welcome-to-palo-alto-networks[bot]
commented
2 years ago :tada: Thanks for opening your first issue here! Welcome to the community!
Open ctrought opened 2 years ago
welcome-to-palo-alto-networks[bot]
commented
2 years ago :tada: Thanks for opening your first issue here! Welcome to the community!
Is your feature request related to a problem?
In order to have defender pods scheduled to a specific set of hosts that match multiple criteria one needs to create a new label across those nodes (e.g. run on nodes with worker and infra roles but not master).
Describe the solution you'd like
Allow setting node affinity in the defender CR. This will provide more flexibility over scheduling the defender daemonset.
Describe alternatives you've considered
Manually labelling nodes, and continuing to maintain that label as nodes are added/removed which can easily be forgotten.
Additional context
https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity