Skip to content

Allow opt-in anit-affinity in Pepr Controller Deployment #2078

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cmwylie19 opened this issue Apr 28, 2025 · 0 comments · Fixed by #2083
Closed

Allow opt-in anit-affinity in Pepr Controller Deployment #2078

cmwylie19 opened this issue Apr 28, 2025 · 0 comments · Fixed by #2083
Assignees
@cmwylie19
Labels
enhancement New feature or request
Milestone
v0.50.0

Comments

@cmwylie19
Copy link
Contributor

Is your feature request related to a problem? Please describe.

Path to deploy the Admission deployment with anti-affinity

Related to: defenseunicorns/uds-core#342

Describe the solution you'd like

  • Given a cluster with multiple nodes (opt-in only)
  • When the Admission pods are deployed
  • Then they are scheduled on separate nodes

So if one node goes down, the webhook still has a pod to forward the requests to and admission in not blocked.

Describe alternatives you've considered

(optional) A clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context or screenshots about the feature request here.
@cmwylie19 cmwylie19 added the enhancement New feature or request label Apr 28, 2025
@cmwylie19 cmwylie19 mentioned this issue Apr 29, 2025
Merged
5 tasks
@cmwylie19 cmwylie19 added this to the v0.50.0 milestone Apr 29, 2025
@cmwylie19 cmwylie19 self-assigned this Apr 29, 2025
github-merge-queue bot pushed a commit that referenced this issue Apr 30, 2025
@cmwylie19
chore: expose podAntiAffinity from helm chart (#2083)
f739b63 
## Description

Expose `podAntiAffinity` from the helm chart to ensure the Admission
Controller pods are scheduled on different nodes for greater
availability during node recycling or failures.

```bash
> k get po -n pepr-system -o wide -l pepr.dev/controller=admission
NAME                                READY   STATUS    RESTARTS   AGE   IP          NODE                       NOMINATED NODE   READINESS GATES
pepr-static-test-785995b8d4-5lm5r   1/1     Running   0          99s   10.42.1.3   k3d-multiserver-server-1   <none>           <none>
pepr-static-test-785995b8d4-d86wn   1/1     Running   0          99s   10.42.2.4   k3d-multiserver-server-2   <none>           <none>

> k get deploy -n pepr-system pepr-static-test -ojsonpath="{.spec.template.spec.affinity}" | jq
{
  "podAntiAffinity": {
    "requiredDuringSchedulingIgnoredDuringExecution": [
      {
        "labelSelector": {
          "matchExpressions": [
            {
              "key": "pepr.dev/controller",
              "operator": "In",
              "values": [
                "admission"
              ]
            }
          ]
        },
        "topologyKey": "kubernetes.io/hostname"
      }
    ]
  }
}
```

## Related Issue

Fixes #2078 
<!-- or -->
Relates to #

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging
- [x] Unit,
[Journey](https://github.com/defenseunicorns/pepr/tree/main/journey),
[E2E Tests](https://github.com/defenseunicorns/pepr-excellent-examples),
[docs](https://github.com/defenseunicorns/pepr/tree/main/docs),
[adr](https://github.com/defenseunicorns/pepr/tree/main/adr) added or
updated as needed
- [x] [Contributor Guide
Steps](https://docs.pepr.dev/main/contribute/#submitting-a-pull-request)
followed

Signed-off-by: Case Wylie <[email protected]>
@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Pepr Project Board Apr 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmwylie19 cmwylie19

Labels
enhancement New feature or request
Projects
Pepr Project Board
Status: ✅ Done
Milestone
v0.50.0
Development

Successfully merging a pull request may close this issue.

chore: expose podAntiAffinity from helm chart defenseunicorns/pepr
1 participant
@cmwylie19