Added pod affinity if the default ReadWriteOnce is used.

keskival · keskival · commit 9a541812b8da · 2022-12-10T20:25:53.000+01:00
If `accessMode` `ReadWriteOnce` is used, then the volume
can only be accessed in a write mode from a single node.
This means that all pods which require write access to
the volume need to be co-located to the same node.
Failing that typically leads to a difficult to untangle
locked volume mount situation where containers are stuck
in `ContainerCreating`.

This change adds the necessary pod affinities if the related
access modes are set in the `values.yaml`.
diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml
@@ -45,10 +45,23 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
       affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- if not (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity).podAffinity }}
+        {{- if or (eq "ReadWriteOnce" $context.Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" $context.Values.mastodon.persistence.system.accessMode) }}
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/part-of
+                    operator: In
+                    values:
+                      - rails
+              topologyKey: kubernetes.io/hostname
+        {{- end }}
+        {{- end }}
+        {{- with (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- if (not $context.Values.mastodon.s3.enabled) }}
       volumes:
         - name: assets
diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml
@@ -118,10 +118,23 @@ spec:
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
       affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- if not (default .Values.affinity .Values.mastodon.web.affinity).podAffinity }}
+        {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/part-of
+                    operator: In
+                    values:
+                      - rails
+              topologyKey: kubernetes.io/hostname
+        {{- end }}
+        {{- end }}
+        {{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
