From 2a5f45bc92615fbe2fdda89d777a9f4c6688b121 Mon Sep 17 00:00:00 2001 From: Vladimir Iliakov Date: Thu, 12 Jun 2025 16:36:14 +0200 Subject: [PATCH] STAC-21030: Explaining how to configure K8s affinities --- k8s-suse-rancher-prime-air-gapped.md | 1 + k8s-suse-rancher-prime.md | 12 +- .../kubernetes_openshift/ack.md | 1 + .../kubernetes_openshift/affinity.md | 122 ++++++++++++++++++ .../kubernetes_openshift/ingress.md | 3 +- .../kubernetes_install.md | 36 +++--- .../kubernetes_openshift/openshift_install.md | 14 +- 7 files changed, 167 insertions(+), 22 deletions(-) create mode 100644 setup/install-stackstate/kubernetes_openshift/affinity.md diff --git a/k8s-suse-rancher-prime-air-gapped.md b/k8s-suse-rancher-prime-air-gapped.md index 969cd68bc..df1ed363d 100644 --- a/k8s-suse-rancher-prime-air-gapped.md +++ b/k8s-suse-rancher-prime-air-gapped.md @@ -164,6 +164,7 @@ helm upgrade --install \ --create-namespace \ --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ --values private-registry.yaml \ suse-observability \ suse-observability-A.B.C.tgz diff --git a/k8s-suse-rancher-prime.md b/k8s-suse-rancher-prime.md index 4b6cc2c09..9ee13124f 100644 --- a/k8s-suse-rancher-prime.md +++ b/k8s-suse-rancher-prime.md @@ -162,7 +162,9 @@ The `baseUrl` must be the URL via which SUSE Observability will be accessible to The `sizing.profile` should be one of trial, 10-nonha, 20-nonha, 50-nonha, 100-nonha, 150-ha, 250-ha, 500-ha. Based on this profiles the `sizing_values.yaml` file is generated containing default sizes for the SUSE Observability resources and configuration to be deployed on an Ha or NonHa mode. E.g. 10-nonha will produce a `sizing_values.yaml` meant to deploy a NonHa SUSE Observability instance to observe a 10 node cluster in a Non High Available mode. Currently moving from a nonha to an ha environment is not possible, so if you expect that your environment willrequire to observe around 150 nodes then better to go with ha immediately. -This command will generate a `$VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml` and a `$VALUES_DIR/suse-observability-values/templates/sizing_values.yaml` file which contains the necessary configuration for installing the SUSE Observability Helm Chart. +The `affinity_values.yaml` file with K8s affinities to deploy Stackstate with different scheduling options. + +This command will generate `$VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml`, `$VALUES_DIR/suse-observability-values/templates/sizing_values.yaml`, and `$VALUES_DIR/suse-observability-values/templates/affinity_values.yaml` files which contains the necessary configuration for installing the SUSE Observability Helm Chart. {% hint style="info" %} The SUSE Observability administrator password will be autogenerated by the above command and are output as comments in the generated `basicConfig.yaml` file. For more info, see [single password](/setup/security/authentication/single_password.md). @@ -174,10 +176,14 @@ Using a single default password is great to get started with SUSE Observability, {% endhint %} {% hint style="info" %} -Store the generated `basicConfig.yaml` and `sizing_values.yaml` files somewhere safe. You can reuse this files for upgrades, which will save time and \(more importantly\) will ensure that SUSE Observability continues to use the same API key. This is desirable as it means Agents and other data providers for SUSE Observability won't need to be updated. +Store the generated `basicConfig.yaml`, `sizing_values.yaml`, and `affinity_values.yaml` files somewhere safe. You can reuse this files for upgrades, which will save time and \(more importantly\) will ensure that SUSE Observability continues to use the same API key. This is desirable as it means Agents and other data providers for SUSE Observability won't need to be updated. The files can be regenerated independently using the switches `basicConfig.generate=false` and `sizing.generate=false` to disable any of them while still keeping the previosuly generated version of the file in the `output-dir`. {% endhint %} +{% hint style="info" %} +The Suse Observability Values chart generates affinity configurations that can be used by the main SUSE Observability chart to control pod scheduling behavior. Please check [SUSE Observability Affinity Configuration])(affinity.md) for more information. +{% endhint %} + 3. Deploy the SUSE Observability helm chart with the generated values: {% code title="helm_deploy.sh" lineNumbers="true" %} @@ -187,6 +193,7 @@ helm upgrade --install \ --create-namespace \ --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ suse-observability \ suse-observability/suse-observability ``` @@ -260,4 +267,3 @@ To enable Single sign-on with your own authentication provider please [see here] 1. After the extensions are installed, the SUSE Observability UI opens in the same tab as the Rancher UI. * You can use shift-click to open in a new tab, this will become the default behaviour 1. Be aware upgrading or downgrading from HA to NON-HA and vice-versa is not yet supported. - diff --git a/setup/install-stackstate/kubernetes_openshift/ack.md b/setup/install-stackstate/kubernetes_openshift/ack.md index 574a784bd..b66729816 100644 --- a/setup/install-stackstate/kubernetes_openshift/ack.md +++ b/setup/install-stackstate/kubernetes_openshift/ack.md @@ -57,6 +57,7 @@ helm upgrade \ --namespace suse-observability \ --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ --values ack-values.yaml \ suse-observability \ suse-observability/suse-observability diff --git a/setup/install-stackstate/kubernetes_openshift/affinity.md b/setup/install-stackstate/kubernetes_openshift/affinity.md new file mode 100644 index 000000000..10b956200 --- /dev/null +++ b/setup/install-stackstate/kubernetes_openshift/affinity.md @@ -0,0 +1,122 @@ +--- +description: SUSE Observability Affinity Configuration +--- + +# Affinity Values Configuration + +The Suse Observability Values chart generates affinity configurations that can be used by the main SUSE Observability chart to control pod scheduling behavior. The affinity values help optimize resource utilization and ensure high availability by controlling where pods are scheduled. + +## Available Configuration Options + +### Node Affinity + +Node affinity is used to schedule pods to specific nodes or instance groups, such as EC2 nodes deployed to the same availability zone. + +```yaml +affinity: + # Node Affinity settings - applied to all components when configured + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - us-west-2a +``` + +### Pod Anti-Affinity + +Pod anti-affinity is used to schedule replicas of data services to different nodes to ensure high availability. By default, the scheduling is required (hard anti-affinity). + +```yaml +affinity: + podAntiAffinity: + # Enable required pod anti-affinity (true = hard, false = soft) + requiredDuringSchedulingIgnoredDuringExecution: true + # Topology key for pod anti-affinity + topologyKey: "kubernetes.io/hostname" +``` + +## Behavior + +### Node Affinity +- **When configured**: Applied to all data service components +- **Components affected**: clickhouse, elasticsearch, hbase, kafka, zookeeper, victoria-metrics, stackstate, opentelemetry-collector + +### Pod Anti-Affinity +- **When configured**: Only applied when `sizing.profile` ends with `-ha` (High Availability profiles) +- **HA Profiles**: `150-ha`, `250-ha`, `500-ha`, `4000-ha` +- **Components affected**: All stateful data services including clickhouse, kafka, zookeeper, victoria-metrics, hbase components, elasticsearch + +## Example Configurations + +### Basic Node Affinity (Same Availability Zone) + Pod Anti-Affinity for HA Deployment +```yaml +affinity: + # Schedule all pods to nodes in the same AZ + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - us-west-2a + + # Ensure replicas are distributed across different nodes + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: true + topologyKey: "kubernetes.io/hostname" +``` + +## Usage + +### Step 1: Create Your Affinity Values File + +Create a separate values file with your desired affinity configuration. For example, save the following as `suse-observability-values-values.yaml`: + +```yaml +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - us-west-2a + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: true + topologyKey: "kubernetes.io/hostname" +``` + +### Step 2: Generate Affinity Template Values + +Run the following command to generate the affinity values template: + +```text +export VALUES_DIR=. +helm template \ + --set license='' \ + --set baseUrl='' \ + --set sizing.profile='' \ + --values suse-observability-values-values.yaml \ + suse-observability-values \ + suse-observability/suse-observability-values --output-dir $VALUES_DIR +``` + +### Step 3: Use Generated Values in Helm Installation + +Include the generated affinity values in your Helm installation: + +```bash +helm upgrade \ + --install \ + --namespace suse-observability \ + --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ + suse-observability \ + suse-observability/suse-observability +``` diff --git a/setup/install-stackstate/kubernetes_openshift/ingress.md b/setup/install-stackstate/kubernetes_openshift/ingress.md index 82b26d8ab..acb410dec 100644 --- a/setup/install-stackstate/kubernetes_openshift/ingress.md +++ b/setup/install-stackstate/kubernetes_openshift/ingress.md @@ -46,6 +46,7 @@ helm upgrade --install \ --values "ingress_values.yaml" \ --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ suse-observability \ suse-observability/suse-observability ``` @@ -108,6 +109,7 @@ helm upgrade \ --values "ingress_otel_values.yaml" \ --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ suse-observability \ suse-observability/suse-observability ``` @@ -144,4 +146,3 @@ Agents that are deployed to the same cluster as SUSE Observability can of course * [AKS \(learn.microsoft.com\)](https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli) * [EKS Official docs](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) \(not using nginx\) * [EKS blog post](https://aws.amazon.com/blogs/opensource/network-load-balancer-nginx-ingress-controller-eks/) \(using nginx\) - diff --git a/setup/install-stackstate/kubernetes_openshift/kubernetes_install.md b/setup/install-stackstate/kubernetes_openshift/kubernetes_install.md index 65308aa39..a5ef1e87a 100644 --- a/setup/install-stackstate/kubernetes_openshift/kubernetes_install.md +++ b/setup/install-stackstate/kubernetes_openshift/kubernetes_install.md @@ -50,12 +50,13 @@ kubectl create namespace suse-observability The `baseConfig_values.yaml` file is required to deploy StackState with Helm. It contains your StackState license key, StackState Receiver API key and other important information. The `sizing_values.yaml` file is recommended to deploy StackState with Helm as it contains information about the resources that StackState will be provisioned with according to the size on the landscape you want to observe. +The `affinity_values.yaml` file with K8s affinities to deploy Stackstate with different scheduling options. {% hint style="info" %} **Before you continue:** Make sure you have the latest version of the Helm charts with `helm repo update`. {% endhint %} -The SUSE Observability `baseConfig_values.yaml` and `sizing_values.yaml` files can be generated by running a separate Helm Chart, the `suse-observability/suse-observability-values` chart. A sample command line is: +The SUSE Observability `baseConfig_values.yaml`, `sizing_values.yaml`, and `affinity_values.yaml` files can be generated by running a separate Helm Chart, the `suse-observability/suse-observability-values` chart. A sample command line is: ```text export VALUES_DIR=. @@ -67,7 +68,7 @@ helm template \ suse-observability/suse-observability-values --output-dir $VALUES_DIR ``` -This command will generate a `$VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml` and a `$VALUES_DIR/suse-observability-values/templates/sizing_values.yaml` file which contains the necessary configuration for installing the SUSE Observability Helm Chart. +This command will generate `$VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml`, `$VALUES_DIR/suse-observability-values/templates/sizing_values.yaml`, and `$VALUES_DIR/suse-observability-values/templates/affinity_values.yaml` files which contains the necessary configuration for installing the SUSE Observability Helm Chart. {% hint style="info" %} The SUSE Observability administrator passwords will be autogenerated by the above command and are output as comments in the generated `basicConfig.yaml` file. The actual values contain the `bcrypt` hashes of those passwords so that they're securely stored in the Helm release in the cluster. @@ -75,25 +76,30 @@ The SUSE Observability administrator passwords will be autogenerated by the abov The values that can be passed to this chart are: -| Configuration | Value | Description | -| :--- | :--- |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Basic Config generate | `basicConfig.generate` | Switch on or off the generation of the `basicConfig_values.yaml` file. | -| Receiver API Key | `receiverApiKey` | The API key used by SUSE Observability to receive data from agents. This is a secret key that should be kept private. If you omit this, a random key will be generated for you. | -| Base URL | `baseUrl` | The ``. The external URL for SUSE Observability that users and agents will use to connect. For example `https://suse-observability.internal`. If you haven't decided on an Ingress configuration yet, use `http://localhost:8080`. This can be updated later in the generated file. | -| Username and password\*\* | `-u` `-p` | The username and password used by SUSE Observability to pull images. For air-gapped environments these need to be the username and password for the local contaier registry. | -| License key | `license` | The SUSE Observability license key. | -| Default password | `adminPassword` | The password for the default user \(`admin`\) to access SUSE Observability's UI. If you omit this, a random password will be generated for you. If you do pass this value and it's not bcrypt hashed, the chart will hash it for you.| -| Image Registry | `imageRegistry` | The registry where the SUSE Observability images are hosted. If not provided, the default value will be 'quay.io' | -| Pull Secret Username | `pullSecret.username` | The username used to pull images from the Docker registry where the SUSE Observability images are hosted. Only needed for custom registries. | -| Pull Secret Password | `pullSecret.password` | The password used to pull images from the Docker registry where the SUSE Observability images are hosted. Only needed for custom registries. | -| Sizing generate | `sizing.generate` | Switch on or off the generation of the `sizing_values.yaml` file. | -| Sizing profile | `sizing.profile` | OneOf trial, 10-nonha, 20-nonha, 50-nonha, 100-nonha, 150-ha, 250-ha, 500-ha. Based on this profiles the `sizing_values.yaml` file is generated containing default sizes for the SUSE Observability resources and configuration to be deployed on an Ha or NonHa mode. E.g. 10-nonha will produce a `sizing_values.yaml` meant to deploy a NonHa SUSE Observability instance to observe a 10 node cluster in a Non High Available mode. Currently moving from a nonha to an ha environment is not possible, so if you expect that your environment willrequire to observe around 150 nodes then better to go with ha immediately. | +| Configuration | Value | Description | +|:--------------------------|:---------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Basic Config generate | `basicConfig.generate` | Switch on or off the generation of the `basicConfig_values.yaml` file. | +| Receiver API Key | `receiverApiKey` | The API key used by SUSE Observability to receive data from agents. This is a secret key that should be kept private. If you omit this, a random key will be generated for you. | +| Base URL | `baseUrl` | The ``. The external URL for SUSE Observability that users and agents will use to connect. For example `https://suse-observability.internal`. If you haven't decided on an Ingress configuration yet, use `http://localhost:8080`. This can be updated later in the generated file. | +| Username and password\*\* | `-u` `-p` | The username and password used by SUSE Observability to pull images. For air-gapped environments these need to be the username and password for the local contaier registry. | +| License key | `license` | The SUSE Observability license key. | +| Default password | `adminPassword` | The password for the default user \(`admin`\) to access SUSE Observability's UI. If you omit this, a random password will be generated for you. If you do pass this value and it's not bcrypt hashed, the chart will hash it for you. | +| Image Registry | `imageRegistry` | The registry where the SUSE Observability images are hosted. If not provided, the default value will be 'quay.io' | +| Pull Secret Username | `pullSecret.username` | The username used to pull images from the Docker registry where the SUSE Observability images are hosted. Only needed for custom registries. | +| Pull Secret Password | `pullSecret.password` | The password used to pull images from the Docker registry where the SUSE Observability images are hosted. Only needed for custom registries. | +| Sizing generate | `sizing.generate` | Switch on or off the generation of the `sizing_values.yaml` file. | +| Sizing profile | `sizing.profile` | OneOf trial, 10-nonha, 20-nonha, 50-nonha, 100-nonha, 150-ha, 250-ha, 500-ha. Based on this profiles the `sizing_values.yaml` file is generated containing default sizes for the SUSE Observability resources and configuration to be deployed on an Ha or NonHa mode. E.g. 10-nonha will produce a `sizing_values.yaml` meant to deploy a NonHa SUSE Observability instance to observe a 10 node cluster in a Non High Available mode. Currently moving from a nonha to an ha environment is not possible, so if you expect that your environment willrequire to observe around 150 nodes then better to go with ha immediately. | +| Pod AntiAffinity | `affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution` | Enforce the replicas of the same data services are scheduled to different Kubernetes nodes. Only applicable for `HA` profiles. Either `true` or `false`. The default is `true` - scheduling to different nodes is enforced. | {% hint style="info" %} Store the generated `basicConfig.yaml` and `sizing_values.yaml` files somewhere safe. You can reuse this files for upgrades, which will save time and \(more importantly\) will ensure that SUSE Observability continues to use the same API key. This is desirable as it means Agents and other data providers for SUSE Observability won't need to be updated. The files can be regenerated independently using the switches `basicConfig.generate=false` and `sizing.generate=false` to disable any of them while still keeping the previosuly generated version of the file in the `output-dir`. {% endhint %} +{% hint style="info" %} +The Suse Observability Values chart generates affinity configurations that can be used by the main SUSE Observability chart to control pod scheduling behavior. Please check [SUSE Observability Affinity Configuration])(affinity.md) for more information. +{% endhint %} + ### Deploy SUSE Observability with Helm The recommended deployment of SUSE Observability is a production ready, high availability setup with many services running redundantly. If required, it's also possible to run SUSE Observability in a non-redundant setup, where each service has only a single replica. This setup is only recommended for a test environment. diff --git a/setup/install-stackstate/kubernetes_openshift/openshift_install.md b/setup/install-stackstate/kubernetes_openshift/openshift_install.md index d8fb4c267..430f0ebdb 100644 --- a/setup/install-stackstate/kubernetes_openshift/openshift_install.md +++ b/setup/install-stackstate/kubernetes_openshift/openshift_install.md @@ -55,12 +55,13 @@ The project name is used in `helm` and `kubectl` commands as the namespace name The `baseConfig_values.yaml` file is required to deploy StackState with Helm. It contains your StackState license key, StackState Receiver API key and other important information. The `sizing_values.yaml` file is recommended to deploy StackState with Helm as it contains information about the resources that StackState will be provisioned with according to the size on the landscape you want to observe. +The `affinity_values.yaml` file with K8s affinities to deploy Stackstate with different scheduling options. {% hint style="info" %} **Before you continue:** Make sure you have the latest version of the Helm charts with `helm repo update`. {% endhint %} -The SUSE Observability `baseConfig_values.yaml` and `sizing_values.yaml` files can be generated by running a separate Helm Chart, the `suse-observability/suse-observability-values` chart. A sample command line is: +The SUSE Observability `baseConfig_values.yaml`, `sizing_values.yaml`, and `affinity_values.yaml` files can be generated by running a separate Helm Chart, the `suse-observability/suse-observability-values` chart. A sample command line is: ```text export VALUES_DIR=. @@ -72,7 +73,7 @@ helm template \ suse-observability/suse-observability-values --output-dir $VALUES_DIR ``` -This command will generate a `$VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml` and a `$VALUES_DIR/suse-observability-values/templates/sizing_values.yaml` file which contains the necessary configuration for installing the SUSE Observability Helm Chart. +This command will generate a `$VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml`, and a `$VALUES_DIR/suse-observability-values/templates/affinity_values` file which contains the necessary configuration for installing the SUSE Observability Helm Chart. {% hint style="info" %} The SUSE Observability administrator passwords will be autogenerated by the above command and are output as comments in the generated `basicConfig.yaml` file. The actual values contain the `bcrypt` hashes of those passwords so that they're securely stored in the Helm release in the cluster. @@ -93,12 +94,17 @@ The values that can be passed to this chart are: | Pull Secret Password | `pullSecret.password` | The password used to pull images from the Docker registry where the SUSE Observability images are hosted. | | Sizing generate | `sizing.generate` | Switch on or off the generation of the `sizing_values.yaml` file. | | Sizing profile | `sizing.profile` | OneOf 10-nonha, 20-nonha, 50-nonha, 100-nonha, 150-ha, 250-ha, 500-ha. Based on this profiles the `sizing_values.yaml` file is generated containing default sizes for the SUSE Observability resources and configuration to be deployed on an Ha or NonHa mode. E.g. 10-nonha will produce a `sizing_values.yaml` meant to deploy a NonHa SUSE Observability instance to observe a 10 node cluster in a Non High Available mode. Currently moving from a nonha to an ha environment is not possible, so if you expect that your environment willrequire to observe around 150 nodes then better to go with ha immediately. | +| Pod AntiAffinity | `affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution` | Enforce the replicas of the same data services are scheduled to different Kubernetes nodes. Only applicable for `HA` profiles. Either `true` or `false`. The default is `true` - scheduling to different nodes is enforced. | {% hint style="info" %} -Store the generated `basicConfig.yaml` and `sizing_values.yaml` files somewhere safe. You can reuse this files for upgrades, which will save time and \(more importantly\) will ensure that SUSE Observability continues to use the same API key. This is desirable as it means Agents and other data providers for SUSE Observability won't need to be updated. +Store the generated `basicConfig.yaml`, `sizing_values.yaml`, and `affinity_values.yaml` files somewhere safe. You can reuse this files for upgrades, which will save time and \(more importantly\) will ensure that SUSE Observability continues to use the same API key. This is desirable as it means Agents and other data providers for SUSE Observability won't need to be updated. The files can be regenerated independently using the switches `basicConfig.generate=false` and `sizing.generate=false` to disable any of them while still keeping the previosuly generated version of the file in the `output-dir`. {% endhint %} +{% hint style="info" %} +The Suse Observability Values chart generates affinity configurations that can be used by the main SUSE Observability chart to control pod scheduling behavior. Please check [SUSE Observability Affinity Configuration])(affinity.md) for more information. +{% endhint %} + ### Create `openshift-values.yaml` Because OpenShift has stricter security model than plain Kubernetes, all of the standard security contexts in the deployment need to be disabled. @@ -142,6 +148,7 @@ helm upgrade \ --namespace suse-observability \ --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ --values openshift-values.yaml \ --set "clickhouse.sidecars[0].securityContext.runAsUser=null" \ suse-observability \ @@ -165,6 +172,7 @@ helm upgrade \ --values local-docker-registry.yaml \ --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \ --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \ + --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \ --values openshift-values.yaml \ --set "clickhouse.sidecars[0].securityContext.runAsUser=null" \ suse-observability \