From 2992ccd6bc8948905727df1ef2c6a5873afecd26 Mon Sep 17 00:00:00 2001
From: Danielle Lancashire <dani@builds.terrible.systems>
Date: Wed, 11 Sep 2024 17:12:26 +0200
Subject: [PATCH 1/2] manager: only run on supported arches/platforms

We distribute amd64 and arm64 versions of the operator, for linux, but
there are more places that kubernetes can run and may attempt to
schedule pods. Add a default restriction to the manager to require that
we don't run in unsupported places.

Signed-off-by: Danielle Lancashire <dani@builds.terrible.systems>
---
 config/manager/manager.yaml | 34 ++++++++++++++--------------------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index b697e20a..4f37c8fc 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -36,26 +36,20 @@ spec:
       labels:
         control-plane: controller-manager
     spec:
-      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
-      # according to the platforms which are supported by your solution.
-      # It is considered best practice to support multiple architectures. You can
-      # build your manager image using the makefile target docker-buildx.
-      # affinity:
-      #   nodeAffinity:
-      #     requiredDuringSchedulingIgnoredDuringExecution:
-      #       nodeSelectorTerms:
-      #         - matchExpressions:
-      #           - key: kubernetes.io/arch
-      #             operator: In
-      #             values:
-      #               - amd64
-      #               - arm64
-      #               - ppc64le
-      #               - s390x
-      #           - key: kubernetes.io/os
-      #             operator: In
-      #             values:
-      #               - linux
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                - key: kubernetes.io/arch
+                  operator: In
+                  values:
+                    - amd64
+                    - arm64
+                - key: kubernetes.io/os
+                  operator: In
+                  values:
+                    - linux
       securityContext:
         runAsNonRoot: true
         # TODO(user): For common cases that do not require escalating privileges

From cf315cec837428e45b1cbc2b115ac036dacb5820 Mon Sep 17 00:00:00 2001
From: Danielle Lancashire <dani@builds.terrible.systems>
Date: Tue, 17 Sep 2024 11:19:18 +0200
Subject: [PATCH 2/2] helm: update for supported arches

Signed-off-by: Danielle Lancashire <dani@builds.terrible.systems>
---
 charts/spin-operator/templates/deployment.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/charts/spin-operator/templates/deployment.yaml b/charts/spin-operator/templates/deployment.yaml
index feeb82b1..0428a7d2 100644
--- a/charts/spin-operator/templates/deployment.yaml
+++ b/charts/spin-operator/templates/deployment.yaml
@@ -22,6 +22,20 @@ spec:
       annotations:
         kubectl.kubernetes.io/default-container: manager
     spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/arch
+                operator: In
+                values:
+                - amd64
+                - arm64
+              - key: kubernetes.io/os
+                operator: In
+                values:
+                - linux
       containers:
       - args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }}
         command: