feat: Add global and per-component tolerations, nodeSelector, and affinity support to Helm chart

- Added global.nodeSelector, global.tolerations, and global.affinity to values.yaml - Added component-specific nodeSelector, tolerations, and affinity fields for all deployments - Updated all deployment templates to use fallback pattern: component-specific values take precedence over global values - Supported components: api, webserver, celery workers (beat, primary, docfetching, docprocessing, heavy, light, monitoring, user_file_processing, user_files_indexing), indexCapability, inferenceCapability, slackbot - Added comprehensive documentation in deployment/helm/README.md with usage examples - Tested with helm template to verify correct rendering of node scheduling constraints
2026-04-04 22:42:41 +00:00 · 2025-10-15 20:24:59 +03:00
17 changed files with 259 additions and 15 deletions
--- a/deployment/helm/README.md
+++ b/deployment/helm/README.md
@@ -68,3 +68,80 @@ If you would like to use KEDA ScaledObjects instead:
 2. Set `autoscaling.engine: keda` in your `values.yaml` and enable autoscaling for the components you want to scale.

 When `autoscaling.engine` is set to `keda`, the chart will render the existing ScaledObject templates; otherwise HPAs will be rendered.
+
+## Node Scheduling: tolerations, nodeSelector, and affinity
+
+The chart supports configuring Kubernetes node scheduling constraints at both global and per-component levels.
+
+### Global Configuration
+Set scheduling constraints for all components at once:
+
+```yaml
+global:
+  nodeSelector:
+    node-type: "gpu-node"
+  tolerations:
+    - key: "gpu"
+      operator: "Equal"
+      value: "true"
+      effect: "NoSchedule"
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: "gpu"
+                operator: "In"
+                values:
+                  - "true"
+```
+
+### Per-Component Configuration
+Override global settings for specific components (e.g., `api`, `webserver`, `celery_worker_primary`, etc.):
+
+```yaml
+api:
+  nodeSelector:
+    role: "backend"
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: "api"
+      effect: "NoSchedule"
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+        - weight: 100
+          podAffinityTerm:
+            labelSelector:
+              matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                    - api-server
+            topologyKey: kubernetes.io/hostname
+
+webserver:
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+```
+
+### Behavior
+- **Component-specific values take precedence** over global values
+- If a component has empty/null values (e.g., `nodeSelector: {}`), **global values will be used as fallback**
+- Supported components:
+  - `api` - API server
+  - `webserver` - Web server
+  - `celery_beat` - Celery beat scheduler
+  - `celery_worker_primary` - Primary Celery worker
+  - `celery_worker_docfetching` - Document fetching worker
+  - `celery_worker_docprocessing` - Document processing worker
+  - `celery_worker_heavy` - Heavy tasks worker
+  - `celery_worker_light` - Light tasks worker
+  - `celery_worker_monitoring` - Monitoring worker
+  - `celery_worker_user_file_processing` - User file processing worker
+  - `celery_worker_user_files_indexing` - User files indexing worker
+  - `indexCapability` - Indexing model server
+  - `inferenceCapability` - Inference model server
+  - `slackbot` - Slack bot
--- a/deployment/helm/charts/onyx/Chart.yaml
+++ b/deployment/helm/charts/onyx/Chart.yaml
@@ -5,7 +5,7 @@ home: https://www.onyx.app/
 sources:
  - "https://github.com/onyx-dot-app/onyx"
 type: application
-version: 0.4.4
+version: 0.4.5
 appVersion: latest
 annotations:
  category: Productivity
--- a/deployment/helm/charts/onyx/templates/api-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/api-deployment.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.api.podSecurityContext | nindent 8 }}
-      {{- with .Values.api.nodeSelector }}
+      {{- $ns := .Values.api.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.api.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.api.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: api-server
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-beat.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-beat.yaml
@@ -33,10 +33,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_beat.nodeSelector }}
+      {{- $ns := .Values.celery_beat.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_beat.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_beat.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-beat
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-docfetching.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-docfetching.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_docfetching.nodeSelector }}
+      {{- $ns := .Values.celery_worker_docfetching.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_docfetching.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_docfetching.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-docfetching
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-docprocessing.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-docprocessing.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_docprocessing.nodeSelector }}
+      {{- $ns := .Values.celery_worker_docprocessing.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_docprocessing.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_docprocessing.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-docprocessing
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-heavy.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-heavy.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_heavy.nodeSelector }}
+      {{- $ns := .Values.celery_worker_heavy.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_heavy.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_heavy.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-heavy
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-light.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-light.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_light.nodeSelector }}
+      {{- $ns := .Values.celery_worker_light.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_light.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_light.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-light
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-monitoring.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-monitoring.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_monitoring.nodeSelector }}
+      {{- $ns := .Values.celery_worker_monitoring.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_monitoring.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_monitoring.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-monitoring
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-primary.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-primary.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_primary.nodeSelector }}
+      {{- $ns := .Values.celery_worker_primary.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_primary.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_primary.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-primary
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-user-file-processing.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-user-file-processing.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_user_file_processing.nodeSelector }}
+      {{- $ns := .Values.celery_worker_user_file_processing.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_user_file_processing.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_user_file_processing.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-user-file-processing
          securityContext:
--- a/deployment/helm/charts/onyx/templates/celery-worker-user-files-indexing.yaml
+++ b/deployment/helm/charts/onyx/templates/celery-worker-user-files-indexing.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
-      {{- with .Values.celery_worker_user_files_indexing.nodeSelector }}
+      {{- $ns := .Values.celery_worker_user_files_indexing.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.celery_worker_user_files_indexing.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.celery_worker_user_files_indexing.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: celery-worker-user-files-indexing
          securityContext:
--- a/deployment/helm/charts/onyx/templates/indexing-model-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/indexing-model-deployment.yaml
@@ -30,10 +30,21 @@ spec:
      securityContext:
        {{- toYaml .Values.indexCapability.podSecurityContext | nindent 8 }}
      {{- end }}
-      {{- with .Values.indexCapability.nodeSelector }}
+      {{- $ns := .Values.indexCapability.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.indexCapability.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.indexCapability.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
      - name: {{ .Values.indexCapability.name }}
        image: "{{ .Values.indexCapability.image.repository }}:{{ .Values.indexCapability.image.tag | default .Values.global.version }}"
--- a/deployment/helm/charts/onyx/templates/inference-model-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/inference-model-deployment.yaml
@@ -27,10 +27,21 @@ spec:
      securityContext:
        {{- toYaml .Values.inferenceCapability.podSecurityContext | nindent 8 }}
      {{- end }}
-      {{- with .Values.inferenceCapability.nodeSelector }}
+      {{- $ns := .Values.inferenceCapability.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.inferenceCapability.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.inferenceCapability.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
      - name: model-server-inference
        image: "{{ .Values.inferenceCapability.image.repository }}:{{ .Values.inferenceCapability.image.tag | default .Values.global.version }}"
--- a/deployment/helm/charts/onyx/templates/slackbot.yaml
+++ b/deployment/helm/charts/onyx/templates/slackbot.yaml
@@ -32,10 +32,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.slackbot.podSecurityContext | nindent 8 }}
-      {{- with .Values.slackbot.nodeSelector }}
+      {{- $ns := .Values.slackbot.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.slackbot.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.slackbot.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: slackbot
          securityContext:
--- a/deployment/helm/charts/onyx/templates/webserver-deployment.yaml
+++ b/deployment/helm/charts/onyx/templates/webserver-deployment.yaml
@@ -35,10 +35,21 @@ spec:
      serviceAccountName: {{ include "onyx.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.webserver.podSecurityContext | nindent 8 }}
-      {{- with .Values.webserver.nodeSelector }}
+      {{- $ns := .Values.webserver.nodeSelector | default .Values.global.nodeSelector -}}
+      {{- $tol := .Values.webserver.tolerations | default .Values.global.tolerations -}}
+      {{- $aff := .Values.webserver.affinity | default .Values.global.affinity -}}
+      {{- with $ns }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with $tol }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $aff }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: web-server
          securityContext:
--- a/deployment/helm/charts/onyx/values.yaml
+++ b/deployment/helm/charts/onyx/values.yaml
@@ -7,6 +7,12 @@ global:
  version: "latest"
  # Global pull policy for all Onyx component images
  pullPolicy: "IfNotPresent"
+  # Global node selector for all components
+  nodeSelector: {}
+  # Global tolerations for all components  
+  tolerations: []
+  # Global affinity for all components
+  affinity: {}

 postgresql:
  enabled: true
@@ -103,6 +109,8 @@ inferenceCapability:
    privileged: true
    runAsUser: 0
  nodeSelector: {}
+  tolerations: []
+  affinity: {}

 indexCapability:
  service:
@@ -137,6 +145,8 @@ indexCapability:
    privileged: true
    runAsUser: 0
  nodeSelector: {}
+  tolerations: []
+  affinity: {}
 config:
  envConfigMapName: env-configmap

@@ -349,6 +359,7 @@ api:

  nodeSelector: {}
  tolerations: []
+  affinity: {}


 ######################################################################
@@ -676,6 +687,8 @@ slackbot:
      cpu: "1000m"
      memory: "2000Mi"
  nodeSelector: {}
+  tolerations: []
+  affinity: {}

 celery_worker_docfetching:
  replicaCount: 1