From 662ed7be1bbd09568f0f794beca43cfa2ff5cf74 Mon Sep 17 00:00:00 2001 From: Carmen Rata Date: Wed, 29 Sep 2021 16:57:02 -0400 Subject: [PATCH] Add tolerations to auditd pod Add tolerations configuration to audit armada app helm charts. This is to allow auditd pods to run on tainted nodes, specifically master/controller nodes with NoSchedule taint. Tests performed: pass: Install the audit armada app with tolerations enabled and test app successfully installs. pass: Enable taint and test the app continues to work as usual. pass: Disable the taint and test the app continues to work as usual. pass: Enable the taint and test the app continues to work as usual. Remove the installed app (tolerations enabled), reinstall the app with tolerations enabled and test the app continues to work as usual. Story: 2009232 Task: 43340 Signed-off-by: Carmen Rata Change-Id: Ic5103e878e387a3d3bf78f9d029817c9c5ef87d6 --- .../helm-charts/audit/templates/daemonset.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml b/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml index b932258..57ca069 100644 --- a/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml +++ b/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml @@ -21,6 +21,12 @@ spec: spec: hostNetwork: true hostPID: true + tolerations: + # this toleration is to have the daemonset runnable on master nodes + # remove it if masters can't run pods + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule containers: - name: {{ include "audit.name" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"