From 1509b8fdf4d0e5db95ad2c57d2ef49c4672de6a7 Mon Sep 17 00:00:00 2001
From: Tanguy Herbron <tanguy.herbron@outlook.com>
Date: Tue, 29 Apr 2025 17:28:32 +0200
Subject: [PATCH] feat(networking): Deploy pod on db-primary node for internal
 traffic

---
 manifests/database-local-service.yaml | 17 +++++++++++++++++
 manifests/database.yaml               |  8 ++++++++
 manifests/deployment.yaml             | 14 ++++++++++++++
 manifests/kustomization.yaml          |  1 +
 4 files changed, 40 insertions(+)
 create mode 100644 manifests/database-local-service.yaml

diff --git a/manifests/database-local-service.yaml b/manifests/database-local-service.yaml
new file mode 100644
index 0000000..d91eb41
--- /dev/null
+++ b/manifests/database-local-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  label:
+    cnpg.io/cluster: synapse-db
+  name: synapse-db
+  namespace: synapse
+spec:
+  internalTrafficPolicy: Local
+  ports:
+    - name: postgres
+      port: 5432
+      protocol: TCP
+      targetPort: 5432
+  selector:
+    cnpg.io/cluster: synapse-db
+    cnpg.io/instanceRole: primary
diff --git a/manifests/database.yaml b/manifests/database.yaml
index e0ad773..066d283 100644
--- a/manifests/database.yaml
+++ b/manifests/database.yaml
@@ -52,3 +52,11 @@ spec:
 
   monitoring:
     enablePodMonitor: true
+
+  topologySpreadConstraints:
+    - maxSkew: 1
+      topologyKey: zone
+      whenUnsatisfiable: DoNotSchedule
+      labelSelector:
+        matchLabels:
+          cnpg.io/cluster: synapse-db
diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml
index 3264d00..e45d7f6 100644
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -15,6 +15,20 @@ spec:
     spec:
       securityContext:
         fsGroup: 991
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: cnpg.io/cluster
+                    operator: In
+                    values:
+                      - synapse-db
+                  - key: cnpg.io/instanceRole
+                    operator: In
+                    values:
+                      - primary
+              topologyKey: "kubernetes.io/hostname"
       containers:
         - name: synapse
           image: ghcr.io/element-hq/synapse:v1.128.0
diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml
index b76db83..b9555c6 100644
--- a/manifests/kustomization.yaml
+++ b/manifests/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
   - pvc.yaml
   - database.yaml
   - database-backup.yaml
+  - database-local-service.yaml
   - service.yaml
   - servicemonitor.yaml
   - ingress.yaml