Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

Commit

Permalink
Use a Deployment with AntiAfinnity for kube-apiserver
Browse files Browse the repository at this point in the history 
Before a DaemonSet was used to deploy multiple kube-apiservers these
were bound to the hostport 6443, because DaemonSet do not support a
rollover without 1 pos bing unavailable this caused issues with one API
server endpoint becoming unavailable on update.
In systems where no network level loadbalancer of these was implemented
it causes Helm to error as it can no longer check how the rollout of
its update is going causing the kube-apiserver to never be updated.

This changes the multi controller setup to use a Deployment just like a
single controller setup. It uses Pod AntiAffinity rules to spread to all
 controller nodes.

Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
  • Loading branch information
@meyskens
meyskens authored and Maartje Eyskens committed Apr 19, 2021
1 parent 819e620 commit ede9672
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 42 deletions.
31 changes: 0 additions & 31 deletions assets/charts/control-plane/kube-apiserver/templates/kube-apiserver-ds.yaml
View file

This file was deleted.

22 changes: 19 additions & 3 deletions assets/charts/control-plane/kube-apiserver/templates/kube-apiserver.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
{{- if eq (int .Values.apiserver.replicas) 1 }}
apiVersion: apps/v1
kind: Deployment
metadata:
Expand All @@ -8,7 +7,7 @@ metadata:
tier: control-plane
k8s-app: kube-apiserver
spec:
replicas: 1
replicas: {{ .Values.apiserver.replicas }}
selector:
matchLabels:
tier: control-plane
Expand All @@ -22,11 +21,28 @@ spec:
labels:
tier: control-plane
k8s-app: kube-apiserver
helm-revision: {{ .Release.Revision | quote }}
annotations:
checkpointer.alpha.coreos.com/checkpoint: "true"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
# Automatically rolls update when secret changes.
checksum/secret: {{ include (print $.Template.BasePath "/kube-apiserver-secret.yaml") . | sha256sum }}
spec:
{{- if ne (int .Values.apiserver.replicas) 1 }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values:
- kube-apiserver
- key: helm-revision
operator: In
values:
- {{ .Release.Revision | quote }}
topologyKey: kubernetes.io/hostname
{{- end }}
{{- template "containers" . }}
{{- end }}

14 changes: 6 additions & 8 deletions pkg/assets/generated_assets.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit ede9672

Please sign in to comment.