = var.monitoring_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled + namespace = local.namespace + replica_count = 3 + lfu_cache_enabled = true + burstable_nodes_enabled = true + controller_nodes_enabled = true + pull_through_cache_enabled = var.pull_through_cache_enabled + vpa_enabled = var.vpa_enabled + minimum_memory_mb = 1000 + monitoring_enabled = var.monitoring_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled } /*************************************** @@ -2336,14 +2336,14 @@ module "authenticating_proxy" { count = var.ingress_enabled && var.thanos_bucket_web_enable ? 1 : 0 source = "../kube_vault_proxy" - namespace = local.namespace - pull_through_cache_enabled = var.pull_through_cache_enabled - vpa_enabled = var.vpa_enabled - domain = local.bucket_web_domain - vault_domain = var.vault_domain - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + namespace = local.namespace + pull_through_cache_enabled = var.pull_through_cache_enabled + vpa_enabled = var.vpa_enabled + domain = local.bucket_web_domain + vault_domain = var.vault_domain + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled } module "bucket_web_ingress" { diff --git a/packages/infrastructure/kube_open_cost/main.tf b/packages/infrastructure/kube_open_cost/main.tf index b62485a5..1ea4e27c 100644 --- a/packages/infrastructure/kube_open_cost/main.tf +++ b/packages/infrastructure/kube_open_cost/main.tf @@ -47,24 +47,24 @@ module "pull_through" { module "util" { source = "../kube_workload_utility" - workload_name = "open-cost" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false // single copy - az_spread_preferred = false // single copy - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "open-cost" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false // single copy + az_spread_preferred = false // single copy + extra_labels = data.pf_kube_labels.labels.labels } module "util_network_cost" { source = "../kube_workload_utility" - workload_name = "network-cost" - burstable_nodes_enabled = true - controller_nodes_enabled = true - instance_type_spread_required = false // ds - az_spread_preferred = false // ds - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "network-cost" + burstable_nodes_enabled = true + controller_nodes_enabled = true + instance_type_anti_affinity_required = false // ds + az_spread_preferred = false // ds + extra_labels = data.pf_kube_labels.labels.labels } diff --git a/packages/infrastructure/kube_pg_cluster/main.tf b/packages/infrastructure/kube_pg_cluster/main.tf index 38e6ab87..8f137b23 100644 --- a/packages/infrastructure/kube_pg_cluster/main.tf +++ b/packages/infrastructure/kube_pg_cluster/main.tf @@ -82,33 +82,33 @@ resource "random_id" "pooler_r_id" { module "util_cluster" { source = "../kube_workload_utility" - workload_name = "pg-${random_id.cluster_id.hex}" - burstable_nodes_enabled = var.burstable_nodes_enabled - spot_nodes_enabled = var.spot_nodes_enabled - arm_nodes_enabled = var.arm_nodes_enabled - controller_nodes_enabled = var.controller_nodes_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.instance_type_spread_required || (var.burstable_nodes_enabled || var.spot_nodes_enabled) - az_spread_required = true - az_spread_preferred = true // stateful so always on - lifetime_evictions_enabled = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "pg-${random_id.cluster_id.hex}" + burstable_nodes_enabled = var.burstable_nodes_enabled + spot_nodes_enabled = var.spot_nodes_enabled + arm_nodes_enabled = var.arm_nodes_enabled + controller_nodes_enabled = var.controller_nodes_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required || (var.burstable_nodes_enabled || var.spot_nodes_enabled) + az_spread_required = true + az_spread_preferred = true // stateful so always on + lifetime_evictions_enabled = false + extra_labels = data.pf_kube_labels.labels.labels } module "util_pooler" { for_each = toset(["r", "rw"]) source = "../kube_workload_utility" - workload_name = "pg-pooler-${each.key}-${random_id.cluster_id.hex}" - burstable_nodes_enabled = true - arm_nodes_enabled = true - controller_nodes_enabled = var.controller_nodes_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.instance_type_spread_required - az_spread_required = true - pod_affinity_match_labels = module.util_cluster.match_labels - lifetime_evictions_enabled = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "pg-pooler-${each.key}-${random_id.cluster_id.hex}" + burstable_nodes_enabled = true + arm_nodes_enabled = true + controller_nodes_enabled = var.controller_nodes_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required + az_spread_required = true + pod_affinity_match_labels = module.util_cluster.match_labels + lifetime_evictions_enabled = false + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_pg_cluster/vars.tf b/packages/infrastructure/kube_pg_cluster/vars.tf index f1cbf8d6..fcbf2883 100644 --- a/packages/infrastructure/kube_pg_cluster/vars.tf +++ b/packages/infrastructure/kube_pg_cluster/vars.tf @@ -410,8 +410,8 @@ variable "panfactum_scheduler_enabled" { default = true } -variable "instance_type_spread_required" { - description = "Whether to prevent pods from being scheduled on the same instance types" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = true } diff --git a/packages/infrastructure/kube_pod/main.tf b/packages/infrastructure/kube_pod/main.tf index b730a313..ffa87573 100644 --- a/packages/infrastructure/kube_pod/main.tf +++ b/packages/infrastructure/kube_pod/main.tf @@ -505,23 +505,23 @@ locals { module "util" { source = "../kube_workload_utility" - workload_name = var.workload_name - match_labels = var.match_labels - burstable_nodes_enabled = var.burstable_nodes_enabled - spot_nodes_enabled = var.spot_nodes_enabled - arm_nodes_enabled = var.arm_nodes_enabled - controller_nodes_enabled = var.controller_nodes_enabled - controller_nodes_required = var.controller_nodes_required - instance_type_spread_required = var.instance_type_spread_required - az_anti_affinity_required = var.az_anti_affinity_required - host_anti_affinity_required = var.host_anti_affinity_required - extra_tolerations = var.extra_tolerations - az_spread_preferred = var.az_spread_preferred - az_spread_required = var.az_spread_required - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - node_requirements = var.node_requirements - node_preferences = var.node_preferences - extra_labels = merge(data.pf_kube_labels.labels.labels, var.extra_labels) # Allow the caller to override so the module label can be set appropriately + workload_name = var.workload_name + match_labels = var.match_labels + burstable_nodes_enabled = var.burstable_nodes_enabled + spot_nodes_enabled = var.spot_nodes_enabled + arm_nodes_enabled = var.arm_nodes_enabled + controller_nodes_enabled = var.controller_nodes_enabled + controller_nodes_required = var.controller_nodes_required + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required + az_anti_affinity_required = var.az_anti_affinity_required + host_anti_affinity_required = var.host_anti_affinity_required + extra_tolerations = var.extra_tolerations + az_spread_preferred = var.az_spread_preferred + az_spread_required = var.az_spread_required + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + node_requirements = var.node_requirements + node_preferences = var.node_preferences + extra_labels = merge(data.pf_kube_labels.labels.labels, var.extra_labels) # Allow the caller to override so the module label can be set appropriately } module "constants" { diff --git a/packages/infrastructure/kube_pod/vars.tf b/packages/infrastructure/kube_pod/vars.tf index f8ceb07b..29ab0fac 100644 --- a/packages/infrastructure/kube_pod/vars.tf +++ b/packages/infrastructure/kube_pod/vars.tf @@ -230,8 +230,8 @@ variable "az_spread_required" { default = false } -variable "instance_type_spread_required" { - description = "Whether to prevent pods from being scheduled on the same instance types" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = false } diff --git a/packages/infrastructure/kube_pvc_autoresizer/main.tf b/packages/infrastructure/kube_pvc_autoresizer/main.tf index bc56af86..676ac4c4 100644 --- a/packages/infrastructure/kube_pvc_autoresizer/main.tf +++ b/packages/infrastructure/kube_pvc_autoresizer/main.tf @@ -44,13 +44,13 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "pvc-autoresizer" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false // single copy - az_spread_preferred = false // single copy - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "pvc-autoresizer" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false // single copy + az_spread_preferred = false // single copy + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_redis_sentinel/main.tf b/packages/infrastructure/kube_redis_sentinel/main.tf index 81d18a13..6ad3a82f 100644 --- a/packages/infrastructure/kube_redis_sentinel/main.tf +++ b/packages/infrastructure/kube_redis_sentinel/main.tf @@ -55,17 +55,17 @@ data "pf_kube_labels" "labels" { module "util" { source = "../kube_workload_utility" - workload_name = random_id.id.hex - controller_nodes_enabled = var.controller_nodes_enabled - burstable_nodes_enabled = var.burstable_nodes_enabled - spot_nodes_enabled = var.spot_nodes_enabled - arm_nodes_enabled = var.arm_nodes_enabled - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.instance_type_spread_required - az_spread_required = true - az_spread_preferred = true // stateful - lifetime_evictions_enabled = false - extra_labels = data.pf_kube_labels.labels.labels + workload_name = random_id.id.hex + controller_nodes_enabled = var.controller_nodes_enabled + burstable_nodes_enabled = var.burstable_nodes_enabled + spot_nodes_enabled = var.spot_nodes_enabled + arm_nodes_enabled = var.arm_nodes_enabled + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required + az_spread_required = true + az_spread_preferred = true // stateful + lifetime_evictions_enabled = false + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_redis_sentinel/vars.tf b/packages/infrastructure/kube_redis_sentinel/vars.tf index cee74be9..da779258 100644 --- a/packages/infrastructure/kube_redis_sentinel/vars.tf +++ b/packages/infrastructure/kube_redis_sentinel/vars.tf @@ -127,8 +127,8 @@ variable "panfactum_scheduler_enabled" { default = true } -variable "instance_type_spread_required" { - description = "Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule)" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = true } diff --git a/packages/infrastructure/kube_reflector/main.tf b/packages/infrastructure/kube_reflector/main.tf index 0925b65a..66db9942 100644 --- a/packages/infrastructure/kube_reflector/main.tf +++ b/packages/infrastructure/kube_reflector/main.tf @@ -44,13 +44,13 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "reflector" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false // single replica - az_spread_preferred = false // single replica - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "reflector" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false // single replica + az_spread_preferred = false // single replica + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_reloader/main.tf b/packages/infrastructure/kube_reloader/main.tf index 27d2b270..25a9594a 100644 --- a/packages/infrastructure/kube_reloader/main.tf +++ b/packages/infrastructure/kube_reloader/main.tf @@ -44,13 +44,13 @@ module "pull_through" { module "util_controller" { source = "../kube_workload_utility" - workload_name = "reloader" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false // single replica - az_spread_preferred = false // single replica - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "reloader" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false // single replica + az_spread_preferred = false // single replica + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_scheduler/main.tf b/packages/infrastructure/kube_scheduler/main.tf index 72fbf7ed..31f94293 100644 --- a/packages/infrastructure/kube_scheduler/main.tf +++ b/packages/infrastructure/kube_scheduler/main.tf @@ -161,13 +161,13 @@ module "scheduler" { namespace = local.namespace name = local.name - replicas = 1 - burstable_nodes_enabled = true - controller_nodes_required = true - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled - priority_class_name = "system-cluster-critical" # Scheduling will break if this breaks - panfactum_scheduler_enabled = false # Cannot schedule itself + replicas = 1 + burstable_nodes_enabled = true + controller_nodes_required = true + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled + priority_class_name = "system-cluster-critical" # Scheduling will break if this breaks + panfactum_scheduler_enabled = false # Cannot schedule itself containers = [ { diff --git a/packages/infrastructure/kube_stateful_set/main.tf b/packages/infrastructure/kube_stateful_set/main.tf index 3593743b..eaa69d68 100644 --- a/packages/infrastructure/kube_stateful_set/main.tf +++ b/packages/infrastructure/kube_stateful_set/main.tf @@ -71,23 +71,23 @@ module "pod_template" { extra_volume_mounts = { for name, config in var.volume_mounts : name => { mount_path : config.mount_path } } # Scheduling params - priority_class_name = var.priority_class_name - burstable_nodes_enabled = var.burstable_nodes_enabled - spot_nodes_enabled = var.spot_nodes_enabled - arm_nodes_enabled = var.arm_nodes_enabled - controller_nodes_enabled = var.controller_nodes_enabled - instance_type_spread_required = var.instance_type_spread_required - az_anti_affinity_required = var.az_anti_affinity_required - host_anti_affinity_required = var.host_anti_affinity_required - extra_tolerations = var.extra_tolerations - controller_nodes_required = var.controller_nodes_required - node_requirements = var.node_requirements - node_preferences = var.node_preferences - az_spread_preferred = var.az_spread_preferred - az_spread_required = var.az_spread_required - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - termination_grace_period_seconds = var.termination_grace_period_seconds - restart_policy = var.restart_policy + priority_class_name = var.priority_class_name + burstable_nodes_enabled = var.burstable_nodes_enabled + spot_nodes_enabled = var.spot_nodes_enabled + arm_nodes_enabled = var.arm_nodes_enabled + controller_nodes_enabled = var.controller_nodes_enabled + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required + az_anti_affinity_required = var.az_anti_affinity_required + host_anti_affinity_required = var.host_anti_affinity_required + extra_tolerations = var.extra_tolerations + controller_nodes_required = var.controller_nodes_required + node_requirements = var.node_requirements + node_preferences = var.node_preferences + az_spread_preferred = var.az_spread_preferred + az_spread_required = var.az_spread_required + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + termination_grace_period_seconds = var.termination_grace_period_seconds + restart_policy = var.restart_policy } resource "kubernetes_service_account" "service_account" { diff --git a/packages/infrastructure/kube_stateful_set/vars.tf b/packages/infrastructure/kube_stateful_set/vars.tf index d33ad0c5..7eecf64f 100644 --- a/packages/infrastructure/kube_stateful_set/vars.tf +++ b/packages/infrastructure/kube_stateful_set/vars.tf @@ -212,8 +212,8 @@ variable "dns_policy" { default = "ClusterFirst" } -variable "instance_type_spread_required" { - description = "Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule)" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = true } diff --git a/packages/infrastructure/kube_vault/main.tf b/packages/infrastructure/kube_vault/main.tf index 3bf85ce5..5d7c4aef 100644 --- a/packages/infrastructure/kube_vault/main.tf +++ b/packages/infrastructure/kube_vault/main.tf @@ -46,13 +46,13 @@ module "pull_through" { module "util_server" { source = "../kube_workload_utility" - workload_name = "vault" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_required = true // stateful - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "vault" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_required = true // stateful + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_vault_proxy/main.tf b/packages/infrastructure/kube_vault_proxy/main.tf index 1c721ad9..ee4ab8fc 100644 --- a/packages/infrastructure/kube_vault_proxy/main.tf +++ b/packages/infrastructure/kube_vault_proxy/main.tf @@ -54,13 +54,13 @@ resource "random_id" "oauth2_proxy" { module "util" { source = "../kube_workload_utility" - workload_name = random_id.oauth2_proxy.hex - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.instance_type_spread_required - az_spread_preferred = var.az_spread_preferred - extra_labels = data.pf_kube_labels.labels.labels + workload_name = random_id.oauth2_proxy.hex + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.instance_type_anti_affinity_required + az_spread_preferred = var.az_spread_preferred + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_vault_proxy/vars.tf b/packages/infrastructure/kube_vault_proxy/vars.tf index a3c5f12d..83b0d229 100644 --- a/packages/infrastructure/kube_vault_proxy/vars.tf +++ b/packages/infrastructure/kube_vault_proxy/vars.tf @@ -53,8 +53,8 @@ variable "allowed_vault_roles" { default = ["rbac-superusers", "rbac-admins", "rbac-readers", "rbac-restricted-readers"] } -variable "instance_type_spread_required" { - description = "Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule)" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = true } diff --git a/packages/infrastructure/kube_velero/main.tf b/packages/infrastructure/kube_velero/main.tf index 4ce20a2a..42f7d1ce 100644 --- a/packages/infrastructure/kube_velero/main.tf +++ b/packages/infrastructure/kube_velero/main.tf @@ -46,13 +46,13 @@ module "pull_through" { module "util" { source = "../kube_workload_utility" - workload_name = "velero" - burstable_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = false // single replica - az_spread_preferred = false // single replica - controller_nodes_required = true // we disable voluntary disruptions so this should be scheduled on a node that isn't autoscaled - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "velero" + burstable_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = false // single replica + az_spread_preferred = false // single replica + controller_nodes_required = true // we disable voluntary disruptions so this should be scheduled on a node that isn't autoscaled + extra_labels = data.pf_kube_labels.labels.labels } module "constants" { diff --git a/packages/infrastructure/kube_vpa/main.tf b/packages/infrastructure/kube_vpa/main.tf index 99db7b0b..0faf8009 100644 --- a/packages/infrastructure/kube_vpa/main.tf +++ b/packages/infrastructure/kube_vpa/main.tf @@ -47,12 +47,12 @@ module "pull_through" { module "util_admission_controller" { source = "../kube_workload_utility" - workload_name = "vpa-admission-controller" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled + workload_name = "vpa-admission-controller" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled match_labels = { "app.kubernetes.io/name" = "vpa" "app.kubernetes.io/component" = "admission-controller" @@ -63,12 +63,12 @@ module "util_admission_controller" { module "util_recommender" { source = "../kube_workload_utility" - workload_name = "vpa-recommender" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled + workload_name = "vpa-recommender" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled match_labels = { "app.kubernetes.io/name" = "vpa" "app.kubernetes.io/component" = "recommender" @@ -79,12 +79,12 @@ module "util_recommender" { module "util_updater" { source = "../kube_workload_utility" - workload_name = "vpa-updater" - burstable_nodes_enabled = true - controller_nodes_enabled = true - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - instance_type_spread_required = var.enhanced_ha_enabled - az_spread_preferred = var.enhanced_ha_enabled + workload_name = "vpa-updater" + burstable_nodes_enabled = true + controller_nodes_enabled = true + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + instance_type_anti_affinity_required = var.enhanced_ha_enabled + az_spread_preferred = var.enhanced_ha_enabled match_labels = { "app.kubernetes.io/name" = "vpa" "app.kubernetes.io/component" = "updater" diff --git a/packages/infrastructure/kube_workload_utility/main.tf b/packages/infrastructure/kube_workload_utility/main.tf index 604ee0a1..8c6c10f8 100644 --- a/packages/infrastructure/kube_workload_utility/main.tf +++ b/packages/infrastructure/kube_workload_utility/main.tf @@ -32,6 +32,12 @@ locals { matchLabels = local.match_labels } } + instance_type = { + topologyKey = "node.kubernetes.io/instance-type" + labelSelector = { + matchLabels = local.match_labels + } + } } } @@ -81,9 +87,10 @@ locals { } : null } : k => v if v != null } podAntiAffinity = { for k, v in { - requiredDuringSchedulingIgnoredDuringExecution = (var.host_anti_affinity_required || var.az_anti_affinity_required) ? concat( + requiredDuringSchedulingIgnoredDuringExecution = (var.host_anti_affinity_required || var.az_anti_affinity_required || var.instance_type_anti_affinity_required) ? concat( var.host_anti_affinity_required ? [local.pod_anti_affinity.required.host] : [], - var.az_anti_affinity_required ? [local.pod_anti_affinity.required.zone] : [] + var.az_anti_affinity_required ? [local.pod_anti_affinity.required.zone] : [], + var.instance_type_anti_affinity_required ? [local.pod_anti_affinity.required.instance_type] : [] ) : null } : k => v if v != null } podAffinity = length(keys(var.pod_affinity_match_labels)) != 0 ? { @@ -163,18 +170,8 @@ locals { } } - topology_spread_instance_type = { - maxSkew = 1 - topologyKey = "node.kubernetes.io/instance-type" - whenUnsatisfiable = "DoNotSchedule" - labelSelector = { - matchLabels = local.match_labels - } - } - topology_spread_constraints = concat( var.az_spread_preferred || var.az_spread_required ? [local.topology_spread_zone] : [], - var.instance_type_spread_required ? [local.topology_spread_instance_type] : [] ) } diff --git a/packages/infrastructure/kube_workload_utility/vars.tf b/packages/infrastructure/kube_workload_utility/vars.tf index 508b4c28..8a02ed92 100644 --- a/packages/infrastructure/kube_workload_utility/vars.tf +++ b/packages/infrastructure/kube_workload_utility/vars.tf @@ -87,8 +87,8 @@ variable "extra_tolerations" { default = [] } -variable "instance_type_spread_required" { - description = "Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule)" +variable "instance_type_anti_affinity_required" { + description = "Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type" type = bool default = false } diff --git a/packages/infrastructure/test_kube_pg_cluster/main.tf b/packages/infrastructure/test_kube_pg_cluster/main.tf index b575a646..ecf336b3 100644 --- a/packages/infrastructure/test_kube_pg_cluster/main.tf +++ b/packages/infrastructure/test_kube_pg_cluster/main.tf @@ -39,15 +39,15 @@ module "namespace" { module "database" { source = "../kube_pg_cluster" - eks_cluster_name = var.eks_cluster_name - pg_cluster_namespace = module.namespace.namespace - pg_initial_storage_gb = 10 - pg_memory_mb = 1000 - pg_cpu_millicores = 250 - pg_instances = 2 - aws_iam_ip_allow_list = var.aws_iam_ip_allow_list - pull_through_cache_enabled = var.pull_through_cache_enabled - instance_type_spread_required = false - burstable_nodes_enabled = true - pgbouncer_pool_mode = "transaction" + eks_cluster_name = var.eks_cluster_name + pg_cluster_namespace = module.namespace.namespace + pg_initial_storage_gb = 10 + pg_memory_mb = 1000 + pg_cpu_millicores = 250 + pg_instances = 2 + aws_iam_ip_allow_list = var.aws_iam_ip_allow_list + pull_through_cache_enabled = var.pull_through_cache_enabled + instance_type_anti_affinity_required = false + burstable_nodes_enabled = true + pgbouncer_pool_mode = "transaction" } diff --git a/packages/infrastructure/vault_core_resources/main.tf b/packages/infrastructure/vault_core_resources/main.tf index 23318344..c6d90667 100644 --- a/packages/infrastructure/vault_core_resources/main.tf +++ b/packages/infrastructure/vault_core_resources/main.tf @@ -112,13 +112,13 @@ module "vault_auth_vault_secrets_operator" { module "util_secrets_operator" { source = "../kube_workload_utility" - workload_name = "vault-secrets-operator" - burstable_nodes_enabled = true - arm_nodes_enabled = true - controller_nodes_enabled = true - instance_type_spread_required = false // single replica - az_spread_preferred = false // single replica - extra_labels = data.pf_kube_labels.labels.labels + workload_name = "vault-secrets-operator" + burstable_nodes_enabled = true + arm_nodes_enabled = true + controller_nodes_enabled = true + instance_type_anti_affinity_required = false // single replica + az_spread_preferred = false // single replica + extra_labels = data.pf_kube_labels.labels.labels } resource "helm_release" "vault_secrets_operator" { diff --git a/packages/infrastructure/wf_spec/main.tf b/packages/infrastructure/wf_spec/main.tf index 17397be3..84da901b 100644 --- a/packages/infrastructure/wf_spec/main.tf +++ b/packages/infrastructure/wf_spec/main.tf @@ -590,21 +590,21 @@ module "util" { workload_name = var.name # Scheduling params - burstable_nodes_enabled = var.burstable_nodes_enabled - spot_nodes_enabled = var.spot_nodes_enabled - arm_nodes_enabled = var.arm_nodes_enabled - instance_type_spread_required = false - az_anti_affinity_required = false - host_anti_affinity_required = false - extra_tolerations = var.extra_tolerations - controller_nodes_required = var.controller_node_required - node_requirements = var.node_requirements - node_preferences = var.node_preferences - az_spread_preferred = false - az_spread_required = false - panfactum_scheduler_enabled = var.panfactum_scheduler_enabled - lifetime_evictions_enabled = false - extra_labels = merge(data.pf_kube_labels.labels.labels, var.extra_labels) + burstable_nodes_enabled = var.burstable_nodes_enabled + spot_nodes_enabled = var.spot_nodes_enabled + arm_nodes_enabled = var.arm_nodes_enabled + instance_type_anti_affinity_required = false + az_anti_affinity_required = false + host_anti_affinity_required = false + extra_tolerations = var.extra_tolerations + controller_nodes_required = var.controller_node_required + node_requirements = var.node_requirements + node_preferences = var.node_preferences + az_spread_preferred = false + az_spread_required = false + panfactum_scheduler_enabled = var.panfactum_scheduler_enabled + lifetime_evictions_enabled = false + extra_labels = merge(data.pf_kube_labels.labels.labels, var.extra_labels) } resource "kubernetes_service_account" "sa" { diff --git a/packages/reference/infrastructure/pf_website/main.tf b/packages/reference/infrastructure/pf_website/main.tf index cf858885..6d5cb34f 100644 --- a/packages/reference/infrastructure/pf_website/main.tf +++ b/packages/reference/infrastructure/pf_website/main.tf @@ -78,6 +78,7 @@ module "website_deployment" { vpa_enabled = var.vpa_enabled controller_nodes_enabled = true + instance_type_spread_required = true } module "ingress" { diff --git a/packages/website/src/app/changelog/edge/page.mdx b/packages/website/src/app/changelog/edge/page.mdx index 1fd676ff..d49ac9c3 100644 --- a/packages/website/src/app/changelog/edge/page.mdx +++ b/packages/website/src/app/changelog/edge/page.mdx @@ -13,8 +13,12 @@ Learn more [here](/docs/edge/guides/versioning/releases).* ### Breaking Changes -* Due to [this issue](https://github.com/aws/karpenter-provider-aws/issues/7254) with Karpenter, we have observed that Karpenter - will occasionally provision extremely large nodes for no apparent reason. As a mitigation, we have +* In all Panfactum submodules, `instance_type_spread_required` has been renamed to `instance_type_anti_affinity_required` + as we have had to replace TopologySpreadConstraints with AntiAffinity rules to work around [this issue with Karpenter.](https://github.com/kubernetes-sigs/karpenter/issues/1762) + + This change will ensure that Karpenter will not randomly create massive nodes. + +* To add further protection against Karpenter provisioning extremely large nodes, we have two variables for [kube\_karpenter\_node\_pools](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_karpenter_node_pools), `max_node_memory_mb` and `max_node_cpu`, that limit the maximum size of nodes that can be provisioned. diff --git a/packages/website/src/app/docs/main/guides/deploying-workloads/basics/page.mdx b/packages/website/src/app/docs/main/guides/deploying-workloads/basics/page.mdx index 6fbe6a1c..3faf6599 100644 --- a/packages/website/src/app/docs/main/guides/deploying-workloads/basics/page.mdx +++ b/packages/website/src/app/docs/main/guides/deploying-workloads/basics/page.mdx @@ -188,9 +188,9 @@ In all clusters, you should be aware of how pods are spread across individual in workload disruptions. We do not recommend setting this to `false` unless termination of all pods in a controller such as a Deployment would not cause a noticeable service disruption. -* `instance_type_spread_required`: If true, pods of the same controller will be balanced across - instance types (e.g., `t4g.medium`) - using a [topology spread constraint](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/). +* `instance_type_anti_affinity_required`: If true, pods of the same controller will be prevented from running on the same + instance type (e.g., `t4g.medium`). + This provides extra resilience in the following scenarios: * Spot disruptions: Spot disruptions often impact *all* spot nodes of a single instance type, so you would @@ -201,7 +201,7 @@ In all clusters, you should be aware of how pods are spread across individual in instance types avoids this failure case. Note that enabling any of these options will increase the cost of running your workload by lowering overall -resource utilization. As a result, we recommend `instance_type_spread_enabled` +resource utilization. As a result, we recommend `instance_type_anti_affinity_required` be enabled **only** in production environments and disabling `host_anti_affinity_required` if possible. See our [high availability guide](/docs/main/guides/deploying-workloads/high-availability) for more information. diff --git a/packages/website/src/app/docs/main/guides/deploying-workloads/high-availability/page.mdx b/packages/website/src/app/docs/main/guides/deploying-workloads/high-availability/page.mdx index 4e1a514c..5cfd6757 100644 --- a/packages/website/src/app/docs/main/guides/deploying-workloads/high-availability/page.mdx +++ b/packages/website/src/app/docs/main/guides/deploying-workloads/high-availability/page.mdx @@ -73,7 +73,7 @@ Required Tuning: * Everything in Level 2. * For *all* modules that deploy workloads to Kubernetes, ensure that > 1 replica is deployed and either `az_spread_preferred` or `az_spread_required` is `true`. -* For *all* modules that deploy workloads to Kubernetes, set `instance_type_spread_required` to `true` to prevent mass +* For *all* modules that deploy workloads to Kubernetes, set `instance_type_anti_affinity_required` to `true` to prevent mass disruptions impacting a single instance type (e.g., mass spot interruptions). * Ensure that all workloads that connect to databases connect via their corresponding HA mechanism (e.g., for PostgreSQL use PgBouncer, for Redis use Sentinel, etc.). diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_bus/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_bus/page.mdx index a8fb636e..9e3742ad 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_bus/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_bus/page.mdx @@ -66,9 +66,9 @@ Type: `string` Default: `"ebs-standard"` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule) +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_source/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_source/page.mdx index ecbba625..c8f09e28 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_source/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_source/page.mdx @@ -70,9 +70,9 @@ Type: `string` Default: `"default"` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule) +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_deployment/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_deployment/page.mdx index fe91cbf5..de1084de 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_deployment/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_deployment/page.mdx @@ -290,9 +290,9 @@ Type: `bool` Default: `false` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule) +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster/page.mdx index 18f56324..97bdc1a9 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster/page.mdx @@ -417,9 +417,9 @@ Type: `list(string)` Default: `[]` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to prevent pods from being scheduled on the same instance types +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pod/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pod/page.mdx index 11d42734..e3431269 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pod/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_pod/page.mdx @@ -277,9 +277,9 @@ Type: `bool` Default: `true` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to prevent pods from being scheduled on the same instance types +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel/page.mdx index 14f4ef13..4d62d9fc 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel/page.mdx @@ -266,9 +266,9 @@ Type: `string` Default: `"19.0.2"` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule) +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_stateful_set/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_stateful_set/page.mdx index 44f511da..c6c1862d 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_stateful_set/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_stateful_set/page.mdx @@ -344,9 +344,9 @@ Type: `bool` Default: `false` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule) +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_vault_proxy/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_vault_proxy/page.mdx index 82bacaa2..6c3f111e 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_vault_proxy/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_vault_proxy/page.mdx @@ -117,9 +117,9 @@ Type: `bool` Default: `true` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule) +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool` diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_workload_utility/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_workload_utility/page.mdx index ceabd82c..66f382df 100644 --- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_workload_utility/page.mdx +++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_workload_utility/page.mdx @@ -120,9 +120,9 @@ Type: `bool` Default: `true` -### instance\_type\_spread\_required +### instance\_type\_anti\_affinity\_required -Description: Whether to enable topology spread constraints to spread pods across instance types (with DoNotSchedule) +Description: Whether to enable anti-affinity to prevent pods from being scheduled on the same instance type Type: `bool`