update staging to have a second cluster and better procss isolation

2026-01-06 06:04:29 -06:00 · 2026-01-06 06:04:29 -06:00 · 800c1f0a1c
parent 035c7709d6
commit 800c1f0a1c
12 changed files with 123 additions and 4 deletions
--- a/k8s/applications/templates/ingress-nginx.yaml
+++ b/k8s/applications/templates/ingress-nginx.yaml
@ -12,6 +12,18 @@ spec:
    repoURL: 'https://kubernetes.github.io/ingress-nginx'
    targetRevision: 4.13.0
    chart: ingress-nginx
+    helm:
+      values: |
+        controller:
+          nodeSelector:
+            workload: infra
+          admissionWebhooks:
+            patch:
+              nodeSelector:
+                workload: infra
+        defaultBackend:
+          nodeSelector:
+            workload: infra
  project: default
  syncPolicy:
    syncOptions:
--- a/k8s/argocd/overlays/staging/kustomization.yaml
+++ b/k8s/argocd/overlays/staging/kustomization.yaml
@ -18,3 +18,19 @@ patchesJson6902:
      kind: Ingress
      name: argocd-server-ingress
      version: v1
+
+patches:
+- target:
+    kind: Deployment
+  patch: |-
+    - op: add
+      path: /spec/template/spec/nodeSelector
+      value:
+        workload: infra
+- target:
+    kind: StatefulSet
+  patch: |-
+    - op: add
+      path: /spec/template/spec/nodeSelector
+      value:
+        workload: infra
--- a/k8s/cert-manager/kustomization.yaml
+++ b/k8s/cert-manager/kustomization.yaml
@ -5,3 +5,12 @@ kind: Kustomization
 resources:
  - https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml
  - cluster-issuer-nginx.yaml
+
+patches:
+  - target:
+      kind: Deployment
+    patch: |-
+      - op: add
+        path: /spec/template/spec/nodeSelector
+        value:
+          workload: infra
--- a/k8s/coturn/templates/deployment.yml
+++ b/k8s/coturn/templates/deployment.yml
@ -43,3 +43,11 @@ spec:
            - name: coturn-config-volume
              mountPath: /etc/coturn/turnserver.conf
              subPath: turnserver.conf
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
--- a/k8s/coturn/values.yaml
+++ b/k8s/coturn/values.yaml
@ -12,6 +12,12 @@ imagePullSecrets: []

 redis:
  enabled: true
+  master:
+    nodeSelector:
+      workload: infra
+  replica:
+    nodeSelector:
+      workload: infra
  image:
    registry: public.ecr.aws
    repository: bitnami/redis
@ -23,3 +29,11 @@ exporter:
    repository: ghcr.io/coturn/coturn-exporter
    tag: latest
    pullPolicy: IfNotPresent
+
+nodeSelector:
+  workload: media
+tolerations:
+- key: "dedicated"
+  operator: "Equal"
+  value: "media"
+  effect: "NoSchedule"
--- a/k8s/external-dns/overlays/staging/kustomization.yaml
+++ b/k8s/external-dns/overlays/staging/kustomization.yaml
@ -13,3 +13,12 @@ patchesJson6902:
      version: v1
      kind: Deployment
      name: external-dns
+
+patches:
+  - target:
+      kind: Deployment
+    patch: |-
+      - op: add
+        path: /spec/template/spec/nodeSelector
+        value:
+          workload: infra
--- a/k8s/loki/values.yaml
+++ b/k8s/loki/values.yaml
@ -64,6 +64,8 @@ loki:

  singleBinary:
    replicas: 1
+    nodeSelector:
+      workload: infra
    persistence:
      enabled: true
      size: 20Gi
--- a/k8s/monitoring/values-staging.yaml
+++ b/k8s/monitoring/values-staging.yaml
@ -5,6 +5,17 @@ rbac:


 kube-prometheus-stack:
+  prometheus:
+    prometheusSpec:
+      nodeSelector:
+        workload: infra
+  grafana:
+    nodeSelector:
+      workload: infra
+  alertmanager:
+    alertmanagerSpec:
+      nodeSelector:
+        workload: infra
  crds:
    enabled: false

--- a/k8s/promtail/values.yaml
+++ b/k8s/promtail/values.yaml
@ -2,3 +2,8 @@ promtail:
  config:
    clients:
      - url: http://loki.loki.svc:3100/loki/api/v1/push
+  tolerations:
+    - key: dedicated
+      operator: Equal
+      value: media
+      effect: NoSchedule
--- a/k8s/webrtc-be/templates/deployment.yml
+++ b/k8s/webrtc-be/templates/deployment.yml
@ -68,6 +68,14 @@ spec:
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
          readinessProbe:
            httpGet:
              path: /healthcheck
--- a/k8s/webrtc-be/values-staging.yaml
+++ b/k8s/webrtc-be/values-staging.yaml
@ -15,3 +15,11 @@ mediasoup:
 # Session Timeouts (ms)
 sessionHealthCheckInterval: 60000
 sessionOverGracePeriod: 300000
+
+nodeSelector:
+  workload: media
+tolerations:
+- key: "dedicated"
+  operator: "Equal"
+  value: "media"
+  effect: "NoSchedule"
--- a/terraform/lke.tf
+++ b/terraform/lke.tf
@ -10,7 +10,12 @@ resource "linode_lke_cluster" "stg-video-cluster" {
    type  = "g6-standard-2"
    count = 3
    labels = {
-        "workload" = "any"
+        "workload" = "media"
+    }
+    taint {
+      key    = "dedicated"
+      value  = "media"
+      effect = "NoSchedule"
    }
    autoscaler {
      min = 3
@ -18,6 +23,18 @@ resource "linode_lke_cluster" "stg-video-cluster" {
    }
  }

+  pool {
+    type  = "g6-standard-1"
+    count = 2
+    labels = {
+        "workload" = "infra"
+    }
+    autoscaler {
+      min = 2
+      max = 5
+    }
+  }
+
 }

 resource "local_file" "kubeconfig" {