Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Commit

Permalink
Adds a default affinity rule to values.yaml
Browse files Browse the repository at this point in the history 
- Uses preferred rule instead of required to not hard fail scheduling on single node cluster
  • Loading branch information
@JasonWhall
JasonWhall committed Jun 3, 2021
1 parent b3ee1d0 commit 79d144d
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 13 deletions.
4 changes: 2 additions & 2 deletions manifest_staging/charts/aad-pod-identity/README.md
View file
Expand Up @@ -238,7 +238,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch
| `nameOverride` | String to partially override aad-pod-identity.fullname template with a string (will prepend the release name) | `""` |
| `fullnameOverride` | String to fully override aad-pod-identity.fullname template with a string | `""` |
| `image.repository` | Image repository | `mcr.microsoft.com/oss/azure/aad-pod-identity` |
| `image.imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `image.imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `imagePullSecrets` | One or more secrets to be used when pulling images | `[]` |
| `forceNamespaced` | By default, AAD Pod Identity matches pods to identities across namespaces. To match only pods in the namespace containing AzureIdentity set this to true. | `false` |
| `installMICException` | When NMI runs on a node where MIC is running, then MIC token request call is also intercepted by NMI. MIC can't get a valid token to initialize and then assign the identity. Installing an exception for MIC would ensure all token requests for MIC pods directly go to IMDS and not go through the pod-identity validation | `true` |
Expand All @@ -260,7 +260,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch
| `mic.resources` | Resource limit for MIC | `{}` |
| `mic.podAnnotations` | Pod annotations for MIC | `{}` |
| `mic.podLabels` | Pod labels for MIC | `{}` |
| `mic.affinity` | Affinity settings | `{}` |
| `mic.affinity` | Affinity settings | A "soft" anti-affinity rule to avoid co-location on a node |
| `mic.tolerations` | List of node taints to tolerate | `[]` |
| `mic.topologySpreadConstraints` | Pod topology spread constraints settings | `[]` |
| `mic.podDisruptionBudget` | Pod disruption budget settings | `{}` |
Expand Down
23 changes: 12 additions & 11 deletions manifest_staging/charts/aad-pod-identity/values.yaml
View file
Expand Up @@ -75,17 +75,18 @@ mic:
# - key: "CriticalAddonsOnly"
# operator: "Exists"

# ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
affinity: {}
# nodeAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight 1
# preference:
# matchExpressions:
# - key: kubernetes.azure.com/mode
# operator: In
# values:
# - system
# Affinity rules to apply to the mic deployment.
# Uses an anti-affinity rule to prefer not to co-locate pods on the same node as default.
# ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app.kubernetes.io/component: mic

# Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
# ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
Expand Down

0 comments on commit 79d144d

Please sign in to comment.