Merge pull request #164 from appuio/feat/schedule-on-master

Support scheduling Cloud Agent on master nodes

class/defaults.yml

@@ -35,6 +35,12 @@ parameters:
       extraEnv: {}
       resourceRatio:
         memoryPerCore: 4Gi
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      tolerations:
+        - effect: "NoSchedule"
+          key: "node-role.kubernetes.io/master"
+          operator: "Exists"
       webhook:
         tls:
           certSecretName: webhook-service-tls

component/agent.jsonnet

@@ -127,6 +127,8 @@ local deployment = loadManifest('manager/manager.yaml') {
             },
           },
         ],
+        nodeSelector: params.agent.nodeSelector,
+        tolerations: params.agent.tolerations,
       },
     },
   },

component/main.jsonnet

@@ -8,23 +8,22 @@ local inv = kap.inventory();
 local params = inv.parameters.appuio_cloud;
 
 local isOpenshift = std.startsWith(inv.parameters.facts.distribution, 'openshift');
-local monitoringLabel =
-  if isOpenshift then
-    {
-      'openshift.io/cluster-monitoring': 'true',
-    }
-  else
-    {
-      SYNMonitoring: 'main',
-    };
+local namespaceLabels = (
+  if isOpenshift then { 'openshift.io/cluster-monitoring': 'true' }
+  else { SYNMonitoring: 'main' }
+) + params.namespaceLabels;
+local namespaceAnnotations = (
+  if isOpenshift then { 'openshift.io/node-selector': '' }
+  else {}
+) + params.namespaceAnnotations;
 
 local secrets = com.generateResources(params.secrets, function(name) com.namespaced(params.namespace, kube.Secret(name) + common.DefaultLabels));
 
 {
   '00_namespace': kube.Namespace(params.namespace) {
     metadata+: {
-      labels+: monitoringLabel + params.namespaceLabels,
-      annotations+: params.namespaceAnnotations,
+      labels+: namespaceLabels,
+      annotations+: namespaceAnnotations,
     },
   } + common.DefaultLabels,
   '00_secrets': secrets,

docs/modules/ROOT/pages/references/parameters.adoc

@@ -150,6 +150,38 @@ The "fair-use" limit of memory to CPU request.
 That means, if a namespace requests less than `4Gi` of memory per requested CPU core, the APPUiO Cloud Agent will warn the user that they exceed the "fair-use" limit and will potentially generate additional costs.
 
 
+== `agent.nodeSelector`
+
+[horizontal]
+type:: dict
+default::
++
+[source,yaml]
+----
+nodeSelector:
+  node-role.kubernetes.io/master: ""
+----
+
+The node selector (if applicable) for the agent deployment.
+
+
+== `agent.tolerations`
+
+[horizontal]
+type:: list
+default::
++
+[source,yaml]
+----
+tolerations:
+  - effect: "NoSchedule"
+    key: "node-role.kubernetes.io/master"
+    operator: "Exists"
+----
+
+The tolerations (if applicable) for the agent deployment.
+
+
 == `agent.webhook.tls`
 
 This key configures encryption of traffic to the controller's admission webhook server.

tests/golden/defaults/appuio-cloud/appuio-cloud/01_agent/02_deployment.yaml

@@ -60,8 +60,14 @@ spec:
             - mountPath: /var/run/webhook-service-tls
               name: webhook-service-tls
               readOnly: true
+      nodeSelector:
+        node-role.kubernetes.io/master: ''
       serviceAccountName: appuio-cloud-agent
       terminationGracePeriodSeconds: 10
+      tolerations:
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Exists
       volumes:
         - configMap:
             name: appuio-cloud-agent-config