✨ (helm/v2-alpha) add tolerations, nodeselector and affinity

[robinlioret]

Adds nodeSelector, affinity and tolerations to the manager deployment template and values of the helm chart (v2-alpha).

Related issue: #4835

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: robinlioret / name: Robin LIORET (a417039)

[k8s-ci-robot]

Hi @robinlioret. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[vitorfloriano]

/ok-to-test

[robinlioret]

The PR looks ready to be merged.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86, robinlioret

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [camilamacedo86]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[robinlioret]

Thanks for approving the PR. I see two failing tests though.

• Test GoReleaser and CLI Version / go-releaser-test (pull_request)

Fails while fetching https://github.com/anchore/syft/releases/latest (ERR 503)
Is it a rate limitation ? Can we restart this specific test to confirm ?

• E2E Testdata Sample / e2e-tests-project-v4 (pull_request)

Fails like nothing was listening on the metric port.
I tried to generate the test-data again. No change.

manager:
    Port:          9443/TCP (webhook-server)
    Host Port:     0/TCP (webhook-server)
    Args:
      --metrics-bind-address=:8443

Is it a bug in the installation file ? Shouldn't it expose the 8443 port as well ?

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[camilamacedo86]

This must be defined by who maintain the project and not who consume the project
If the image is not built for those then allowing who consume the solution via HelmChart add those will just end up in issues.

We should only expose values in the HelmCharts that make sense for who consume the solution.

[camilamacedo86]

Hi @robinlioret,

Thanks for the contribution.

We can’t accept this change.

The Helm chart is only used to package and distribute a project.
It is not meant to define or change what the project supports.

Things like:

• nodeSelector
• affinity
• tolerations
• supported architectures / OS

are decisions made by the project maintainers, based on how the
controller image is built and tested. That must be configured in the manager and should appear in the manager file of the helm chart but not exposed via values.

If we expose these as Helm values, end users could deploy the controller
on nodes or platforms that the project does not support.
That would break the project’s support guarantees and may not work at all.

If a project needs specific scheduling rules, they must be defined by
the project itself (for example in the manifests or kustomize),
not configured by Helm values.

For this reason, we don’t expose these options in the generated Helm chart.

Thanks again for the proposal.

/hold

we cannot move forward with those one.
See: #5246 (comment)