-
-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: remove topo contraints due to global policy #8276
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Devin Buhl <[email protected]>
github-actions
bot
added
area/kubernetes
Changes made in the kubernetes directory
cluster/main
labels
Oct 28, 2024
--- HelmRelease: kube-system/coredns Deployment: kube-system/coredns
+++ HelmRelease: kube-system/coredns Deployment: kube-system/coredns
@@ -40,19 +40,12 @@
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/instance: coredns
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
--- HelmRelease: network/nginx-internal Deployment: network/nginx-internal-controller
+++ HelmRelease: network/nginx-internal Deployment: network/nginx-internal-controller
@@ -114,21 +114,12 @@
memory: 500Mi
requests:
cpu: 100m
memory: 90Mi
nodeSelector:
kubernetes.io/os: linux
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: nginx-internal
- app.kubernetes.io/name: ingress-nginx
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
serviceAccountName: nginx-internal
terminationGracePeriodSeconds: 120
volumes:
- name: webhook-cert
secret:
secretName: nginx-internal-admission
--- HelmRelease: network/nginx-external Deployment: network/nginx-external-controller
+++ HelmRelease: network/nginx-external Deployment: network/nginx-external-controller
@@ -115,21 +115,12 @@
memory: 500Mi
requests:
cpu: 100m
memory: 90Mi
nodeSelector:
kubernetes.io/os: linux
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: nginx-external
- app.kubernetes.io/name: ingress-nginx
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
serviceAccountName: nginx-external
terminationGracePeriodSeconds: 120
volumes:
- name: webhook-cert
secret:
secretName: nginx-external-admission
--- HelmRelease: rook-ceph/rook-ceph-cluster CephFilesystem: rook-ceph/ceph-filesystem
+++ HelmRelease: rook-ceph/rook-ceph-cluster CephFilesystem: rook-ceph/ceph-filesystem
@@ -13,21 +13,12 @@
metadataPool:
replicated:
size: 3
metadataServer:
activeCount: 1
activeStandby: true
- placement:
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: ceph-mds
- app.kubernetes.io/part-of: ceph-filesystem
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
priorityClassName: system-cluster-critical
resources:
limits:
memory: 4Gi
requests:
cpu: 100m
--- HelmRelease: kube-system/fstrim CronJob: kube-system/fstrim
+++ HelmRelease: kube-system/fstrim CronJob: kube-system/fstrim
@@ -32,19 +32,12 @@
automountServiceAccountToken: true
hostIPC: false
hostNetwork: true
hostPID: true
dnsPolicy: ClusterFirstWithHostNet
restartPolicy: Never
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: fstrim
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
containers:
- env:
- name: SCRIPT_NAME
value: fstrim.sh
- name: TZ
value: America/New_York
--- HelmRelease: network/cloudflared Deployment: network/cloudflared
+++ HelmRelease: network/cloudflared Deployment: network/cloudflared
@@ -37,19 +37,12 @@
seccompProfile:
type: RuntimeDefault
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: cloudflared
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
containers:
- args:
- tunnel
- --config
- /etc/cloudflared/config/config.yaml
- run
--- HelmRelease: default/smtp-relay Deployment: default/smtp-relay
+++ HelmRelease: default/smtp-relay Deployment: default/smtp-relay
@@ -37,19 +37,12 @@
seccompProfile:
type: RuntimeDefault
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: smtp-relay
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
containers:
- env:
- name: SMTP_RELAY_METRICS_PORT
value: '8080'
- name: SMTP_RELAY_SERVER_PORT
value: '465'
--- HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-admission-controller
+++ HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-admission-controller
@@ -27,20 +27,12 @@
labels:
app.kubernetes.io/component: admission-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: kyverno
spec:
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/component: admission-controller
- app.kubernetes.io/instance: kyverno
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
dnsPolicy: ClusterFirst
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector: |
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns
+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns
@@ -25,8 +25,8 @@
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
valuesFrom:
- kind: ConfigMap
- name: coredns-helm-values-8h74269k4f
+ name: coredns-helm-values-mkc9995tkh
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-8h74269k4f
+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-8h74269k4f
@@ -1,71 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- fullnameOverride: coredns
- replicaCount: 3
- k8sAppLabelOverride: kube-dns
- serviceAccount:
- create: true
- service:
- name: kube-dns
- clusterIP: 10.43.0.10
- servers:
- - zones:
- - zone: .
- scheme: dns://
- use_tcp: true
- port: 53
- plugins:
- - name: errors
- - name: health
- configBlock: |-
- lameduck 5s
- - name: ready
- - name: log
- configBlock: |-
- class error
- - name: prometheus
- parameters: 0.0.0.0:9153
- - name: kubernetes
- parameters: cluster.local in-addr.arpa ip6.arpa
- configBlock: |-
- pods insecure
- fallthrough in-addr.arpa ip6.arpa
- - name: forward
- parameters: . /etc/resolv.conf
- - name: cache
- parameters: 30
- - name: loop
- - name: reload
- - name: loadbalance
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: node-role.kubernetes.io/control-plane
- operator: Exists
- tolerations:
- - key: CriticalAddonsOnly
- operator: Exists
- - key: node-role.kubernetes.io/control-plane
- operator: Exists
- effect: NoSchedule
- topologySpreadConstraints:
- - maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
- labelSelector:
- matchLabels:
- app.kubernetes.io/instance: coredns
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: coredns
- kustomize.toolkit.fluxcd.io/name: coredns
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: coredns-helm-values-8h74269k4f
- namespace: kube-system
-
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-mkc9995tkh
+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-mkc9995tkh
@@ -0,0 +1,64 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ fullnameOverride: coredns
+ replicaCount: 3
+ k8sAppLabelOverride: kube-dns
+ serviceAccount:
+ create: true
+ service:
+ name: kube-dns
+ clusterIP: 10.43.0.10
+ servers:
+ - zones:
+ - zone: .
+ scheme: dns://
+ use_tcp: true
+ port: 53
+ plugins:
+ - name: errors
+ - name: health
+ configBlock: |-
+ lameduck 5s
+ - name: ready
+ - name: log
+ configBlock: |-
+ class error
+ - name: prometheus
+ parameters: 0.0.0.0:9153
+ - name: kubernetes
+ parameters: cluster.local in-addr.arpa ip6.arpa
+ configBlock: |-
+ pods insecure
+ fallthrough in-addr.arpa ip6.arpa
+ - name: forward
+ parameters: . /etc/resolv.conf
+ - name: cache
+ parameters: 30
+ - name: loop
+ - name: reload
+ - name: loadbalance
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: coredns
+ kustomize.toolkit.fluxcd.io/name: coredns
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: coredns-helm-values-mkc9995tkh
+ namespace: kube-system
+
--- kubernetes/main/apps/kube-system/fstrim/app Kustomization: flux-system/fstrim HelmRelease: kube-system/fstrim
+++ kubernetes/main/apps/kube-system/fstrim/app Kustomization: flux-system/fstrim HelmRelease: kube-system/fstrim
@@ -51,19 +51,12 @@
successfulJobsHistory: 1
timeZone: America/New_York
type: cronjob
defaultPodOptions:
hostNetwork: true
hostPID: true
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: fstrim
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
persistence:
netfs:
globalMounts:
- path: /host/net
readOnly: true
hostPath: /sys
--- kubernetes/main/apps/kyverno/kyverno/app Kustomization: flux-system/kyverno HelmRelease: kyverno/kyverno
+++ kubernetes/main/apps/kyverno/kyverno/app Kustomization: flux-system/kyverno HelmRelease: kyverno/kyverno
@@ -39,20 +39,12 @@
- create
- update
- delete
replicas: 3
serviceMonitor:
enabled: true
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/component: admission-controller
- app.kubernetes.io/instance: kyverno
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
backgroundController:
rbac:
clusterRole:
extraResources:
- apiGroups:
- ''
--- kubernetes/main/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay
+++ kubernetes/main/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay
@@ -64,19 +64,12 @@
securityContext:
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: smtp-relay
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
persistence:
cache:
globalMounts:
- path: /cache
type: emptyDir
config:
--- kubernetes/main/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster
+++ kubernetes/main/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster
@@ -139,21 +139,12 @@
metadataPool:
replicated:
size: 3
metadataServer:
activeCount: 1
activeStandby: true
- placement:
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: ceph-mds
- app.kubernetes.io/part-of: ceph-filesystem
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
priorityClassName: system-cluster-critical
resources:
limits:
memory: 4Gi
requests:
cpu: 100m
--- kubernetes/main/apps/network/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: network/cloudflared
+++ kubernetes/main/apps/network/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: network/cloudflared
@@ -92,19 +92,12 @@
securityContext:
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: cloudflared
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
persistence:
config:
globalMounts:
- path: /etc/cloudflared/config/config.yaml
readOnly: true
subPath: config.yaml
--- kubernetes/main/apps/network/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: network/nginx-internal
+++ kubernetes/main/apps/network/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: network/nginx-internal
@@ -76,19 +76,10 @@
cpu: 100m
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: internal.devbu.io
lbipam.cilium.io/ips: 192.168.42.121
terminationGracePeriodSeconds: 120
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: nginx-internal
- app.kubernetes.io/name: ingress-nginx
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
defaultBackend:
enabled: false
fullnameOverride: nginx-internal
--- kubernetes/main/apps/network/nginx/external Kustomization: flux-system/nginx-external HelmRelease: network/nginx-external
+++ kubernetes/main/apps/network/nginx/external Kustomization: flux-system/nginx-external HelmRelease: network/nginx-external
@@ -77,21 +77,12 @@
cpu: 100m
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: external.devbu.io
lbipam.cilium.io/ips: 192.168.42.126
terminationGracePeriodSeconds: 120
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: nginx-external
- app.kubernetes.io/name: ingress-nginx
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
defaultBackend:
enabled: false
fullnameOverride: nginx-external
valuesFrom:
- kind: Secret
name: nginx-external-maxmind-secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Global topo was added in d00540a