feat(networking): Deploy pod on db-primary node for internal traffic

manifests/database-local-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  label:
+    cnpg.io/cluster: synapse-db
+  name: synapse-db
+  namespace: synapse
+spec:
+  internalTrafficPolicy: Local
+  ports:
+    - name: postgres
+      port: 5432
+      protocol: TCP
+      targetPort: 5432
+  selector:
+    cnpg.io/cluster: synapse-db
+    cnpg.io/instanceRole: primary

manifests/database.yaml

@@ -52,3 +52,11 @@ spec:
 
   monitoring:
     enablePodMonitor: true
+
+  topologySpreadConstraints:
+    - maxSkew: 1
+      topologyKey: zone
+      whenUnsatisfiable: DoNotSchedule
+      labelSelector:
+        matchLabels:
+          cnpg.io/cluster: synapse-db

manifests/deployment.yaml

@@ -15,6 +15,20 @@ spec:
     spec:
       securityContext:
         fsGroup: 991
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: cnpg.io/cluster
+                    operator: In
+                    values:
+                      - synapse-db
+                  - key: cnpg.io/instanceRole
+                    operator: In
+                    values:
+                      - primary
+              topologyKey: "kubernetes.io/hostname"
       containers:
         - name: synapse
           image: ghcr.io/element-hq/synapse:v1.128.0

manifests/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   - pvc.yaml
   - database.yaml
   - database-backup.yaml
+  - database-local-service.yaml
   - service.yaml
   - servicemonitor.yaml
   - ingress.yaml