[enhance] Parameterize Node Affinity

docs/vars.md

@@ -22,6 +22,11 @@ before deploying dojot
 * *dojot_bridges_replicas*: Set number of replicas for K2V, V2K and Loopback, and also modifies the number of partitions in Kafka topics. Defaults to **1**.
 * *dojot_fixed_nodeports_enabled*: Set whether dojot's nodeport services will be fixed. Defaults to **false**.
 * *dojot_nodeports*: Range of fixed ports for dojot services with external access.
+* *dojot_enable_node_affinity*: Enables node affinity for all services. Beware that you must configure your nodes to match the labels in the files. Default to **false**.
+* *dojot_node_dojot_label*: Label value for the rest of Dojot components nodes. Defaults to **dojot**.
+* *dojot_node_kafka_label*: Label value for Kafka, Zookeeper and Kafka Loopback nodes. Defaults to **kafka**.
+* *dojot_node_x509_label*: Label value for x509 nodes. Defaults to **x509**.
+* *dojot_node_vernemq_label*: Label value for VerneMQ, K2V and V2K nodes. Defaults to **vernemq**.
 
 
 ### - Zookeeper
@@ -128,6 +133,7 @@ before deploying dojot
 * *dojot_psql_ejbca_user*: EJBCA PostgreSQL database user. Defaults to **ejbca**.
 * *dojot_psql_ejbca_passwd*: EJBCA PostgreSQL database password. Defaults to **ejbca**.
 * *dojot_x509_identity_mgmt_version*: Version of the x509 Identity Management container. Defaults to **dojot_version**.
+* *dojot_x509_identity_mgmt_replicas*: Number of replicas. Beware that you must configure a volume if you want more than one instance. Defaults to **1**.
 
 ### - Kafka Loopback
 

inventories/example_local/group_vars/dojot-k8s/dojot.yaml

@@ -38,6 +38,8 @@ dojot_vernemq_replicas: 1
 # Number of replicas for K2V, V2K and Loopback, it also modifies the default number of partitions
 # for Kafka topics
 dojot_bridges_replicas: 1
+# Number of x509 Identity Management replicas
+dojot_x509_identity_mgmt_replicas: 1
 
 # Enable Kafka WS TLS support, the service must have a configured volume with the certificates inside
 dojot_kafka_ws_enable_tls: false
@@ -55,3 +57,20 @@ dojot_nodeports:
   mqtt: 30310
   mqtts: 30311
   metrics: 30033
+
+## Node affinity
+# Note: you must label your nodes accordingly when node affinity is enabled, otherwise you might run
+# into problems.
+# Note: if you are using persistence, all PersistentVolume files must reflect the changes in here.
+# Example: you must assign the Kafka and Zookeeper volumes to the {{ dojot_node_kafka_label }} node
+
+# Enables node affinity in all services
+dojot_enable_node_affinity: false
+# Label for the rest of the services
+dojot_node_dojot_label: dojot
+# Label for x509 node
+dojot_node_x509_label: x509
+# Label for Kafka, Zookeeper and Kafka Loopback node
+dojot_node_kafka_label: kafka
+# Label for VerneMQ, K2V and V2K nodes
+dojot_node_vernemq_label: vernemq

local_storage_example/volumes/apigw.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-            - k8s17-worker
+          - dojot

local_storage_example/volumes/kafka.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-          - k8s17-worker
+          - dojot

local_storage_example/volumes/kafka_ws.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-            - k8s17-worker
+          - dojot

local_storage_example/volumes/minio.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-          - k8s17-worker
+          - dojot

local_storage_example/volumes/mongo.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-          - k8s17-worker
+          - dojot

local_storage_example/volumes/postgres.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-          - k8s17-worker
+          - dojot

local_storage_example/volumes/prometheus.yaml

@@ -18,7 +18,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-          - k8s17-worker
+          - dojot

local_storage_example/volumes/storageclass.yaml

@@ -3,4 +3,4 @@ kind: StorageClass
 metadata:
   name: local-storage
 provisioner: kubernetes.io/no-provisioner
-volumeBindingMode: WaitForFirstConsumer
+volumeBindingMode: WaitForFirstConsumer

local_storage_example/volumes/x509_identity_mgmt.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-            - k8s17-worker
+          - dojot

local_storage_example/volumes/zookeeper_data.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-          - k8s17-worker
+          - dojot

local_storage_example/volumes/zookeeper_log.yaml

@@ -19,7 +19,7 @@ spec:
     required:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: kubernetes.io/hostname
+        - key: dojot.components/group
           operator: In
           values:
-          - k8s17-worker
+          - dojot

roles/apigw/templates/apigw_deployment.yaml.j2

@@ -18,6 +18,17 @@ spec:
         name: kong
         app: dojot
     spec:
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}
       restartPolicy: Always
       securityContext:
         # User kong has UID 100

roles/apigw/templates/apigw_migration_job.yaml.j2

@@ -8,6 +8,7 @@ spec:
     metadata:
       name: kong-migrate
     spec:
+      restartPolicy: OnFailure
       containers:
       - name: kong-migrate
         env:
@@ -32,4 +33,14 @@ spec:
               key: db
         image: dojot/kong:{{ dojot_apigw_version }}
         args: ["kong", "migrations", "bootstrap"]
-      restartPolicy: OnFailure
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/apigw/templates/apigw_migration_up_job.yaml.j2

@@ -8,6 +8,7 @@ spec:
     metadata:
       name: kong-migrate-up
     spec:
+      restartPolicy: OnFailure
       containers:
       - name: kong-migrate-up
         env:
@@ -32,4 +33,14 @@ spec:
               key: db
         image: dojot/kong:{{ dojot_apigw_version }}
         args: ["kong",  "migrations", "up", "&&", "kong",  "migrations", "finish"]
-      restartPolicy: OnFailure
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/apigw/templates/apigw_routes_config.yaml.j2

@@ -8,15 +8,26 @@ spec:
     metadata:
       name: kong-route-config
     spec:
+      restartPolicy: OnFailure
       containers:
       - name: kong-route-config
         image: dojot/byrnedo-alpine-curl
         volumeMounts:
         - mountPath: /config_file
           name: kong-route-config
         command: ['/bin/sh', '/config_file/kong-config.sh']
-      restartPolicy: OnFailure
       volumes:
       - name: kong-route-config
         configMap:
           name: kong-config
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/apigw/templates/apigw_routes_config_map.yaml.j2

@@ -114,8 +114,8 @@ data:
         curl  -s  -sS -X POST \
             --url ${kong}/services/auth-service/plugins/ \
             --data "name=rate-limiting" \
-            --data "config.minute=5" \
-            --data "config.hour=40" \
+            --data "config.minute=500" \
+            --data "config.hour=4000" \
             --data "config.policy=local"
 
         createEndpoint "auth-revoke" "http://auth:5000"  '"/auth/revoke"' "false"

roles/auth/templates/auth_deployment.yaml.j2

@@ -18,6 +18,7 @@ spec:
         name: auth
         app: dojot
     spec:
+      restartPolicy: Always
       containers:
       - image: dojot/auth:{{ dojot_auth_version }}
         name: auth
@@ -72,4 +73,14 @@ spec:
         name: redis
         ports:
         - containerPort: 6379
-      restartPolicy: Always
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/backstage/templates/backstage_deployment.yaml.j2

@@ -24,4 +24,15 @@ spec:
         env:
         - name: LOCAL_URL
           value: {{ kong_url }}
-      restartPolicy: Always
+      restartPolicy: Always
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/cron/templates/cron_deployment.yaml.j2

@@ -24,4 +24,15 @@ spec:
         env:
         - name: KAFKA_HOSTS
           value: {{ kafka_host }}
-      restartPolicy: Always
+      restartPolicy: Always
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/data-broker/templates/data_broker_deployment.yaml.j2

@@ -18,6 +18,7 @@ spec:
         name: data-broker
         app: dojot
     spec:
+      restartPolicy: Always
       containers:
       - image: dojot/data-broker:{{ dojot_data_broker_version }}
         name: data-broker
@@ -36,4 +37,14 @@ spec:
           value: "{{ dojot_bridges_replicas }}"
         - name: KAFKA_REPLICATION_FACTOR
           value: "1"
-      restartPolicy: Always
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/data-broker/templates/data_broker_redis_deployment.yaml.j2

@@ -19,7 +19,18 @@ spec:
         name: data-broker-redis
         app: dojot
     spec:
+      restartPolicy: Always
       containers:
       - image: dojot/redis:5.0.5-alpine3.10
         name: data-broker-redis
-      restartPolicy: Always
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}

roles/data-manager/templates/data_manager_deployment.yaml.j2

@@ -4,7 +4,7 @@ metadata:
   labels:
     name: data-manager
     app: dojot
-  name: data-manager  
+  name: data-manager
   namespace: {{ dojot_namespace }}
 spec:
   replicas: 1
@@ -18,7 +18,18 @@ spec:
         name: data-manager
         app: dojot
     spec:
+      restartPolicy: Always
       containers:
       - image: dojot/data-manager:{{ dojot_data_manager_version }}
         name: data-manager
-      restartPolicy: Always
+{% if dojot_enable_node_affinity %}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: dojot.components/group
+                operator: In
+                values:
+                - "{{ dojot_node_dojot_label }}"
+{% endif %}