Open pmichna opened 3 years ago
Can run Envoy and ExtAuth as sidecar. This is supported today as a separate deployment which might be a potential workaround. Here are some helpful docs https://docs.solo.io/gloo-edge/latest/guides/security/auth/extauth/#switching-between-ext-auth-deployment-modes
Let's discuss more in channel.
Currently it is possible with kubeResourceOverride but it's not convenient considering we havegloo.gatewayProxies.gatewayProxy.affinity as an interface but gloo.gatewayProxies.gatewayProxy.antiAffinity as bool.
To give context about this: https://github.com/solo-io/gloo/blob/v1.8.17/install/helm/gloo/templates/7-gateway-proxy-deployment.yaml#L96
(additionally, maybe we should make it available to sidecar deployments too)
Zendesk ticket #3044 has been linked to this issue.
Is your feature request related to a problem? Please describe. I'd like to have more power over how (anti-)affinity is configured for gateway-proxy and extauth. Currently it is hardcoded in the extauth deployment template and gateway-proxy deployment (with a simple switch for
antiAffinity
).Describe the solution you'd like I'd like to be able to configure
gateway-proxy
,extauth
andrate-limit
podAntiAffinity
andpodAffinity
without usingkubeResourceOverride
value.Describe alternatives you've considered Currently it is possible with
kubeResourceOverride
but it's not convenient considering we havegloo.gatewayProxies.gatewayProxy.affinity
as an interface butgloo.gatewayProxies.gatewayProxy.antiAffinity
asbool
.Additional context I wanted to configure the following anti-affinity: