pegasystems · MadhuriArugula · Jul 10, 2024 · Apr 29, 2024 · Apr 29, 2024 · Apr 29, 2024
@@ -17,4 +17,5 @@ Complete information on the design of the service including architecture, scalab
 | `imagePullSecretNames`                            | List pre-existing secrets to be used for pulling docker images.                                                                                                                                                                                                                                                                                                           |
 | `pegaMessagingPort`                            | Defines the port used by the Service.                                                                                                                                                                                                                                                                                                           |
 | `pegaMessagingTargetPort`                            | Defines the port used by the Pod and Container.                                                                                                                                                                                                                                                                                                           |
+| `affinity`                            | Define pod affinity so that it is restricted to run on particular node(s), or to prefer to run on particular nodes.                                                                                                                                                                                                                                       |
 | `ingress`                               |  Allows optional configuration of a domain name, ingressClass, and annotations.  An ingress will be provisioned if a domain name is supplied.  Due to the diversity of network configurations, ingress vendors, and TLS requirements it may be necessary to define your ingress separately from this chart.
@@ -0,0 +1,6 @@
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
@@ -37,4 +37,5 @@ spec:
           - path=/c11n-messaging
         ports:
         - containerPort: {{ .Values.pegaMessagingTargetPort }}
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
@@ -48,6 +48,7 @@ The values.yaml file provides configuration options to define the values for the
 | `ingressAnnotations`                        | Specify additional annotations to add to the ingress.                                                                                                                                                                                                                                                                                          |
 | `customerAssetVolumeClaimName`                        | Specify the volume claim name to be used for storing customer assets.                                                                                                                                                                                                                                                                                          |
 | `imagePullSecretNames`                        | Specify a list of existing ImagePullSecrets to be added to the Deployment.                                                                                                                                                                                                                                                                                          |
+| `affinity`                        | Specify the pod affinity so that pods are restricted to run on particular node(s), or to prefer to run on particular nodes.    
 | `docker`.`registry`.`url`                        | Specify the image registry url.                                                                                                                                                                                                                                                                                          |
 | `docker`.`registry`.`username`                        | Specify the username for the docker registry.                                                                                                                                                                                                                                                                                          |
 | `docker`.`registry`.`password`                        | Specify the password for the docker registry.                                                                                                                                                                                                                                                                                          |

@@ -8,3 +8,10 @@
 {{- end }}
 
 {{- define "deploymentName" }}{{ $deploymentNamePrefix := "constellation" }}{{ if (.Values.deployment) }}{{ if (.Values.deployment.name) }}{{ $deploymentNamePrefix = .Values.deployment.name }}{{ end }}{{ end }}{{ $deploymentNamePrefix }}{{- end }}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
@@ -69,4 +69,5 @@ spec:
             port: 3000
         ports:
         - containerPort: 3000
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
@@ -108,7 +108,7 @@ To deploy Pega Platform with the SRS backing service, the SRS helm chart require
 |-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `enabled`                               | Enable the Search and Reporting Service deployment as a backing service. Set this parameter to `true` to use SRS.                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | `deploymentName`                        | Specify the name of your SRS cluster. Your deployment creates resources prefixed with this string. This is also the service name for the SRS.                                                                                                                                                                                                                                                                                                                                                          |
-| `srsRuntime`                            | Use this section to define specific resource configuration options like image, replica count, cpu and memory resource settings in the SRS. The default minimum required number of replicas is 2, but as a best practice, deploy 3 replicas to maintain high availability.                                                                                                                                                                                                                                                                                                                                                            |
+| `srsRuntime`                            | Use this section to define specific resource configuration options like image, replica count, pod affinity, cpu and memory resource settings in the SRS. The default minimum required number of replicas is 2, but as a best practice, deploy 3 replicas to maintain high availability.                                                                                                                                                                                                                                                                                                                                                            |
 | `busybox`                               | When provisioning an internally managed Elasticsearch cluster, you can customize the location and pull policy of the Alpine image used during the deployment process by specifying `busybox.image` and `busybox.imagePullPolicy`.                                                                                                                                                                                                                                                                      |
 | `elasticsearch`                         | Define the elasticsearch cluster configurations. The [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch/values.yaml) chart defines the values for Elasticsearch provisioning in the SRS cluster. For internally provisioned Elasticsearch the default version is set to `7.17.9`. Set the `elasticsearch.imageTag` parameter in values.yaml to `7.16.3` to use this supported version in the SRS cluster.                                                                |
 | `k8sProvider`                               | Specify your Kubernetes provider name. Supported values are [`eks`, `aks`, `minikube`, `gke`, `openshift`, `pks`].. 

@@ -222,3 +222,10 @@ Network policy: `openshift-dns` for openshift cluster, `kube-dns | core-dns` for
       port: 8080
 {{- end -}}
 {{- end -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
@@ -147,4 +147,5 @@ spec:
                 name: srs-elastic-credentials
                 key: password
       {{ end }}
+{{- include "podAffinity" .Values.srsRuntime | indent 6 }}
   {{ end }}
@@ -709,6 +709,26 @@ tier:
       <annotation-key>: <annotation-value>
 ```
 
+### Pod affinity
+
+You may optionally configure the pod affinity so that it is restricted to run on particular node(s), or to prefer to run on particular nodes. Pod affinity may be specified by using the `affinity` element for a given `tier`. See the official [Kubernetes Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+
+Example:
+
+```yaml
+tier:
+  - name: my-tier
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+          - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+              - linux
+```
+
 ### Pega configuration files
 
 While Pega includes default configuration files in the Helm charts, the charts provide extension points to override the defaults with additional customizations. To change the configuration file, specify the replacement implementation to be injected into a ConfigMap.
@@ -961,6 +981,7 @@ Parameter   | Description   | Default value
 `set_vm_max_map_count`   | Elasticsearch uses a **mmapfs** directory by default to store its indices. The default operating system limits on mmap counts is likely to be too low, which may result in out of memory exceptions. An init container is provided to set the value correctly, but this action requires privileged access. If privileged access is not allowed in your environment, you may increase this setting manually by updating the `vm.max_map_count` setting in **/etc/sysctl.conf** according to the Elasticsearch documentation and can set this parameter to `false` to disable the init container. For more information, see the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html). | `true`
 `set_data_owner_on_startup`   | Set to true to enable an init container that runs a chown command on the mapped volume at startup to reset the owner of the ES data to the current user. This is needed if a random user is used to run the pod, but also requires privileges to change the ownership of files. | `false`
 `podAnnotations` | Configurable annotations applied to all Elasticsearch pods. | {}
+`affinity` | You may optionally configure the pod affinity so that it is restricted to run on particular node(s), or to prefer to run on particular nodes. | `""`
 
 Additional env settings supported by Elasticsearch may be specified in a `custom.env` block as shown in the example below.
 
@@ -1064,6 +1085,7 @@ Parameter   | Description   | Default value
 `image`   | Reference the `platform/installer` Docker image that you downloaded and pushed to your Docker registry that your deployment can access.  | `YOUR_INSTALLER_IMAGE:TAG`
 `imagePullPolicy` | Specify when to pull an image. | `IfNotPresent`
 `adminPassword` | Specify a temporary, initial password to log into the Pega application. This will need to be changed at first login. The adminPassword value cannot start with "@". | `"ADMIN_PASSWORD"`
+`affinity` | Configures policy to assign the pods to the nodes. See the official [Kubernetes Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | `""`
 `upgrade.upgradeType:` |Specify the type of process, applying a patch or upgrading. | See the next table for details.
 `upgrade.upgradeSteps:` |Specify the steps of a `custom` upgrade process that you want to complete. For `zero-downtime`, `out-of-place-rules`, `out-of-place-data`, or `in-place` upgrades, leave this parameter empty. | <ul>`enable_cluster_upgrade` `rules_migration` `rules_upgrade` `data_upgrade` `disable_cluster_upgrade`</ul>
 `upgrade.targetRulesSchema:` |Specify the name of the schema you created the process creates for the new rules schema. | `""`
@@ -1223,6 +1245,7 @@ Parameter   | Description   | Default value
 `hazelcast.username` | Configures the username to be used in a client-server Hazelcast model for authentication between the nodes in the Pega deployment and the nodes in the Hazelcast cluster. This parameter configures the username in Hazelcast cluster and your Pega nodes so authentication occurs automatically.  | `""`
 `hazelcast.password` | Configures the password to be used in a client-server Hazelcast model for authentication between the nodes in the Pega deployment and the nodes in the Hazelcast cluster. This parameter configures the password credential in Hazelcast cluster and your Pega nodes so authentication occurs automatically.  | `""`
 `hazelcast.external_secret_name` | If you configured a secret in an external secrets operator, enter the secret name. For details, see [this section](#optional-support-for-providing-credentialscertificates-using-external-secrets-operator).  | `""`
+`hazelcast.affinity` | Configures policy to assign the pods to the nodes. See the official [Kubernetes Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).  | `""`
 
 #### Example
 ```yaml

@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
@@ -73,4 +73,5 @@ spec:
       {{- include "hazelcastVolumeTemplate" . | indent 6 }}
       imagePullSecrets:
 {{- include "imagePullSecrets" . | indent 6 }}
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
@@ -69,4 +69,5 @@ spec:
       {{- include "hazelcastVolumeTemplate" . | indent 6 }}
       imagePullSecrets:
 {{- include "imagePullSecrets" . | indent 6 }}
+{{- include "podAffinity" .Values | indent 6 }}
 {{ end }}
@@ -182,5 +182,6 @@ spec:
       restartPolicy: Never
       imagePullSecrets:
 {{- include "imagePullSecrets" .root | indent 6 }}
+{{- include "podAffinity" .root.Values | indent 6 }}
 ---
 {{- end -}}
@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}
@@ -117,6 +117,7 @@ spec:
           mountPath: /usr/share/elasticsearch/data
       imagePullSecrets:
 {{- include "imagePullSecrets" . | indent 6 }}
+{{- include "podAffinity" .Values | indent 6 }}
   volumeClaimTemplates:
   - metadata:
       name: esstorage

@@ -530,4 +530,4 @@ servicePort: use-annotation
     - secret:
         name: {{ include "pega-diagnostic-secret-name" $}}
 
-{{- end}}
+{{- end}}
@@ -337,6 +337,7 @@ spec:
       # If the image is in a protected registry, you must specify a secret to access it.
       imagePullSecrets:
 {{- include "imagePullSecrets" .root | indent 6 }}
+{{- include "podAffinity" .node | indent 6 }}
 {{- if (.node.volumeClaimTemplate) }}
   volumeClaimTemplates:
   - metadata:

@@ -11,6 +11,7 @@ pega-db-secret-name
 pega-hz-secret-name
 deployDBSecret
 deployNonExtDBSecret
+podAffinity
 secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires
 charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
 */}}
@@ -115,4 +116,11 @@ false
     name: {{ .extSecretName }}
 {{- end -}}
 {{- end -}}
-{{- end  -}}
+{{- end  -}}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}