feat: cleanup job tolerations (#7331)

* feat: cleanup job tolerations Signed-off-by: Adam Johnson <adamjohnson01@gmail.com> * Update charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Adam Johnson <adamjohnson01@gmail.com> --------- Signed-off-by: Adam Johnson <adamjohnson01@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-05-31 09:29:38 +01:00 · 2023-05-31 09:29:38 +01:00 · efef465aab
commit efef465aab
parent 1c71d638a0
4 changed files with 16 additions and 0 deletions
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -623,6 +623,7 @@ The chart values are organised per component.
 | cleanupJobs.admissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.admissionReports.podSecurityContext | object | `{}` | Security context for the pod |
 | cleanupJobs.admissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
+| cleanupJobs.admissionReports.tolerations | list | `[]` | List of node taints to tolerate |
 | cleanupJobs.clusterAdmissionReports.enabled | bool | `true` | Enable cleanup cronjob |
 | cleanupJobs.clusterAdmissionReports.image.registry | string | `nil` | Image registry |
 | cleanupJobs.clusterAdmissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
@ -633,6 +634,7 @@ The chart values are organised per component.
 | cleanupJobs.clusterAdmissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.clusterAdmissionReports.podSecurityContext | object | `{}` | Security context for the pod |
 | cleanupJobs.clusterAdmissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
+| cleanupJobs.clusterAdmissionReports.tolerations | list | `[]` | List of node taints to tolerate |

 ### Other

--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@ -40,4 +40,8 @@ spec:
              {{- toYaml . | nindent 14 }}
            {{- end }}
          restartPolicy: OnFailure
+          {{- with .Values.cleanupJobs.admissionReports.tolerations }}
+          tolerations:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
 {{- end -}}
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@ -40,4 +40,8 @@ spec:
              {{- toYaml . | nindent 14 }}
            {{- end }}
          restartPolicy: OnFailure
+          {{- with .Values.cleanupJobs.clusterAdmissionReports.tolerations }}
+          tolerations:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
 {{- end -}}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -428,6 +428,9 @@ cleanupJobs:
      seccompProfile:
        type: RuntimeDefault

+    # -- List of node taints to tolerate
+    tolerations: []
+
  clusterAdmissionReports:

    # -- Enable cleanup cronjob
@ -471,6 +474,9 @@ cleanupJobs:
      seccompProfile:
        type: RuntimeDefault

+    # -- List of node taints to tolerate
+    tolerations: []
+
 # Admission controller configuration
 admissionController: