feat: deploy zone-spreader

AtomiCloud · Feb 17, 2024 · 21e4a7e · 21e4a7e
1 parent b101a4b
commit 21e4a7e
Show file tree

Hide file tree

Showing 5 changed files with 94 additions and 2 deletions.
diff --git a/chart/Chart.lock b/chart/Chart.lock
@@ -8,5 +8,5 @@ dependencies:
 - name: aws-load-balancer-controller
   repository: https://aws.github.io/eks-charts
   version: 1.7.1
-digest: sha256:3a2d1c7d55156033a97bd196571a9cb9b8ffb5d5b4b9ec40de7cdd4dc6028312
-generated: "2024-02-15T14:58:27.352153+08:00"
+digest: sha256:d570d434004ba9f774b6b657bbccf548e1148582a7135377d1400ddf40beb409
+generated: "2024-02-17T17:04:56.971697+08:00"
diff --git a/chart/README.md b/chart/README.md
@@ -24,6 +24,11 @@ Helm chart to deploy EKS Bootstrap components includingg CSI (EBS and EFS) and L
 | role | string | `"role"` | Role ARN for IRSA for service account |
 | serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"lead"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |
 | tags | object | `{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"lead"}` | Kubernetes labels and annotations, following Service Tree |
+| zoneSpread.config.image | string | `"public.ecr.aws/eks-distro/kubernetes/pause:3.7"` |  |
+| zoneSpread.config.podSecurityContext | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | PodSecurityContext for zone-spread pod |
+| zoneSpread.config.resources | object | `{"limits":{"cpu":"125m","memory":"128Mi"},"requests":{"cpu":"0","memory":"0"}}` | Resources for zone-spread pod |
+| zoneSpread.config.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | SecurityContext for zone-spread pod |
+| zoneSpread.zones | object | `{"zone1":{"enabled":false,"replicas":1,"zone":"ap-southeast-1a"}}` | topology zones to deploy zone-spread pod to force node provisioning across zones |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.1](https://github.com/norwoodj/helm-docs/releases/v1.11.1)
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -0,0 +1,31 @@
+{{- range $k ,$v := .Values.zoneSpread.zones }}
+{{- if $v.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "sulfoxide-lead.fullname" $ }}-{{ $k }}
+  labels: {{- include "sulfoxide-lead.labels" $ | nindent 4 }}
+  annotations: {{- include "sulfoxide-lead.annotations" $ | nindent 4 }}
+    atomi.cloud/module: "zone-spread"
+spec:
+  replicas: {{ $v.replicas}}
+  selector:
+    matchLabels: {{- include "sulfoxide-lead.selectorLabels" $ | nindent 6 }}
+  template:
+    metadata:
+      labels: {{- include "sulfoxide-lead.selectorLabels" $ | nindent 8 }}
+      annotations: {{- include "sulfoxide-lead.annotations" $ | nindent 8 }}
+        atomi.cloud/module: "zone-spread"
+    spec:
+      terminationGracePeriodSeconds: 0
+      containers:
+        - name: pause
+          image: {{ $.Values.zoneSpread.config.image | default "public.ecr.aws/eks-distro/kubernetes/pause:3.7" }}
+          resources: {{- toYaml $.Values.zoneSpread.config.resources | nindent 12 }}
+          securityContext: {{- toYaml $.Values.zoneSpread.config.securityContext | nindent 12 }}
+      nodeSelector:
+        "topology.kubernetes.io/zone": {{ $v.zone }}
+      securityContext: {{- toYaml $.Values.zoneSpread.config.podSecurityContext | nindent 8 }}
+---
+{{- end }}
+{{- end }}
diff --git a/chart/values.entei.onyx.yaml b/chart/values.entei.onyx.yaml
@@ -72,3 +72,18 @@ aws-load-balancer-controller:
     <<: *tags
   podAnnotations:
     <<: *tags
+
+zoneSpread:
+  zones:
+    zone1:
+      zone: ap-southeast-1a
+      enabled: true
+      replicas: 1
+    zone2:
+      zone: ap-southeast-1b
+      enabled: true
+      replicas: 1
+    zone3:
+      zone: ap-southeast-1c
+      enabled: true
+      replicas: 1
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -118,3 +118,44 @@ aws-load-balancer-controller:
   podAnnotations:
     <<: *tags
     atomi.cloud/module: *elb
+
+
+
+
+zoneSpread:
+  config:
+
+    image: "public.ecr.aws/eks-distro/kubernetes/pause:3.7"
+
+    # -- PodSecurityContext for zone-spread pod
+    podSecurityContext:
+      runAsUser: 1000
+      runAsGroup: 1000
+      fsGroup: 1000
+      runAsNonRoot: true
+
+    # -- SecurityContext for zone-spread pod
+    securityContext:
+      allowPrivilegeEscalation: false
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 1000
+      runAsGroup: 1000
+      capabilities:
+        drop:
+          - ALL
+
+    # -- Resources for zone-spread pod
+    resources:
+      requests:
+        cpu: "0"
+        memory: "0"
+      limits:
+        cpu: 125m
+        memory: 128Mi
+  # -- topology zones to deploy zone-spread pod to force node provisioning across zones
+  zones:
+    zone1:
+      zone: ap-southeast-1a
+      enabled: false
+      replicas: 1