Skip to content

Add topologySpreadConstraints support + pin to 1.1.341 (CE-271)#8

Merged
Eric Hibbs (flowstate) merged 3 commits into
mainfrom
erichibbs/ce-271-add-topologyspreadconstraints-support-to-socket-firewall
Jun 30, 2026
Merged

Add topologySpreadConstraints support + pin to 1.1.341 (CE-271)#8
Eric Hibbs (flowstate) merged 3 commits into
mainfrom
erichibbs/ce-271-add-topologyspreadconstraints-support-to-socket-firewall

Conversation

@flowstate

@flowstate Eric Hibbs (flowstate) commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Adds a topologySpreadConstraints pod-spec value (default [], opt-in) to the Socket Firewall Helm chart, wired into deployment.yaml via the existing with + toYaml pass-through pattern (sibling of affinity/tolerations).
  • Documents a zone-spread example + k8s version notes in the chart README.
  • Pins appVersion + values.yaml image.tag to 1.1.341 (current latest released tag on Docker Hub).
  • Bumps chart version 0.4.10.5.0 (single release for both the feature and the pin).

Why

Customer asked for topologySpreadConstraints so they can evenly distribute replicas across availability zones. Soft pod anti-affinity (their only option today) lets the scheduler pile replicas into one zone; topologySpreadConstraints (maxSkew + whenUnsatisfiable: ScheduleAnyway) is the purpose-built primitive for even spread. The image pin to the latest release is folded in here (previously split out as #9, now closed).

Compatibility

  • Base field is GA since Kubernetes 1.19 — no kubeVersion floor needed.
  • Optional matchLabelKeys needs 1.27+ (satisfied by all currently-supported EKS/GKE versions); noted in docs.
  • topologySpread default is empty, so there is no behavior change for existing installs.

Test plan

  • helm lint passes
  • helm template — field omitted when unset, rendered correctly under pod spec when set
  • kubeconform -strict (k8s 1.33) — 6/6 resources valid
  • 1.1.341 confirmed as latest published semver tag on Docker Hub
  • Reviewer sanity-check of README example

Linear: CE-271

Expose a `topologySpreadConstraints` pod-spec value (default empty, opt-in)
so operators can evenly distribute replicas across zones/nodes, instead of
relying on soft pod anti-affinity. Bumps chart to 0.5.0 and documents a
zone-spread example in the README.

Requested by Vercel. Closes CE-271.

Co-authored-by: Cursor <cursoragent@cursor.com>
Eric Hibbs (flowstate) added a commit that referenced this pull request Jun 24, 2026
Bump appVersion + image.tag 1.1.337 -> 1.1.341 (current latest on Docker Hub)
and chart version 0.4.2 -> 0.5.1 so it sequences cleanly after the 0.5.0
topologySpreadConstraints change (PR #8).

Co-authored-by: Cursor <cursoragent@cursor.com>
Fold the version pin into this PR: appVersion + image.tag -> 1.1.341
(current latest on Docker Hub). Chart stays at 0.5.0 so the feature and
the pin ship as a single release.

Co-authored-by: Cursor <cursoragent@cursor.com>
@flowstate Eric Hibbs (flowstate) changed the title Add topologySpreadConstraints support to Helm chart (CE-271) Add topologySpreadConstraints support + pin to 1.1.341 (CE-271) Jun 24, 2026
Comment thread helm/Chart.yaml Outdated
…topologyspreadconstraints-support-to-socket-firewall

Co-authored-by: Cursor <cursoragent@cursor.com>

# Conflicts:
#	helm/Chart.yaml
#	helm/values.yaml
Comment thread cloudformation/values/dns-override.values.yaml
@flowstate Eric Hibbs (flowstate) merged commit b83e246 into main Jun 30, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants