search

CrowdStrike / terraform-kubectl-falcon

Module to manage CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.
https://registry.terraform.io/modules/CrowdStrike/falcon/kubectl/latest
The Unlicense
7 stars 14 forks source link

Update Helm Charts to Support Custom Tolerations #46

Open brieschick34 opened 8 months ago

brieschick34 commented 8 months ago

I am currently deploying the k8s protection agent module and it is failing to start due to not matching the required tolerations. Please add a variable input to allow users to pass their tolerations, or add an any type variable for the helm values and let users pass in the available values of that helm chart.

Again without this feature we are unable to schedule pods to nodes preventing the agent for doing anything.

Module Call: 

module "crowdstrike_falcon_kpa" {
  count = var.crowdstrike.enabled ? 1 : 0
  source = "git::https://github.com/CrowdStrike/terraform-kubectl-falcon.git//modules//k8s-protection-agent"

  cluster_name     = var.cluster_name

  cloud            = var.crowdstrike.cloud
  client_id        = var.crowdstrike.client_id

  cid              = var.crowdstrike_auth.cid
  client_secret    = var.crowdstrike_auth.client_secret
  docker_api_token = var.crowdstrike_auth.docker_api_token
}

Error in Lens: 0/5 nodes are available: 2 node(s) had untolerated taint {appType: system}, 3 node(s) had untolerated taint {appType: shared}. preemption: 0/5 nodes are available: 5 Preemption is not helpful for scheduling..

image