From 8bf73d66a7c3a86365bc7f0a12fbb82d83a905c1 Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Fri, 5 Aug 2022 13:56:26 +0300
Subject: [PATCH] Add configurable tolerations (fixes #9 and #27)

---
 deploy/helm/README.md                  |  3 +++
 deploy/helm/manifest.yaml              |  9 +++++++++
 deploy/helm/templates/csi-s3.yaml      | 13 +++++++++++++
 deploy/helm/templates/provisioner.yaml | 12 ++++++++++--
 deploy/helm/values.yaml                |  5 +++++
 deploy/kubernetes/attacher.yaml        |  9 +++++++--
 deploy/kubernetes/csi-s3.yaml          |  6 ++++++
 7 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/deploy/helm/README.md b/deploy/helm/README.md
index 8c70634..2c32ede 100644
--- a/deploy/helm/README.md
+++ b/deploy/helm/README.md
@@ -34,3 +34,6 @@ The following table lists all configuration parameters and their default values.
 | `secret.accessKey`           | S3 Access Key                                                          |                                                        |
 | `secret.secretKey`           | S3 Secret Key                                                          |                                                        |
 | `secret.endpoint`            | Endpoint                                                               | https://storage.yandexcloud.net                        |
+| `tolerations.all`            | Tolerate all taints by the CSI-S3 node driver (mounter)                | false                                                  |
+| `tolerations.node`           | Custom tolerations for the CSI-S3 node driver (mounter)                | []                                                     |
+| `tolerations.controller`     | Custom tolerations for the CSI-S3 controller (provisioner)             | []                                                     |
diff --git a/deploy/helm/manifest.yaml b/deploy/helm/manifest.yaml
index e186263..77a8daf 100644
--- a/deploy/helm/manifest.yaml
+++ b/deploy/helm/manifest.yaml
@@ -102,3 +102,12 @@ user_values:
       ru: Название секрета, который будет создан или использован для класса хранения
     string_value:
       default_value: csi-s3-secret
+  - name: tolerations.all
+    title:
+      en: Tolerate all taints
+      ru: Игнорировать все taint-ы
+    description:
+      en: Tolerate all taints by the CSI-S3 node driver (mounter)
+      ru: Игнорировать все taint-ы узлов кластера драйвером CSI-S3, монтирующим ФС на узлах
+    boolean_value:
+      default_value: false
diff --git a/deploy/helm/templates/csi-s3.yaml b/deploy/helm/templates/csi-s3.yaml
index 1b02cc0..9cf046f 100644
--- a/deploy/helm/templates/csi-s3.yaml
+++ b/deploy/helm/templates/csi-s3.yaml
@@ -52,6 +52,19 @@ spec:
       labels:
         app: csi-s3
     spec:
+      tolerations:
+        {{- if .Values.tolerations.all }}
+        - operator: Exists
+        {{- else }}
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - operator: Exists
+          effect: NoExecute
+          tolerationSeconds: 300
+        {{- end }}
+        {{- with .Values.tolerations.node }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       serviceAccount: csi-s3
       hostNetwork: true
       containers:
diff --git a/deploy/helm/templates/provisioner.yaml b/deploy/helm/templates/provisioner.yaml
index cef6e0c..46d0bb8 100644
--- a/deploy/helm/templates/provisioner.yaml
+++ b/deploy/helm/templates/provisioner.yaml
@@ -70,8 +70,16 @@ spec:
     spec:
       serviceAccount: csi-provisioner-sa
       tolerations:
-      - key: node-role.kubernetes.io/master
-        operator: "Exists"
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - operator: Exists
+          effect: NoExecute
+          tolerationSeconds: 300
+        {{- with .Values.tolerations.controller }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       containers:
         - name: csi-provisioner
           image: {{ .Values.images.provisioner }}
diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index 3c2027c..4d33bbb 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -37,3 +37,8 @@ secret:
   secretKey: ""
   # Endpoint
   endpoint: https://storage.yandexcloud.net
+
+tolerations:
+  all: false
+  node: []
+  controller: []
diff --git a/deploy/kubernetes/attacher.yaml b/deploy/kubernetes/attacher.yaml
index cca2d7d..06a8be1 100644
--- a/deploy/kubernetes/attacher.yaml
+++ b/deploy/kubernetes/attacher.yaml
@@ -77,8 +77,13 @@ spec:
     spec:
       serviceAccount: csi-attacher-sa
       tolerations:
-      - key: node-role.kubernetes.io/master
-        operator: "Exists"
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - operator: Exists
+          effect: NoExecute
+          tolerationSeconds: 300
       containers:
         - name: csi-attacher
           image: quay.io/k8scsi/csi-attacher:v3.0.1
diff --git a/deploy/kubernetes/csi-s3.yaml b/deploy/kubernetes/csi-s3.yaml
index e2235db..5b9728e 100644
--- a/deploy/kubernetes/csi-s3.yaml
+++ b/deploy/kubernetes/csi-s3.yaml
@@ -52,6 +52,12 @@ spec:
       labels:
         app: csi-s3
     spec:
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - operator: Exists
+          effect: NoExecute
+          tolerationSeconds: 300
       serviceAccount: csi-s3
       hostNetwork: true
       containers: