diff --git a/mozcloud/application/README.md b/mozcloud/application/README.md index 4febec8..1114302 100644 --- a/mozcloud/application/README.md +++ b/mozcloud/application/README.md @@ -85,6 +85,7 @@ Next, update your tenant's values. Shared charts are meant to be self-documented | tasks.cronJobs.default.jobHistory.failed | int | `1` | | | tasks.cronJobs.default.jobHistory.successful | int | `1` | | | tasks.cronJobs.default.schedule | string | `""` | | +| tasks.jobs.default.affinity | object | `{}` | | | tasks.jobs.default.argo | object | `{}` | | | tasks.jobs.default.containers.default.args | list | `[]` | | | tasks.jobs.default.containers.default.command | list | `[]` | | @@ -97,13 +98,16 @@ Next, update your tenant's values. Shared charts are meant to be self-documented | tasks.jobs.default.containers.default.security | object | `{}` | | | tasks.jobs.default.containers.default.volumes | list | `[]` | | | tasks.jobs.default.generateName | bool | `false` | | +| tasks.jobs.default.nodeSelector | object | `{}` | | | tasks.jobs.default.otel.autoInstrumentation.enabled | bool | `false` | | | tasks.jobs.default.otel.autoInstrumentation.language | string | `""` | | | tasks.jobs.default.otel.containers | list | `[]` | | | tasks.jobs.default.otel.enabled | bool | `true` | | | tasks.jobs.default.security | object | `{}` | | | tasks.jobs.default.serviceAccount | string | `""` | | +| tasks.jobs.default.tolerations | list | `[]` | | | tasks.jobs.default.type | string | `"preDeployment"` | | +| workloads.default.affinity | object | `{}` | | | workloads.default.autoscaling.enabled | bool | `true` | | | workloads.default.autoscaling.metrics[0].threshold | int | `60` | | | workloads.default.autoscaling.metrics[0].type | string | `"cpu"` | | @@ -161,6 +165,7 @@ Next, update your tenant's values. Shared charts are meant to be self-documented | workloads.default.labels | object | `{}` | | | workloads.default.nginx.enabled | bool | `true` | | | workloads.default.nginx.image | string | `"us-west1-docker.pkg.dev/moz-fx-platform-artifacts/platform-dockerhub-cache/nginxinc/nginx-unprivileged:1.29"` | | +| workloads.default.nodeSelector | object | `{}` | | | workloads.default.otel.autoInstrumentation.enabled | bool | `false` | | | workloads.default.otel.autoInstrumentation.language | string | `""` | | | workloads.default.otel.containers | list | `[]` | | @@ -168,6 +173,7 @@ Next, update your tenant's values. Shared charts are meant to be self-documented | workloads.default.security | object | `{}` | | | workloads.default.serviceAccount | string | `""` | | | workloads.default.strategy | string | `"RollingUpdate"` | | +| workloads.default.tolerations | list | `[]` | | | workloads.default.type | string | `"deployment"` | | --- diff --git a/mozcloud/application/templates/task/_jobTemplate.yaml b/mozcloud/application/templates/task/_jobTemplate.yaml index 39ab34d..1721ade 100644 --- a/mozcloud/application/templates/task/_jobTemplate.yaml +++ b/mozcloud/application/templates/task/_jobTemplate.yaml @@ -182,6 +182,18 @@ template: {{- if $jobConfig.serviceAccount }} serviceAccountName: {{ printf "%s%s" $prefix $jobConfig.serviceAccount }} {{- end }} + {{- if $jobConfig.affinity }} + affinity: + {{- $jobConfig.affinity | toYaml | nindent 6 }} + {{- end }} + {{- if $jobConfig.nodeSelector }} + nodeSelector: + {{- $jobConfig.nodeSelector | toYaml | nindent 6 }} + {{- end }} + {{- if $jobConfig.tolerations }} + tolerations: + {{- $jobConfig.tolerations | toYaml | nindent 6 }} + {{- end }} {{- if gt (keys $volumes | len) 0 }} volumes: {{- range $volumeName, $volumeConfig := $volumes }} diff --git a/mozcloud/application/templates/workload/deployment.yaml b/mozcloud/application/templates/workload/deployment.yaml index 6156040..2d22d76 100644 --- a/mozcloud/application/templates/workload/deployment.yaml +++ b/mozcloud/application/templates/workload/deployment.yaml @@ -425,6 +425,18 @@ spec: {{- if $workloadConfig.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $workloadConfig.terminationGracePeriodSeconds }} {{- end }} + {{- if $workloadConfig.affinity }} + affinity: + {{- $workloadConfig.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if $workloadConfig.nodeSelector }} + nodeSelector: + {{- $workloadConfig.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if $workloadConfig.tolerations }} + tolerations: + {{- $workloadConfig.tolerations | toYaml | nindent 8 }} + {{- end }} {{- if or $nginxEnabled (gt (keys $volumes | len) 0) }} volumes: {{- if $nginxEnabled }} diff --git a/mozcloud/application/templates/workload/rollout.yaml b/mozcloud/application/templates/workload/rollout.yaml index 728b5c5..3890739 100644 --- a/mozcloud/application/templates/workload/rollout.yaml +++ b/mozcloud/application/templates/workload/rollout.yaml @@ -431,6 +431,18 @@ spec: {{- if $workloadConfig.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $workloadConfig.terminationGracePeriodSeconds }} {{- end }} + {{- if $workloadConfig.affinity }} + affinity: + {{- $workloadConfig.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if $workloadConfig.nodeSelector }} + nodeSelector: + {{- $workloadConfig.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if $workloadConfig.tolerations }} + tolerations: + {{- $workloadConfig.tolerations | toYaml | nindent 8 }} + {{- end }} {{- if or $nginxEnabled (gt (keys $volumes | len) 0) }} volumes: {{- if $nginxEnabled }} diff --git a/mozcloud/application/values.schema.json b/mozcloud/application/values.schema.json index 790abbc..d6a0e04 100644 --- a/mozcloud/application/values.schema.json +++ b/mozcloud/application/values.schema.json @@ -340,9 +340,34 @@ "type": "boolean", "default": true }, + "affinity": { + "type": "object", + "description": "Pod affinity rules (nodeAffinity, podAffinity, podAntiAffinity)" + }, "component": { "type": "string" }, + "nodeSelector": { + "type": "object", + "description": "Node label selectors for pod scheduling", + "additionalProperties": { + "type": "string" + } + }, + "tolerations": { + "type": "array", + "description": "Pod tolerations for tainted nodes", + "items": { + "type": "object", + "properties": { + "key": { "type": "string" }, + "operator": { "type": "string", "enum": ["Exists", "Equal"] }, + "value": { "type": "string" }, + "effect": { "type": "string", "enum": ["NoSchedule", "PreferNoSchedule", "NoExecute"] }, + "tolerationSeconds": { "type": "integer" } + } + } + }, "type": { "type": "string", "enum": ["deployment", "rollout"], @@ -1234,6 +1259,10 @@ "job": { "type": "object", "properties": { + "affinity": { + "type": "object", + "description": "Pod affinity rules (nodeAffinity, podAffinity, podAntiAffinity)" + }, "generateName": { "type": "boolean" }, @@ -1244,6 +1273,13 @@ "type": "integer", "default": 6 }, + "nodeSelector": { + "type": "object", + "description": "Node label selectors for pod scheduling", + "additionalProperties": { + "type": "string" + } + }, "otel": { "$ref": "#/$defs/otel" }, @@ -1269,6 +1305,20 @@ "suspend": { "type": "boolean" }, + "tolerations": { + "type": "array", + "description": "Pod tolerations for tainted nodes", + "items": { + "type": "object", + "properties": { + "key": { "type": "string" }, + "operator": { "type": "string", "enum": ["Exists", "Equal"] }, + "value": { "type": "string" }, + "effect": { "type": "string", "enum": ["NoSchedule", "PreferNoSchedule", "NoExecute"] }, + "tolerationSeconds": { "type": "integer" } + } + } + }, "ttlSecondsAfterFinished": { "type": "integer", "minimum": 0 diff --git a/mozcloud/application/values.yaml b/mozcloud/application/values.yaml index 91e7468..7a21bb3 100644 --- a/mozcloud/application/values.yaml +++ b/mozcloud/application/values.yaml @@ -697,11 +697,25 @@ tasks: # runAsRoot: false security: {} + # Optionally configure pod affinity rules. Accepts the standard + # Kubernetes affinity structure. See workloads.default.affinity for + # full documentation and examples. + affinity: {} + + # Optionally restrict pods to specific nodes using label selectors. + # See workloads.default.nodeSelector for full documentation. + nodeSelector: {} + # Optionally use a custom service account for the container. The value # should match a service account created above in the `serviceAccounts` # section. serviceAccount: '' + # Optionally configure tolerations to allow pods to be scheduled on + # tainted nodes. See workloads.default.tolerations for full + # documentation and examples. + tolerations: [] + # When Kubernetes creates Job resources, the Job controller will # immediately begin executing the job by creating pods. If "suspend" is # enabled, the job will be suspended from execution, effectively @@ -727,6 +741,44 @@ workloads: # the config block. Useful for staged rollouts or incident response. enabled: true + # Optionally configure pod affinity rules to control co-location or + # anti-affinity of pods. Accepts the standard Kubernetes affinity + # structure (nodeAffinity, podAffinity, podAntiAffinity). + # + # Example: + # + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: cloud.google.com/gke-nodepool + # operator: In + # values: + # - my-node-pool + affinity: {} + + # Optionally restrict pods to specific nodes using label selectors. + # + # Example: + # + # nodeSelector: + # cloud.google.com/gke-nodepool: my-node-pool + nodeSelector: {} + + # Optionally configure tolerations to allow pods to be scheduled on + # nodes with matching taints. This is commonly used alongside + # nodeSelector to target dedicated node pools. + # + # Example: + # + # tolerations: + # - key: dedicated + # operator: Equal + # value: my-node-pool + # effect: NoSchedule + tolerations: [] + # The specific unit within an application that performs a distinct function, # typically aligned to a microservice or deployable artifact. #