fix nodeSelector, afinity and toleration bug of apigateway

beopencloud · Jul 6, 2023 · ea0c3b6 · ea0c3b6
1 parent e42ccca
commit ea0c3b6
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 68 deletions.
diff --git a/deploy/helm/data-plane/templates/gateway/contour-internal-LB.yaml b/deploy/helm/data-plane/templates/gateway/contour-internal-LB.yaml
@@ -673,11 +673,9 @@ spec:
  fieldPath: metadata.name
  ports:
  - containerPort: 8080
- hostPort: 80
  name: http
  protocol: TCP
  - containerPort: 8443
- hostPort: 443
  name: https
  protocol: TCP
  readinessProbe:

diff --git a/deploy/helm/data-plane/templates/gateway/contour-internal.yaml b/deploy/helm/data-plane/templates/gateway/contour-internal.yaml
@@ -379,7 +379,7 @@ spec:
  targetPort: 8443
  selector:
  app: envoy
- type: LoadBalancer
+ type: ClusterIP
 
 ---
 kind: GatewayClass
@@ -404,17 +404,6 @@ spec:
  allowedRoutes:
  namespaces:
  from: All
- - name: https
- protocol: HTTPS
- port: 443
- allowedRoutes:
- namespaces:
- from: All
- tls:
- certificateRefs:
- - kind: Secret
- group: ""
- name: cno-apigateway-internal-tls
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -442,19 +431,23 @@ spec:
  labels:
  app: contour
  spec:
- nodeSelector:
- {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
- {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
- {{- end }}
  affinity:
  podAntiAffinity:
- {{- if hasKey .Values.cnoApiGateway "podAntiAffinity" -}}
- {{- toYaml .Values.cnoApiGateway.podAntiAffinity | nindent 10 -}}
- {{- end }}
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: {{ .Values.cnoApiGateway.nodeSelector }}
+ operator: Exists
+ topologyKey: kubernetes.io/hostname
+ nodeSelector:
+ {{ .Values.cnoApiGateway.nodeSelector }}: ""
  tolerations:
- {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
- {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
- {{- end }}
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoSchedule"
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoExecute"
  containers:
  - args:
  - serve
@@ -550,13 +543,15 @@ spec:
  app: envoy
  spec:
  nodeSelector:
- {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
- {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
- {{- end }}
+ {{ .Values.cnoApiGateway.nodeSelector }}: ""
  tolerations:
- {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
- {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
- {{- end }}
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoSchedule"
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoExecute"
+
  containers:
  - command:
  - /bin/contour
@@ -606,11 +601,9 @@ spec:
  fieldPath: metadata.name
  ports:
  - containerPort: 8080
- hostPort: 80
  name: http
  protocol: TCP
  - containerPort: 8443
- hostPort: 443
  name: https
  protocol: TCP
  readinessProbe:

diff --git a/deploy/helm/data-plane/templates/gateway/contour.yaml b/deploy/helm/data-plane/templates/gateway/contour.yaml
@@ -460,7 +460,7 @@ spec:
  targetPort: 8443
  selector:
  app: envoy
- type: LoadBalancer
+ type: ClusterIP
 
 ---
 kind: GatewayClass
@@ -523,19 +523,23 @@ spec:
  labels:
  app: contour
  spec:
- nodeSelector:
- {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
- {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
- {{- end }}
  affinity:
  podAntiAffinity:
- {{- if hasKey .Values.cnoApiGateway "podAntiAffinity" -}}
- {{- toYaml .Values.cnoApiGateway.podAntiAffinity | nindent 10 -}}
- {{- end }}
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: {{ .Values.cnoApiGateway.nodeSelector }}
+ operator: Exists
+ topologyKey: kubernetes.io/hostname
+ nodeSelector:
+ {{ .Values.cnoApiGateway.nodeSelector }}: ""
  tolerations:
- {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
- {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
- {{- end }}
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoSchedule"
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoExecute"
  containers:
  - args:
  - serve
@@ -631,13 +635,14 @@ spec:
  app: envoy
  spec:
  nodeSelector:
- {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
- {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
- {{- end }}
+ {{ .Values.cnoApiGateway.nodeSelector }}: ""
  tolerations:
- {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
- {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
- {{- end }}
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoSchedule"
+ - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+ value: "reserved"
+ effect: "NoExecute"
  containers:
  - command:
  - /bin/contour

diff --git a/deploy/helm/data-plane/values.yaml b/deploy/helm/data-plane/values.yaml
@@ -84,22 +84,5 @@ monitoring:
 
 cnoApiGateway:
  type: loadBalancer
-
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchExpressions:
- - key: node-role.kubernetes.io/ingress-cno
- operator: Exists
- topologyKey: kubernetes.io/hostname
-
- tolerations:
- - key: "ingress-cno"
- value: "reserved"
- effect: "NoSchedule"
- - key: "ingress-cno"
- value: "reserved"
- effect: "NoExecute"
-
- nodeSelector:
- node-role.kubernetes.io/ingress-cno: ""
+ nodeSelector: node-role.kubernetes.io/ingress-cno
+ tolerationsKey: ingress-cno
diff --git a/docs/cno-agent-v2.0.2.tgz b/docs/cno-agent-v2.0.2.tgz