aaw-toleration-injector needs to add three tolerations to any cloud-main-system egress gateway pod in order for that pod to be scheduled to the cloud-main-system nodepool:
node.statcan.gc.ca/purpose=system
node.statcan.gc.ca/use=cloud-main-system
data.statcan.gc.ca/classification=protected-b
If all three tolerations are added to the egress gateway pod, it should get correctly scheduled to the cloud-main-system node pool. The toleration node.statcan.gc.ca/use=cloud-main-system is added only for pods scheduled to the cloud-main-system namespace, so no other pods should get accidentally scheduled to the cloud-main-system node pool.
Collinbrown95
commented
2 years ago
aaw-toleration-injectorneeds to add three tolerations to anycloud-main-systemegress gateway pod in order for that pod to be scheduled to thecloud-main-systemnodepool:node.statcan.gc.ca/purpose=systemnode.statcan.gc.ca/use=cloud-main-systemdata.statcan.gc.ca/classification=protected-bIf all three tolerations are added to the egress gateway pod, it should get correctly scheduled to the
cloud-main-systemnode pool. The tolerationnode.statcan.gc.ca/use=cloud-main-systemis added only for pods scheduled to thecloud-main-systemnamespace, so no other pods should get accidentally scheduled to thecloud-main-systemnode pool.