From f60f759bcbfe29ed260dde71877bf5e3145a8ad4 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Wed, 20 Nov 2024 16:35:21 +0100 Subject: [PATCH] feat(chart): add tolerations, nodeSelector, and affinity support for all pods --- templates/api-deployment.yaml | 190 +++--------------------- templates/clock-deployment.yaml | 26 +++- templates/events-worker-deployment.yaml | 32 ++-- templates/front-deployment.yaml | 14 +- templates/pdf-deployment.yaml | 14 +- templates/worker-deployment.yaml | 45 +++--- values.yaml | 23 ++- 7 files changed, 133 insertions(+), 211 deletions(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 958c8b6..7b900cc 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -23,8 +23,20 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{- with .Values.api.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} initContainers: - {{ if .Values.postgresql.enabled }} + {{ if .Values.postgresql.enabled }} - name: wait-for-postgresql image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" args: @@ -32,8 +44,8 @@ spec: - pod/{{ .Release.Name }}-postgresql-0 - --for=condition=ready - --timeout=180s - {{ end }} - {{ if .Values.redis.enabled }} + {{ end }} + {{ if .Values.redis.enabled }} - name: wait-for-redis image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" args: @@ -41,8 +53,8 @@ spec: - pod/{{ .Release.Name }}-redis-master-0 - --for=condition=ready - --timeout=180s - {{ end }} - {{ if .Values.minio.enabled }} + {{ end }} + {{ if .Values.minio.enabled }} - name: wait-for-minio image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" args: @@ -50,7 +62,7 @@ spec: - pod/{{ .Release.Name }}-minio-0 - --for=condition=ready - --timeout=180s - {{ end }} + {{ end }} - name: wait-for-migrations image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" args: @@ -61,178 +73,12 @@ spec: containers: - args: ["bundle", "exec", "rails", "s", "-b", "::"] env: - - name: RAILS_ENV - value: {{ .Values.api.rails.env }} - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: databaseUrl - - name: REDIS_URL - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: redisUrl - - name: LAGO_REDIS_CACHE_URL - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: redisUrl - - name: LAGO_PDF_URL - {{- $pdfHost := printf "%s-pdf-svc.%s" .Release.Name .Release.Namespace}} - value: {{ printf "http://%s:%v" $pdfHost .Values.pdf.service.port | quote }} - - name: LAGO_API_URL - value: {{ required "apiUrl value is required" .Values.apiUrl | quote }} - - name: LAGO_FRONT_URL - value: {{ required "frontUrl value is required" .Values.frontUrl | quote }} - - name: LAGO_SIDEKIQ_WEB - value: {{ .Values.api.sidekiqWeb.enabled | quote }} - - name: RAILS_LOG_TO_STDOUT - value: {{ .Values.api.rails.logStdout | quote }} - - name: LAGO_RSA_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: rsaPrivateKey - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: secretKeyBase - - name: ENCRYPTION_DETERMINISTIC_KEY - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: encryptionDeterministicKey - - name: ENCRYPTION_KEY_DERIVATION_SALT - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: encryptionKeyDerivationSalt - - name: ENCRYPTION_PRIMARY_KEY - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: encryptionPrimaryKey - - name: LAGO_DISABLE_SEGMENT - value: {{ not .Values.global.segment.enabled | quote }} - - name: LAGO_DISABLE_SIGNUP - value: {{ not .Values.global.signup.enabled | quote }} - - name: DATABASE_POOL - value: {{ mul .Values.api.rails.maxThreads .Values.api.rails.webConcurrency | quote }} - - name: RAILS_MAX_THREADS - value: {{ .Values.api.rails.maxThreads | quote }} - - name: RAILS_MIN_THREADS - value: "0" - - name: SIDEKIQ_EVENTS - value: "true" - - name: WEB_CONCURRENCY - value: {{ .Values.api.rails.webConcurrency | quote }} - - name: LAGO_LOG_LEVEL - value: {{ .Values.api.rails.logLevel | quote }} {{- with .Values.api.extraEnv }} {{- range $key, $value := . }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} {{- end }} - {{ if .Values.global.license }} - - name: LAGO_LICENSE - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: license - {{ end }} - - - {{ if or .Values.global.s3.enabled .Values.minio.enabled }} - - name: LAGO_USE_AWS_S3 - value: "true" - {{- if .Values.minio.enabled }} - - name: LAGO_AWS_S3_PATH_STYLE - value: "true" - {{- end }} - {{ if or .Values.global.s3.endpoint .Values.minio.endpoint }} - - name: LAGO_AWS_S3_ENDPOINT - value: {{ if .Values.minio.enabled }} - {{ .Values.minio.endpoint | quote }} - {{ else }} - {{ .Values.global.s3.endpoint | quote }} - {{ end }} - {{ end }} - - {{ if or .Values.global.s3.accessKeyId .Values.minio.enabled .Values.global.existingSecret }} - - name: LAGO_AWS_S3_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ if .Values.minio.enabled }} - {{ .Release.Name }}-minio - {{ else }} - {{ include "secret-path" . }} - {{ end }} - key: {{ if .Values.minio.enabled }} - rootUser - {{ else }} - awsS3AccessKeyId - {{ end }} - {{ end }} - - {{ if or .Values.global.s3.secretAccessKey .Values.minio.enabled .Values.global.existingSecret }} - - name: LAGO_AWS_S3_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ if .Values.minio.enabled }} - {{ .Release.Name }}-minio - {{ else }} - {{ include "secret-path" . }} - {{ end }} - key: {{ if .Values.minio.enabled }} - rootPassword - {{ else }} - awsS3SecretAccessKey - {{ end }} - {{ end }} - - - - name: LAGO_AWS_S3_BUCKET - value: {{ if .Values.minio.enabled }} - {{ (index .Values.minio.buckets 0).name | quote }} - {{ else }} - {{ .Values.global.s3.bucket | quote }} - {{ end }} - - name: LAGO_AWS_S3_REGION - value: {{ if .Values.global.s3.enabled }} - {{ .Values.global.s3.region | quote }} - {{ else if .Values.minio.enabled }} - {{ default "us-east-1" .Values.minio.region | quote }} - {{ end }} - {{ end }} - - {{ if .Values.global.smtp.enabled }} - - name: LAGO_FROM_EMAIL - value: {{ .Values.global.smtp.fromEmail }} - - name: LAGO_SMTP_ADDRESS - value: {{ .Values.global.smtp.address }} - - name: LAGO_SMTP_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: smtpUsername - - name: LAGO_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: smtpPassword - - name: LAGO_SMTP_PORT - value: "{{ .Values.global.smtp.port }}" - {{ end }} - {{ if .Values.global.newRelic.enabled }} - - name: NEW_RELIC_KEY - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: newRelicKey - {{ end }} image: getlago/api:v{{ .Values.version }} name: {{ .Release.Name }}-api ports: diff --git a/templates/clock-deployment.yaml b/templates/clock-deployment.yaml index 7d1d9f7..d9db443 100644 --- a/templates/clock-deployment.yaml +++ b/templates/clock-deployment.yaml @@ -23,6 +23,18 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{- with .Values.clock.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.clock.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.clock.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} initContainers: {{ if .Values.redis.enabled }} - name: wait-for-redis @@ -51,12 +63,6 @@ spec: key: redisUrl - name: RAILS_LOG_TO_STDOUT value: {{ .Values.clock.rails.logStdout | quote }} - {{- with .Values.clock.extraEnv }} - {{- range $key, $value := . }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- end }} - name: LAGO_RSA_PRIVATE_KEY valueFrom: secretKeyRef: @@ -84,6 +90,12 @@ spec: key: encryptionPrimaryKey - name: LAGO_LOG_LEVEL value: {{ .Values.clock.rails.logLevel | quote }} + {{- with .Values.clock.extraEnv }} + {{- range $key, $value := . }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} {{ if .Values.global.newRelic.enabled }} - name: NEW_RELIC_KEY valueFrom: @@ -95,7 +107,7 @@ spec: name: {{ .Release.Name }}-clock {{- with .Values.clock.resources }} resources: - {{- toYaml . | nindent 12}} + {{- toYaml . | nindent 12 }} {{- end }} restartPolicy: Always serviceAccountName: {{ .Values.global.serviceAccountName | default (printf "%s-serviceaccount" .Release.Name) }} diff --git a/templates/events-worker-deployment.yaml b/templates/events-worker-deployment.yaml index 87d203a..c34f2b1 100644 --- a/templates/events-worker-deployment.yaml +++ b/templates/events-worker-deployment.yaml @@ -23,6 +23,18 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{- with .Values.eventsWorker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventsWorker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventsWorker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} initContainers: {{ if .Values.redis.enabled }} - name: wait-for-redis @@ -63,12 +75,6 @@ spec: key: redisUrl - name: RAILS_LOG_TO_STDOUT value: {{ .Values.eventsWorker.rails.logStdout | quote }} - {{- with .Values.eventsWorker.extraEnv }} - {{- range $key, $value := . }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- end }} - name: LAGO_RSA_PRIVATE_KEY valueFrom: secretKeyRef: @@ -95,11 +101,17 @@ spec: name: {{ .Release.Name }}-secrets key: encryptionPrimaryKey - name: DATABASE_POOL - value: {{ .Values.worker.rails.sidekiqConcurrency | quote }} + value: {{ .Values.eventsWorker.rails.sidekiqConcurrency | quote }} - name: SIDEKIQ_CONCURRENCY - value: {{ .Values.worker.rails.sidekiqConcurrency | quote }} + value: {{ .Values.eventsWorker.rails.sidekiqConcurrency | quote }} - name: LAGO_LOG_LEVEL - value: {{ .Values.worker.rails.logLevel | quote }} + value: {{ .Values.eventsWorker.rails.logLevel | quote }} + {{- with .Values.eventsWorker.extraEnv }} + {{- range $key, $value := . }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} {{ if .Values.global.newRelic.enabled }} - name: NEW_RELIC_KEY valueFrom: @@ -111,7 +123,7 @@ spec: name: {{ .Release.Name }}-events-worker {{- with .Values.eventsWorker.resources }} resources: - {{- toYaml . | nindent 12}} + {{- toYaml . | nindent 12 }} {{- end }} livenessProbe: exec: diff --git a/templates/front-deployment.yaml b/templates/front-deployment.yaml index 0d27de4..b28acb3 100644 --- a/templates/front-deployment.yaml +++ b/templates/front-deployment.yaml @@ -5,7 +5,7 @@ metadata: io.lago.service: {{ .Release.Name }}-front name: {{ .Release.Name }}-front spec: - replicas: 1 + replicas: {{ .Values.front.replicas }} selector: matchLabels: io.lago.service: {{ .Release.Name }}-front @@ -21,6 +21,18 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{- with .Values.front.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.front.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.front.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - env: - name: API_URL diff --git a/templates/pdf-deployment.yaml b/templates/pdf-deployment.yaml index 0927b53..a5fe6d1 100644 --- a/templates/pdf-deployment.yaml +++ b/templates/pdf-deployment.yaml @@ -21,6 +21,18 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{- with .Values.pdf.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.pdf.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.pdf.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - image: getlago/lago-gotenberg:7.10 name: {{ .Release.Name }}-pdf @@ -29,7 +41,7 @@ spec: protocol: TCP {{- with .Values.pdf.resources }} resources: - {{- toYaml . | nindent 12}} + {{- toYaml . | nindent 12 }} {{- end }} env: {{- with .Values.pdf.extraEnv }} diff --git a/templates/worker-deployment.yaml b/templates/worker-deployment.yaml index 71cfaa1..8751a75 100644 --- a/templates/worker-deployment.yaml +++ b/templates/worker-deployment.yaml @@ -23,6 +23,18 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} initContainers: {{ if .Values.redis.enabled }} - name: wait-for-redis @@ -62,7 +74,7 @@ spec: name: {{ include "secret-path" . }} key: redisUrl - name: LAGO_PDF_URL - {{- $pdfHost := printf "%s-pdf-svc.%s" .Release.Name .Release.Namespace}} + {{- $pdfHost := printf "%s-pdf-svc.%s" .Release.Name .Release.Namespace }} value: {{ printf "http://%s:%v" $pdfHost .Values.pdf.service.port | quote }} - name: LAGO_API_URL value: {{ required "apiUrl value is required" .Values.apiUrl | quote }} @@ -70,12 +82,6 @@ spec: value: {{ required "frontUrl value is required" .Values.frontUrl | quote }} - name: RAILS_LOG_TO_STDOUT value: {{ .Values.worker.rails.logStdout | quote }} - {{- with .Values.worker.extraEnv }} - {{- range $key, $value := . }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- end }} - name: LAGO_RSA_PRIVATE_KEY valueFrom: secretKeyRef: @@ -109,6 +115,12 @@ spec: value: {{ .Values.worker.rails.sidekiqConcurrency | quote }} - name: LAGO_LOG_LEVEL value: {{ .Values.worker.rails.logLevel | quote }} + {{- with .Values.worker.extraEnv }} + {{- range $key, $value := . }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} {{ if .Values.global.license }} - name: LAGO_LICENSE valueFrom: @@ -120,20 +132,19 @@ spec: {{ if or .Values.global.s3.enabled .Values.minio.enabled }} - name: LAGO_USE_AWS_S3 value: "true" - {{- if .Values.minio.enabled }} + {{- if .Values.minio.enabled }} - name: LAGO_AWS_S3_PATH_STYLE value: "true" - {{- end }} - {{ if or .Values.global.s3.endpoint .Values.minio.endpoint }} + {{- end }} + {{- if or .Values.global.s3.endpoint .Values.minio.endpoint }} - name: LAGO_AWS_S3_ENDPOINT value: {{ if .Values.minio.enabled }} {{ .Values.minio.endpoint | quote }} {{ else }} {{ .Values.global.s3.endpoint | quote }} {{ end }} - {{ end }} - - {{ if or .Values.global.s3.accessKeyId .Values.minio.enabled .Values.global.existingSecret }} + {{- end }} + {{- if or .Values.global.s3.accessKeyId .Values.minio.enabled .Values.global.existingSecret }} - name: LAGO_AWS_S3_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -147,9 +158,8 @@ spec: {{ else }} awsS3AccessKeyId {{ end }} - {{ end }} - - {{ if or .Values.global.s3.secretAccessKey .Values.minio.enabled .Values.global.existingSecret }} + {{- end }} + {{- if or .Values.global.s3.secretAccessKey .Values.minio.enabled .Values.global.existingSecret }} - name: LAGO_AWS_S3_SECRET_ACCESS_KEY valueFrom: secretKeyRef: @@ -163,8 +173,7 @@ spec: {{ else }} awsS3SecretAccessKey {{ end }} - {{ end }} - + {{- end }} - name: LAGO_AWS_S3_BUCKET value: {{ if .Values.minio.enabled }} {{ (index .Values.minio.buckets 0).name | quote }} diff --git a/values.yaml b/values.yaml index 33b49ad..6e69b9e 100644 --- a/values.yaml +++ b/values.yaml @@ -40,8 +40,7 @@ global: # - awsS3SecretAccessKey: # - smtpUsername: # - smtpPassword: - #existingSecret: "lago-credentials" - + #existingSecret: "lago-credentials" # Not required if using existingSecret postgresql: auth: @@ -107,6 +106,9 @@ front: podAnnotations: {} podLabels: {} extraEnv: {} + tolerations: [] + nodeSelector: {} + affinity: {} api: @@ -131,6 +133,10 @@ api: extraEnv: {} podAnnotations: {} podLabels: {} + tolerations: [] + nodeSelector: {} + affinity: {} + worker: replicas: 1 @@ -151,6 +157,10 @@ worker: periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 + tolerations: [] + nodeSelector: {} + affinity: {} + eventsWorker: replicas: 1 @@ -171,6 +181,9 @@ eventsWorker: periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 + tolerations: [] + nodeSelector: {} + affinity: {} clock: @@ -186,6 +199,9 @@ clock: podAnnotations: {} podLabels: {} extraEnv: {} + tolerations: [] + nodeSelector: {} + affinity: {} pdf: @@ -199,6 +215,9 @@ pdf: podAnnotations: {} podLabels: {} extraEnv: {} + tolerations: [] + nodeSelector: {} + affinity: {} job: