feat(argo-cd): Add global affinity configuration (#1794)

charts/argo-cd/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v2.6.2
 kubeVersion: ">=1.22.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.21.1
+version: 5.22.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -23,5 +23,5 @@ dependencies:
     condition: redis-ha.enabled
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Upgrade Argo CD to v2.6.2
+    - kind: added
+      description: Global affinity configuration

charts/argo-cd/README.md

@@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog].
 
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 
+### 5.21.0
+
+This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
+
 ### 5.19.0
 
 This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections.
@@ -381,6 +385,9 @@ NAME: my-release
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | global.additionalLabels | object | `{}` | Common labels for the all resources |
+| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity |
+| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `soft` or `hard` |
+| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `soft` or `hard` |
 | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
 | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
 | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
@@ -460,7 +467,7 @@ NAME: my-release
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
+| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
 | controller.args | object | `{}` | DEPRECATED - Application controller commandline flags |
 | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
 | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
@@ -529,7 +536,7 @@ NAME: my-release
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| repoServer.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
+| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
 | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
 | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server |
 | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] |
@@ -622,7 +629,7 @@ NAME: my-release
 | server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] |
 | server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate |
 | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. |
-| server.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
+| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
 | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
 | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server |
 | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] |
@@ -785,7 +792,7 @@ server:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| dex.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
+| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
 | dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret |
 | dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. |
 | dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) |
@@ -869,7 +876,7 @@ server:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
+| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
 | redis.containerPorts.metrics | int | `9121` | Metrics container port |
 | redis.containerPorts.redis | int | `6379` | Redis container port |
 | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context |
@@ -979,7 +986,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| applicationSet.affinity | object | `{}` | Assign custom [affinity] rules |
+| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags |
 | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
@@ -1063,9 +1070,9 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| notifications.affinity | object | `{}` | Assign custom [affinity] rules |
+| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
-| notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules |
+| notifications.bots.slack.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context |
 | notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] |
 | notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods |

charts/argo-cd/README.md.gotmpl

@@ -104,6 +104,10 @@ For full list of changes please check ArtifactHub [changelog].
 
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 
+### 5.21.0
+
+This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
+
 ### 5.19.0
 
 This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections.

charts/argo-cd/templates/_common.tpl

@@ -63,3 +63,57 @@ app.kubernetes.io/instance: {{ .context.Release.Name }}
 app.kubernetes.io/component: {{ .component }}
 {{- end }}
 {{- end }}
+
+{{/*
+Common affinity definition
+Pod affinity
+  - Soft prefers different nodes
+  - Hard requires different nodes and prefers different availibility zones
+Node affinity
+  - Soft prefers given user expressions
+  - Hard requires given user expressions
+*/}}
+{{- define "argo-cd.affinity" -}}
+{{- with .component.affinity -}}
+  {{- toYaml . -}}
+{{- else -}}
+{{- $preset := .context.Values.global.affinity -}}
+podAntiAffinity:
+  preferredDuringSchedulingIgnoredDuringExecution:
+  {{- if (eq $preset.podAntiAffinity "soft") }}
+  - weight: 100
+    podAffinityTerm:
+      labelSelector:
+        matchLabels:
+          app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
+      topologyKey: kubernetes.io/hostname
+  {{- else }}
+  - weight: 100
+    podAffinityTerm:
+      labelSelector:
+        matchLabels:
+          app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
+      topologyKey: topology.kubernetes.io/zone
+  requiredDuringSchedulingIgnoredDuringExecution:
+  - labelSelector:
+      matchLabels:
+        app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
+    topologyKey: kubernetes.io/hostname
+  {{- end }}
+{{- with $preset.nodeAffinity.matchExpressions }}
+nodeAffinity:
+  {{- if (eq $preset.nodeAffinity.type "soft") }}
+  preferredDuringSchedulingIgnoredDuringExecution:
+  - weight: 1
+    preference:
+      matchExpressions:
+      {{- toYaml . | nindent 6 }}
+  {{- else }}
+  requiredDuringSchedulingIgnoredDuringExecution:
+    nodeSelectorTerms:
+    - matchExpressions:
+      {{- toYaml . | nindent 6 }}
+  {{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/argo-cd/templates/argocd-application-controller/statefulset.yaml

@@ -264,6 +264,8 @@ spec:
       initContainers:
         {{- tpl (toYaml .) $ | nindent 6 }}
       {{- end }}
+      affinity:
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.controller) | nindent 8 }}
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -272,10 +274,6 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       {{- with .Values.controller.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- range $constraint := . }}

charts/argo-cd/templates/argocd-applicationset/deployment.yaml

@@ -198,14 +198,12 @@ spec:
       initContainers:
         {{- tpl (toYaml .) $ | nindent 6 }}
       {{- end }}
+      affinity:
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) | nindent 8 }}
       {{- with .Values.applicationSet.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.applicationSet.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       {{- with .Values.applicationSet.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}

charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml

@@ -53,14 +53,12 @@ spec:
             {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
           securityContext:
             {{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }}
+      affinity:
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications.bots.slack) | nindent 8 }}
       {{- with .Values.notifications.bots.slack.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.notifications.bots.slack.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       {{- with .Values.notifications.bots.slack.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}

charts/argo-cd/templates/argocd-notifications/deployment.yaml

@@ -88,14 +88,12 @@ spec:
       initContainers:
         {{- tpl (toYaml . ) $ | nindent 8 }}
       {{- end }}
+      affinity:
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) | nindent 8 }}
       {{- with .Values.notifications.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.notifications.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       {{- with .Values.notifications.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}

charts/argo-cd/templates/argocd-repo-server/deployment.yaml

@@ -291,6 +291,8 @@ spec:
       {{- with .Values.repoServer.initContainers }}
         {{- tpl (toYaml .) $ | nindent 6 }}
       {{- end }}
+      affinity:
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) | nindent 8 }}
       {{- with .Values.repoServer.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -299,10 +301,6 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.repoServer.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       {{- with .Values.repoServer.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- range $constraint := . }}

charts/argo-cd/templates/argocd-server/deployment.yaml

@@ -348,6 +348,8 @@ spec:
       initContainers:
         {{- tpl (toYaml .) $ | nindent 6 }}
       {{- end }}
+      affinity:
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.server) | nindent 8 }}
       {{- with .Values.server.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -356,10 +358,6 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.server.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       {{- with .Values.server.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- range $constraint := . }}

charts/argo-cd/templates/dex/deployment.yaml

@@ -146,10 +146,8 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.dex.affinity }}
       affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.dex) | nindent 8 }}
       {{- with .Values.dex.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- range $constraint := . }}

charts/argo-cd/templates/redis/deployment.yaml

@@ -106,10 +106,8 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.redis.affinity }}
       affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.redis) | nindent 8 }}
       {{- with .Values.redis.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- range $constraint := . }}

charts/argo-cd/values.yaml

@@ -92,12 +92,29 @@ global:
   #   hostnames:
   #   - git.myhostname
 
+  # Default network policy rules used by all components
   networkPolicy:
     # -- Create NetworkPolicy objects for all components
     create: false
     # -- Default deny all ingress traffic
     defaultDenyIngress: false
 
+  # Default affinity preset for all components
+  affinity:
+    # -- Default pod anti-affinity rules. Either: `soft` or `hard`
+    podAntiAffinity: soft
+    # Node affinity rules
+    nodeAffinity:
+      # -- Default node affinity rules. Either: `soft` or `hard`
+      type: hard
+      # -- Default match expressions for node affinity
+      matchExpressions: []
+        # - key: topology.kubernetes.io/zone
+        #   operator: In
+        #   values:
+        #    - antarctica-east1
+        #    - antarctica-west1
+
 ## Argo Configs
 configs:
   # General Argo CD configuration
@@ -627,6 +644,7 @@ controller:
   tolerations: []
 
   # -- Assign custom [affinity] rules to the deployment
+  # @default -- `{}` (defaults to global.affinity preset)
   affinity: {}
 
   # -- Assign custom [TopologySpreadConstraints] rules to the application controller
@@ -965,6 +983,7 @@ dex:
   # -- [Tolerations] for use with node taints
   tolerations: []
   # -- Assign custom [affinity] rules to the deployment
+  # @default -- `{}` (defaults to global.affinity preset)
   affinity: {}
 
   # -- Assign custom [TopologySpreadConstraints] rules to dex
@@ -1136,6 +1155,7 @@ redis:
   tolerations: []
 
   # -- Assign custom [affinity] rules to the deployment
+  # @default -- `{}` (defaults to global.affinity preset)
   affinity: {}
 
   # -- Assign custom [TopologySpreadConstraints] rules to redis
@@ -1523,6 +1543,7 @@ server:
   # -- [Tolerations] for use with node taints
   tolerations: []
   # -- Assign custom [affinity] rules to the deployment
+  # @default -- `{}` (defaults to global.affinity preset)
   affinity: {}
 
   # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
@@ -2014,6 +2035,7 @@ repoServer:
   # -- [Tolerations] for use with node taints
   tolerations: []
   # -- Assign custom [affinity] rules to the deployment
+  # @default -- `{}` (defaults to global.affinity preset)
   affinity: {}
 
   # -- Assign custom [TopologySpreadConstraints] rules to the repo server
@@ -2349,6 +2371,7 @@ applicationSet:
   tolerations: []
 
   # -- Assign custom [affinity] rules
+  # @default -- `{}` (defaults to global.affinity preset)
   affinity: {}
 
   # -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
@@ -2594,6 +2617,7 @@ notifications:
   tolerations: []
 
   # -- Assign custom [affinity] rules
+  # @default -- `{}` (defaults to global.affinity preset)
   affinity: {}
 
   # -- Priority class for the notifications controller pods
@@ -2983,6 +3007,7 @@ notifications:
       #   memory: 128Mi
 
       # -- Assign custom [affinity] rules
+      # @default -- `{}` (defaults to global.affinity preset)
       affinity: {}
 
       # -- [Tolerations] for use with node taints