From 5aa0803e2ec3bc25ce354967b8bda5400d2c7971 Mon Sep 17 00:00:00 2001 From: Kyrylo Ovsiuk Date: Mon, 23 Sep 2024 17:56:28 -0500 Subject: [PATCH] added tolerations and nodeAffinity support --- charts/helm-chart/templates/_helpers.tpl | 30 +++++++++++++++++++ .../enterprise-server/deployment.yml | 2 ++ .../scan-container/scan-job-template.yml | 2 ++ .../templates/web-server/deployment.yml | 2 ++ charts/helm-chart/values.yaml | 19 ++++++++++++ 5 files changed, 55 insertions(+) diff --git a/charts/helm-chart/templates/_helpers.tpl b/charts/helm-chart/templates/_helpers.tpl index 13c66b8..b6c29cc 100755 --- a/charts/helm-chart/templates/_helpers.tpl +++ b/charts/helm-chart/templates/_helpers.tpl @@ -52,4 +52,34 @@ imagePullSecrets: {{- define "screaming-snakecase-release-name" -}} {{- snakecase .Release.Name | replace " " "_" | replace "." "_" | replace "-" "_" | upper -}} +{{- end -}} + +{{- define "tolerations" -}} +{{- if .Values.tolerations }} +tolerations: +{{- range .Values.tolerations }} + - key: "{{ .key }}" + operator: "{{ .operator }}" + value: "{{ .value }}" + effect: "{{ .effect }}" +{{- end }} +{{- end }} +{{- end -}} + +{{- define "nodeAffinity" -}} +{{- if .Values.nodeAffinity }} +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + {{- range .Values.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms }} + - matchExpressions: + {{- range .matchExpressions }} + - key: {{ .key }} + operator: {{ .operator }} + values: + {{ toYaml .values }} + {{- end }} + {{- end }} +{{- end }} {{- end -}} \ No newline at end of file diff --git a/charts/helm-chart/templates/enterprise-server/deployment.yml b/charts/helm-chart/templates/enterprise-server/deployment.yml index 8f670f8..143ddcc 100755 --- a/charts/helm-chart/templates/enterprise-server/deployment.yml +++ b/charts/helm-chart/templates/enterprise-server/deployment.yml @@ -24,6 +24,8 @@ spec: annotations: seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default spec: +{{ include "tolerations" . | indent 6 }} +{{ include "nodeAffinity" . | indent 6 }} {{ include "image-pull-secrets" . | indent 6 }} serviceAccountName: {{ include "kebabcase-release-name" . }}-enterprise-server-service-account securityContext: diff --git a/charts/helm-chart/templates/scan-container/scan-job-template.yml b/charts/helm-chart/templates/scan-container/scan-job-template.yml index 16c8216..b43dbf7 100755 --- a/charts/helm-chart/templates/scan-container/scan-job-template.yml +++ b/charts/helm-chart/templates/scan-container/scan-job-template.yml @@ -15,6 +15,8 @@ spec: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" spec: +{{ include "tolerations" . | indent 6 }} +{{ include "nodeAffinity" . | indent 6 }} {{ include "image-pull-secrets" . | indent 6 }} containers: - env: diff --git a/charts/helm-chart/templates/web-server/deployment.yml b/charts/helm-chart/templates/web-server/deployment.yml index 1f648cd..5aa3b6a 100755 --- a/charts/helm-chart/templates/web-server/deployment.yml +++ b/charts/helm-chart/templates/web-server/deployment.yml @@ -23,6 +23,8 @@ spec: annotations: seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default spec: +{{ include "tolerations" . | indent 6 }} +{{ include "nodeAffinity" . | indent 6 }} {{ include "image-pull-secrets" . | indent 6 }} serviceAccountName: {{ include "kebabcase-release-name" . }}-web-server-service-account securityContext: diff --git a/charts/helm-chart/values.yaml b/charts/helm-chart/values.yaml index bbbbbbe..b85d045 100755 --- a/charts/helm-chart/values.yaml +++ b/charts/helm-chart/values.yaml @@ -48,6 +48,25 @@ services: enterpriseServer: installationEnvironment: KUBERNETES +# Toleration for k8s deployments + +# tolerations: +# - key: "dedicated" +# operator: "Equal" +# value: "burp" +# effect: "NoSchedule" + +# nodeAffinity for k8s deployments + +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: "dedicated" +# operator: "In" +# values: +# - "burp" + database: # -- JDBC connection URL for the database url: ""