schedule coredns replicas onto different nodes for HA

RADAR-base · Mar 25, 2024 · 21f6db8 · 21f6db8
1 parent 340b009
commit 21f6db8
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 35 deletions.
diff --git a/cluster/eks.tf b/cluster/eks.tf
@@ -112,34 +112,45 @@ module "eks" {
 
   cluster_addons = {
     coredns = {
-      addon_version     = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.coredns
-      resolve_conflicts = "OVERWRITE"
-      configuration_values = var.create_dmz_node_group ? jsonencode({
-        tolerations : [
+      addon_version               = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.coredns
+      resolve_conflicts_on_create = "OVERWRITE"
+      configuration_values = jsonencode({
+        tolerations : var.create_dmz_node_group ? [
           {
             key : "dmz-pod",
             operator : "Equal",
             value : "yes",
             effect : "NoExecute"
           }
-        ],
-        nodeSelector : {
+        ] : [],
+        nodeSelector : var.create_dmz_node_group ? {
           role : "dmz-1"
+        } : {},
+        affinity : {
+          podAntiAffinity : {
+            requiredDuringSchedulingIgnoredDuringExecution : [{
+              labelSelector : {
+                matchExpressions : [{
+                  key : "k8s-app"
+                  operator : "In"
+                  values : ["kube-dns"]
+                }]
+              },
+              topologyKey : "kubernetes.io/hostname"
+            }]
+          }
         }
-        }) : jsonencode({
-        tolerations : [],
-        nodeSelector : {}
       })
     }
     kube-proxy = {
-      addon_version     = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.kube_proxy
-      resolve_conflicts = "OVERWRITE"
+      addon_version               = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.kube_proxy
+      resolve_conflicts_on_create = "OVERWRITE"
     }
     vpc-cni = {
-      addon_version            = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.vpc_cni
-      resolve_conflicts        = "OVERWRITE"
-      before_compute           = true
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+      addon_version               = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.vpc_cni
+      resolve_conflicts_on_create = "OVERWRITE"
+      before_compute              = true
+      service_account_role_arn    = module.vpc_cni_irsa.iam_role_arn
       configuration_values = jsonencode({
         env : {
           # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html
@@ -149,9 +160,9 @@ module "eks" {
       })
     }
     aws-ebs-csi-driver = {
-      addon_version            = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.ebs_csi_driver
-      resolve_conflicts        = "OVERWRITE"
-      service_account_role_arn = module.ebs_csi_irsa.iam_role_arn
+      addon_version               = local.eks_core_versions[var.eks_kubernetes_version].cluster_addons.ebs_csi_driver
+      resolve_conflicts_on_create = "OVERWRITE"
+      service_account_role_arn    = module.ebs_csi_irsa.iam_role_arn
       configuration_values = jsonencode({
         sidecars : {
           snapshotter : {

diff --git a/config/karpenter.tf b/config/karpenter.tf
@@ -27,15 +27,15 @@ locals {
     },
     {
       name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
-      value = module.karpenter[0].irsa_arn
+      value = length(module.karpenter) > 0 ? module.karpenter[0].irsa_arn : null
     },
     {
       name  = "settings.aws.defaultInstanceProfile"
-      value = module.karpenter[0].instance_profile_name
+      value = length(module.karpenter) > 0 ? module.karpenter[0].instance_profile_name : null
     },
     {
       name  = "settings.aws.interruptionQueueName"
-      value = module.karpenter[0].queue_name
+      value = length(module.karpenter) > 0 ? module.karpenter[0].queue_name : null
     },
     {
       name  = "replicas"
@@ -77,7 +77,7 @@ resource "helm_release" "karpenter" {
 
 
   dynamic "set" {
-    for_each = var.create_dmz_node_group ? concat(local.common_settings, local.tolerations_settings) : local.common_settings
+    for_each = var.with_dmz_pods ? concat(local.common_settings, local.tolerations_settings) : local.common_settings
 
     content {
       name  = set.value.name

diff --git a/config/terraform.tfvars b/config/terraform.tfvars
@@ -1,11 +1,11 @@
-AWS_REGION            = "eu-west-2"
-environment           = "dev"
-domain_name           = "change-me-radar-base-dummy-domain.net"
-create_dmz_node_group = false
-enable_karpenter      = false
-enable_msk            = false
-enable_rds            = false
-enable_route53        = false
-enable_ses            = false
-enable_s3             = false
-enable_eip            = false
+AWS_REGION       = "eu-west-2"
+environment      = "dev"
+domain_name      = "change-me-radar-base-dummy-domain.net"
+with_dmz_pods    = false
+enable_karpenter = false
+enable_msk       = false
+enable_rds       = false
+enable_route53   = false
+enable_ses       = false
+enable_s3        = false
+enable_eip       = false
diff --git a/config/variables.tf b/config/variables.tf
@@ -89,9 +89,9 @@ variable "radar_postgres_password" {
   sensitive = true
 }
 
-variable "create_dmz_node_group" {
+variable "with_dmz_pods" {
   type        = bool
-  description = "Whether or not to create a DMZ node group with taints"
+  description = "Whether or not to utilise the DMZ node group if it exists"
   default     = false
 }