From 40e737aaadb95250dc628b06b3716e11c617bf5e Mon Sep 17 00:00:00 2001 From: Lenin Mehedy Date: Mon, 16 Oct 2023 10:30:14 +1100 Subject: [PATCH] feat: apply nodeSelector and tolerations to all pods including proxies (#384) Signed-off-by: Lenin Mehedy --- .../templates/network-node-statefulset.yaml | 4 +- .../templates/proxy/envoy-deployment.yaml | 16 +++ .../templates/proxy/haproxy-deployment.yaml | 16 +++ .../templates/tests/test-deployment.yaml | 16 +++ charts/hedera-network/values.yaml | 122 +++++++++++++++++- dev/Makefile | 2 - dev/dev-cluster.yaml | 1 - dev/scripts/main.sh | 7 +- 8 files changed, 176 insertions(+), 8 deletions(-) diff --git a/charts/hedera-network/templates/network-node-statefulset.yaml b/charts/hedera-network/templates/network-node-statefulset.yaml index ac90a2b9f..8ff53dd35 100644 --- a/charts/hedera-network/templates/network-node-statefulset.yaml +++ b/charts/hedera-network/templates/network-node-statefulset.yaml @@ -37,9 +37,9 @@ spec: fullstack.hedera.com/type: network-node fullstack.hedera.com/node-name: {{ $node.name }} spec: - {{- if $.Values.deployment.nodeSelectors }} + {{- if $.Values.deployment.nodeSelector }} nodeSelector: - {{- $.Values.deployment.nodeSelectors | toYaml | nindent 8 }} + {{- $.Values.deployment.nodeSelector | toYaml | nindent 8 }} {{- end }} {{- if $.Values.deployment.tolerations }} tolerations: diff --git a/charts/hedera-network/templates/proxy/envoy-deployment.yaml b/charts/hedera-network/templates/proxy/envoy-deployment.yaml index 022ef4272..ce89b6471 100644 --- a/charts/hedera-network/templates/proxy/envoy-deployment.yaml +++ b/charts/hedera-network/templates/proxy/envoy-deployment.yaml @@ -19,6 +19,22 @@ spec: app: envoy-proxy-{{ $node.name }} fullstack.hedera.com/type: envoy-proxy spec: + {{- if $.Values.deployment.nodeSelector }} + nodeSelector: + {{- $.Values.deployment.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.tolerations }} + tolerations: + {{- $.Values.deployment.tolerations | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.affinity }} + affinity: + {{- $.Values.deployment.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.priorityClassName }} + priorityClassName: {{ $.Values.deployment.priorityClassName }} + {{- end }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} volumes: - name: config-volume configMap: diff --git a/charts/hedera-network/templates/proxy/haproxy-deployment.yaml b/charts/hedera-network/templates/proxy/haproxy-deployment.yaml index a4edf92c4..198b7a273 100644 --- a/charts/hedera-network/templates/proxy/haproxy-deployment.yaml +++ b/charts/hedera-network/templates/proxy/haproxy-deployment.yaml @@ -19,6 +19,22 @@ spec: app: haproxy-{{ $node.name }} fullstack.hedera.com/type: haproxy spec: + {{- if $.Values.deployment.nodeSelector }} + nodeSelector: + {{- $.Values.deployment.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.tolerations }} + tolerations: + {{- $.Values.deployment.tolerations | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.affinity }} + affinity: + {{- $.Values.deployment.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.priorityClassName }} + priorityClassName: {{ $.Values.deployment.priorityClassName }} + {{- end }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} volumes: - name: haproxy-config-volume configMap: diff --git a/charts/hedera-network/templates/tests/test-deployment.yaml b/charts/hedera-network/templates/tests/test-deployment.yaml index 18a4226c5..0eab70989 100644 --- a/charts/hedera-network/templates/tests/test-deployment.yaml +++ b/charts/hedera-network/templates/tests/test-deployment.yaml @@ -8,6 +8,22 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation spec: serviceAccountName: pod-monitor + {{- if $.Values.deployment.nodeSelector }} + nodeSelector: + {{- $.Values.deployment.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.tolerations }} + tolerations: + {{- $.Values.deployment.tolerations | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.affinity }} + affinity: + {{- $.Values.deployment.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.deployment.priorityClassName }} + priorityClassName: {{ $.Values.deployment.priorityClassName }} + {{- end }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} volumes: - name: test-volume configMap: diff --git a/charts/hedera-network/values.yaml b/charts/hedera-network/values.yaml index 426cfe8d2..3531bf889 100644 --- a/charts/hedera-network/values.yaml +++ b/charts/hedera-network/values.yaml @@ -217,6 +217,17 @@ minio-server: name: pool-1 volumesPerServer: 1 size: 10Gi + nodeSelector: + fullstack-scheduling.io/role: network + tolerations: + - key: "fullstack-scheduling.io/os" + operator: "Equal" + value: "linux" + effect: "NoSchedule" + - key: "fullstack-scheduling.io/role" + operator: "Equal" + value: "network" + effect: "NoSchedule" configuration: name: minio-secrets certificate: @@ -225,11 +236,30 @@ minio-server: # hedera mirror node configuration hedera-mirror-node: enable: true + graphql: # not needed for default FST use case + enabled: false + rosetta: # not needed for default FST use case + enabled: false + monitor: # not needed for default FST use case + enabled: false + redis: + enabled: false # not needed for default FST use case global: namespaceOverride: "{{ tpl (.Values.global.namespaceOverride | toString) }}" # importer is a component of the hedera mirror node # config for subchart hedera-mirror/importer importer: + nodeSelector: + fullstack-scheduling.io/role: network + tolerations: + - key: "fullstack-scheduling.io/os" + operator: "Equal" + value: "linux" + effect: "NoSchedule" + - key: "fullstack-scheduling.io/role" + operator: "Equal" + value: "network" + effect: "NoSchedule" envFrom: - secretRef: name: mirror-passwords @@ -251,10 +281,99 @@ hedera-mirror-node: allowAnonymousAccess: false bucketName: "fst-streams" # for s3 configuration of mirror node look at uploader-mirror-secrets.yaml + parser: + record: + entity: + notify: + enabled: true + redis: + enabled: false + management: + endpoint: + health: + group: + readiness: + exclude: redis + grpc: + nodeSelector: + fullstack-scheduling.io/role: network + tolerations: + - key: "fullstack-scheduling.io/os" + operator: "Equal" + value: "linux" + effect: "NoSchedule" + - key: "fullstack-scheduling.io/role" + operator: "Equal" + value: "network" + effect: "NoSchedule" + config: + hedera: + mirror: + grpc: + listener: + type: NOTIFY + management: + endpoint: + health: + group: + readiness: + exclude: redis + postgresql: + postgresql: + nodeSelector: + fullstack-scheduling.io/role: network + tolerations: + - key: "fullstack-scheduling.io/os" + operator: "Equal" + value: "linux" + effect: "NoSchedule" + - key: "fullstack-scheduling.io/role" + operator: "Equal" + value: "network" + effect: "NoSchedule" + pgpool: + replicaCount: 0 + rest: + nodeSelector: + fullstack-scheduling.io/role: network + tolerations: + - key: "fullstack-scheduling.io/os" + operator: "Equal" + value: "linux" + effect: "NoSchedule" + - key: "fullstack-scheduling.io/role" + operator: "Equal" + value: "network" + effect: "NoSchedule" + monitor: + enabled: false + web3: + nodeSelector: + fullstack-scheduling.io/role: network + tolerations: + - key: "fullstack-scheduling.io/os" + operator: "Equal" + value: "linux" + effect: "NoSchedule" + - key: "fullstack-scheduling.io/role" + operator: "Equal" + value: "network" + effect: "NoSchedule" # hedera explorer configuration hedera-explorer: enable: true + nodeSelector: + fullstack-scheduling.io/role: network + tolerations: + - key: "fullstack-scheduling.io/os" + operator: "Equal" + value: "linux" + effect: "NoSchedule" + - key: "fullstack-scheduling.io/role" + operator: "Equal" + value: "network" + effect: "NoSchedule" global: namespaceOverride: "{{ tpl (.Values.global.namespaceOverride | toString) }}" # The hedera explorer UI /api url will proxy all request to mirror node @@ -280,8 +399,7 @@ hedera-explorer: deployment: podAnnotations: {} podLabels: {} - nodeSelectors: - fullstack-scheduling.io/os: linux + nodeSelector: fullstack-scheduling.io/role: network tolerations: - key: "fullstack-scheduling.io/os" diff --git a/dev/Makefile b/dev/Makefile index f54cfb98f..0509b8cc8 100644 --- a/dev/Makefile +++ b/dev/Makefile @@ -68,7 +68,6 @@ destroy-shared: -$(MAKE) source "${SCRIPTS_DIR}/main.sh" && destroy_shared -$(MAKE) undeploy-minio-operator -$(MAKE) destroy-prometheus-operator - -$(MAKE) destroy-gateway-api # should be destroyed at the end when no more gateway-api CRDs are required .PHONY: deploy-chart deploy-chart: @@ -78,7 +77,6 @@ deploy-chart: .PHONY: destroy-chart destroy-chart: -$(MAKE) uninstall-chart - -$(MAKE) destroy-shared .PHONY: deploy-network deploy-network: deploy-chart diff --git a/dev/dev-cluster.yaml b/dev/dev-cluster.yaml index df235cf65..d28b2dc9a 100644 --- a/dev/dev-cluster.yaml +++ b/dev/dev-cluster.yaml @@ -4,5 +4,4 @@ name: fst # this is overridden if CLUSTER_NAME env var is set. Check .env file nodes: - role: control-plane labels: - fullstack-scheduling.io/os: linux fullstack-scheduling.io/role: network \ No newline at end of file diff --git a/dev/scripts/main.sh b/dev/scripts/main.sh index a7ee713a2..08047150a 100644 --- a/dev/scripts/main.sh +++ b/dev/scripts/main.sh @@ -121,7 +121,12 @@ function uninstall_chart() { echo "Helm chart '${HELM_RELEASE_NAME}' not found in namespace ${NAMESPACE}. Nothing to uninstall. " fi - kubectl delete ns "${NAMESPACE}" || true + # it is needed for GKE deployment + local has_secret + has_secret=$(kubectl get secret | grep -c "sh.helm.release.v1.${HELM_RELEASE_NAME}.*") + if [[ $has_secret ]]; then + kubectl delete secret "sh.helm.release.v1.${HELM_RELEASE_NAME}.v1" || true + fi log_time "uninstall_chart" }