Added pod affinity support (#741)

* Added affinity to pod of clustering service * Added affinity to pod of hz deployment * Update the documentation * Added pod affinity to tiers of pega and updated documentation accordingly * Added pod affinity to install/upgrade jobs of pega and updated documentation accordingly * Added affinity to pegasearch deployment and updated documentation * Added pod affinity to constellation and updated documentation * Added pod affinity to constellation messaging service and updated documentation * Added pod affinity to srs service and updated documentation * Aligned all supplemental.tpl files * Removed useless comments in template definition and aligned comment in top part of _supplemental.tpl files * Added Test for affinity on pega tiers * Rearrange test code * Fixed conflicts * Aligned go files * remove obsolete logger (#746) * remove obsolete logger * update expected contents * Add support for custom dns policy setting of ndots value (#757) * support configuration of ndots * quote ndots to avoid json unmarshall error --------- Co-authored-by: Bachir Berrachedi <bachir.berrachedi@pega.com> Co-authored-by: Adam Talbot <Adam.Talbot@pega.com> * Update chart versions to 3.21.0 * Bug 868785 : Replication factor value updated to 3. (#762) * BUG-868785 Update values.yaml with replication factor 3 Pega recommended replication factor is 3 --------- Co-authored-by: MadhuriArugula <madhuriarugula77@gmail.com> * US-612844: Added toleration configuration for workloads (#758) * US-612844: Added toleration configuration for workloads * US-612844: Updated values.yaml with toleration configuration * US-612844: Updated tolerations configurations in Readme --------- Co-authored-by: MadhuriArugula <madhuriarugula77@gmail.com> * US-614190: Stale action workflow to handle for github repo issues & PR's with no activity (#756) * US-614190: Stale action workflow to handle for github repo issues & pull requests with no activity for more than 60 days * fixed review comments * fixed review comments --------- Co-authored-by: rajuu <UmaveeraBasaveswararao.Rajulapati@pega.com> * Fixed merge * Update chart versions to 3.22.0 * Removing conditional statements for LRW (#768) * removing conditional statements for LRW * Keeping indenting consistent --------- Co-authored-by: locoe <Evan.Loconto@pega.com> * Update chart versions to 3.23.0 * BUG-870872 - Update SRS version to 1.31.2 (#760) Co-authored-by: MadhuriArugula <madhuriarugula77@gmail.com> * BUG-867426 : Hazelcast PDB corrected (#773) Co-authored-by: vermn1 <nihal.verma@in.pega.com> * [US-624017] Adding JDBC Connection information (#777) * [US-624017] Adding JDBC Connection information * Edited wording following SME suggestion * Fixed merge * Fixed merge * Fixed merge * Fixed conglicts * Added Unit Test for Pegasearch deployment * Added unit test for affinity of install chart * Added Unit Tests for affinity in hazelcast and clustering service * Added Unit Test for affinity of SRS deployment * Added Unit Test of Affinity for constellation and constellation messaging charts --------- Co-authored-by: Kishor Kumar Vasantala <kishor.vasantal@gmail.com> Co-authored-by: Alessandro Cattapan <alessandro.cattapan@corner.ch> Co-authored-by: Andrew Roskuski <andrew.roskuski@pega.com> Co-authored-by: bachirgit <bachirm@gmail.com> Co-authored-by: Bachir Berrachedi <bachir.berrachedi@pega.com> Co-authored-by: Adam Talbot <Adam.Talbot@pega.com> Co-authored-by: APegaDavis <APegaDavis@bots.github.com> Co-authored-by: Narayana Raju <59383142+raju119@users.noreply.github.com> Co-authored-by: MadhuriArugula <madhuriarugula77@gmail.com> Co-authored-by: PEGA-NarasimhaRao-Meda <109585795+PEGA-NarasimhaRao-Meda@users.noreply.github.com> Co-authored-by: Uma Veera <ruvbasaveswararao@gmail.com> Co-authored-by: rajuu <UmaveeraBasaveswararao.Rajulapati@pega.com> Co-authored-by: MadhuriArugula <MadhuriArugula@bots.github.com> Co-authored-by: Evan1oconto <evanloconto@gmail.com> Co-authored-by: locoe <Evan.Loconto@pega.com> Co-authored-by: Evan1oconto <Evan1oconto@bots.github.com> Co-authored-by: Kinga Kowalska <120555574+kingakowalska1@users.noreply.github.com> Co-authored-by: vnihal72 <79415342+vnihal72@users.noreply.github.com> Co-authored-by: vermn1 <nihal.verma@in.pega.com>
pegasystems · Jul 10, 2024 · 2c5ade1 · 2c5ade1
1 parent 88f0af2
commit 2c5ade1
Show file tree

Hide file tree

Showing 28 changed files with 551 additions and 136 deletions.
diff --git a/charts/backingservices/charts/constellation-messaging/README.md b/charts/backingservices/charts/constellation-messaging/README.md
@@ -17,4 +17,5 @@ Complete information on the design of the service including architecture, scalab
 | `imagePullSecretNames`                            | List pre-existing secrets to be used for pulling docker images.                                                                                                                                                                                                                                                                                                           |
 | `pegaMessagingPort`                            | Defines the port used by the Service.                                                                                                                                                                                                                                                                                                           |
 | `pegaMessagingTargetPort`                            | Defines the port used by the Pod and Container.                                                                                                                                                                                                                                                                                                           |
+| `affinity`                            | Define pod affinity so that it is restricted to run on particular node(s), or to prefer to run on particular nodes.                                                                                                                                                                                                                                       |
 | `ingress`                               |  Allows optional configuration of a domain name, ingressClass, and annotations.  An ingress will be provisioned if a domain name is supplied.  Due to the diversity of network configurations, ingress vendors, and TLS requirements it may be necessary to define your ingress separately from this chart.
diff --git a/charts/backingservices/charts/constellation-messaging/templates/_helpers.tpl b/charts/backingservices/charts/constellation-messaging/templates/_helpers.tpl
@@ -0,0 +1,6 @@
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
diff --git a/charts/backingservices/charts/constellation-messaging/templates/messaging-deployment.yaml b/charts/backingservices/charts/constellation-messaging/templates/messaging-deployment.yaml
@@ -37,4 +37,5 @@ spec:
           - path=/c11n-messaging
         ports:
         - containerPort: {{ .Values.pegaMessagingTargetPort }}
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
diff --git a/charts/backingservices/charts/constellation/README.md b/charts/backingservices/charts/constellation/README.md
@@ -48,6 +48,7 @@ The values.yaml file provides configuration options to define the values for the
 | `ingressAnnotations`                        | Specify additional annotations to add to the ingress.                                                                                                                                                                                                                                                                                          |
 | `customerAssetVolumeClaimName`                        | Specify the volume claim name to be used for storing customer assets.                                                                                                                                                                                                                                                                                          |
 | `imagePullSecretNames`                        | Specify a list of existing ImagePullSecrets to be added to the Deployment.                                                                                                                                                                                                                                                                                          |
+| `affinity`                        | Specify the pod affinity so that pods are restricted to run on particular node(s), or to prefer to run on particular nodes.    
 | `docker`.`registry`.`url`                        | Specify the image registry url.                                                                                                                                                                                                                                                                                          |
 | `docker`.`registry`.`username`                        | Specify the username for the docker registry.                                                                                                                                                                                                                                                                                          |
 | `docker`.`registry`.`password`                        | Specify the password for the docker registry.                                                                                                                                                                                                                                                                                          |

diff --git a/charts/backingservices/charts/constellation/templates/_helpers.tpl b/charts/backingservices/charts/constellation/templates/_helpers.tpl
@@ -8,3 +8,10 @@
 {{- end }}
 
 {{- define "deploymentName" }}{{ $deploymentNamePrefix := "constellation" }}{{ if (.Values.deployment) }}{{ if (.Values.deployment.name) }}{{ $deploymentNamePrefix = .Values.deployment.name }}{{ end }}{{ end }}{{ $deploymentNamePrefix }}{{- end }}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
diff --git a/charts/backingservices/charts/constellation/templates/clln-deployment.yaml b/charts/backingservices/charts/constellation/templates/clln-deployment.yaml
@@ -69,4 +69,5 @@ spec:
             port: 3000
         ports:
         - containerPort: 3000
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
diff --git a/charts/backingservices/charts/srs/README.md b/charts/backingservices/charts/srs/README.md
@@ -108,7 +108,7 @@ To deploy Pega Platform with the SRS backing service, the SRS helm chart require
 |-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `enabled`                               | Enable the Search and Reporting Service deployment as a backing service. Set this parameter to `true` to use SRS.                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | `deploymentName`                        | Specify the name of your SRS cluster. Your deployment creates resources prefixed with this string. This is also the service name for the SRS.                                                                                                                                                                                                                                                                                                                                                          |
-| `srsRuntime`                            | Use this section to define specific resource configuration options like image, replica count, cpu and memory resource settings in the SRS. The default minimum required number of replicas is 2, but as a best practice, deploy 3 replicas to maintain high availability.                                                                                                                                                                                                                                                                                                                                                            |
+| `srsRuntime`                            | Use this section to define specific resource configuration options like image, replica count, pod affinity, cpu and memory resource settings in the SRS. The default minimum required number of replicas is 2, but as a best practice, deploy 3 replicas to maintain high availability.                                                                                                                                                                                                                                                                                                                                                            |
 | `busybox`                               | When provisioning an internally managed Elasticsearch cluster, you can customize the location and pull policy of the Alpine image used during the deployment process by specifying `busybox.image` and `busybox.imagePullPolicy`.                                                                                                                                                                                                                                                                      |
 | `elasticsearch`                         | Define the elasticsearch cluster configurations. The [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch/values.yaml) chart defines the values for Elasticsearch provisioning in the SRS cluster. For internally provisioned Elasticsearch the default version is set to `7.17.9`. Set the `elasticsearch.imageTag` parameter in values.yaml to `7.16.3` to use this supported version in the SRS cluster.                                                                |
 | `k8sProvider`                               | Specify your Kubernetes provider name. Supported values are [`eks`, `aks`, `minikube`, `gke`, `openshift`, `pks`].. 

diff --git a/charts/backingservices/charts/srs/templates/_helpers.tpl b/charts/backingservices/charts/srs/templates/_helpers.tpl
@@ -222,3 +222,10 @@ Network policy: `openshift-dns` for openshift cluster, `kube-dns | core-dns` for
       port: 8080
 {{- end -}}
 {{- end -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
diff --git a/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml b/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml
@@ -147,4 +147,5 @@ spec:
                 name: srs-elastic-credentials
                 key: password
       {{ end }}
+{{- include "podAffinity" .Values.srsRuntime | indent 6 }}
   {{ end }}
diff --git a/charts/pega/README.md b/charts/pega/README.md
@@ -709,6 +709,26 @@ tier:
       <annotation-key>: <annotation-value>
 ```
 
+### Pod affinity
+
+You may optionally configure the pod affinity so that it is restricted to run on particular node(s), or to prefer to run on particular nodes. Pod affinity may be specified by using the `affinity` element for a given `tier`. See the official [Kubernetes Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+
+Example:
+
+```yaml
+tier:
+  - name: my-tier
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+          - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+              - linux
+```
+
 ### Pega configuration files
 
 While Pega includes default configuration files in the Helm charts, the charts provide extension points to override the defaults with additional customizations. To change the configuration file, specify the replacement implementation to be injected into a ConfigMap.
@@ -961,6 +981,7 @@ Parameter   | Description   | Default value
 `set_vm_max_map_count`   | Elasticsearch uses a **mmapfs** directory by default to store its indices. The default operating system limits on mmap counts is likely to be too low, which may result in out of memory exceptions. An init container is provided to set the value correctly, but this action requires privileged access. If privileged access is not allowed in your environment, you may increase this setting manually by updating the `vm.max_map_count` setting in **/etc/sysctl.conf** according to the Elasticsearch documentation and can set this parameter to `false` to disable the init container. For more information, see the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html). | `true`
 `set_data_owner_on_startup`   | Set to true to enable an init container that runs a chown command on the mapped volume at startup to reset the owner of the ES data to the current user. This is needed if a random user is used to run the pod, but also requires privileges to change the ownership of files. | `false`
 `podAnnotations` | Configurable annotations applied to all Elasticsearch pods. | {}
+`affinity` | You may optionally configure the pod affinity so that it is restricted to run on particular node(s), or to prefer to run on particular nodes. | `""`
 
 Additional env settings supported by Elasticsearch may be specified in a `custom.env` block as shown in the example below.
 
@@ -1064,6 +1085,7 @@ Parameter   | Description   | Default value
 `image`   | Reference the `platform/installer` Docker image that you downloaded and pushed to your Docker registry that your deployment can access.  | `YOUR_INSTALLER_IMAGE:TAG`
 `imagePullPolicy` | Specify when to pull an image. | `IfNotPresent`
 `adminPassword` | Specify a temporary, initial password to log into the Pega application. This will need to be changed at first login. The adminPassword value cannot start with "@". | `"ADMIN_PASSWORD"`
+`affinity` | Configures policy to assign the pods to the nodes. See the official [Kubernetes Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | `""`
 `upgrade.upgradeType:` |Specify the type of process, applying a patch or upgrading. | See the next table for details.
 `upgrade.upgradeSteps:` |Specify the steps of a `custom` upgrade process that you want to complete. For `zero-downtime`, `out-of-place-rules`, `out-of-place-data`, or `in-place` upgrades, leave this parameter empty. | <ul>`enable_cluster_upgrade` `rules_migration` `rules_upgrade` `data_upgrade` `disable_cluster_upgrade`</ul>
 `upgrade.targetRulesSchema:` |Specify the name of the schema you created the process creates for the new rules schema. | `""`
@@ -1223,6 +1245,7 @@ Parameter   | Description   | Default value
 `hazelcast.username` | Configures the username to be used in a client-server Hazelcast model for authentication between the nodes in the Pega deployment and the nodes in the Hazelcast cluster. This parameter configures the username in Hazelcast cluster and your Pega nodes so authentication occurs automatically.  | `""`
 `hazelcast.password` | Configures the password to be used in a client-server Hazelcast model for authentication between the nodes in the Pega deployment and the nodes in the Hazelcast cluster. This parameter configures the password credential in Hazelcast cluster and your Pega nodes so authentication occurs automatically.  | `""`
 `hazelcast.external_secret_name` | If you configured a secret in an external secrets operator, enter the secret name. For details, see [this section](#optional-support-for-providing-credentialscertificates-using-external-secrets-operator).  | `""`
+`hazelcast.affinity` | Configures policy to assign the pods to the nodes. See the official [Kubernetes Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).  | `""`
 
 #### Example
 ```yaml

diff --git a/charts/pega/charts/hazelcast/templates/_supplemental.tpl b/charts/pega/charts/hazelcast/templates/_supplemental.tpl
@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
diff --git a/charts/pega/charts/hazelcast/templates/clustering-service-deployment.yaml b/charts/pega/charts/hazelcast/templates/clustering-service-deployment.yaml
@@ -73,4 +73,5 @@ spec:
       {{- include "hazelcastVolumeTemplate" . | indent 6 }}
       imagePullSecrets:
 {{- include "imagePullSecrets" . | indent 6 }}
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
diff --git a/charts/pega/charts/hazelcast/templates/pega-hz-deployment.yaml b/charts/pega/charts/hazelcast/templates/pega-hz-deployment.yaml
@@ -69,4 +69,5 @@ spec:
       {{- include "hazelcastVolumeTemplate" . | indent 6 }}
       imagePullSecrets:
 {{- include "imagePullSecrets" . | indent 6 }}
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
diff --git a/charts/pega/charts/installer/templates/_pega-installer-job.tpl b/charts/pega/charts/installer/templates/_pega-installer-job.tpl
@@ -182,5 +182,6 @@ spec:
       restartPolicy: Never
       imagePullSecrets:
 {{- include "imagePullSecrets" .root | indent 6 }}
+{{- include "podAffinity" .root.Values | indent 6 }}
 ---
 {{- end -}}
diff --git a/charts/pega/charts/installer/templates/_supplemental.tpl b/charts/pega/charts/installer/templates/_supplemental.tpl
@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
diff --git a/charts/pega/charts/pegasearch/templates/_supplemental.tpl b/charts/pega/charts/pegasearch/templates/_supplemental.tpl
@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
diff --git a/charts/pega/charts/pegasearch/templates/pega-search-deployment.yaml b/charts/pega/charts/pegasearch/templates/pega-search-deployment.yaml
@@ -117,6 +117,7 @@ spec:
           mountPath: /usr/share/elasticsearch/data
       imagePullSecrets:
 {{- include "imagePullSecrets" . | indent 6 }}
+{{- include "podAffinity" .Values | indent 6 }}
   volumeClaimTemplates:
   - metadata:
       name: esstorage

diff --git a/charts/pega/templates/_helpers.tpl b/charts/pega/templates/_helpers.tpl
@@ -530,4 +530,4 @@ servicePort: use-annotation
     - secret:
         name: {{ include "pega-diagnostic-secret-name" $}}
 
-{{- end}}
+{{- end}}
diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl
@@ -337,6 +337,7 @@ spec:
       # If the image is in a protected registry, you must specify a secret to access it.
       imagePullSecrets:
 {{- include "imagePullSecrets" .root | indent 6 }}
+{{- include "podAffinity" .node | indent 6 }}
 {{- if (.node.volumeClaimTemplate) }}
   volumeClaimTemplates:
   - metadata:

diff --git a/charts/pega/templates/_supplemental.tpl b/charts/pega/templates/_supplemental.tpl
@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}