Support default nodeAffinity for subscriptions (#34)

* Support default nodeAffinity for subscriptions * Add test for nodeAffinity override * Update documentation * Apply suggestions from code review Co-authored-by: Simon Gerber <simon.gerber@vshn.ch> --------- Co-authored-by: Stephan Feurer <stephan.feurer@vshn.ch> Co-authored-by: Simon Gerber <simon.gerber@vshn.ch>
appuio · Sep 8, 2023 · e972ac1 · e972ac1
1 parent ec06e84
commit e972ac1
Show file tree

Hide file tree

Showing 14 changed files with 101 additions and 8 deletions.
diff --git a/.cruft.json b/.cruft.json
@@ -7,7 +7,7 @@
       "name": "openshift4-operators",
       "slug": "openshift4-operators",
       "parameter_key": "openshift4_operators",
-      "test_cases": "openshift-operators-redhat openshift-operators openshift-operators-custom operator-subscription",
+      "test_cases": "openshift-operators-redhat openshift-operators openshift-operators-custom operator-subscription affinity-override",
       "add_lib": "y",
       "add_pp": "n",
       "add_golden": "y",

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -36,6 +36,7 @@ jobs:
           - openshift-operators
           - openshift-operators-custom
           - operator-subscription
+          - affinity-override
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -54,6 +55,7 @@ jobs:
           - openshift-operators
           - openshift-operators-custom
           - operator-subscription
+          - affinity-override
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}

diff --git a/Makefile.vars.mk b/Makefile.vars.mk
@@ -57,4 +57,4 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= openshift-operators-redhat
-test_instances = tests/openshift-operators-redhat.yml tests/openshift-operators.yml tests/openshift-operators-custom.yml tests/operator-subscription.yml
+test_instances = tests/openshift-operators-redhat.yml tests/openshift-operators.yml tests/openshift-operators-custom.yml tests/operator-subscription.yml tests/affinity-override.yml
diff --git a/class/defaults.yml b/class/defaults.yml
@@ -4,7 +4,7 @@ parameters:
       multi_instance: true
     namespace: ${_instance}
     namespaceAnnotations:
-      openshift.io/node-selector: node-role.kubernetes.io/infra=
+      openshift.io/node-selector: ''
     defaultInstallPlanApproval: Automatic
     defaultSourceNamespace: openshift-marketplace
     defaultSource: certified-operators

diff --git a/docs/modules/ROOT/pages/references/component-library.adoc b/docs/modules/ROOT/pages/references/component-library.adoc
@@ -36,6 +36,9 @@ This function creates a `subscriptions.operators.coreos.com` resource in a names
 
 The result of this function can be used in the same way as resources created by `kube.libjsonnet`.
 
+By default the components sets the nodeAffinity to infra nodes, this can be overwritten.
+See https://docs.openshift.com/container-platform/latest/nodes/scheduling/nodes-scheduler-node-affinity.html#nodes-scheduler-node-affinity-configuring-required_nodes-scheduler-node-affinity[Official Documentation]
+
 --
 .Arguments
 `instance`:: Name of the component instance in which to create the subscription
@@ -63,6 +66,9 @@ When using this function, the caller is responsible to ensure that an `OperatorG
 
 The result of this function can be used in the same way as resources created by `kube.libjsonnet`.
 
+By default the components sets the nodeAffinity to infra nodes, this can be overwritten.
+See https://docs.openshift.com/container-platform/latest/nodes/scheduling/nodes-scheduler-node-affinity.html#nodes-scheduler-node-affinity-configuring-required_nodes-scheduler-node-affinity[Official Documentation]
+
 --
 .Arguments
 `instance`:: Name of the component instance in which to create the subscription

diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -20,7 +20,7 @@ default::
 +
 [source,yaml]
 ----
-openshift.io/node-selector: node-role.kubernetes.io/infra=
+openshift.io/node-selector: ''
 ----
 
 Annotations to be applied to the created namespace.
@@ -76,6 +76,8 @@ If this parameter is set to `true`, the component will allow using namespace nam
 
 This parameter allows users of the component to configure one subscription per instance.
 The component explicitly doesn't allow configuring multiple instances in the same namespace, since we've seen various issues with conflicting upgrades when multiple subscriptions are created in the same namespace, especially when `installPlanApproval=Manual` is required for some reason.
+By default the components sets the nodeAffinity to infra nodes, this can be overwritten.
+See https://docs.openshift.com/container-platform/latest/nodes/scheduling/nodes-scheduler-node-affinity.html#nodes-scheduler-node-affinity-configuring-required_nodes-scheduler-node-affinity[Official Documentation]
 
 === `subscription.name`
 

diff --git a/lib/openshift4-operators.libsonnet b/lib/openshift4-operators.libsonnet
@@ -66,6 +66,20 @@ local subscription(name) =
   kube._Object(apigroup + '/v1alpha1', 'Subscription', name) {
     spec: {
       name: name,
+      config: {
+        affinity: {
+          nodeAffinity: {
+            requiredDuringSchedulingIgnoredDuringExecution: {
+              nodeSelectorTerms: [ {
+                matchExpressions: [ {
+                  key: 'node-role.kubernetes.io/infra',
+                  operator: 'Exists',
+                } ],
+              } ],
+            },
+          },
+        },
+      },
     },
   };
 

diff --git a/tests/affinity-override.yml b/tests/affinity-override.yml
@@ -0,0 +1,19 @@
+applications:
+  - openshift4-operators as affinity-override
+
+parameters:
+  affinity_override:
+    useCustomNamespace: true
+    subscription:
+      name: foo
+      channel: stable
+      spec:
+        installPlanApproval: Manual
+        config:
+          affinity:
+            nodeAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                  - matchExpressions:
+                      - key: node-role.kubernetes.io/master
+                        operator: Exists
diff --git a/tests/golden/affinity-override/affinity-override/apps/openshift4-operators.yaml b/tests/golden/affinity-override/affinity-override/apps/openshift4-operators.yaml
diff --git a/tests/golden/affinity-override/affinity-override/openshift4-operators/affinity-override.yaml b/tests/golden/affinity-override/affinity-override/openshift4-operators/affinity-override.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    openshift.io/node-selector: ''
+  labels:
+    name: affinity-override
+    openshift.io/cluster-monitoring: 'false'
+    openshift.io/user-monitoring: 'false'
+  name: affinity-override
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  annotations: {}
+  labels:
+    name: affinity-override
+  name: affinity-override
+  namespace: affinity-override
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  annotations: {}
+  labels:
+    name: foo
+  name: foo
+  namespace: affinity-override
+spec:
+  channel: stable
+  config:
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: node-role.kubernetes.io/master
+                  operator: Exists
+  installPlanApproval: Manual
+  name: foo
+  source: certified-operators
+  sourceNamespace: openshift-marketplace
diff --git a/...rs-custom/openshift-operators-custom/openshift4-operators/openshift-operators-custom.yaml b/...rs-custom/openshift-operators-custom/openshift4-operators/openshift-operators-custom.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    openshift.io/node-selector: node-role.kubernetes.io/infra=
+    openshift.io/node-selector: ''
   labels:
     name: openshift-operators-custom
     openshift.io/cluster-monitoring: 'false'

diff --git a/...rs-redhat/openshift-operators-redhat/openshift4-operators/openshift-operators-redhat.yaml b/...rs-redhat/openshift-operators-redhat/openshift4-operators/openshift-operators-redhat.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    openshift.io/node-selector: node-role.kubernetes.io/infra=
+    openshift.io/node-selector: ''
   labels:
     name: openshift-operators-redhat
     openshift.io/cluster-monitoring: 'true'

diff --git a/...den/openshift-operators/openshift-operators/openshift4-operators/openshift-operators.yaml b/...den/openshift-operators/openshift-operators/openshift4-operators/openshift-operators.yaml
@@ -13,7 +13,7 @@ spec:
       patchTemplate: |-
         "metadata":
           "annotations":
-            "openshift.io/node-selector": "node-role.kubernetes.io/infra="
+            "openshift.io/node-selector": ""
           "labels":
             "openshift.io/cluster-monitoring": "false"
             "openshift.io/user-monitoring": "false"

diff --git a/...erator-subscription/operator-subscription/openshift4-operators/operator-subscription.yaml b/...erator-subscription/operator-subscription/openshift4-operators/operator-subscription.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    openshift.io/node-selector: node-role.kubernetes.io/infra=
+    openshift.io/node-selector: ''
   labels:
     name: operator-subscription
     openshift.io/cluster-monitoring: 'false'
@@ -28,6 +28,14 @@ metadata:
   namespace: operator-subscription
 spec:
   channel: stable
+  config:
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: node-role.kubernetes.io/infra
+                  operator: Exists
   installPlanApproval: Manual
   name: foo
   source: certified-operators