feat: helm: support adding affinity rule for coderd service (#157)

johnstcn · web-flow · commit 41c4b31aedc4 · 2021-10-22T20:23:49.000+01:00
This commit adds the `coderd.affinity` configuration knob. This allows the user to specify any affinity they like for the coderd deployment. An example affinity is provided.
diff --git a/README.md b/README.md
@@ -25,7 +25,8 @@ View [our docs](https://coder.com/docs/setup/installation) for detailed installa
 | certs | object | Certificate that will be mounted inside Coder services. | `{"secret":{"key":"","name":""}}` |
 | certs.secret.key | string | Key pointing to a certificate in the secret. | `""` |
 | certs.secret.name | string | Name of the secret. | `""` |
-| coderd | object | Primary service responsible for all things Coder! | `{"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":null,"https":null},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
+| coderd | object | Primary service responsible for all things Coder! | `{"affinity":{},"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":null,"https":null},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
+| coderd.affinity | object | Allows specifying an affinity rule for the `coderd` deployment. If you set `coderd.replicas` to a value higher than 1, you may wish to also add a pod anti-affinity definition to ensure that multiple coderd pods are not scheduled on the same node. | `{}` |
 | coderd.builtinProviderServiceAccount | object | Customize the built-in Kubernetes provider service account. | `{"annotations":{},"labels":{}}` |
 | coderd.builtinProviderServiceAccount.annotations | object | A KV mapping of annotations. See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `{}` |
 | coderd.builtinProviderServiceAccount.labels | object | Add labels to the service account used for the built-in provider. | `{}` |
diff --git a/templates/_functions.tpl b/templates/_functions.tpl
@@ -25,3 +25,16 @@ resources:
   {{- end }}
 {{- end }}
 {{- end }}
+
+{{/*
+coder.template.render -- renders a value that contains template.
+Usage:
+{{ include "coder.template.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "coder.template.render" -}}
+    {{- if typeIs "string" .value }}
+        {{- tpl .value .context }}
+    {{- else }}
+        {{- tpl (.value | toYaml) .context }}
+    {{- end }}
+{{- end -}}
diff --git a/templates/coderd.yaml b/templates/coderd.yaml
@@ -47,6 +47,9 @@ spec:
       {{- if not .Values.coderd.satellite.enable }}
       serviceAccountName: coder
       {{- end }}
+      {{- if .Values.coderd.affinity }}
+      affinity: {{- include "coder.template.render" ( dict "value" .Values.coderd.affinity "context" $) | nindent 8 }}
+      {{- end }}
 {{- include "coder.services.nodeSelector" . | indent 6 }}
 {{- include "coder.serviceTolerations" . | indent 6 }}
       {{- if not .Values.coderd.satellite.enable }}
diff --git a/values.yaml b/values.yaml
@@ -151,6 +151,27 @@ coderd:
       # contains the super admin password.
       key: "password"
 
+  # coderd.affinity -- Allows specifying an affinity rule for the `coderd`
+  # deployment. If you set `coderd.replicas` to a value higher than 1, you
+  # may wish to also add a pod anti-affinity definition to ensure that
+  # multiple coderd pods are not scheduled on the same node.
+  affinity: {}
+  # Example:
+  # ```
+  # affinity:
+  #   podAntiAffinity:
+  #     preferredDuringSchedulingIgnoredDuringExecution:
+  #       - podAffinityTerm:
+  #           labelSelector:
+  #             matchExpressions:
+  #               - key: app
+  #                 operator: In
+  #                 values:
+  #                   - "coderd"
+  #           topologyKey: kubernetes.io/hostname
+  #         weight: 1
+  # ```
+
 # envbox -- Required for running Docker inside containers. See requirements:
 # https://coder.com/docs/coder/v1.19/admin/workspace-management/cvms
 envbox:
