diff --git a/class/defaults.yml b/class/defaults.yml index dc3f89f..35cada0 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -35,6 +35,12 @@ parameters: extraEnv: {} resourceRatio: memoryPerCore: 4Gi + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoSchedule" + key: "node-role.kubernetes.io/master" + operator: "Exists" webhook: tls: certSecretName: webhook-service-tls diff --git a/component/agent.jsonnet b/component/agent.jsonnet index d1688d1..5b99565 100644 --- a/component/agent.jsonnet +++ b/component/agent.jsonnet @@ -127,6 +127,8 @@ local deployment = loadManifest('manager/manager.yaml') { }, }, ], + nodeSelector: params.agent.nodeSelector, + tolerations: params.agent.tolerations, }, }, }, diff --git a/component/main.jsonnet b/component/main.jsonnet index 4a4a411..1672148 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -8,23 +8,22 @@ local inv = kap.inventory(); local params = inv.parameters.appuio_cloud; local isOpenshift = std.startsWith(inv.parameters.facts.distribution, 'openshift'); -local monitoringLabel = - if isOpenshift then - { - 'openshift.io/cluster-monitoring': 'true', - } - else - { - SYNMonitoring: 'main', - }; +local namespaceLabels = ( + if isOpenshift then { 'openshift.io/cluster-monitoring': 'true' } + else { SYNMonitoring: 'main' } +) + params.namespaceLabels; +local namespaceAnnotations = ( + if isOpenshift then { 'openshift.io/node-selector': '' } + else {} +) + params.namespaceAnnotations; local secrets = com.generateResources(params.secrets, function(name) com.namespaced(params.namespace, kube.Secret(name) + common.DefaultLabels)); { '00_namespace': kube.Namespace(params.namespace) { metadata+: { - labels+: monitoringLabel + params.namespaceLabels, - annotations+: params.namespaceAnnotations, + labels+: namespaceLabels, + annotations+: namespaceAnnotations, }, } + common.DefaultLabels, '00_secrets': secrets, diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 41d4929..a421756 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -150,6 +150,38 @@ The "fair-use" limit of memory to CPU request. That means, if a namespace requests less than `4Gi` of memory per requested CPU core, the APPUiO Cloud Agent will warn the user that they exceed the "fair-use" limit and will potentially generate additional costs. +== `agent.nodeSelector` + +[horizontal] +type:: dict +default:: ++ +[source,yaml] +---- +nodeSelector: + node-role.kubernetes.io/master: "" +---- + +The node selector (if applicable) for the agent deployment. + + +== `agent.tolerations` + +[horizontal] +type:: list +default:: ++ +[source,yaml] +---- +tolerations: + - effect: "NoSchedule" + key: "node-role.kubernetes.io/master" + operator: "Exists" +---- + +The tolerations (if applicable) for the agent deployment. + + == `agent.webhook.tls` This key configures encryption of traffic to the controller's admission webhook server. diff --git a/tests/golden/defaults/appuio-cloud/appuio-cloud/01_agent/02_deployment.yaml b/tests/golden/defaults/appuio-cloud/appuio-cloud/01_agent/02_deployment.yaml index 5ddd755..9090d94 100644 --- a/tests/golden/defaults/appuio-cloud/appuio-cloud/01_agent/02_deployment.yaml +++ b/tests/golden/defaults/appuio-cloud/appuio-cloud/01_agent/02_deployment.yaml @@ -60,8 +60,14 @@ spec: - mountPath: /var/run/webhook-service-tls name: webhook-service-tls readOnly: true + nodeSelector: + node-role.kubernetes.io/master: '' serviceAccountName: appuio-cloud-agent terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists volumes: - configMap: name: appuio-cloud-agent-config