Add taint toleration to oidc-client and dex
A toleration needs to be added to all pods since the node-role.kubernetes.io/master taint will be restored to all master nodes. This will ensure that the pod will run on the master node. The following tests were executed in an AIO-SX setup and lastest STX dev image: - Apply oidc-auth-apps and perform login test. It succeeds. - Add taint, apply oidc-auth-apps and perform login test. It fails. - Replace oidc-auth-apps with new version (with toleration), add taint, apply oidc-auth-apps and perform login test. It succeeds. Story: 2009232 Task: 43344 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com> Change-Id: I998599221da52629beed3e7d402efb918b4f55d8
This commit is contained in:
parent
5dad017745
commit
71ffe9461e
|
@ -30,6 +30,7 @@ Patch03: 0003-Add-affinity-support.patch
|
|||
Patch04: 0004-Automatically-roll-deployments.patch
|
||||
Patch05: 0005-Update-Dex-chart-for-Helm-v3.patch
|
||||
Patch06: 0006-Create-new-config-value-extraStaticClients.patch
|
||||
Patch07: 0007-Add-tolerance-in-dex-helm-chart.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
|
@ -47,6 +48,7 @@ StarlingX OIDC auth Helm charts
|
|||
%patch04 -p1
|
||||
%patch05 -p1
|
||||
%patch06 -p1
|
||||
%patch07 -p1
|
||||
|
||||
%build
|
||||
# This chart does not require chartmuseum server since
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
From f33823d48746c138631f23962984c1500604f99f Mon Sep 17 00:00:00 2001
|
||||
From: Joao Victor Portal <Joao.VictorPortal@windriver.com>
|
||||
Date: Tue, 28 Sep 2021 14:50:12 -0300
|
||||
Subject: [PATCH] Patch7: 0007-Add-tolerance-in-dex-helm-chart.patch
|
||||
|
||||
---
|
||||
stable/dex/templates/deployment.yaml | 4 ++++
|
||||
stable/dex/values.yaml | 2 ++
|
||||
2 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/stable/dex/templates/deployment.yaml b/stable/dex/templates/deployment.yaml
|
||||
index 1df25b4..975a7ea 100644
|
||||
--- a/stable/dex/templates/deployment.yaml
|
||||
+++ b/stable/dex/templates/deployment.yaml
|
||||
@@ -65,6 +65,10 @@ spec:
|
||||
{{- if ne (len .Values.extraVolumeMounts) 0 }}
|
||||
{{ toYaml .Values.extraVolumeMounts | indent 8 }}
|
||||
{{- end }}
|
||||
+{{- with .Values.tolerations }}
|
||||
+ tolerations:
|
||||
+{{ toYaml . | indent 8 }}
|
||||
+ {{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
diff --git a/stable/dex/values.yaml b/stable/dex/values.yaml
|
||||
index 347cc06..8047582 100644
|
||||
--- a/stable/dex/values.yaml
|
||||
+++ b/stable/dex/values.yaml
|
||||
@@ -89,6 +89,8 @@ serviceAccount:
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
|
||||
+tolerations: []
|
||||
+
|
||||
affinity: {}
|
||||
|
||||
config:
|
||||
--
|
||||
2.17.1
|
||||
|
|
@ -45,6 +45,10 @@ data:
|
|||
serverTlsName: local-dex.tls
|
||||
clientTlsName: local-dex.tls
|
||||
caName: local-dex.tls
|
||||
tolerations:
|
||||
- key: "node-role.kubernetes.io/master"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
|
@ -94,6 +98,10 @@ data:
|
|||
service:
|
||||
type: NodePort
|
||||
port: 5555
|
||||
tolerations:
|
||||
- key: "node-role.kubernetes.io/master"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
|
|
Loading…
Reference in New Issue