fix nodeSelector, afinity and toleration bug of apigateway

modoulo · modoulo · commit ea0c3b6c04c3 · 2023-07-06T13:11:52.000Z
diff --git a/deploy/helm/data-plane/templates/gateway/contour-internal-LB.yaml b/deploy/helm/data-plane/templates/gateway/contour-internal-LB.yaml
@@ -673,11 +673,9 @@ spec:
               fieldPath: metadata.name
         ports:
         - containerPort: 8080
-          hostPort: 80
           name: http
           protocol: TCP
         - containerPort: 8443
-          hostPort: 443
           name: https
           protocol: TCP
         readinessProbe:
diff --git a/deploy/helm/data-plane/templates/gateway/contour-internal.yaml b/deploy/helm/data-plane/templates/gateway/contour-internal.yaml
@@ -379,7 +379,7 @@ spec:
     targetPort: 8443
   selector:
     app: envoy
-  type: LoadBalancer
+  type: ClusterIP
 
 ---
 kind: GatewayClass
@@ -404,17 +404,6 @@ spec:
     allowedRoutes:
       namespaces:
         from: All
-  - name: https
-    protocol: HTTPS
-    port: 443
-    allowedRoutes:
-      namespaces:
-        from: All
-    tls:
-      certificateRefs:
-      - kind: Secret
-        group: ""
-        name: cno-apigateway-internal-tls
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -442,19 +431,23 @@ spec:
       labels:
         app: contour
     spec:
-      nodeSelector:
-      {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
-        {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
-      {{- end }}
       affinity:
         podAntiAffinity:
-          {{- if hasKey .Values.cnoApiGateway "podAntiAffinity" -}}
-            {{- toYaml .Values.cnoApiGateway.podAntiAffinity | nindent 10 -}}
-          {{- end }}
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                - key: {{ .Values.cnoApiGateway.nodeSelector }}
+                  operator: Exists
+              topologyKey: kubernetes.io/hostname
+      nodeSelector:
+        {{ .Values.cnoApiGateway.nodeSelector }}: ""
       tolerations:
-      {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
-        {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
-      {{- end }}
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoSchedule"
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoExecute"
       containers:
       - args:
         - serve
@@ -550,13 +543,15 @@ spec:
         app: envoy
     spec:
       nodeSelector:
-        {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
-          {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
-        {{- end }}
+        {{ .Values.cnoApiGateway.nodeSelector }}: ""
       tolerations:
-        {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
-          {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
-        {{- end }}
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoSchedule"
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoExecute"
+      
       containers:
       - command:
         - /bin/contour
@@ -606,11 +601,9 @@ spec:
               fieldPath: metadata.name
         ports:
         - containerPort: 8080
-          hostPort: 80
           name: http
           protocol: TCP
         - containerPort: 8443
-          hostPort: 443
           name: https
           protocol: TCP
         readinessProbe:
diff --git a/deploy/helm/data-plane/templates/gateway/contour.yaml b/deploy/helm/data-plane/templates/gateway/contour.yaml
@@ -460,7 +460,7 @@ spec:
     targetPort: 8443
   selector:
     app: envoy
-  type: LoadBalancer
+  type: ClusterIP
 
 ---
 kind: GatewayClass
@@ -523,19 +523,23 @@ spec:
       labels:
         app: contour
     spec:
-      nodeSelector:
-        {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
-          {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
-        {{- end }}
       affinity:
         podAntiAffinity:
-          {{- if hasKey .Values.cnoApiGateway "podAntiAffinity" -}}
-            {{- toYaml .Values.cnoApiGateway.podAntiAffinity | nindent 10 -}}
-          {{- end }}
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                - key: {{ .Values.cnoApiGateway.nodeSelector }}
+                  operator: Exists
+              topologyKey: kubernetes.io/hostname
+      nodeSelector:
+        {{ .Values.cnoApiGateway.nodeSelector }}: ""
       tolerations:
-        {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
-          {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
-        {{- end }}
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoSchedule"
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoExecute"
       containers:
       - args:
         - serve
@@ -631,13 +635,14 @@ spec:
         app: envoy
     spec:
       nodeSelector:
-        {{- if hasKey .Values.cnoApiGateway "nodeSelector" -}}
-          {{- toYaml .Values.cnoApiGateway.nodeSelector | nindent 8 -}}
-        {{- end }}
+        {{ .Values.cnoApiGateway.nodeSelector }}: ""
       tolerations:
-        {{- if hasKey .Values.cnoApiGateway "tolerations" -}}
-          {{- toYaml .Values.cnoApiGateway.tolerations | nindent 8 -}}
-        {{- end }}
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoSchedule"
+        - key: {{ .Values.cnoApiGateway.tolerationsKey }}
+          value: "reserved"
+          effect: "NoExecute"
       containers:
       - command:
         - /bin/contour
diff --git a/deploy/helm/data-plane/values.yaml b/deploy/helm/data-plane/values.yaml
@@ -84,22 +84,5 @@ monitoring:
 
 cnoApiGateway:
   type: loadBalancer
-  
-  podAntiAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      - labelSelector:
-          matchExpressions:
-          - key: node-role.kubernetes.io/ingress-cno
-            operator: Exists
-        topologyKey: kubernetes.io/hostname
-
-  tolerations:
-    - key: "ingress-cno"
-      value: "reserved"
-      effect: "NoSchedule"
-    - key: "ingress-cno"
-      value: "reserved"
-      effect: "NoExecute"
-
-  nodeSelector:
-    node-role.kubernetes.io/ingress-cno: ""
+  nodeSelector: node-role.kubernetes.io/ingress-cno
+  tolerationsKey: ingress-cno
diff --git a/docs/cno-agent-v2.0.2.tgz b/docs/cno-agent-v2.0.2.tgz
