diff --git a/changelog.d/5-internal/WPB-10335 b/changelog.d/5-internal/WPB-10335 new file mode 100644 index 00000000000..cf6ebf9798a --- /dev/null +++ b/changelog.d/5-internal/WPB-10335 @@ -0,0 +1 @@ +Added node based topology constraint to ensure pods are distributed uniformly on all nodes. diff --git a/charts/brig/templates/deployment.yaml b/charts/brig/templates/deployment.yaml index fa59c13ed36..08403170c07 100644 --- a/charts/brig/templates/deployment.yaml +++ b/charts/brig/templates/deployment.yaml @@ -30,6 +30,13 @@ spec: fluentbit.io/parser: json spec: serviceAccountName: {{ .Values.serviceAccount.name }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: brig volumes: - name: "brig-config" configMap: diff --git a/charts/cannon/templates/statefulset.yaml b/charts/cannon/templates/statefulset.yaml index 2d7db645c36..2931ce01b90 100644 --- a/charts/cannon/templates/statefulset.yaml +++ b/charts/cannon/templates/statefulset.yaml @@ -34,6 +34,13 @@ spec: {{- end }} spec: terminationGracePeriodSeconds: {{ add .Values.config.drainOpts.gracePeriodSeconds 5 }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: cannon containers: {{- if .Values.service.nginz.enabled }} - name: nginz diff --git a/charts/cargohold/templates/deployment.yaml b/charts/cargohold/templates/deployment.yaml index 99222b2092a..fe25a506cc2 100644 --- a/charts/cargohold/templates/deployment.yaml +++ b/charts/cargohold/templates/deployment.yaml @@ -28,6 +28,13 @@ spec: checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: serviceAccountName: {{ .Values.serviceAccount.name }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: cargohold volumes: - name: "cargohold-config" configMap: diff --git a/charts/demo-smtp/templates/deployment.yaml b/charts/demo-smtp/templates/deployment.yaml index 1e132a72ee6..4cc1b36a363 100644 --- a/charts/demo-smtp/templates/deployment.yaml +++ b/charts/demo-smtp/templates/deployment.yaml @@ -19,6 +19,13 @@ spec: app: {{ template "demo-smtp.name" . }} release: {{ .Release.Name }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ template "demo-smtp.name" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image }}" diff --git a/charts/fake-aws-s3/templates/reaper.yaml b/charts/fake-aws-s3/templates/reaper.yaml index 9d7759eaadd..0687875de32 100644 --- a/charts/fake-aws-s3/templates/reaper.yaml +++ b/charts/fake-aws-s3/templates/reaper.yaml @@ -17,6 +17,13 @@ spec: labels: app: {{ template "fullname" . }}-reaper spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ template "fullname" . }}-reaper volumes: - name: minio-configuration projected: diff --git a/charts/fake-aws-ses/templates/deployment.yaml b/charts/fake-aws-ses/templates/deployment.yaml index 11ec6b5501e..43c48b98a01 100644 --- a/charts/fake-aws-ses/templates/deployment.yaml +++ b/charts/fake-aws-ses/templates/deployment.yaml @@ -17,6 +17,13 @@ spec: labels: app: {{ template "fullname" . }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ template "fullname" . }} containers: - name: fake-aws-ses image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/charts/fake-aws-sns/templates/deployment.yaml b/charts/fake-aws-sns/templates/deployment.yaml index f93bfc62167..04ff1e083f2 100644 --- a/charts/fake-aws-sns/templates/deployment.yaml +++ b/charts/fake-aws-sns/templates/deployment.yaml @@ -17,6 +17,13 @@ spec: labels: app: {{ template "fullname" . }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ template "fullname" . }} containers: - name: fake-aws-sns image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/charts/fake-aws-sqs/templates/deployment.yaml b/charts/fake-aws-sqs/templates/deployment.yaml index 39848020c90..c8e024632b1 100644 --- a/charts/fake-aws-sqs/templates/deployment.yaml +++ b/charts/fake-aws-sqs/templates/deployment.yaml @@ -19,6 +19,13 @@ spec: annotations: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ template "fullname" . }} containers: - name: fake-aws-sqs image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/charts/federator/templates/deployment.yaml b/charts/federator/templates/deployment.yaml index 8b38aa22e71..e5faa860516 100644 --- a/charts/federator/templates/deployment.yaml +++ b/charts/federator/templates/deployment.yaml @@ -30,6 +30,13 @@ spec: {{- end }} fluentbit.io/parser: json spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: federator volumes: - name: "federator-config" configMap: diff --git a/charts/galley/templates/deployment.yaml b/charts/galley/templates/deployment.yaml index 06ad8d1cd21..26d4ab5568b 100644 --- a/charts/galley/templates/deployment.yaml +++ b/charts/galley/templates/deployment.yaml @@ -28,6 +28,13 @@ spec: checksum/aws-secret: {{ include (print .Template.BasePath "/aws-secret.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: galley serviceAccountName: {{ .Values.serviceAccount.name }} volumes: - name: "galley-config" diff --git a/charts/gundeck/templates/deployment.yaml b/charts/gundeck/templates/deployment.yaml index 5afbdd9c4cf..ee67ba1ba43 100644 --- a/charts/gundeck/templates/deployment.yaml +++ b/charts/gundeck/templates/deployment.yaml @@ -28,6 +28,13 @@ spec: checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: serviceAccountName: {{ .Values.serviceAccount.name }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: gundeck volumes: - name: "gundeck-config" configMap: diff --git a/charts/legalhold/templates/deployment.yaml b/charts/legalhold/templates/deployment.yaml index 51036248390..7f6b2c320aa 100644 --- a/charts/legalhold/templates/deployment.yaml +++ b/charts/legalhold/templates/deployment.yaml @@ -17,6 +17,13 @@ spec: labels: name: "{{ .Release.Name }}-hold" spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + name: "{{ .Release.Name }}-hold" restartPolicy: Always containers: - name: hold diff --git a/charts/nginz/templates/deployment.yaml b/charts/nginz/templates/deployment.yaml index fd9a0f3cd06..d04610f6020 100644 --- a/charts/nginz/templates/deployment.yaml +++ b/charts/nginz/templates/deployment.yaml @@ -29,6 +29,13 @@ spec: fluentbit.io/parser-nginz: nginz spec: terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: nginz containers: - name: nginz-disco image: "{{ .Values.images.nginzDisco.repository }}:{{ .Values.images.nginzDisco.tag }}" diff --git a/charts/openldap/templates/openldap.yaml b/charts/openldap/templates/openldap.yaml index 28ed001aa62..3a0fdb9f08b 100644 --- a/charts/openldap/templates/openldap.yaml +++ b/charts/openldap/templates/openldap.yaml @@ -8,6 +8,13 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: openldap securityContext: fsGroup: 911 volumes: diff --git a/charts/outlook-addin/templates/deployment.yaml b/charts/outlook-addin/templates/deployment.yaml index a9679ab816b..3a0ab24413d 100644 --- a/charts/outlook-addin/templates/deployment.yaml +++ b/charts/outlook-addin/templates/deployment.yaml @@ -15,6 +15,13 @@ spec: labels: app: {{ include "outlook.fullname" . }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ include "outlook.fullname" . }} containers: - name: {{ include "outlook.fullname" . }} image: {{ .Values.containerImage }} diff --git a/charts/proxy/templates/deployment.yaml b/charts/proxy/templates/deployment.yaml index 63239a5d413..02676553a1b 100644 --- a/charts/proxy/templates/deployment.yaml +++ b/charts/proxy/templates/deployment.yaml @@ -27,6 +27,13 @@ spec: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: proxy volumes: - name: "proxy-config" configMap: diff --git a/charts/reaper/templates/deployment.yaml b/charts/reaper/templates/deployment.yaml index 89b581b0941..a63cdc42fef 100644 --- a/charts/reaper/templates/deployment.yaml +++ b/charts/reaper/templates/deployment.yaml @@ -20,6 +20,13 @@ spec: release: {{ .Release.Name }} spec: serviceAccountName: reaper-role + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: reaper containers: - name: reaper image: bitnami/kubectl:1.24.12 diff --git a/charts/restund/templates/statefulset.yaml b/charts/restund/templates/statefulset.yaml index 87fa6571c21..97f09a60aae 100644 --- a/charts/restund/templates/statefulset.yaml +++ b/charts/restund/templates/statefulset.yaml @@ -26,6 +26,13 @@ spec: labels: {{- include "restund.selectorLabels" . | nindent 8 }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + {{- include "restund.selectorLabels" . | nindent 6 }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} hostNetwork: true diff --git a/charts/spar/templates/deployment.yaml b/charts/spar/templates/deployment.yaml index c09fc2beacd..5176bf3ebb2 100644 --- a/charts/spar/templates/deployment.yaml +++ b/charts/spar/templates/deployment.yaml @@ -26,6 +26,13 @@ spec: # An annotation of the configmap checksum ensures changes to the configmap cause a redeployment upon `helm upgrade` checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: spar volumes: - name: "spar-config" configMap: