Pass through Pod Affinity Rules

Allow Pod Affinity Rules to be defined in the Limitador CR which will be past to the Limitador deployment CR and place in `spec.template.spec.affinity`.

api/v1alpha1/limitador_types.go

@@ -44,6 +44,9 @@ type LimitadorSpec struct {
  // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
  // Important: Run "make" to regenerate code after modifying this file
 
+ // +optional
+ Affinity *corev1.Affinity `json:"affinity,omitempty"`
+
  // +optional
  Replicas *int `json:"replicas,omitempty"`
 

config/manager/manager.yaml

@@ -25,35 +25,35 @@ spec:
  securityContext:
  runAsNonRoot: true
  containers:
- - command:
- - /manager
- args:
- - --leader-elect
- env:
- - name: RELATED_IMAGE_LIMITADOR
- value: "quay.io/kuadrant/limitador:latest"
- image: controller:latest
- name: manager
- securityContext:
- allowPrivilegeEscalation: false
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: 200m
- memory: 300Mi
- requests:
- cpu: 200m
- memory: 200Mi
+  - command:
+  - /manager
+  args:
+  - --leader-elect
+  env:
+  - name: RELATED_IMAGE_LIMITADOR
+  value: "quay.io/kuadrant/limitador:latest"
+  image: controller:latest
+  name: manager
+  securityContext:
+  allowPrivilegeEscalation: false
+  livenessProbe:
+  httpGet:
+  path: /healthz
+  port: 8081
+  initialDelaySeconds: 15
+  periodSeconds: 20
+  readinessProbe:
+  httpGet:
+  path: /readyz
+  port: 8081
+  initialDelaySeconds: 5
+  periodSeconds: 10
+  resources:
+  limits:
+  cpu: 200m
+  memory: 300Mi
+  requests:
+  cpu: 200m
+  memory: 200Mi
  serviceAccountName: controller-manager
  terminationGracePeriodSeconds: 10

controllers/limitador_controller.go

@@ -145,6 +145,7 @@ func (r *LimitadorReconciler) reconcileDeployment(ctx context.Context, limitador
  deploymentMutators = append(deploymentMutators,
  reconcilers.DeploymentImageMutator,
  reconcilers.DeploymentCommandMutator,
+ reconcilers.DeploymentAffinityMutator,
  )
 
  deployment := limitador.Deployment(limitadorObj, storageConfigSecret)

controllers/limitador_controller_test.go

@@ -40,6 +40,23 @@ var _ = Describe("Limitador controller", func() {
  version := LimitadorVersion
  httpPort := &limitadorv1alpha1.TransportProtocol{Port: &httpPortNumber}
  grpcPort := &limitadorv1alpha1.TransportProtocol{Port: &grpcPortNumber}
+ affinity := &v1.Affinity{
+ PodAntiAffinity: &v1.PodAntiAffinity{
+ PreferredDuringSchedulingIgnoredDuringExecution: []v1.WeightedPodAffinityTerm{
+ {
+ Weight: 100,
+ PodAffinityTerm: v1.PodAffinityTerm{
+ LabelSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ "app.kubernetes.io/name": "limitador",
+ },
+ },
+ TopologyKey: "kubernetes.io/hostname",
+ },
+ },
+ },
+ },
+ }
 
  limits := []limitadorv1alpha1.RateLimit{
  {
@@ -74,6 +91,7 @@ var _ = Describe("Limitador controller", func() {
  Spec: limitadorv1alpha1.LimitadorSpec{
  Replicas: &replicas,
  Version: &version,
+ Affinity: affinity,
  Listener: &limitadorv1alpha1.Listener{
  HTTP: httpPort,
  GRPC: grpcPort,
@@ -169,6 +187,9 @@ var _ = Describe("Limitador controller", func() {
  },
  ),
  )
+ Expect(createdLimitadorDeployment.Spec.Template.Spec.Affinity).Should(
+ Equal(affinity),
+ )
  })
 
  It("Should create a Limitador service", func() {
@@ -259,6 +280,8 @@ var _ = Describe("Limitador controller", func() {
  updatedLimitador.Spec.Replicas = &replicas
  version = "latest"
  updatedLimitador.Spec.Version = &version
+ affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution[0].Weight = 99
+ updatedLimitador.Spec.Affinity = affinity
 
  Expect(k8sClient.Update(context.TODO(), &updatedLimitador)).Should(Succeed())
  updatedLimitadorDeployment := appsv1.Deployment{}
@@ -277,8 +300,46 @@ var _ = Describe("Limitador controller", func() {
 
  correctReplicas := *updatedLimitadorDeployment.Spec.Replicas == LimitadorReplicas+1
  correctImage := updatedLimitadorDeployment.Spec.Template.Spec.Containers[0].Image == LimitadorImage+":latest"
+ correctAffinity := updatedLimitadorDeployment.Spec.Template.Spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution[0].Weight == 99
+
+ return correctReplicas && correctImage && correctAffinity
+ }, timeout, interval).Should(BeTrue())
+ })
+
+ It("Should modify limitador deployments if nil object set", func() {
+ updatedLimitador := limitadorv1alpha1.Limitador{}
+ Eventually(func() bool {
+ err := k8sClient.Get(
+ context.TODO(),
+ types.NamespacedName{
+ Namespace: LimitadorNamespace,
+ Name: limitadorObj.Name,
+ },
+ &updatedLimitador)
+
+ return err == nil
+ }, timeout, interval).Should(BeTrue())
+
+ updatedLimitador.Spec.Affinity = nil
+
+ Expect(k8sClient.Update(context.TODO(), &updatedLimitador)).Should(Succeed())
+ updatedLimitadorDeployment := appsv1.Deployment{}
+ Eventually(func() bool {
+ err := k8sClient.Get(
+ context.TODO(),
+ types.NamespacedName{
+ Namespace: LimitadorNamespace,
+ Name: limitadorObj.Name,
+ },
+ &updatedLimitadorDeployment)
+
+ if err != nil {
+ return false
+ }
+
+ correctAffinity := updatedLimitadorDeployment.Spec.Template.Spec.Affinity == nil
 
- return correctReplicas && correctImage
+ return correctAffinity
  }, timeout, interval).Should(BeTrue())
  })
 

pkg/limitador/k8s_objects.go

@@ -85,6 +85,7 @@ func Deployment(limitador *limitadorv1alpha1.Limitador, storageConfigSecret *v1.
  Labels: labels(),
  },
  Spec: v1.PodSpec{
+ Affinity: limitador.Spec.Affinity,
  Containers: []v1.Container{
  {
  Name: "limitador",

pkg/reconcilers/deployment.go

@@ -34,6 +34,15 @@ func DeploymentMutator(opts ...DeploymentMutateFn) MutateFn {
  }
 }
 
+func DeploymentAffinityMutator(desired, existing *appsv1.Deployment) bool {
+ update := false
+ if !reflect.DeepEqual(existing.Spec.Template.Spec.Affinity, desired.Spec.Template.Spec.Affinity) {
+ existing.Spec.Template.Spec.Affinity = desired.Spec.Template.Spec.Affinity
+ update = true
+ }
+ return update
+}
+
 func DeploymentReplicasMutator(desired, existing *appsv1.Deployment) bool {
  update := false