feat: change pod distribution strategy using topologySpreadConstraints instead of podAntiAffinity

CHANGELOG.md

@@ -8,6 +8,16 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [0.6.0] - 2024-05-29
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-helm-ingress-nginx/compare/0.5.2...0.6.0)
+
+### Changed
+
+- ⚠️ BREAKING CHANGE: use `topologySpreadConstraints` instead of `podAntiAffinity` for better control over pod distribution.
+
+If you have not set the old `set_controller_default_pod_anti_affinity` varible, you can safely upgrade to this version. Otherwise, you can turn off the `topologySpreadConstraints` feature by setting the new `set_controller_default_topology_spread_constraints` to `false`.
+
 ## [0.5.2] - 2024-05-15
 
 [Compare with previous version](https://github.com/sparkfabrik/terraform-helm-ingress-nginx/compare/0.5.1...0.5.2)

README.md

@@ -32,7 +32,10 @@ This is Terraform module to install and configure the Nginx Ingress Controller.
 | <a name="input_ingress_nginx_controller_min_replicas"></a> [ingress\_nginx\_controller\_min\_replicas](#input\_ingress\_nginx\_controller\_min\_replicas) | Minimum number of replicas for the ingress controller. | `number` | `1` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace of the ingress controller. | `string` | n/a | yes |
 | <a name="input_namespace_additional_labels"></a> [namespace\_additional\_labels](#input\_namespace\_additional\_labels) | Additional labels for the namespace of the ingress controller. | `map(string)` | `{}` | no |
-| <a name="input_set_controller_default_pod_anti_affinity"></a> [set\_controller\_default\_pod\_anti\_affinity](#input\_set\_controller\_default\_pod\_anti\_affinity) | Set the podAntiAffinity for the ingress controller. | `bool` | `true` | no |
+| <a name="input_set_controller_default_topology_spread_constraints"></a> [set\_controller\_default\_topology\_spread\_constraints](#input\_set\_controller\_default\_topology\_spread\_constraints) | Set the topologySpreadConstraints for the ingress controller. | `bool` | `true` | no |
+| <a name="input_set_controller_default_topology_spread_constraints_max_skew"></a> [set\_controller\_default\_topology\_spread\_constraints\_max\_skew](#input\_set\_controller\_default\_topology\_spread\_constraints\_max\_skew) | Set the topologyKey in the topologySpreadConstraints for the ingress controller. | `number` | `1` | no |
+| <a name="input_set_controller_default_topology_spread_constraints_topology_key"></a> [set\_controller\_default\_topology\_spread\_constraints\_topology\_key](#input\_set\_controller\_default\_topology\_spread\_constraints\_topology\_key) | Set the topologyKey in the topologySpreadConstraints for the ingress controller. | `string` | `"kubernetes.io/hostname"` | no |
+| <a name="input_set_controller_default_topology_spread_constraints_when_unsatisfiable"></a> [set\_controller\_default\_topology\_spread\_constraints\_when\_unsatisfiable](#input\_set\_controller\_default\_topology\_spread\_constraints\_when\_unsatisfiable) | Set the whenUnsatisfiable policy in the topologySpreadConstraints for the ingress controller. | `string` | `"ScheduleAnyway"` | no |
 
 ## Outputs
 

examples/main.tf

@@ -1,5 +1,4 @@
 module "ingress_nginx" {
-  source                 = "../"
-  chart_version          = "4.8.3"
-  namespace              = "ingress-nginx"
+  source    = "../"
+  namespace = "ingress-nginx"
 }

files/values.yaml.tftpl

@@ -33,26 +33,16 @@ controller:
     ssl-reject-handshake: "true"
   service:
     externalTrafficPolicy: "Local"
-  %{~ if set_controller_default_pod_anti_affinity }
-  # Set the default antiaffinity. If you eneable the hpa, the pods will be distributed in different nodes.
-  affinity:
-    podAntiAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        - labelSelector:
-            matchExpressions:
-              - key: app.kubernetes.io/name
-                operator: In
-                values:
-                  - ${chart_name}
-              - key: app.kubernetes.io/instance
-                operator: In
-                values:
-                  - ${release_name}
-              - key: app.kubernetes.io/component
-                operator: In
-                values:
-                  - controller
-          topologyKey: "kubernetes.io/hostname"
+  %{~ if set_controller_default_topology_spread_constraints }
+  topologySpreadConstraints:
+    - maxSkew: ${set_controller_default_topology_spread_constraints_max_skew}
+      topologyKey: "${set_controller_default_topology_spread_constraints_topology_key}"
+      whenUnsatisfiable: "${set_controller_default_topology_spread_constraints_when_unsatisfiable}"
+      labelSelector:
+        matchLabels:
+          app.kubernetes.io/name: ${chart_name}
+          app.kubernetes.io/instance: ${release_name}
+          app.kubernetes.io/component: controller
   %{~ endif ~}
 
 defaultBackend:

main.tf

@@ -36,10 +36,13 @@ resource "helm_release" "this" {
       templatefile(
         "${path.module}/files/values.yaml.tftpl",
         {
-          common_labels                            = var.common_labels
-          ingress_nginx_controller_min_replicas    = var.ingress_nginx_controller_min_replicas
-          ingress_nginx_controller_max_replicas    = var.ingress_nginx_controller_max_replicas
-          set_controller_default_pod_anti_affinity = var.set_controller_default_pod_anti_affinity
+          common_labels                                                         = var.common_labels
+          ingress_nginx_controller_min_replicas                                 = var.ingress_nginx_controller_min_replicas
+          ingress_nginx_controller_max_replicas                                 = var.ingress_nginx_controller_max_replicas
+          set_controller_default_topology_spread_constraints                    = var.set_controller_default_topology_spread_constraints
+          set_controller_default_topology_spread_constraints_max_skew           = var.set_controller_default_topology_spread_constraints_max_skew
+          set_controller_default_topology_spread_constraints_topology_key       = var.set_controller_default_topology_spread_constraints_topology_key
+          set_controller_default_topology_spread_constraints_when_unsatisfiable = var.set_controller_default_topology_spread_constraints_when_unsatisfiable
 
           # Variables for creating the selector labels.
           # If you use `nameOverride` in your values, you should use that instead of `chart_name`.

variables.tf

@@ -51,8 +51,26 @@ variable "ingress_nginx_controller_max_replicas" {
   default     = 3
 }
 
-variable "set_controller_default_pod_anti_affinity" {
-  description = "Set the podAntiAffinity for the ingress controller."
+variable "set_controller_default_topology_spread_constraints" {
+  description = "Set the topologySpreadConstraints for the ingress controller."
   type        = bool
   default     = true
 }
+
+variable "set_controller_default_topology_spread_constraints_max_skew" {
+  description = "Set the topologyKey in the topologySpreadConstraints for the ingress controller."
+  type        = number
+  default     = 1
+}
+
+variable "set_controller_default_topology_spread_constraints_topology_key" {
+  description = "Set the topologyKey in the topologySpreadConstraints for the ingress controller."
+  type        = string
+  default     = "kubernetes.io/hostname"
+}
+
+variable "set_controller_default_topology_spread_constraints_when_unsatisfiable" {
+  description = "Set the whenUnsatisfiable policy in the topologySpreadConstraints for the ingress controller."
+  type        = string
+  default     = "ScheduleAnyway"
+}