From da93a2e346a046b27916ec7c9c7525e9c30bfe4b Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Thu, 8 Jan 2026 13:04:05 +0900 Subject: [PATCH] FEAT(platform): enable HA with replica 2 and soft anti-affinity - Add replicaCount: 2 to cert-manager components - Add soft pod anti-affinity for node distribution - Remove descheduler (moved to separate location) --- cert-manager/helm-values.yaml | 39 ++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/cert-manager/helm-values.yaml b/cert-manager/helm-values.yaml index 095a2b7..717fbee 100644 --- a/cert-manager/helm-values.yaml +++ b/cert-manager/helm-values.yaml @@ -4,7 +4,7 @@ # Install CRDs with Helm installCRDs: true -replicaCount: 1 +replicaCount: 2 resources: requests: @@ -14,7 +14,7 @@ resources: memory: 96Mi webhook: - replicaCount: 1 + replicaCount: 2 resources: requests: cpu: 15m @@ -23,7 +23,7 @@ webhook: memory: 96Mi cainjector: - replicaCount: 1 + replicaCount: 2 resources: requests: cpu: 15m @@ -31,6 +31,39 @@ cainjector: limits: memory: 96Mi +# Affinity - Soft Anti-Affinity to spread pods across nodes +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: cert-manager + topologyKey: kubernetes.io/hostname + +webhook: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: cert-manager-webhook + topologyKey: kubernetes.io/hostname + +cainjector: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: cert-manager-cainjector + topologyKey: kubernetes.io/hostname + # Prometheus metrics prometheus: enabled: true