Add toleration to secret-observer cronjob

A toleration needs to be added to all resources that create pods since
the node-role.kubernetes.io/master taint will be restored to all master
nodes. This will ensure that the pods will run on the master node.

Test Plan: Install oidc-auth-apps with taint enabled on the node and
verify secret-observer triggers pods restart on secret changes

PASS: Install oidc-auth-apps with taint enabled
PASS: Update and reapply oidc-auth-apps with taint enabled
PASS: Verify that changing a secret causes its related resources to be
restarted (e.g.: dex-client-secret/stx-oidc-client)

Regression: System and secret-observer builds and works the same when
taint is not enabled

PASS: Verify oidc-auth-apps application builds and installs properly
PASS: Verify updating the secret-observer cronjob schedule works the
same
PASS: Verify secret-observer performs pods restarts on secret changes
when taint is disabled

Story: 2009232
Task: 43505
Depends-On: https://review.opendev.org/c/starlingx/helm-charts/+/812510
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
Change-Id: Iaf6caa05943661bfabb5c7c4b92ad9f7c5a6e528
This commit is contained in:
Rafael Camargos 2021-10-06 14:42:15 -03:00
parent 14f65f438f
commit 7d1fc8f6f0

View File

@ -139,6 +139,10 @@ data:
- secretName: "local-dex.tls" - secretName: "local-dex.tls"
filename: "tls.crt" filename: "tls.crt"
deploymentToRestart: "oidc-dex" deploymentToRestart: "oidc-dex"
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
source: source:
location: http://172.17.0.1:8080/helm_charts/stx-platform/secret-observer-0.1.0.tgz location: http://172.17.0.1:8080/helm_charts/stx-platform/secret-observer-0.1.0.tgz
subpath: secret-observer subpath: secret-observer