Skip to content

feat: Auto tolerate DaemonSets with mutating admission controller #7

Description

@ajaysundark

When requirements change or a new NodeReadinessRule with a new taint need to be managed, existing components (DaemonSets) don't tolerate it. This require the admin to manually update every DaemonSet manifest to add the toleration. This is not great for operational ergonomics as in a typical enterprise setup the ownership are spread across different teams.

Proposed Solution

For better UX, an optional mutating admission policy could automatically inject tolerations for readiness.k8s.io/* taints into DaemonSets.

How it works

  • Watch DaemonSet create/update operations
  • Automatically add tolerations for all NoSchedule taints with readiness.k8s.io/ prefix
  • Disabled by default (separate deployment from main controller)

This will ensure no manual manifest updates are required when adding new readiness rules, and guarantee safer operations of critical daemon-sets during project evolution

Metadata

Metadata

Assignees

Labels

lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.
No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions