Comments (12)
eljeffeg
commented on July 19, 2024
1
From what I can tell, Field and Label selectors cannot be used to directly dictate scheduling behaviors such as tolerations or node affinity.
from assemblyline.
cccs-rs
commented on July 19, 2024
1
Looks like the configuration for the linux_node_selector should translate to a nodeAffinity for the service pods:
https://github.com/CybercentreCanada/assemblyline-core/blob/14bfcd276ac904882724c4eb9075fe0350cf9f3f/assemblyline_core/scaler/controllers/kubernetes_ctl.py#L140
So we would just need to add a configuration for tolerations.
from assemblyline.
cccs-rs
commented on July 19, 2024
1
You can test with this development release to make sure you can configure the system as necessary when we merge this into stable (along with the helm-chart changes).
from assemblyline.
eljeffeg
commented on July 19, 2024
1
Sorry, not seeing the tolerations or the nodeAffinity in the service pods.
scaler:
linux_node_selector:
label:
- key: dedicated
operator: In
values:
- assemblyline
cluster_pod_list: true
cpu_overallocation: 2
service_defaults:
backlog: 10
min_instances: 0
growth: 30
shrink: 10
environment:
- name: "SERVICE_API_HOST"
value: "http://service-server:5003"
tolerations:
- effect: NoSchedule
key: dedicated
operator: Equal
value: assemblylinefrom assemblyline.
cccs-rs
commented on July 19, 2024
Would the scaler.linux_node_selector configuration work in this case as you would just need to specify the selector (whether it be based on fields or labels) that correspond to the node?
https://cybercentrecanada.github.io/assemblyline4_docs/odm/models/config/#scaler
from assemblyline.
eljeffeg
commented on July 19, 2024
@cccs-rs I pulled the latest dev images and updated my helm charts, but wasn't able to get the nodeAffinity and tolerations on Services. They did show up on all the core services. Here are my respective value.yaml config.
# An affinity to be applied to all core (non-service) pods not provided by imported charts.
# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#NodeAffinity
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: dedicated
operator: In
values:
- assemblyline
# The tolerations to be applied to all core (non-service) pods not provided by imported charts.
# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#tolerations
tolerations:
- effect: NoSchedule
key: dedicated
operator: Equal
value: assemblyline
configuration:
core:
scaler:
linux_node_selector:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: dedicated
operator: In
values:
- assemblylinefrom assemblyline.
cccs-rs
commented on July 19, 2024
configuration: core: scaler: linux_node_selector: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: dedicated operator: In values: - assemblyline
This would have to be updated to (based on docs):
configuration:
core:
scaler:
linux_node_selector:
label:
- key: dedicated
operator: In
values:
- assemblylinefrom assemblyline.
eljeffeg
commented on July 19, 2024
Didn't seem to help.from assemblyline.
cccs-rs
commented on July 19, 2024
Hmm... did Scaler read in the new configurations? Can confirm by checking the config.yml that's mounted
or:
python -c "from assemblyline.common import forge; print(forge.get_config().core.scaler.linux_node_selector);"
from assemblyline.
eljeffeg
commented on July 19, 2024
assemblyline@scaler-665f754877-p2nlr:~$ python -c "from assemblyline.common import forge; print(forge.get_config().core.scaler.linux_node_selector);"
<Selector {"field": [], "label": [{"key": "dedicated", "operator": "In", "values": ["assemblyline"]}]}>
I tested by deleting the scaler pod so that it was recreated with the latest. Then I deleted a service pod and inspected the toleration values after it was recreated.
from assemblyline.
cccs-rs
commented on July 19, 2024
To set the tolerations for services, then you'll need to configure core.scaler.service_defaults.tolerations per https://github.com/CybercentreCanada/assemblyline-base/pull/1676/files.
The configuration mentioned earlier should only set the affinity in the podSpec.
from assemblyline.
cccs-rs
commented on July 19, 2024
This should be featured in the 4.5.0.28 release.
from assemblyline.
Related Issues (20)
- Suricata service can be stuck for hours if suricata didn't start HOT 5
- Health checks for services are broken in Docker Compose HOT 1
- Update service stays in a loop trying to install obsoletes or non accessible docker images. HOT 1
- Intezer-Analyze short-circuit download HOT 3
- Identity: Python obfuscated code identified as text/plain HOT 4
- Suricata 4.5.0.7 seems to be broken HOT 1
- Expose `delete_file_from_filestore` API to Python Client HOT 1
- Allow "private" submissions
- FrankenStrings URL extraction seems to trim URLs on char 0, even when it's not a binary file HOT 2
- AL 4.5.0.27: updater cannot upgrade any service HOT 15
- YARA service cannot parse rules with negative integers in metadata HOT 4
- Signature update services may not expose new signatures for workers immediately
- Unable to setup - Kibana keeps failing HOT 9
- Error: 504 Gateway-Timeout when all containers are up and healthy. HOT 5
- Add the possiblity to specify core-only secrets in the helm chart HOT 1
- Token-based Authentication to Azure Container Registry HOT 2
- Python code identified as text/plain HOT 4
- Identify pickle files
- Tag type text is cut-off when creating new badlist item
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from assemblyline.