linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Anti Affinity when HA is configured (#2893) 

* Added Anti Affinity when HA is configured
* Move check to validate()
* Test output with anti-affinity when ha upgrade
* Add anti-affinity to identity deployment
* made host anti-affinity default when ha
* Define affinity template in a separate file

Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
This commit is contained in:
Tarun Pothulapati 2019-07-18 22:33:25 +05:30 committed by Ivan Sim
parent 36681218ba
commit fcec1cfb8a
10 changed files with 347 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
chart/templates/_affinity.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "pod-affinity" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: {{ .Label }}
operator: In
values:
- {{ .Component }}
topologyKey: failure-domain.beta.kubernetes.io/zone
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: {{ .Label }}
operator: In
values:
- {{ .Component }}
topologyKey: kubernetes.io/hostname
{{- end }}

4
chart/templates/controller.yaml
View File

@ -131,4 +131,8 @@ spec:
- name: config
configMap:
name: linkerd-config
{{- if .HighAvailability }}
{{- $local := dict "Label" .ControllerComponentLabel "Component" "controller" }}
{{- include "pod-affinity" $local | nindent 6 }}
{{- end }}
{{end -}}

6
chart/templates/identity.yaml
View File

@ -101,6 +101,10 @@ spec:
name: linkerd-config
- name: identity-issuer
secret:
secretName: linkerd-identity-issuer
secretName: linkerd-identity-issuer
{{- if .HighAvailability }}
{{- $local := dict "Label" .ControllerComponentLabel "Component" "identity" }}
{{- include "pod-affinity" $local | nindent 6 }}
{{- end }}
{{end -}}
{{end -}}

5
chart/templates/proxy_injector.yaml
View File

@ -67,6 +67,11 @@ spec:
- name: tls
secret:
secretName: linkerd-proxy-injector-tls
{{- if .HighAvailability }}
{{- $local := dict "Label" .ControllerComponentLabel "Component" "proxy-injector" }}
{{- include "pod-affinity" $local | nindent 6 }}
{{- end }}
---
kind: Service
apiVersion: v1

4
chart/templates/sp_validator.yaml
View File

@ -81,4 +81,8 @@ spec:
- name: tls
secret:
secretName: linkerd-sp-validator-tls
{{- if .HighAvailability }}
{{- $local := dict "Label" .ControllerComponentLabel "Component" "sp-validator" }}
{{- include "pod-affinity" $local | nindent 6 }}
{{- end }}
{{end -}}

4
chart/templates/tap.yaml
View File

@ -71,4 +71,8 @@ spec:
{{ end -}}
securityContext:
runAsUser: {{.ControllerUID}}
{{- if .HighAvailability }}
{{- $local := dict "Label" .ControllerComponentLabel "Component" "tap" }}
{{- include "pod-affinity" $local | nindent 6 }}
{{- end }}
{{end -}}

3
cli/cmd/install.go
View File

@ -57,6 +57,7 @@ type (
LinkerdNamespaceLabel string
ControllerUID int64
EnableH2Upgrade bool
HighAvailability bool
NoInitContainer bool
WebhookFailurePolicy string
OmitWebhookSideEffects bool
@ -606,6 +607,7 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*ins
ControllerReplicas: options.controllerReplicas,
ControllerLogLevel: options.controllerLogLevel,
ControllerUID: options.controllerUID,
HighAvailability: options.highAvailability,
EnableH2Upgrade: !options.disableH2Upgrade,
NoInitContainer: options.noInitContainer,
WebhookFailurePolicy: "Ignore",
@ -701,6 +703,7 @@ func (values *installValues) render(w io.Writer, configs *pb.All) error {
if values.stage == "" || values.stage == controlPlaneStage {
files = append(files, []*chartutil.BufferedFile{
{Name: "templates/_resources.yaml"},
{Name: "templates/_affinity.yaml"},
{Name: "templates/config.yaml"},
{Name: "templates/identity.yaml"},
{Name: "templates/controller.yaml"},

100
cli/cmd/testdata/install_ha_output.golden vendored
View File

@ -702,6 +702,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-identity
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- identity
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- identity
topologyKey: kubernetes.io/hostname
containers:
- args:
- identity
@ -936,6 +956,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-controller
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- controller
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
containers:
- args:
- public-api
@ -1965,6 +2005,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- proxy-injector
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- proxy-injector
topologyKey: kubernetes.io/hostname
containers:
- args:
- proxy-injector
@ -2203,6 +2263,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-sp-validator
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- sp-validator
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- sp-validator
topologyKey: kubernetes.io/hostname
containers:
- args:
- sp-validator
@ -2414,6 +2494,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-tap
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- tap
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- tap
topologyKey: kubernetes.io/hostname
containers:
- args:
- tap

100
cli/cmd/testdata/install_ha_with_overrides_output.golden vendored
View File

@ -702,6 +702,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-identity
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- identity
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- identity
topologyKey: kubernetes.io/hostname
containers:
- args:
- identity
@ -936,6 +956,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-controller
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- controller
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
containers:
- args:
- public-api
@ -1965,6 +2005,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- proxy-injector
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- proxy-injector
topologyKey: kubernetes.io/hostname
containers:
- args:
- proxy-injector
@ -2203,6 +2263,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-sp-validator
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- sp-validator
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- sp-validator
topologyKey: kubernetes.io/hostname
containers:
- args:
- sp-validator
@ -2414,6 +2494,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-tap
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- tap
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- tap
topologyKey: kubernetes.io/hostname
containers:
- args:
- tap

100
cli/cmd/testdata/upgrade_ha.golden vendored
View File

@ -702,6 +702,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-identity
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- identity
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- identity
topologyKey: kubernetes.io/hostname
containers:
- args:
- identity
@ -937,6 +957,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-controller
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- controller
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
containers:
- args:
- public-api
@ -1970,6 +2010,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- proxy-injector
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- proxy-injector
topologyKey: kubernetes.io/hostname
containers:
- args:
- proxy-injector
@ -2209,6 +2269,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-sp-validator
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- sp-validator
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- sp-validator
topologyKey: kubernetes.io/hostname
containers:
- args:
- sp-validator
@ -2421,6 +2501,26 @@ spec:
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-tap
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- tap
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: linkerd.io/control-plane-component
operator: In
values:
- tap
topologyKey: kubernetes.io/hostname
containers:
- args:
- tap