search

jfrog / charts

JFrog official Helm Charts
https://jfrog.com/integration/helm-repository/
Apache License 2.0
254 stars 439 forks source link

Artifactory StatefulSet podAntiAffinity incorrectly matches nginx pods #1590

Open jlyheden opened 2 years ago

jlyheden commented 2 years ago

Is this a request for help?:

No

Is this a BUG REPORT or FEATURE REQUEST? (choose one):

BUG REPORT

Version of Helm and Kubernetes:

Helm 3.7.1 Kubernetes EKS 1.20.11

Which chart:

jfrog-platform (having artifactory and xray enabled, everything else disabled)

What happened:

When setting the artifactory.artifactory.podAntiAffinity parameter, the chart uses a label selector that also matches the nginx pods, preventing Artifactory pods to schedule on the same nodes as the nginx pods. On our three node / three availability zone setup it meant that some Artifactory replicas could not schedule at all.

What you expected to happen:

Artifactory pods are spread across AWS availability zones (our defined topologyKey) and scheduled successfully. Pods from Artifactory StatefulSet can coexist on the same nodes as the nginx pods.

How to reproduce it (as minimally and precisely as possible):

  1. Create a 2 node cluster with enough capacity to run the jfrog platform stack
  2. Deploy jfrog-platform chart with these values 
    artifactory:
artifactory:
podAntiAffinity:
  topologyKey: "kubernetes.io/hostname"  # we use "topology.kubernetes.io/zone" but hostname can be used without aws
  type: "hard"
replicaCount: 2
nginx:
replicaCount: 2
  3. Some of the pods fail to schedule

Anything else we need to know:

The Artifactory chart allows overriding the whole affinity block which makes it possible to circumvent the issue, by adding the component label in the label selector

artifactory:
  artifactory:
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app: artifactory
              release: jfrog-platform
              component: artifactory
          topologyKey: topology.kubernetes.io/zone

But the issue is that this will stop working if Jfrog decides to rename the pod labels. It would be preferred if the chart could be fixed instead.

ghadjigeorghiou commented 3 months ago

We are facing the same issue. Are there any updates or an ETA on when it will be fixed? We are using the 10.18.0 version of the charts.