Merge pull request #405 from olegvorobiov/master

added topologySpreadConstraints to controller, manager, and scanner
neuvector · Jun 7, 2024 · 5108ef7 · 5108ef7
2 parents d5f0c77 + 54ca8cc
commit 5108ef7
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 0 deletions.
diff --git a/charts/core/README.md b/charts/core/README.md
@@ -50,6 +50,7 @@ Parameter | Description | Default | Notes
 `controller.replicas` | controller replicas | `3` |
 `controller.schedulerName` | kubernetes scheduler name | `nil` |
 `controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
+`controller.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
 `controller.tolerations` | List of node taints to tolerate | `nil` |
 `controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
 `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
@@ -186,6 +187,7 @@ Parameter | Description | Default | Notes
 `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 `manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
 `manager.affinity` | manager affinity rules  | `{}` |
+`manager.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
 `manager.tolerations` | List of node taints to tolerate | `nil` |
 `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
 `manager.runAsUser` | Specify the run as User ID | `nil` |
@@ -255,6 +257,7 @@ Parameter | Description | Default | Notes
 `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
 `cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
 `cve.scanner.affinity` | scanner affinity rules  | `{}` |
+`cve.scanner.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
 `cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
 `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
 `cve.scanner.runAsUser` | Specify the run as User ID | `nil` |

diff --git a/charts/core/templates/controller-deployment.yaml b/charts/core/templates/controller-deployment.yaml
@@ -59,6 +59,10 @@ spec:
       {{- if .Values.controller.tolerations }}
       tolerations:
 {{ toYaml .Values.controller.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.controller.topologySpreadConstraints | indent 8 }}
       {{- end }}
       {{- if .Values.controller.nodeSelector }}
       nodeSelector:

diff --git a/charts/core/templates/manager-deployment.yaml b/charts/core/templates/manager-deployment.yaml
@@ -42,6 +42,10 @@ spec:
       {{- if .Values.manager.tolerations }}
       tolerations:
 {{ toYaml .Values.manager.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.manager.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.manager.topologySpreadConstraints | indent 8 }}
       {{- end }}
       {{- if .Values.manager.nodeSelector }}
       nodeSelector:

diff --git a/charts/core/templates/scanner-deployment.yaml b/charts/core/templates/scanner-deployment.yaml
@@ -38,6 +38,10 @@ spec:
       {{- if .Values.cve.scanner.tolerations }}
       tolerations:
 {{ toYaml .Values.cve.scanner.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.scanner.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.cve.scanner.topologySpreadConstraints | indent 8 }}
       {{- end }}
       {{- if .Values.cve.scanner.nodeSelector }}
       nodeSelector:

diff --git a/charts/core/values.yaml b/charts/core/values.yaml
@@ -98,6 +98,7 @@ controller:
                     - neuvector-controller-pod
             topologyKey: "kubernetes.io/hostname"
   tolerations: []
+  topologySpreadConstraints: []
   nodeSelector:
     {}
     # key1: value1
@@ -382,6 +383,7 @@ manager:
     # requests:
     #   cpu: 100m
     #   memory: 2280Mi
+  topologySpreadConstraints: []
   affinity: {}
   podLabels: {}
   podAnnotations: {}
@@ -524,6 +526,7 @@ cve:
       # requests:
       #   cpu: 100m
       #   memory: 2280Mi
+    topologySpreadConstraints: []
     affinity: {}
     podLabels: {}
     podAnnotations: {}