Pass through Pod Affinity Rules

Allow Pod Affinity Rules to be defined in the Limitador CR which will be past to the Limitador deployment CR and place in `spec.template.spec.affinity`.

Author: Boomatang

api/v1alpha1/limitador_types.go

@@ -44,6 +44,9 @@ type LimitadorSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
+	// +optional
+	Affinity *corev1.Affinity `json:"affinity,omitempty"`
+
 	// +optional
 	Replicas *int `json:"replicas,omitempty"`
 

api/v1alpha1/zz_generated.deepcopy.go

@@ -25,35 +25,35 @@ spec:
       securityContext:
         runAsNonRoot: true
       containers:
-      - command:
-        - /manager
-        args:
-        - --leader-elect
-        env:
-        - name: RELATED_IMAGE_LIMITADOR
-          value: "quay.io/kuadrant/limitador:latest"
-        image: controller:latest
-        name: manager
-        securityContext:
-          allowPrivilegeEscalation: false
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        resources:
-          limits:
-            cpu: 200m
-            memory: 300Mi
-          requests:
-            cpu: 200m
-            memory: 200Mi
+        - command:
+            - /manager
+          args:
+            - --leader-elect
+          env:
+            - name: RELATED_IMAGE_LIMITADOR
+              value: "quay.io/kuadrant/limitador:latest"
+          image: controller:latest
+          name: manager
+          securityContext:
+            allowPrivilegeEscalation: false
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            limits:
+              cpu: 200m
+              memory: 300Mi
+            requests:
+              cpu: 200m
+              memory: 200Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10

bundle/manifests/limitador.kuadrant.io_limitadors.yaml

@@ -145,6 +145,7 @@ func (r *LimitadorReconciler) reconcileDeployment(ctx context.Context, limitador
 	deploymentMutators = append(deploymentMutators,
 		reconcilers.DeploymentImageMutator,
 		reconcilers.DeploymentCommandMutator,
+		reconcilers.DeploymentAffinityMutator,
 	)
 
 	deployment := limitador.Deployment(limitadorObj, storageConfigSecret)

config/crd/bases/limitador.kuadrant.io_limitadors.yaml

@@ -40,6 +40,23 @@ var _ = Describe("Limitador controller", func() {
 	version := LimitadorVersion
 	httpPort := &limitadorv1alpha1.TransportProtocol{Port: &httpPortNumber}
 	grpcPort := &limitadorv1alpha1.TransportProtocol{Port: &grpcPortNumber}
+	affinity := &v1.Affinity{
+		PodAntiAffinity: &v1.PodAntiAffinity{
+			PreferredDuringSchedulingIgnoredDuringExecution: []v1.WeightedPodAffinityTerm{
+				{
+					Weight: 100,
+					PodAffinityTerm: v1.PodAffinityTerm{
+						LabelSelector: &metav1.LabelSelector{
+							MatchLabels: map[string]string{
+								"app.kubernetes.io/name": "limitador",
+							},
+						},
+						TopologyKey: "kubernetes.io/hostname",
+					},
+				},
+			},
+		},
+	}
 
 	limits := []limitadorv1alpha1.RateLimit{
 		{
@@ -74,6 +91,7 @@ var _ = Describe("Limitador controller", func() {
 			Spec: limitadorv1alpha1.LimitadorSpec{
 				Replicas: &replicas,
 				Version:  &version,
+				Affinity: affinity,
 				Listener: &limitadorv1alpha1.Listener{
 					HTTP: httpPort,
 					GRPC: grpcPort,
@@ -169,6 +187,9 @@ var _ = Describe("Limitador controller", func() {
 					},
 				),
 			)
+			Expect(createdLimitadorDeployment.Spec.Template.Spec.Affinity).Should(
+				Equal(affinity),
+			)
 		})
 
 		It("Should create a Limitador service", func() {
@@ -259,6 +280,8 @@ var _ = Describe("Limitador controller", func() {
 			updatedLimitador.Spec.Replicas = &replicas
 			version = "latest"
 			updatedLimitador.Spec.Version = &version
+			affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution[0].Weight = 99
+			updatedLimitador.Spec.Affinity = affinity
 
 			Expect(k8sClient.Update(context.TODO(), &updatedLimitador)).Should(Succeed())
 			updatedLimitadorDeployment := appsv1.Deployment{}
@@ -277,8 +300,46 @@ var _ = Describe("Limitador controller", func() {
 
 				correctReplicas := *updatedLimitadorDeployment.Spec.Replicas == LimitadorReplicas+1
 				correctImage := updatedLimitadorDeployment.Spec.Template.Spec.Containers[0].Image == LimitadorImage+":latest"
+				correctAffinity := updatedLimitadorDeployment.Spec.Template.Spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution[0].Weight == 99
+
+				return correctReplicas && correctImage && correctAffinity
+			}, timeout, interval).Should(BeTrue())
+		})
+
+		It("Should modify limitador deployments if nil object set", func() {
+			updatedLimitador := limitadorv1alpha1.Limitador{}
+			Eventually(func() bool {
+				err := k8sClient.Get(
+					context.TODO(),
+					types.NamespacedName{
+						Namespace: LimitadorNamespace,
+						Name:      limitadorObj.Name,
+					},
+					&updatedLimitador)
+
+				return err == nil
+			}, timeout, interval).Should(BeTrue())
+
+			updatedLimitador.Spec.Affinity = nil
+
+			Expect(k8sClient.Update(context.TODO(), &updatedLimitador)).Should(Succeed())
+			updatedLimitadorDeployment := appsv1.Deployment{}
+			Eventually(func() bool {
+				err := k8sClient.Get(
+					context.TODO(),
+					types.NamespacedName{
+						Namespace: LimitadorNamespace,
+						Name:      limitadorObj.Name,
+					},
+					&updatedLimitadorDeployment)
+
+				if err != nil {
+					return false
+				}
+
+				correctAffinity := updatedLimitadorDeployment.Spec.Template.Spec.Affinity == nil
 
-				return correctReplicas && correctImage
+				return correctAffinity
 			}, timeout, interval).Should(BeTrue())
 		})
 

config/manager/manager.yaml

@@ -60,6 +60,11 @@ func Deployment(limitador *limitadorv1alpha1.Limitador, storageConfigSecret *v1.
 		replicas = int32(*limitador.Spec.Replicas)
 	}
 
+	var affinity *v1.Affinity
+	if limitador.Spec.Affinity != nil {
+		affinity = limitador.Spec.Affinity
+	}
+
 	image := GetLimitadorImageVersion()
 	if limitador.Spec.Version != nil {
 		image = fmt.Sprintf("%s:%s", LimitadorRepository, *limitador.Spec.Version)
@@ -85,6 +90,7 @@ func Deployment(limitador *limitadorv1alpha1.Limitador, storageConfigSecret *v1.
 					Labels: labels(),
 				},
 				Spec: v1.PodSpec{
+					Affinity: affinity,
 					Containers: []v1.Container{
 						{
 							Name:    "limitador",

controllers/limitador_controller.go

@@ -34,6 +34,15 @@ func DeploymentMutator(opts ...DeploymentMutateFn) MutateFn {
 	}
 }
 
+func DeploymentAffinityMutator(desired, existing *appsv1.Deployment) bool {
+	update := false
+	if !reflect.DeepEqual(existing.Spec.Template.Spec.Affinity, desired.Spec.Template.Spec.Affinity) {
+		existing.Spec.Template.Spec.Affinity = desired.Spec.Template.Spec.Affinity
+		update = true
+	}
+	return update
+}
+
 func DeploymentReplicasMutator(desired, existing *appsv1.Deployment) bool {
 	update := false