Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support affinities for scan jobs #1835

Closed
maxbrunet opened this issue Feb 5, 2024 · 2 comments · Fixed by #1915
Closed

Support affinities for scan jobs #1835

maxbrunet opened this issue Feb 5, 2024 · 2 comments · Fixed by #1915
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/backlog Higher priority than priority/awaiting-more-evidence. target/kubernetes Issues relating to kubernetes cluster scanning

Comments

@maxbrunet
Copy link
Contributor

maxbrunet commented Feb 5, 2024

Hello! 👋

I would like to allow node-level jobs to run on any node with taints, except some. Currently, a config with the exhaustive list of acceptable taints is required, and every time a new taint is added to the cluster, it also needs to be added to the scan job tolerations:

nodeCollector.excludeNodes: type=virtual-kubelet
scanJob.tolerations: '[ many many many taints ]'

Ideally, I would like to tolerate all taints, but exclude some nodes with a node anti-affinity instead:

nodeCollector.excludeNodes: type=virtual-kubelet
scanJob.affinity: '{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"virtual-kubelet.io/provider","operator":"DoesNotExist"}]}]}}}'
scanJob.tolerations: '[{"operator":"Exists"}]'

A scanJob.affinity option would be nice for this purpose.

Please let me know if there is already a way to achieve that or if I am missing something.

@maxbrunet maxbrunet added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 5, 2024
@chen-keinan
Copy link
Contributor

@maxbrunet sound a vital config for your use-case contribution are welcome if you have time.

@maxbrunet
Copy link
Contributor Author

In the implementation should the Linux node-affinity just become the default value of scanJob.affinity which that means it could be overwritten? I guess this default would be set from the Helm chart? Or should a strategic merge happen with scanJob.affinity? The later might not be as obvious to the user about what the effects are since it involves lists

// LinuxNodeAffinity constructs a new Affinity resource with linux supported nodes.
func LinuxNodeAffinity() *corev1.Affinity {

I will see if I can find the time.

@chen-keinan chen-keinan added priority/backlog Higher priority than priority/awaiting-more-evidence. target/kubernetes Issues relating to kubernetes cluster scanning labels Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/backlog Higher priority than priority/awaiting-more-evidence. target/kubernetes Issues relating to kubernetes cluster scanning
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants