Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove topo contraints due to global policy #8276

Merged
merged 1 commit into from
Oct 28, 2024
Merged

fix: remove topo contraints due to global policy #8276

merged 1 commit into from
Oct 28, 2024

Conversation

onedr0p
Copy link
Owner

@onedr0p onedr0p commented Oct 28, 2024

Global topo was added in d00540a

@github-actions github-actions bot added area/kubernetes Changes made in the kubernetes directory cluster/main labels Oct 28, 2024
@bot-ross
Copy link
Contributor

bot-ross bot commented Oct 28, 2024

--- HelmRelease: kube-system/coredns Deployment: kube-system/coredns

+++ HelmRelease: kube-system/coredns Deployment: kube-system/coredns

@@ -40,19 +40,12 @@

         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: node-role.kubernetes.io/control-plane
                 operator: Exists
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/instance: coredns
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
       tolerations:
       - key: CriticalAddonsOnly
         operator: Exists
       - effect: NoSchedule
         key: node-role.kubernetes.io/control-plane
         operator: Exists
--- HelmRelease: network/nginx-internal Deployment: network/nginx-internal-controller

+++ HelmRelease: network/nginx-internal Deployment: network/nginx-internal-controller

@@ -114,21 +114,12 @@

             memory: 500Mi
           requests:
             cpu: 100m
             memory: 90Mi
       nodeSelector:
         kubernetes.io/os: linux
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/component: controller
-            app.kubernetes.io/instance: nginx-internal
-            app.kubernetes.io/name: ingress-nginx
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
       serviceAccountName: nginx-internal
       terminationGracePeriodSeconds: 120
       volumes:
       - name: webhook-cert
         secret:
           secretName: nginx-internal-admission
--- HelmRelease: network/nginx-external Deployment: network/nginx-external-controller

+++ HelmRelease: network/nginx-external Deployment: network/nginx-external-controller

@@ -115,21 +115,12 @@

             memory: 500Mi
           requests:
             cpu: 100m
             memory: 90Mi
       nodeSelector:
         kubernetes.io/os: linux
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/component: controller
-            app.kubernetes.io/instance: nginx-external
-            app.kubernetes.io/name: ingress-nginx
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
       serviceAccountName: nginx-external
       terminationGracePeriodSeconds: 120
       volumes:
       - name: webhook-cert
         secret:
           secretName: nginx-external-admission
--- HelmRelease: rook-ceph/rook-ceph-cluster CephFilesystem: rook-ceph/ceph-filesystem

+++ HelmRelease: rook-ceph/rook-ceph-cluster CephFilesystem: rook-ceph/ceph-filesystem

@@ -13,21 +13,12 @@

   metadataPool:
     replicated:
       size: 3
   metadataServer:
     activeCount: 1
     activeStandby: true
-    placement:
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/name: ceph-mds
-            app.kubernetes.io/part-of: ceph-filesystem
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
     priorityClassName: system-cluster-critical
     resources:
       limits:
         memory: 4Gi
       requests:
         cpu: 100m
--- HelmRelease: kube-system/fstrim CronJob: kube-system/fstrim

+++ HelmRelease: kube-system/fstrim CronJob: kube-system/fstrim

@@ -32,19 +32,12 @@

           automountServiceAccountToken: true
           hostIPC: false
           hostNetwork: true
           hostPID: true
           dnsPolicy: ClusterFirstWithHostNet
           restartPolicy: Never
-          topologySpreadConstraints:
-          - labelSelector:
-              matchLabels:
-                app.kubernetes.io/name: fstrim
-            maxSkew: 1
-            topologyKey: kubernetes.io/hostname
-            whenUnsatisfiable: DoNotSchedule
           containers:
           - env:
             - name: SCRIPT_NAME
               value: fstrim.sh
             - name: TZ
               value: America/New_York
--- HelmRelease: network/cloudflared Deployment: network/cloudflared

+++ HelmRelease: network/cloudflared Deployment: network/cloudflared

@@ -37,19 +37,12 @@

         seccompProfile:
           type: RuntimeDefault
       hostIPC: false
       hostNetwork: false
       hostPID: false
       dnsPolicy: ClusterFirst
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/name: cloudflared
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
       containers:
       - args:
         - tunnel
         - --config
         - /etc/cloudflared/config/config.yaml
         - run
--- HelmRelease: default/smtp-relay Deployment: default/smtp-relay

+++ HelmRelease: default/smtp-relay Deployment: default/smtp-relay

@@ -37,19 +37,12 @@

         seccompProfile:
           type: RuntimeDefault
       hostIPC: false
       hostNetwork: false
       hostPID: false
       dnsPolicy: ClusterFirst
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/name: smtp-relay
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
       containers:
       - env:
         - name: SMTP_RELAY_METRICS_PORT
           value: '8080'
         - name: SMTP_RELAY_SERVER_PORT
           value: '465'
--- HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-admission-controller

+++ HelmRelease: kyverno/kyverno Deployment: kyverno/kyverno-admission-controller

@@ -27,20 +27,12 @@

       labels:
         app.kubernetes.io/component: admission-controller
         app.kubernetes.io/instance: kyverno
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/part-of: kyverno
     spec:
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/component: admission-controller
-            app.kubernetes.io/instance: kyverno
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
       dnsPolicy: ClusterFirst
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
           - podAffinityTerm:
               labelSelector:

@bot-ross
Copy link
Contributor

bot-ross bot commented Oct 28, 2024

--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns

+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns

@@ -25,8 +25,8 @@

     cleanupOnFail: true
     remediation:
       retries: 3
       strategy: rollback
   valuesFrom:
   - kind: ConfigMap
-    name: coredns-helm-values-8h74269k4f
+    name: coredns-helm-values-mkc9995tkh
 
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-8h74269k4f

+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-8h74269k4f

@@ -1,71 +0,0 @@

----
-apiVersion: v1
-data:
-  values.yaml: |
-    ---
-    fullnameOverride: coredns
-    replicaCount: 3
-    k8sAppLabelOverride: kube-dns
-    serviceAccount:
-      create: true
-    service:
-      name: kube-dns
-      clusterIP: 10.43.0.10
-    servers:
-      - zones:
-          - zone: .
-            scheme: dns://
-            use_tcp: true
-        port: 53
-        plugins:
-          - name: errors
-          - name: health
-            configBlock: |-
-              lameduck 5s
-          - name: ready
-          - name: log
-            configBlock: |-
-              class error
-          - name: prometheus
-            parameters: 0.0.0.0:9153
-          - name: kubernetes
-            parameters: cluster.local in-addr.arpa ip6.arpa
-            configBlock: |-
-              pods insecure
-              fallthrough in-addr.arpa ip6.arpa
-          - name: forward
-            parameters: . /etc/resolv.conf
-          - name: cache
-            parameters: 30
-          - name: loop
-          - name: reload
-          - name: loadbalance
-    affinity:
-      nodeAffinity:
-        requiredDuringSchedulingIgnoredDuringExecution:
-          nodeSelectorTerms:
-            - matchExpressions:
-                - key: node-role.kubernetes.io/control-plane
-                  operator: Exists
-    tolerations:
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - key: node-role.kubernetes.io/control-plane
-        operator: Exists
-        effect: NoSchedule
-    topologySpreadConstraints:
-      - maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
-        labelSelector:
-          matchLabels:
-            app.kubernetes.io/instance: coredns
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/name: coredns
-    kustomize.toolkit.fluxcd.io/name: coredns
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: coredns-helm-values-8h74269k4f
-  namespace: kube-system
-
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-mkc9995tkh

+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-mkc9995tkh

@@ -0,0 +1,64 @@

+---
+apiVersion: v1
+data:
+  values.yaml: |
+    ---
+    fullnameOverride: coredns
+    replicaCount: 3
+    k8sAppLabelOverride: kube-dns
+    serviceAccount:
+      create: true
+    service:
+      name: kube-dns
+      clusterIP: 10.43.0.10
+    servers:
+      - zones:
+          - zone: .
+            scheme: dns://
+            use_tcp: true
+        port: 53
+        plugins:
+          - name: errors
+          - name: health
+            configBlock: |-
+              lameduck 5s
+          - name: ready
+          - name: log
+            configBlock: |-
+              class error
+          - name: prometheus
+            parameters: 0.0.0.0:9153
+          - name: kubernetes
+            parameters: cluster.local in-addr.arpa ip6.arpa
+            configBlock: |-
+              pods insecure
+              fallthrough in-addr.arpa ip6.arpa
+          - name: forward
+            parameters: . /etc/resolv.conf
+          - name: cache
+            parameters: 30
+          - name: loop
+          - name: reload
+          - name: loadbalance
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: node-role.kubernetes.io/control-plane
+                  operator: Exists
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/name: coredns
+    kustomize.toolkit.fluxcd.io/name: coredns
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: coredns-helm-values-mkc9995tkh
+  namespace: kube-system
+
--- kubernetes/main/apps/kube-system/fstrim/app Kustomization: flux-system/fstrim HelmRelease: kube-system/fstrim

+++ kubernetes/main/apps/kube-system/fstrim/app Kustomization: flux-system/fstrim HelmRelease: kube-system/fstrim

@@ -51,19 +51,12 @@

           successfulJobsHistory: 1
           timeZone: America/New_York
         type: cronjob
     defaultPodOptions:
       hostNetwork: true
       hostPID: true
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/name: fstrim
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
     persistence:
       netfs:
         globalMounts:
         - path: /host/net
           readOnly: true
         hostPath: /sys
--- kubernetes/main/apps/kyverno/kyverno/app Kustomization: flux-system/kyverno HelmRelease: kyverno/kyverno

+++ kubernetes/main/apps/kyverno/kyverno/app Kustomization: flux-system/kyverno HelmRelease: kyverno/kyverno

@@ -39,20 +39,12 @@

             - create
             - update
             - delete
       replicas: 3
       serviceMonitor:
         enabled: true
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/component: admission-controller
-            app.kubernetes.io/instance: kyverno
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
     backgroundController:
       rbac:
         clusterRole:
           extraResources:
           - apiGroups:
             - ''
--- kubernetes/main/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay

+++ kubernetes/main/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay

@@ -64,19 +64,12 @@

       securityContext:
         runAsGroup: 65534
         runAsNonRoot: true
         runAsUser: 65534
         seccompProfile:
           type: RuntimeDefault
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/name: smtp-relay
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
     persistence:
       cache:
         globalMounts:
         - path: /cache
         type: emptyDir
       config:
--- kubernetes/main/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster

+++ kubernetes/main/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster

@@ -139,21 +139,12 @@

         metadataPool:
           replicated:
             size: 3
         metadataServer:
           activeCount: 1
           activeStandby: true
-          placement:
-            topologySpreadConstraints:
-            - labelSelector:
-                matchLabels:
-                  app.kubernetes.io/name: ceph-mds
-                  app.kubernetes.io/part-of: ceph-filesystem
-              maxSkew: 1
-              topologyKey: kubernetes.io/hostname
-              whenUnsatisfiable: DoNotSchedule
           priorityClassName: system-cluster-critical
           resources:
             limits:
               memory: 4Gi
             requests:
               cpu: 100m
--- kubernetes/main/apps/network/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: network/cloudflared

+++ kubernetes/main/apps/network/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: network/cloudflared

@@ -92,19 +92,12 @@

       securityContext:
         runAsGroup: 65534
         runAsNonRoot: true
         runAsUser: 65534
         seccompProfile:
           type: RuntimeDefault
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/name: cloudflared
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
     persistence:
       config:
         globalMounts:
         - path: /etc/cloudflared/config/config.yaml
           readOnly: true
           subPath: config.yaml
--- kubernetes/main/apps/network/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: network/nginx-internal

+++ kubernetes/main/apps/network/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: network/nginx-internal

@@ -76,19 +76,10 @@

           cpu: 100m
       service:
         annotations:
           external-dns.alpha.kubernetes.io/hostname: internal.devbu.io
           lbipam.cilium.io/ips: 192.168.42.121
       terminationGracePeriodSeconds: 120
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/component: controller
-            app.kubernetes.io/instance: nginx-internal
-            app.kubernetes.io/name: ingress-nginx
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
     defaultBackend:
       enabled: false
     fullnameOverride: nginx-internal
 
--- kubernetes/main/apps/network/nginx/external Kustomization: flux-system/nginx-external HelmRelease: network/nginx-external

+++ kubernetes/main/apps/network/nginx/external Kustomization: flux-system/nginx-external HelmRelease: network/nginx-external

@@ -77,21 +77,12 @@

           cpu: 100m
       service:
         annotations:
           external-dns.alpha.kubernetes.io/hostname: external.devbu.io
           lbipam.cilium.io/ips: 192.168.42.126
       terminationGracePeriodSeconds: 120
-      topologySpreadConstraints:
-      - labelSelector:
-          matchLabels:
-            app.kubernetes.io/component: controller
-            app.kubernetes.io/instance: nginx-external
-            app.kubernetes.io/name: ingress-nginx
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
     defaultBackend:
       enabled: false
     fullnameOverride: nginx-external
   valuesFrom:
   - kind: Secret
     name: nginx-external-maxmind-secret

@onedr0p onedr0p merged commit 9c0033b into main Oct 28, 2024
10 checks passed
@onedr0p onedr0p deleted the remove-topo branch October 28, 2024 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/kubernetes Changes made in the kubernetes directory cluster/main
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant