From e51d535b8e882c5d59b3318faccb3e7a7eb40892 Mon Sep 17 00:00:00 2001
From: Tero Keski-Valkama <tero.keskivalkama@gmail.com>
Date: Sat, 10 Dec 2022 17:14:55 +0100
Subject: [PATCH] Added pod affinity if the default ReadWriteOnce is used.

If `accessMode` `ReadWriteOnce` is used, then the volume
can only be accessed in a write mode from a single node.
This means that all pods which require write access to
the volume need to be co-located to the same node.
Failing that typically leads to a difficult to untangle
locked volume mount situation where containers are stuck
in `ContainerCreating`.

This change adds the necessary pod affinities if the related
access modes are set in the `values.yaml`.
---
 templates/deployment-sidekiq.yaml | 17 ++++++++++++++---
 templates/deployment-web.yaml     | 17 ++++++++++++++---
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml
index a03019eb..d5f30dea 100644
--- a/templates/deployment-sidekiq.yaml
+++ b/templates/deployment-sidekiq.yaml
@@ -45,10 +45,21 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
       affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- if or (eq "ReadWriteOnce" $context.Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" $context.Values.mastodon.persistence.system.accessMode) }}
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/part-of
+                    operator: In
+                    values:
+                      - rails
+              topologyKey: kubernetes.io/hostname
+        {{- end }}
+        {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- if (not $context.Values.mastodon.s3.enabled) }}
       volumes:
         - name: assets
diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml
index c1ec2327..173af4b4 100644
--- a/templates/deployment-web.yaml
+++ b/templates/deployment-web.yaml
@@ -118,10 +118,21 @@ spec:
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
       affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/part-of
+                    operator: In
+                    values:
+                      - rails
+              topologyKey: kubernetes.io/hostname
+        {{- end }}
+        {{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}