Added Tolerations and Node Affinity

Author: LewisKSaint

.github/workflows/build-test.yml

@@ -138,6 +138,39 @@ jobs:
         if [[ -z `curl -sS -u admin:admin http://$url:8080/SEMP -d "<rpc><show><config-sync></config-sync></show></rpc>" | grep "<oper-status>Up</oper-status>"` ]] ; then echo "config-sync not up!"; exit 1; fi
         helm list
         helm delete $(helm list | grep deployed | awk '{print $1}')
+        kubectl delete secret test-tls
+        kubectl delete pvc --all
+
+    - name: Test HA broker Toleration
+      run: |
+        REPO=solace/solace-pubsub-standard
+        TAG=latest
+        kubectl get nodes
+        #create taint for first node
+        nodesAll=$(kubectl get nodes --output name) &&  firstNode=`echo "${nodesAll}" | head -1` 
+        kubectl taint nodes $firstNode scheduleBroker=no:NoSchedule
+        #confirm node taint
+        echo "$firstNode has been tainted"
+        kubectl describe $firstNode | grep scheduleBroker
+        openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=*"
+        kubectl create secret tls test-tls --key="tls.key" --cert="tls.crt"
+        helm install my-release-toleration pubsubplus --set "solace.tolerations[0].key=scheduleBroker,solace.tolerations[0].operator=Equal,solace.tolerations[0].value=no,solace.tolerations[0].effect=NoSchedule,solace.size=dev,solace.redundancy=true,solace.podDisruptionBudgetForHA=true,solace.podModifierEnabled=true,tls.enabled=true,tls.serverCertificatesSecret=test-tls,solace.usernameAdminPassword=admin,image.repository=$REPO,image.tag=$TAG"
+        kubectl get statefulset,svc,pods,pvc,pv --show-labels
+        echo "Waiting for broker to become active"
+        sleep 60; kubectl describe nodes
+        until kubectl get pods --show-labels | grep pubsubplus-0 | grep -m 1 -E '1/1'; do sleep 10; done
+        until kubectl get pods --show-labels | grep pubsubplus-1 | grep -m 1 -E '1/1'; do sleep 10; done
+        until kubectl get pods --show-labels | grep pubsubplus-2 | grep -m 1 -E '1/1'; do sleep 10; done
+        until kubectl get pods --show-labels | grep pubsubplus- | grep -m 1 -E 'active=true'; do sleep 10; done
+        bash -c 'if [[ `kubectl get po --show-labels | grep -c "1/1"` -ne 3 ]]; then echo "Some pods are not ready!"; kubectl get po --show-labels; exit 1; fi'
+        #confirm broker deployment meets toleration requirements
+        echo "get node confirmation of no resources"
+        kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=$firstNode
+        sleep 30
+        helm list
+        helm delete $(helm list | grep deployed | awk '{print $1}')
+        kubectl taint nodes $firstNode scheduleBroker=no:NoSchedule-
+        kubectl delete secret test-tls
         kubectl delete pvc --all
 
     - name: Create chart variants

docs/PubSubPlusK8SDeployment.md

@@ -846,7 +846,7 @@ There are [multiple management tools](//docs.solace.com/Management-Tools.htm ) a
 
 A random admin password will be generated if it has not been provided at deployment using the `solace.usernameAdminPassword` parameter, refer to the the information from `helm status` how to retrieve it.
 
-**Important:** Every time `helm install` or `helm upgrade` is called a new admin password will be generated, which may break an existing deployment. Therefore ensure to always provide the password from the initial deployment as `solace.usernameAdminPassword=<PASSWORD>` parameter to subsequent `install` and `upgrade` commands.
+**Important:** Every time `helm install` is called a new admin password will be generated. When reusing PVCs from a previous deployment, be cautious, as this action might generate a new password, potentially disrupting an existing deployment. Therefore, ensure to always provide the password from the initial deployment as `solace.usernameAdminPassword=<PASSWORD>` parameter to subsequent `install` commands.
 
 #### WebUI, SolAdmin and SEMP access
 
@@ -1013,12 +1013,6 @@ solace:
   redundancy: true
   size: dev
 ```
-**Important:** this may not show, but be aware of an additional non-default parameter:
-```
-solace:
-  usernameAdminPassword: jMzKoW39zz   # The value is just an example
-```
-This has been generated at the initial deployment if not specified and must be used henceforth for all change requests, to keep the same. See related note in the [Admin Password section](#admin-password).
 
 #### Upgrade example
 

pubsubplus/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Deploy Solace PubSub+ Event Broker Singleton or HA redundancy group onto a Kubernetes Cluster
 name: pubsubplus
-version: 3.3.2
+version: 3.3.3
 icon: https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/images/PubSubPlus.png
 kubeVersion: '>= 1.10.0-0'
 maintainers:

pubsubplus/templates/solaceStatefulSet.yaml

@@ -30,6 +30,14 @@ spec:
           {"Pods":[{"metadata":{"name":"{{ template "solace.fullname" . }}-2"},"spec":{"containers": [{"name": "pubsubplus","resources": {"requests": {"cpu": "1","memory": "1965Mi"},"limits": {"cpu": "1","memory": "1965Mi"} }} ] } } ]}
 {{- end}}
     spec:
+{{- if .Values.solace.affinity }}
+      affinity:
+{{ toYaml .Values.solace.affinity | indent 8 }}
+{{- end }}
+{{- if .Values.solace.tolerations }}
+      tolerations:
+{{ toYaml .Values.solace.tolerations | indent 6 }}
+{{- end }}
 {{- if .Values.image.pullSecretName }}
       imagePullSecrets:
       - name: {{ .Values.image.pullSecretName}}

pubsubplus/templates/tests/test-semp-connection.yaml

@@ -10,6 +10,14 @@ metadata:
   annotations:
     "helm.sh/hook": test
 spec:
+{{- if .Values.solace.affinity }}
+  affinity:
+{{ toYaml .Values.solace.affinity | indent 4 }}
+{{- end }}
+{{- if .Values.solace.tolerations }}
+  tolerations:
+{{ toYaml .Values.solace.tolerations | indent 2 }}
+{{- end }}
 {{- if .Values.image.pullSecretName }}
   imagePullSecrets:
   - name: {{ .Values.image.pullSecretName}}