Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tolerations, nodeSelectors, etc should be set per workload #133

Open
treyhyde opened this issue Nov 11, 2022 · 9 comments
Open

tolerations, nodeSelectors, etc should be set per workload #133

treyhyde opened this issue Nov 11, 2022 · 9 comments
Assignees

Comments

@treyhyde
Copy link

If I set a toleration to allow the node agent to work on all the nodes, the scanner process also gets that toleration which is very undesirable

@cirego
Copy link
Contributor

cirego commented Nov 11, 2022

Hi @treyhyde, thanks for bringing this issue to our attention! Two clarification questions for you:

  • Is this for the agent Helm Charts?
  • When you say scanner process, are you referring to the cluster mode agent?

@treyhyde
Copy link
Author

yes and yes, sorry for the confusion

@cirego
Copy link
Contributor

cirego commented Nov 11, 2022

@treyhyde, awesome! We can make those changes. Thank you for raising the issue!

@cirego cirego assigned cirego and rnalexlacework and unassigned cirego Nov 11, 2022
@treyhyde
Copy link
Author

great thanks, I might have to disable the scanner until they are. Thanks for the followup.

@treyhyde
Copy link
Author

This is really preventing adoption of newer lacework features (things that require the clusteragent)

@rnalexlacework
Copy link
Collaborator

This is really preventing adoption of newer lacework features (things that require the clusteragent)

Thanks for the follow up. We are working on getting this in an upcoming release.

@rnalexlacework
Copy link
Collaborator

This is really preventing adoption of newer lacework features (things that require the clusteragent)

Thanks for the follow up. We are working on getting this in an upcoming release.

@treyhyde per workload tolerations and node selectors are released as part of 6.7 version release. Please let us know if this resolves the installation issues you faced.

@treyhyde
Copy link
Author

@rnalexlacework The syntax is a little awkward but seems to be ok to separate the tolerations of the cluster vs node agents. I don't see a "nodeSelector" for the "deployment" available.

Just looked to fix our "proxy-scanner" config as well and there are even fewer options.

@d-mankowski-synerise
Copy link

Unfortunately, it is still not possible to set tolerations for deployments of proxy-scanner and admission-controller. I can submit PR with the fix, if you don't mind

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants