Skip to content

Commit

Permalink
Make --nodes-without-cilium work with SPIRE
Browse files Browse the repository at this point in the history
This change sets the same affinity on the SPIRE agent as CIlium has when
--nodes-without-cilium is used, this prevents it from being scheduled
where Cilium agent is not present.

Signed-off-by: Maartje Eyskens <[email protected]>
  • Loading branch information
meyskens committed Nov 9, 2023
1 parent 9731260 commit c9aaccc
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
8 changes: 8 additions & 0 deletions defaults/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -173,4 +173,12 @@ var (
"operator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator=NotIn",
"operator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0]=true",
}

// SpireAgentScheduleAffinity is the node affinity to prevent the SPIRE agent from being scheduled on
// nodes labeled with CiliumNoScheduleLabel.
SpireAgentScheduleAffinity = []string{
"authentication.mutual.spire.install.agent.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key=" + CiliumNoScheduleLabel,
"authentication.mutual.spire.install.agent.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].authentication.mutual.spire.install.agent=NotIn",
"authentication.mutual.spire.install.agent.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0]=true",
}
)
1 change: 1 addition & 0 deletions install/helm.go
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,7 @@ func (k *K8sInstaller) getHelmValues() (map[string]interface{}, error) {
if len(k.params.NodesWithoutCilium) != 0 {
k.params.HelmOpts.StringValues = append(k.params.HelmOpts.StringValues, defaults.CiliumScheduleAffinity...)
k.params.HelmOpts.StringValues = append(k.params.HelmOpts.StringValues, defaults.CiliumOperatorScheduleAffinity...)
k.params.HelmOpts.StringValues = append(k.params.HelmOpts.StringValues, defaults.SpireAgentScheduleAffinity...)
}

// Store all the options passed by --config into helm extraConfig
Expand Down

0 comments on commit c9aaccc

Please sign in to comment.