Add taint toleration to oidc-client and dex

A toleration needs to be added to all pods since the node-role.kubernetes.io/master taint will be restored to all master nodes. This will ensure that the pod will run on the master node. The following tests were executed in an AIO-SX setup and lastest STX dev image: - Apply oidc-auth-apps and perform login test. It succeeds. - Add taint, apply oidc-auth-apps and perform login test. It fails. - Replace oidc-auth-apps with new version (with toleration), add taint, apply oidc-auth-apps and perform login test. It succeeds. Story: 2009232 Task: 43344 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com> Change-Id: I998599221da52629beed3e7d402efb918b4f55d8
2021-09-27 19:25:05 -03:00 · 2021-09-27 19:25:05 -03:00 · 71ffe9461e
parent 5dad017745
commit 71ffe9461e
3 changed files with 51 additions and 0 deletions
--- a/dex-helm/centos/dex-helm.spec
+++ b/dex-helm/centos/dex-helm.spec
@ -30,6 +30,7 @@ Patch03: 0003-Add-affinity-support.patch
 Patch04: 0004-Automatically-roll-deployments.patch
 Patch05: 0005-Update-Dex-chart-for-Helm-v3.patch
 Patch06: 0006-Create-new-config-value-extraStaticClients.patch
+Patch07: 0007-Add-tolerance-in-dex-helm-chart.patch

 BuildArch: noarch

@ -47,6 +48,7 @@ StarlingX OIDC auth Helm charts
 %patch04 -p1
 %patch05 -p1
 %patch06 -p1
+%patch07 -p1

 %build
 # This chart does not require chartmuseum server since
--- a/dex-helm/files/0007-Add-tolerance-in-dex-helm-chart.patch
+++ b/dex-helm/files/0007-Add-tolerance-in-dex-helm-chart.patch
@ -0,0 +1,41 @@
+From f33823d48746c138631f23962984c1500604f99f Mon Sep 17 00:00:00 2001
+From: Joao Victor Portal <Joao.VictorPortal@windriver.com>
+Date: Tue, 28 Sep 2021 14:50:12 -0300
+Subject: [PATCH] Patch7: 0007-Add-tolerance-in-dex-helm-chart.patch
+
+---
+ stable/dex/templates/deployment.yaml | 4 ++++
+ stable/dex/values.yaml               | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/stable/dex/templates/deployment.yaml b/stable/dex/templates/deployment.yaml
+index 1df25b4..975a7ea 100644
+--- a/stable/dex/templates/deployment.yaml
+++ b/stable/dex/templates/deployment.yaml
+@@ -65,6 +65,10 @@ spec:
+ {{- if ne (len .Values.extraVolumeMounts) 0 }}
+ {{ toYaml .Values.extraVolumeMounts | indent 8 }}
+ {{- end }}
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+ {{- with .Values.affinity }}
+       affinity:
+ {{ toYaml . | indent 8 }}
+diff --git a/stable/dex/values.yaml b/stable/dex/values.yaml
+index 347cc06..8047582 100644
+--- a/stable/dex/values.yaml
+++ b/stable/dex/values.yaml
+@@ -89,6 +89,8 @@ serviceAccount:
+   # If not set and create is true, a name is generated using the fullname template
+   name:
+ 
+tolerations: []
+
+ affinity: {}
+ 
+ config:
+-- 
+2.17.1
+
--- a/stx-oidc-auth-helm/stx-oidc-auth-helm/manifests/manifest.yaml
+++ b/stx-oidc-auth-helm/stx-oidc-auth-helm/manifests/manifest.yaml
@ -45,6 +45,10 @@ data:
          serverTlsName: local-dex.tls
          clientTlsName: local-dex.tls
          caName: local-dex.tls
+    tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
@ -94,6 +98,10 @@ data:
    service:
      type: NodePort
      port: 5555
+    tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution: