From 383d62a0b9d5e5a1bbecc87951fbbcf7a3bd8694 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Fri, 29 Nov 2024 13:32:02 -0500 Subject: [PATCH 1/5] feat(nodeselector): per-Deployment node selectors --- charts/cryostat/README.md | 8 +++++- .../templates/cryostat_deployment.yaml | 2 +- charts/cryostat/templates/db_deployment.yaml | 2 +- .../templates/reports_deployment.yaml | 2 +- .../templates/storage_deployment.yaml | 2 +- .../tests/cryostat_deployment_test.yaml | 24 ++++++++++++++++- charts/cryostat/tests/db_deployment_test.yaml | 24 ++++++++++++++++- .../tests/reports_deployment_test.yaml | 26 ++++++++++++++++++- .../tests/storage_deployment_test.yaml | 24 ++++++++++++++++- charts/cryostat/values.yaml | 14 +++++++++- 10 files changed, 118 insertions(+), 10 deletions(-) diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 6234921..b7266f5 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -84,6 +84,7 @@ helm install cryostat ./charts/cryostat | `core.discovery.kubernetes.portNames` | List of port names that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | | `core.discovery.kubernetes.builtInPortNumbersDisabled` | When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. | `false` | | `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | +| `core.nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Report Generator Deployment @@ -101,6 +102,7 @@ helm install cryostat ./charts/cryostat | `reports.resources.requests.cpu` | CPU resource request for each Pod in the Report Generator Deployment. | `500m` | | `reports.resources.requests.memory` | Memory resource request for each Pod in the Report Generator Deployment. | `512Mi` | | `reports.securityContext` | Security Context for the Report Generator containers. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | +| `reports.nodeSelector` | Node Selector for the Report Generator Pods. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Database Container @@ -115,6 +117,7 @@ helm install cryostat ./charts/cryostat | `db.resources.requests.cpu` | CPU resource request for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `25m` | | `db.resources.requests.memory` | Memory resource request for the database container. | `64Mi` | | `db.securityContext` | Security Context for the database container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | +| `db.nodeSelector` | Node Selector for the Database Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Storage Container @@ -131,6 +134,7 @@ helm install cryostat ./charts/cryostat | `storage.resources.requests.cpu` | CPU resource request for the object storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `50m` | | `storage.resources.requests.memory` | Memory resource request for the object storage container. | `256Mi` | | `storage.securityContext` | Security Context for the storage container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | +| `storage.nodeSelector` | Node Selector for the Storage Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Grafana Container @@ -145,6 +149,7 @@ helm install cryostat ./charts/cryostat | `grafana.resources.requests.cpu` | CPU resource request for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `25m` | | `grafana.resources.requests.memory` | Memory resource request for the Grafana container. | `80Mi` | | `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | +| `grafana.nodeSelector` | Node Selector for the Grafana Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### JFR Data Source Container @@ -157,6 +162,7 @@ helm install cryostat ./charts/cryostat | `datasource.resources.requests.cpu` | CPU resource request for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `200m` | | `datasource.resources.requests.memory` | Memory resource request for the JFR Data Source container. | `200Mi` | | `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | +| `datasource.nodeSelector` | Node Selector for the JFR Datasource Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Authentication @@ -212,7 +218,7 @@ helm install cryostat ./charts/cryostat | `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | | `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | | `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `nodeSelector` | default Node Selector for the various Pods. Any Pod which does not have an individual nodeSelector setting will default to this. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | | `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `pvc.enabled` | Specify whether to use persistentVolumeClaim or EmptyDir storage | `false` | diff --git a/charts/cryostat/templates/cryostat_deployment.yaml b/charts/cryostat/templates/cryostat_deployment.yaml index cb0fbca..a9e7b77 100644 --- a/charts/cryostat/templates/cryostat_deployment.yaml +++ b/charts/cryostat/templates/cryostat_deployment.yaml @@ -187,7 +187,7 @@ spec: - http://localhost:8800 resources: {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- with (default .Values.nodeSelector .Values.core.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/db_deployment.yaml b/charts/cryostat/templates/db_deployment.yaml index c6c753f..cddade5 100644 --- a/charts/cryostat/templates/db_deployment.yaml +++ b/charts/cryostat/templates/db_deployment.yaml @@ -72,7 +72,7 @@ spec: - cryostat resources: {{- toYaml (.Values.db).resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- with (default .Values.nodeSelector .Values.db.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/reports_deployment.yaml b/charts/cryostat/templates/reports_deployment.yaml index 05c846d..d77ae07 100644 --- a/charts/cryostat/templates/reports_deployment.yaml +++ b/charts/cryostat/templates/reports_deployment.yaml @@ -62,7 +62,7 @@ spec: failureThreshold: 2 resources: {{- toYaml (.Values.reports).resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- with (default .Values.nodeSelector .Values.reports.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/storage_deployment.yaml b/charts/cryostat/templates/storage_deployment.yaml index 3031633..96e284c 100644 --- a/charts/cryostat/templates/storage_deployment.yaml +++ b/charts/cryostat/templates/storage_deployment.yaml @@ -86,7 +86,7 @@ spec: timeoutSeconds: 5 resources: {{- toYaml (.Values.storage).resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- with (default .Values.nodeSelector .Values.storage.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/tests/cryostat_deployment_test.yaml b/charts/cryostat/tests/cryostat_deployment_test.yaml index 0548fc7..72197bb 100644 --- a/charts/cryostat/tests/cryostat_deployment_test.yaml +++ b/charts/cryostat/tests/cryostat_deployment_test.yaml @@ -474,7 +474,29 @@ tests: path: spec.template.spec.affinity - exists: path: spec.template.spec.tolerations - + + - it: should accept specific nodeSelector setting + set: + core.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + + - it: should prefer specific nodeSelector over general + set: + nodeSelector: + disktype: hdd + core.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/tests/db_deployment_test.yaml b/charts/cryostat/tests/db_deployment_test.yaml index fa1ff93..bb52146 100644 --- a/charts/cryostat/tests/db_deployment_test.yaml +++ b/charts/cryostat/tests/db_deployment_test.yaml @@ -178,7 +178,29 @@ tests: path: spec.template.spec.affinity - exists: path: spec.template.spec.tolerations - + + - it: should accept specific nodeSelector setting + set: + db.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + + - it: should prefer specific nodeSelector over general + set: + nodeSelector: + disktype: hdd + db.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/tests/reports_deployment_test.yaml b/charts/cryostat/tests/reports_deployment_test.yaml index 28ebff6..9dc28d1 100644 --- a/charts/cryostat/tests/reports_deployment_test.yaml +++ b/charts/cryostat/tests/reports_deployment_test.yaml @@ -134,7 +134,31 @@ tests: path: spec.template.spec.affinity - exists: path: spec.template.spec.tolerations - + + - it: should accept specific nodeSelector setting + set: + reports.replicas: 1 + reports.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + + - it: should prefer specific nodeSelector over general + set: + reports.replicas: 1 + nodeSelector: + disktype: hdd + reports.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + - it: should verify image pull policies for development snapshots set: reports: diff --git a/charts/cryostat/tests/storage_deployment_test.yaml b/charts/cryostat/tests/storage_deployment_test.yaml index a077cd0..3d5659a 100644 --- a/charts/cryostat/tests/storage_deployment_test.yaml +++ b/charts/cryostat/tests/storage_deployment_test.yaml @@ -207,7 +207,29 @@ tests: path: spec.template.spec.affinity - exists: path: spec.template.spec.tolerations - + + - it: should accept specific nodeSelector setting + set: + storage.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + + - it: should prefer specific nodeSelector over general + set: + nodeSelector: + disktype: hdd + storage.nodeSelector: + diskType: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index 79fdd4d..f53566f 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -85,6 +85,8 @@ core: builtInPortNumbersDisabled: false ## @param core.discovery.kubernetes.portNumbers [array] List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable portNumbers: [] + ## @param core.nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + nodeSelector: {} ## @section Report Generator Deployment ## @extra reports Configuration for the Reports Generator deployment @@ -123,6 +125,8 @@ reports: capabilities: drop: - ALL + ## @param reports.nodeSelector [object] Node Selector for the Report Generator Pods. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + nodeSelector: {} ## @section Database Container ## @extra db Configuration for Cryostat's database @@ -153,6 +157,8 @@ db: capabilities: drop: - ALL + ## @param db.nodeSelector [object] Node Selector for the Database Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + nodeSelector: {} ## @section Storage Container ## @extra storage Configuration for Cryostat's object storage provider @@ -188,6 +194,8 @@ storage: capabilities: drop: - ALL + ## @param storage.nodeSelector [object] Node Selector for the Storage Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + nodeSelector: {} ## @section Grafana Container ## @extra grafana Configuration for the customized Grafana instance for Cryostat @@ -218,6 +226,8 @@ grafana: capabilities: drop: - ALL + ## @param grafana.nodeSelector [object] Node Selector for the Grafana Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + nodeSelector: {} ## @section JFR Data Source Container ## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana @@ -243,6 +253,8 @@ datasource: capabilities: drop: - ALL + ## @param datasource.nodeSelector [object] Node Selector for the JFR Datasource Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + nodeSelector: {} ## @section Authentication @@ -362,7 +374,7 @@ podSecurityContext: seccompProfile: type: RuntimeDefault -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) +## @param nodeSelector [object] default Node Selector for the various Pods. Any Pod which does not have an individual nodeSelector setting will default to this. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} ## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) From ce106210c346c225b86c0228b70f191b37d321f6 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Fri, 29 Nov 2024 13:41:55 -0500 Subject: [PATCH 2/5] tolerations --- charts/cryostat/README.md | 8 +++- .../templates/cryostat_deployment.yaml | 2 +- charts/cryostat/templates/db_deployment.yaml | 2 +- .../templates/reports_deployment.yaml | 2 +- .../templates/storage_deployment.yaml | 2 +- .../tests/cryostat_deployment_test.yaml | 37 ++++++++++++++++++ charts/cryostat/tests/db_deployment_test.yaml | 37 ++++++++++++++++++ .../tests/reports_deployment_test.yaml | 39 +++++++++++++++++++ .../tests/storage_deployment_test.yaml | 37 ++++++++++++++++++ charts/cryostat/values.schema.json | 38 +++++++++++++++++- charts/cryostat/values.yaml | 14 ++++++- 11 files changed, 211 insertions(+), 7 deletions(-) diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index b7266f5..522360f 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -85,6 +85,7 @@ helm install cryostat ./charts/cryostat | `core.discovery.kubernetes.builtInPortNumbersDisabled` | When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. | `false` | | `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | | `core.nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `core.tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | ### Report Generator Deployment @@ -103,6 +104,7 @@ helm install cryostat ./charts/cryostat | `reports.resources.requests.memory` | Memory resource request for each Pod in the Report Generator Deployment. | `512Mi` | | `reports.securityContext` | Security Context for the Report Generator containers. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `reports.nodeSelector` | Node Selector for the Report Generator Pods. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `reports.tolerations` | Tolerations for the Report Generator Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | ### Database Container @@ -118,6 +120,7 @@ helm install cryostat ./charts/cryostat | `db.resources.requests.memory` | Memory resource request for the database container. | `64Mi` | | `db.securityContext` | Security Context for the database container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `db.nodeSelector` | Node Selector for the Database Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `db.tolerations` | Tolerations for the Database Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | ### Storage Container @@ -135,6 +138,7 @@ helm install cryostat ./charts/cryostat | `storage.resources.requests.memory` | Memory resource request for the object storage container. | `256Mi` | | `storage.securityContext` | Security Context for the storage container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `storage.nodeSelector` | Node Selector for the Storage Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `storage.tolerations` | Tolerations for the Storage Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | ### Grafana Container @@ -150,6 +154,7 @@ helm install cryostat ./charts/cryostat | `grafana.resources.requests.memory` | Memory resource request for the Grafana container. | `80Mi` | | `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `grafana.nodeSelector` | Node Selector for the Grafana Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `grafana.tolerations` | Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | ### JFR Data Source Container @@ -163,6 +168,7 @@ helm install cryostat ./charts/cryostat | `datasource.resources.requests.memory` | Memory resource request for the JFR Data Source container. | `200Mi` | | `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `datasource.nodeSelector` | Node Selector for the JFR Datasource Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `datasource.tolerations` | Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | ### Authentication @@ -219,7 +225,7 @@ helm install cryostat ./charts/cryostat | `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | | `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | | `nodeSelector` | default Node Selector for the various Pods. Any Pod which does not have an individual nodeSelector setting will default to this. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | +| `tolerations` | default Tolerations for the various Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | | `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `pvc.enabled` | Specify whether to use persistentVolumeClaim or EmptyDir storage | `false` | | `pvc.annotations` | Annotations to add to the persistentVolumeClaim | `{}` | diff --git a/charts/cryostat/templates/cryostat_deployment.yaml b/charts/cryostat/templates/cryostat_deployment.yaml index a9e7b77..3dcf7c5 100644 --- a/charts/cryostat/templates/cryostat_deployment.yaml +++ b/charts/cryostat/templates/cryostat_deployment.yaml @@ -195,7 +195,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.core.tolerations) }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/db_deployment.yaml b/charts/cryostat/templates/db_deployment.yaml index cddade5..fda0086 100644 --- a/charts/cryostat/templates/db_deployment.yaml +++ b/charts/cryostat/templates/db_deployment.yaml @@ -80,7 +80,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.db.tolerations) }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/reports_deployment.yaml b/charts/cryostat/templates/reports_deployment.yaml index d77ae07..a403cc9 100644 --- a/charts/cryostat/templates/reports_deployment.yaml +++ b/charts/cryostat/templates/reports_deployment.yaml @@ -70,7 +70,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.reports.tolerations) }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/storage_deployment.yaml b/charts/cryostat/templates/storage_deployment.yaml index 96e284c..dbcd0ea 100644 --- a/charts/cryostat/templates/storage_deployment.yaml +++ b/charts/cryostat/templates/storage_deployment.yaml @@ -94,7 +94,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.storage.tolerations) }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/tests/cryostat_deployment_test.yaml b/charts/cryostat/tests/cryostat_deployment_test.yaml index 72197bb..6769d93 100644 --- a/charts/cryostat/tests/cryostat_deployment_test.yaml +++ b/charts/cryostat/tests/cryostat_deployment_test.yaml @@ -497,6 +497,43 @@ tests: value: diskType: ssd + - it: should accept specific tolerations setting + set: + core.tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + + - it: should prefer specific tolerations over general + set: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + core.tolerations: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/tests/db_deployment_test.yaml b/charts/cryostat/tests/db_deployment_test.yaml index bb52146..712d5d0 100644 --- a/charts/cryostat/tests/db_deployment_test.yaml +++ b/charts/cryostat/tests/db_deployment_test.yaml @@ -201,6 +201,43 @@ tests: value: diskType: ssd + - it: should accept specific tolerations setting + set: + db.tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + + - it: should prefer specific tolerations over general + set: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + db.tolerations: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/tests/reports_deployment_test.yaml b/charts/cryostat/tests/reports_deployment_test.yaml index 9dc28d1..7bb2034 100644 --- a/charts/cryostat/tests/reports_deployment_test.yaml +++ b/charts/cryostat/tests/reports_deployment_test.yaml @@ -159,6 +159,45 @@ tests: value: diskType: ssd + - it: should accept specific tolerations setting + set: + reports.replicas: 1 + reports.tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + + - it: should prefer specific tolerations over general + set: + reports.replicas: 1 + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + reports.tolerations: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + - it: should verify image pull policies for development snapshots set: reports: diff --git a/charts/cryostat/tests/storage_deployment_test.yaml b/charts/cryostat/tests/storage_deployment_test.yaml index 3d5659a..738f659 100644 --- a/charts/cryostat/tests/storage_deployment_test.yaml +++ b/charts/cryostat/tests/storage_deployment_test.yaml @@ -230,6 +230,43 @@ tests: value: diskType: ssd + - it: should accept specific tolerations setting + set: + storage.tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + + - it: should prefer specific tolerations over general + set: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + storage.tolerations: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index 88c3baf..ead2b9d 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -258,6 +258,12 @@ } } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", + "default": [], + "items": {} } } }, @@ -368,6 +374,12 @@ } } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the Report Generator Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", + "default": [], + "items": {} } } }, @@ -453,6 +465,12 @@ } } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the Database Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", + "default": [], + "items": {} } } }, @@ -553,6 +571,12 @@ } } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the Storage Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", + "default": [], + "items": {} } } }, @@ -638,6 +662,12 @@ } } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", + "default": [], + "items": {} } } }, @@ -708,6 +738,12 @@ } } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", + "default": [], + "items": {} } } }, @@ -1009,7 +1045,7 @@ }, "tolerations": { "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", + "description": "default Tolerations for the various Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", "default": [], "items": {} }, diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index f53566f..622a602 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -87,6 +87,8 @@ core: portNumbers: [] ## @param core.nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} + ## @param core.tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + tolerations: [] ## @section Report Generator Deployment ## @extra reports Configuration for the Reports Generator deployment @@ -127,6 +129,8 @@ reports: - ALL ## @param reports.nodeSelector [object] Node Selector for the Report Generator Pods. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} + ## @param reports.tolerations [array] Tolerations for the Report Generator Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + tolerations: [] ## @section Database Container ## @extra db Configuration for Cryostat's database @@ -159,6 +163,8 @@ db: - ALL ## @param db.nodeSelector [object] Node Selector for the Database Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} + ## @param db.tolerations [array] Tolerations for the Database Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + tolerations: [] ## @section Storage Container ## @extra storage Configuration for Cryostat's object storage provider @@ -196,6 +202,8 @@ storage: - ALL ## @param storage.nodeSelector [object] Node Selector for the Storage Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} + ## @param storage.tolerations [array] Tolerations for the Storage Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + tolerations: [] ## @section Grafana Container ## @extra grafana Configuration for the customized Grafana instance for Cryostat @@ -228,6 +236,8 @@ grafana: - ALL ## @param grafana.nodeSelector [object] Node Selector for the Grafana Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} + ## @param grafana.tolerations [array] Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + tolerations: [] ## @section JFR Data Source Container ## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana @@ -255,6 +265,8 @@ datasource: - ALL ## @param datasource.nodeSelector [object] Node Selector for the JFR Datasource Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} + ## @param datasource.tolerations [array] Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + tolerations: [] ## @section Authentication @@ -377,7 +389,7 @@ podSecurityContext: ## @param nodeSelector [object] default Node Selector for the various Pods. Any Pod which does not have an individual nodeSelector setting will default to this. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) nodeSelector: {} -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) +## @param tolerations [array] default Tolerations for the various Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] ## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) From 4699d8985f04de98cb17d1f8df825bb383d3a027 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Fri, 29 Nov 2024 13:48:03 -0500 Subject: [PATCH 3/5] affinity --- charts/cryostat/README.md | 8 ++- .../templates/cryostat_deployment.yaml | 2 +- charts/cryostat/templates/db_deployment.yaml | 2 +- .../templates/reports_deployment.yaml | 2 +- .../templates/storage_deployment.yaml | 2 +- .../tests/cryostat_deployment_test.yaml | 57 ++++++++++++++++++ charts/cryostat/tests/db_deployment_test.yaml | 57 ++++++++++++++++++ .../tests/reports_deployment_test.yaml | 59 +++++++++++++++++++ .../tests/storage_deployment_test.yaml | 57 ++++++++++++++++++ charts/cryostat/values.yaml | 14 ++++- 10 files changed, 254 insertions(+), 6 deletions(-) diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 522360f..22a523f 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -86,6 +86,7 @@ helm install cryostat ./charts/cryostat | `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | | `core.nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `core.tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | +| `core.affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Report Generator Deployment @@ -105,6 +106,7 @@ helm install cryostat ./charts/cryostat | `reports.securityContext` | Security Context for the Report Generator containers. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `reports.nodeSelector` | Node Selector for the Report Generator Pods. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `reports.tolerations` | Tolerations for the Report Generator Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | +| `reports.affinity` | Affinity for the Report Generator Pods. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Database Container @@ -121,6 +123,7 @@ helm install cryostat ./charts/cryostat | `db.securityContext` | Security Context for the database container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `db.nodeSelector` | Node Selector for the Database Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `db.tolerations` | Tolerations for the Database Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | +| `db.affinity` | Affinity for the Database Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Storage Container @@ -139,6 +142,7 @@ helm install cryostat ./charts/cryostat | `storage.securityContext` | Security Context for the storage container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `storage.nodeSelector` | Node Selector for the Storage Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `storage.tolerations` | Tolerations for the Storage Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | +| `storage.affinity` | Affinity for the Storage Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Grafana Container @@ -155,6 +159,7 @@ helm install cryostat ./charts/cryostat | `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `grafana.nodeSelector` | Node Selector for the Grafana Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `grafana.tolerations` | Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | +| `grafana.affinity` | Affinity for the Grafana Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### JFR Data Source Container @@ -169,6 +174,7 @@ helm install cryostat ./charts/cryostat | `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | | `datasource.nodeSelector` | Node Selector for the JFR Datasource Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `datasource.tolerations` | Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | +| `datasource.affinity` | Affinity for the JFR Datasource Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Authentication @@ -226,7 +232,7 @@ helm install cryostat ./charts/cryostat | `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | | `nodeSelector` | default Node Selector for the various Pods. Any Pod which does not have an individual nodeSelector setting will default to this. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `tolerations` | default Tolerations for the various Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | +| `affinity` | default Affinity for the various Pods. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `pvc.enabled` | Specify whether to use persistentVolumeClaim or EmptyDir storage | `false` | | `pvc.annotations` | Annotations to add to the persistentVolumeClaim | `{}` | | `pvc.storage` | Storage size to request for the persistentVolumeClaim | `500Mi` | diff --git a/charts/cryostat/templates/cryostat_deployment.yaml b/charts/cryostat/templates/cryostat_deployment.yaml index 3dcf7c5..2f179be 100644 --- a/charts/cryostat/templates/cryostat_deployment.yaml +++ b/charts/cryostat/templates/cryostat_deployment.yaml @@ -191,7 +191,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.core.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/db_deployment.yaml b/charts/cryostat/templates/db_deployment.yaml index fda0086..f5b2ecf 100644 --- a/charts/cryostat/templates/db_deployment.yaml +++ b/charts/cryostat/templates/db_deployment.yaml @@ -76,7 +76,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.db.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/reports_deployment.yaml b/charts/cryostat/templates/reports_deployment.yaml index a403cc9..db878bf 100644 --- a/charts/cryostat/templates/reports_deployment.yaml +++ b/charts/cryostat/templates/reports_deployment.yaml @@ -66,7 +66,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.reports.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/templates/storage_deployment.yaml b/charts/cryostat/templates/storage_deployment.yaml index dbcd0ea..5ce3d01 100644 --- a/charts/cryostat/templates/storage_deployment.yaml +++ b/charts/cryostat/templates/storage_deployment.yaml @@ -90,7 +90,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.storage.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/cryostat/tests/cryostat_deployment_test.yaml b/charts/cryostat/tests/cryostat_deployment_test.yaml index 6769d93..529c134 100644 --- a/charts/cryostat/tests/cryostat_deployment_test.yaml +++ b/charts/cryostat/tests/cryostat_deployment_test.yaml @@ -534,6 +534,63 @@ tests: value: "value2" effect: "NoSchedule" + - it: should accept specific affinity setting + set: + core.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + + - it: should prefer specific affinity over general + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + core.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/tests/db_deployment_test.yaml b/charts/cryostat/tests/db_deployment_test.yaml index 712d5d0..c4f80f9 100644 --- a/charts/cryostat/tests/db_deployment_test.yaml +++ b/charts/cryostat/tests/db_deployment_test.yaml @@ -238,6 +238,63 @@ tests: value: "value2" effect: "NoSchedule" + - it: should accept specific affinity setting + set: + db.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + + - it: should prefer specific affinity over general + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + db.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/tests/reports_deployment_test.yaml b/charts/cryostat/tests/reports_deployment_test.yaml index 7bb2034..2bb763f 100644 --- a/charts/cryostat/tests/reports_deployment_test.yaml +++ b/charts/cryostat/tests/reports_deployment_test.yaml @@ -198,6 +198,65 @@ tests: value: "value2" effect: "NoSchedule" + - it: should accept specific affinity setting + set: + reports.replicas: 1 + reports.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + + - it: should prefer specific affinity over general + set: + reports.replicas: 1 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + reports.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + - it: should verify image pull policies for development snapshots set: reports: diff --git a/charts/cryostat/tests/storage_deployment_test.yaml b/charts/cryostat/tests/storage_deployment_test.yaml index 738f659..f97e36a 100644 --- a/charts/cryostat/tests/storage_deployment_test.yaml +++ b/charts/cryostat/tests/storage_deployment_test.yaml @@ -267,6 +267,63 @@ tests: value: "value2" effect: "NoSchedule" + - it: should accept specific affinity setting + set: + storage.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + + - it: should prefer specific affinity over general + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + storage.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + - it: should verify image pull policies for development snapshots set: core.image.tag: "4.0.0-snapshot" diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index 622a602..e4805d7 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -89,6 +89,8 @@ core: nodeSelector: {} ## @param core.tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] + ## @param core.affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + affinity: {} ## @section Report Generator Deployment ## @extra reports Configuration for the Reports Generator deployment @@ -131,6 +133,8 @@ reports: nodeSelector: {} ## @param reports.tolerations [array] Tolerations for the Report Generator Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] + ## @param reports.affinity [object] Affinity for the Report Generator Pods. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + affinity: {} ## @section Database Container ## @extra db Configuration for Cryostat's database @@ -165,6 +169,8 @@ db: nodeSelector: {} ## @param db.tolerations [array] Tolerations for the Database Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] + ## @param db.affinity [object] Affinity for the Database Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + affinity: {} ## @section Storage Container ## @extra storage Configuration for Cryostat's object storage provider @@ -204,6 +210,8 @@ storage: nodeSelector: {} ## @param storage.tolerations [array] Tolerations for the Storage Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] + ## @param storage.affinity [object] Affinity for the Storage Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + affinity: {} ## @section Grafana Container ## @extra grafana Configuration for the customized Grafana instance for Cryostat @@ -238,6 +246,8 @@ grafana: nodeSelector: {} ## @param grafana.tolerations [array] Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] + ## @param grafana.affinity [object] Affinity for the Grafana Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + affinity: {} ## @section JFR Data Source Container ## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana @@ -267,6 +277,8 @@ datasource: nodeSelector: {} ## @param datasource.tolerations [array] Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] + ## @param datasource.affinity [object] Affinity for the JFR Datasource Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) + affinity: {} ## @section Authentication @@ -392,7 +404,7 @@ nodeSelector: {} ## @param tolerations [array] default Tolerations for the various Pods. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) tolerations: [] -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) +## @param affinity [object] default Affinity for the various Pods. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) affinity: {} pvc: From 8950d3b69b8b0aa3e0f3fe26713148dad94bff88 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Mon, 2 Dec 2024 10:56:53 -0500 Subject: [PATCH 4/5] drop unused values --- charts/cryostat/README.md | 6 ------ charts/cryostat/values.yaml | 12 ------------ 2 files changed, 18 deletions(-) diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 22a523f..3aa8464 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -157,9 +157,6 @@ helm install cryostat ./charts/cryostat | `grafana.resources.requests.cpu` | CPU resource request for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `25m` | | `grafana.resources.requests.memory` | Memory resource request for the Grafana container. | `80Mi` | | `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | -| `grafana.nodeSelector` | Node Selector for the Grafana Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `grafana.tolerations` | Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `grafana.affinity` | Affinity for the Grafana Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### JFR Data Source Container @@ -172,9 +169,6 @@ helm install cryostat ./charts/cryostat | `datasource.resources.requests.cpu` | CPU resource request for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `200m` | | `datasource.resources.requests.memory` | Memory resource request for the JFR Data Source container. | `200Mi` | | `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | -| `datasource.nodeSelector` | Node Selector for the JFR Datasource Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `datasource.tolerations` | Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `datasource.affinity` | Affinity for the JFR Datasource Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | ### Authentication diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index e4805d7..e72bf4c 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -242,12 +242,6 @@ grafana: capabilities: drop: - ALL - ## @param grafana.nodeSelector [object] Node Selector for the Grafana Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) - nodeSelector: {} - ## @param grafana.tolerations [array] Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) - tolerations: [] - ## @param grafana.affinity [object] Affinity for the Grafana Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) - affinity: {} ## @section JFR Data Source Container ## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana @@ -273,12 +267,6 @@ datasource: capabilities: drop: - ALL - ## @param datasource.nodeSelector [object] Node Selector for the JFR Datasource Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) - nodeSelector: {} - ## @param datasource.tolerations [array] Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) - tolerations: [] - ## @param datasource.affinity [object] Affinity for the JFR Datasource Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) - affinity: {} ## @section Authentication From af474269a95f2a03e0f3fe94dfdf1b9d00093117 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Mon, 2 Dec 2024 11:10:02 -0500 Subject: [PATCH 5/5] readme --- charts/cryostat/values.schema.json | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index ead2b9d..ccd2508 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -662,12 +662,6 @@ } } } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Grafana Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": {} } } }, @@ -738,12 +732,6 @@ } } } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the JFR Datasource Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": {} } } },