From efef465aab6bc09bfc3e2964d71fbe7d041cefd8 Mon Sep 17 00:00:00 2001
From: Adam Johnson <adamjohnson01@gmail.com>
Date: Wed, 31 May 2023 09:29:38 +0100
Subject: [PATCH] feat: cleanup job tolerations (#7331)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: cleanup job tolerations

Signed-off-by: Adam Johnson <adamjohnson01@gmail.com>

* Update charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml

Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Adam Johnson <adamjohnson01@gmail.com>

---------

Signed-off-by: Adam Johnson <adamjohnson01@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 charts/kyverno/README.md                                    | 2 ++
 .../templates/cleanup/cleanup-admission-reports.yaml        | 4 ++++
 .../cleanup/cleanup-cluster-admission-reports.yaml          | 4 ++++
 charts/kyverno/values.yaml                                  | 6 ++++++
 4 files changed, 16 insertions(+)

diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 1c3d923e86..e50d54dca9 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -623,6 +623,7 @@ The chart values are organised per component.
 | cleanupJobs.admissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.admissionReports.podSecurityContext | object | `{}` | Security context for the pod |
 | cleanupJobs.admissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
+| cleanupJobs.admissionReports.tolerations | list | `[]` | List of node taints to tolerate |
 | cleanupJobs.clusterAdmissionReports.enabled | bool | `true` | Enable cleanup cronjob |
 | cleanupJobs.clusterAdmissionReports.image.registry | string | `nil` | Image registry |
 | cleanupJobs.clusterAdmissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
@@ -633,6 +634,7 @@ The chart values are organised per component.
 | cleanupJobs.clusterAdmissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.clusterAdmissionReports.podSecurityContext | object | `{}` | Security context for the pod |
 | cleanupJobs.clusterAdmissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
+| cleanupJobs.clusterAdmissionReports.tolerations | list | `[]` | List of node taints to tolerate |
 
 ### Other
 
diff --git a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
index bce2bc5a79..80f8c8c21b 100644
--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@@ -40,4 +40,8 @@ spec:
               {{- toYaml . | nindent 14 }}
             {{- end }}
           restartPolicy: OnFailure
+          {{- with .Values.cleanupJobs.admissionReports.tolerations }}
+          tolerations:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
 {{- end -}}
diff --git a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
index 9d95704043..7515a227ee 100644
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@@ -40,4 +40,8 @@ spec:
               {{- toYaml . | nindent 14 }}
             {{- end }}
           restartPolicy: OnFailure
+          {{- with .Values.cleanupJobs.clusterAdmissionReports.tolerations }}
+          tolerations:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
 {{- end -}}
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index f1cd3e0123..2f90460917 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -428,6 +428,9 @@ cleanupJobs:
       seccompProfile:
         type: RuntimeDefault
 
+    # -- List of node taints to tolerate
+    tolerations: []
+
   clusterAdmissionReports:
 
     # -- Enable cleanup cronjob
@@ -471,6 +474,9 @@ cleanupJobs:
       seccompProfile:
         type: RuntimeDefault
 
+    # -- List of node taints to tolerate
+    tolerations: []
+
 # Admission controller configuration
 admissionController: