Add tolerations to auditd pod

Add tolerations configuration to audit armada app helm charts. This is to allow auditd pods to run on tainted nodes, specifically master/controller nodes with NoSchedule taint. Tests performed: pass: Install the audit armada app with tolerations enabled and test app successfully installs. pass: Enable taint and test the app continues to work as usual. pass: Disable the taint and test the app continues to work as usual. pass: Enable the taint and test the app continues to work as usual. Remove the installed app (tolerations enabled), reinstall the app with tolerations enabled and test the app continues to work as usual. Story: 2009232 Task: 43340 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: Ic5103e878e387a3d3bf78f9d029817c9c5ef87d6
2021-09-29 16:57:02 -04:00 · 2021-09-29 16:57:02 -04:00 · 662ed7be1b
parent b0c0293aff
commit 662ed7be1b
1 changed files with 6 additions and 0 deletions
--- a/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml
+++ b/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml
@ -21,6 +21,12 @@ spec:
    spec:
      hostNetwork: true
      hostPID: true
+      tolerations:
+      # this toleration is to have the daemonset runnable on master nodes
+      # remove it if masters can't run pods
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
      containers:
      - name: {{ include "audit.name" . }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"