search

uswitch / nidhogg

Kubernetes Node taints based on Daemonset Pods
Apache License 2.0
76 stars 15 forks source link

handler: taint use the key value #14

Closed JulienBalestra closed 4 years ago

JulienBalestra commented 4 years ago

This PR allows to use a more generic way to tolerate a group of keys instead of tolerating all the taints one by one.

What I'd like to do is tolerate nidhogg.uswitch.com taints in all the daemonsets I have like:

tolerations:
  - key: nidhogg.uswitch.com
    operator: Exists

Instead of:

tolerations:
  - key: nidhogg.uswitch.com/kube-system.kube-proxy
    operator: Exists
  - key: nidhogg.uswitch.com/node-local-dns.node-local-dns
    operator: Exists
  - key: nidhogg.uswitch.com/local-volume-provisioner.local-volume-provisioner
    operator: Exists

This allows us a more flexible way to manage nidhogg and our fleet of daemonsets.

Note: As far as my tests went, it looks like the unicity of the taint must be across all keys 🤔

Joseph-Irving commented 4 years ago

I don't think this can work, taints have to have a unique Key e.g

kubectl taint node nidhogg.uswitch.com=kube-system.kube-proxy:NoSchedule
kubectl taint node nidhogg.uswitch.com=kube-system.kiam:NoSchedule

Would fail with

error: Node minikube already has nidhogg.uswitch.com taint(s) with same effect(s) and --overwrite is false

I remember trying to do this myself when I first created the project as I wanted to be able to do an easy toleration like in your example, but I couldn't get it to work.

JulienBalestra commented 4 years ago

Yes I came to the same conclusion 👌 Closing it !