diff --git a/signadot/operator/templates/agent-deployment.yaml b/signadot/operator/templates/agent-deployment.yaml index 00d31fa..ea5da01 100644 --- a/signadot/operator/templates/agent-deployment.yaml +++ b/signadot/operator/templates/agent-deployment.yaml @@ -84,6 +84,15 @@ spec: - mountPath: /etc/signadot/ name: signadot-config readOnly: true +{{- with .Values }}{{- with .agent }}{{- with .nodeAffinity }} + affinity: + nodeAffinity: +{{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .agent }}{{- with .tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} serviceAccountName: agent volumes: - name: signadot-config diff --git a/signadot/operator/templates/io-context-server-deployment.yaml b/signadot/operator/templates/io-context-server-deployment.yaml index 99c74f2..35fcb7d 100644 --- a/signadot/operator/templates/io-context-server-deployment.yaml +++ b/signadot/operator/templates/io-context-server-deployment.yaml @@ -50,5 +50,14 @@ spec: {{- with .Values }}{{- with .ioContextServer }}{{- with .resources }} resources: {{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .ioContextServer }}{{- with .nodeAffinity }} + affinity: + nodeAffinity: +{{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .ioContextServer }}{{- with .tolerations }} + tolerations: +{{ toYaml . | indent 8 }} {{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} serviceAccountName: io-context-server diff --git a/signadot/operator/templates/routeserver-deployment.yaml b/signadot/operator/templates/routeserver-deployment.yaml index 0fd53aa..dc45b62 100644 --- a/signadot/operator/templates/routeserver-deployment.yaml +++ b/signadot/operator/templates/routeserver-deployment.yaml @@ -58,6 +58,15 @@ spec: - mountPath: /etc/signadot/ name: signadot-config readOnly: true +{{- with .Values }}{{- with .routeServer }}{{- with .nodeAffinity }} + affinity: + nodeAffinity: +{{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .routeServer }}{{- with .tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} serviceAccountName: routeserver volumes: - name: signadot-config diff --git a/signadot/operator/templates/signadot-controller-manager-deployment.yaml b/signadot/operator/templates/signadot-controller-manager-deployment.yaml index 37983fb..ce40f67 100644 --- a/signadot/operator/templates/signadot-controller-manager-deployment.yaml +++ b/signadot/operator/templates/signadot-controller-manager-deployment.yaml @@ -129,6 +129,15 @@ spec: - mountPath: /etc/signadot/ name: signadot-config readOnly: true +{{- with .Values }}{{- with .controllerManager }}{{- with .nodeAffinity }} + affinity: + nodeAffinity: +{{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .controllerManager }}{{- with .tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} securityContext: runAsNonRoot: true serviceAccountName: signadot-controller-manager diff --git a/signadot/operator/templates/traffic-manager-deployment.yaml b/signadot/operator/templates/traffic-manager-deployment.yaml index 2fc211e..f303c02 100644 --- a/signadot/operator/templates/traffic-manager-deployment.yaml +++ b/signadot/operator/templates/traffic-manager-deployment.yaml @@ -82,6 +82,15 @@ spec: - mountPath: /etc/signadot/ name: signadot-config readOnly: true +{{- with .Values }}{{- with .trafficManager }}{{- with .nodeAffinity }} + affinity: + nodeAffinity: +{{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .trafficManager }}{{- with .tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} serviceAccountName: traffic-manager volumes: - name: signadot-config diff --git a/signadot/operator/templates/tunnel-api-deployment.yaml b/signadot/operator/templates/tunnel-api-deployment.yaml index 6bd1eeb..280f673 100644 --- a/signadot/operator/templates/tunnel-api-deployment.yaml +++ b/signadot/operator/templates/tunnel-api-deployment.yaml @@ -57,5 +57,14 @@ spec: {{- with .Values }}{{- with .tunnel }}{{- with .api }}{{- with .resources }} resources: {{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .tunnel }}{{- with .api }}{{- with .nodeAffinity }} + affinity: + nodeAffinity: +{{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .tunnel }}{{- with .api }}{{- with .tolerations }} + tolerations: +{{ toYaml . | indent 8 }} {{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} serviceAccountName: tunnel-api diff --git a/signadot/operator/templates/tunnel-proxy-deployment.yaml b/signadot/operator/templates/tunnel-proxy-deployment.yaml index 768c33c..6aab42c 100644 --- a/signadot/operator/templates/tunnel-proxy-deployment.yaml +++ b/signadot/operator/templates/tunnel-proxy-deployment.yaml @@ -160,6 +160,15 @@ spec: - mountPath: /usr/local/share/lua name: luarocks {{- end }} +{{- with .Values }}{{- with .tunnel }}{{- with .proxy }}{{- with .nodeAffinity }} + affinity: + nodeAffinity: +{{ toYaml . | indent 10 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} +{{- with .Values }}{{- with .tunnel }}{{- with .proxy }}{{- with .tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }} serviceAccountName: tunnel-proxy volumes: {{- if and (not $istioEnabled) (not $linkerdEnabled) $auditorEnabled }} diff --git a/signadot/operator/values.yaml b/signadot/operator/values.yaml index 7597cdd..37f54ee 100644 --- a/signadot/operator/values.yaml +++ b/signadot/operator/values.yaml @@ -88,6 +88,27 @@ controllerManager: memory: 512Mi # image: my-private-registry/signadot/operator:latest # imagePullPolicy: Always + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # preference: + # matchExpressions: + # - key: node-role.kubernetes.io/control-plane + # operator: In + # values: + # - "" + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" agent: resources: @@ -97,7 +118,28 @@ agent: memory: 128Mi # image: my-private-registry/signadot/agent:latest # imagePullPolicy: Always - + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # preference: + # matchExpressions: + # - key: node-role.kubernetes.io/control-plane + # operator: In + # values: + # - "" + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + routeServer: resources: limits: @@ -106,6 +148,27 @@ routeServer: memory: 128Mi # image: my-private-registry/signadot/route-server:latest # imagePullPolicy: Always + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # preference: + # matchExpressions: + # - key: node-role.kubernetes.io/control-plane + # operator: In + # values: + # - "" + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" ioContextServer: replicas: 1 @@ -116,6 +179,27 @@ ioContextServer: memory: 128Mi # image: my-private-registry/signadot/io-context-server:latest # imagePullPolicy: Always + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # preference: + # matchExpressions: + # - key: node-role.kubernetes.io/control-plane + # operator: In + # values: + # - "" + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" # routeInit: # resources: @@ -184,6 +268,27 @@ tunnel: # maxSurge: 25% # maxUnavailable: 25% # type: RollingUpdate + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # preference: + # matchExpressions: + # - key: node-role.kubernetes.io/control-plane + # operator: In + # values: + # - "" + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" proxy: replicas: 1 resources: @@ -198,6 +303,27 @@ tunnel: # maxSurge: 25% # maxUnavailable: 25% # type: RollingUpdate + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # preference: + # matchExpressions: + # - key: node-role.kubernetes.io/control-plane + # operator: In + # values: + # - "" + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" auditor: # Enable the tunnel auditor (Envoy-based sidecar for auditing and filtering tunnel traffic). # Automatically disabled when Istio or Linkerd is enabled, as they provide their own proxy sidecars. @@ -262,6 +388,27 @@ trafficManager: memory: 128Mi # image: my-private-registry/signadot/traffic-manager:latest # imagePullPolicy: Always + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # preference: + # matchExpressions: + # - key: node-role.kubernetes.io/control-plane + # operator: In + # values: + # - "" + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" # jobExecutorInit: # resources: