diff --git a/helmfile/apps/element/values-element.yaml.gotmpl b/helmfile/apps/element/values-element.yaml.gotmpl index d514b69e..d48d769b 100644 --- a/helmfile/apps/element/values-element.yaml.gotmpl +++ b/helmfile/apps/element/values-element.yaml.gotmpl @@ -4,6 +4,18 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze SPDX-License-Identifier: Apache-2.0 */}} --- +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - jitsi + topologyKey: kubernetes.io/hostname configuration: endToEndEncryption: true additionalConfiguration: diff --git a/helmfile/apps/element/values-synapse.yaml.gotmpl b/helmfile/apps/element/values-synapse.yaml.gotmpl index 4270786f..9042bdf3 100644 --- a/helmfile/apps/element/values-synapse.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse.yaml.gotmpl @@ -4,6 +4,18 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze SPDX-License-Identifier: Apache-2.0 */}} --- +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - jitsi + topologyKey: kubernetes.io/hostname configuration: additionalConfiguration: user_directory: diff --git a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl index dc40f937..98414f88 100644 --- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl +++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl @@ -4,6 +4,30 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze SPDX-License-Identifier: Apache-2.0 */}} --- +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - opendesk-synapse + topologyKey: kubernetes.io/hostname + {{- with .Values.cluster.computeNodeLabel }} + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + - {{ .value }} + {{- end }} + global: domain: {{ .Values.global.domain | quote }} hosts: @@ -103,6 +127,29 @@ jitsi: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.jitsi | toYaml | nindent 8 }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - opendesk-synapse + topologyKey: kubernetes.io/hostname + {{- with .Values.cluster.computeNodeLabel }} + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + - {{ .value }} + {{- end }} prosody: image: repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.prosody.registry }}/{{ .Values.images.prosody.repository }}" @@ -152,6 +199,29 @@ jitsi: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.prosody | toYaml | nindent 8 }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - opendesk-synapse + topologyKey: kubernetes.io/hostname + {{- with .Values.cluster.computeNodeLabel }} + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + - {{ .value }} + {{- end }} jicofo: replicaCount: {{ .Values.replicas.jicofo }} image: @@ -175,6 +245,29 @@ jitsi: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.jicofo | toYaml | nindent 8 }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - opendesk-synapse + topologyKey: kubernetes.io/hostname + {{- with .Values.cluster.computeNodeLabel }} + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + - {{ .value }} + {{- end }} jigasi: replicaCount: {{ .Values.replicas.jigasi }} enabled: {{ .Values.sip.jigasi.enabled }} @@ -204,6 +297,29 @@ jitsi: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.jigasi | toYaml | nindent 8 }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - opendesk-synapse + topologyKey: kubernetes.io/hostname + {{- with .Values.cluster.computeNodeLabel }} + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + - {{ .value }} + {{- end }} jvb: replicaCount: {{ .Values.replicas.jvb }} # The `useNodeIP` option provided by the upstream charts does not support all relevant scenarios, but since @@ -229,6 +345,29 @@ jitsi: runAsNonRoot: false runAsUser: 0 seccompProfile: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - opendesk-synapse + topologyKey: kubernetes.io/hostname + {{- with .Values.cluster.computeNodeLabel }} + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + - {{ .value }} + {{- end }} type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.jvb | toYaml | nindent 8 }} diff --git a/helmfile/environments/default/cluster.yaml.gotmpl b/helmfile/environments/default/cluster.yaml.gotmpl index 169e5e2d..835febc1 100644 --- a/helmfile/environments/default/cluster.yaml.gotmpl +++ b/helmfile/environments/default/cluster.yaml.gotmpl @@ -2,6 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 --- cluster: + # Specify a label to prefer for scheduling of CPU heavy workloads that don't support horizontal scaling. + computeNodeLabel: {} +# key: key-of-nodeselector-label +# value: value-of-nodeselector-label + service: # Based on the available Implementations of your cluster, choose the type of Service. # Choose out of "ClusterIP", "NodePort" or "LoadBalancer.