add custom tolerations for falco daemonset

lightspin-tech · Feb 16, 2023 · ade059c · ade059c
1 parent e1e6a64
commit ade059c
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 4 deletions.
diff --git a/charts/kubecollector/Chart.yaml b/charts/kubecollector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubecollector
 description: A Helm chart for Lightspin Kuberenetes CSPM
 type: application
-version: 0.1.7
+version: 0.1.8
 appVersion: "2.0.0"
 home: https://lightspin.io/
 maintainers:

diff --git a/charts/kubecollector/README.md b/charts/kubecollector/README.md
@@ -1,6 +1,6 @@
 # Lightspin KubeCollector
 
-![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
+![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 [Lightspin](https://www.lightspin.io/) is a graph-based technology immediately visualizes, prioritizes, and dynamically remediates critical cloud risks with no custom configuration needed. This repository contains the Helm chart for the Lightspin KubeCollector application to be deployed on customers Kubernetes clusters.
 
@@ -132,6 +132,7 @@ The following table lists the configurable parameters of the Lightspin KubeColle
 | runtime.falco.image.repository | string | `"public.ecr.aws/falcosecurity/falco"` | falco agent image repository |
 | runtime.falco.image.tag | string | `"0.33.1"` | falco agent image tag |
 | runtime.falco.name | string | `"runtime"` | name of the falco daemonset service |
+| runtime.falco.tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]` | tolerations for the falco daemonset |
 | tenantId | string | `nil` | Lightspin tenant id (id-xyz). |
 | worker.config.api_rate_limit | float | `0` | kubernetes api calls sleep time between each call. |
 | worker.config.cmd_poller_interval | int | `60` | check for command message interval. |

diff --git a/charts/kubecollector/templates/daemonsets/runtime-daemonset.yaml b/charts/kubecollector/templates/daemonsets/runtime-daemonset.yaml
@@ -19,9 +19,10 @@ spec:
         role: security
     spec:
       serviceAccountName: {{ template "lightspin-kubecollector.runtime.falco.serviceAccountName" . }}
+      {{- with .Values.runtime.falco.tolerations }}
       tolerations:
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/master
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
         - name: falco
           image: "{{ .Values.runtime.falco.image.repository }}:{{ .Values.runtime.falco.image.tag }}"

diff --git a/charts/kubecollector/values.yaml b/charts/kubecollector/values.yaml
@@ -144,6 +144,10 @@ runtime:
     ebpf_probe:
       # runtime.falco.ebpf_probe.enabled -- enable ebpf probe for falco.
       enabled: false
+    tolerations:
+      # runtime.falco.tolerations -- tolerations for the falco daemonset
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
   events:
     # runtime.events.fullnameOverride -- fully qualified name of the runtime events service
     fullnameOverride: light-kuberuntime-events