Adds tolertions to GitRepo

When applying a `GitRepo` in a cluster where all the nodes are tainted the pod created to call `fleet apply` remans waiting as Pending. This PR adds tolerations to the `GitRepo` spec. Those tolerations will be added to the job spec when running `fleet apply` so the pod is scheduled. Refers to: rancher#3313 Signed-off-by: Xavi Garcia <[email protected]>
0xavi0 · Feb 10, 2025 · 523d91f · 523d91f
1 parent 42e75e9
commit 523d91f
Show file tree

Hide file tree

Showing 5 changed files with 143 additions and 0 deletions.
diff --git a/charts/fleet-crd/templates/crds.yaml b/charts/fleet-crd/templates/crds.yaml
@@ -6604,6 +6604,63 @@ spec:
                         type: string
                     type: object
                   type: array
+                tolerations:
+                  description: Tolerations specifies tolerations to be added when
+                    running fleet apply
+                  items:
+                    description: 'The pod this Toleration is attached to tolerates
+                      any taint that matches
+
+                      the triple <key,value,effect> using the matching operator <operator>.'
+                    properties:
+                      effect:
+                        description: 'Effect indicates the taint effect to match.
+                          Empty means match all taint effects.
+
+                          When specified, allowed values are NoSchedule, PreferNoSchedule
+                          and NoExecute.'
+                        type: string
+                      key:
+                        description: 'Key is the taint key that the toleration applies
+                          to. Empty means match all taint keys.
+
+                          If the key is empty, operator must be Exists; this combination
+                          means to match all values and all keys.'
+                        type: string
+                      operator:
+                        description: 'Operator represents a key''s relationship to
+                          the value.
+
+                          Valid operators are Exists and Equal. Defaults to Equal.
+
+                          Exists is equivalent to wildcard for value, so that a pod
+                          can
+
+                          tolerate all taints of a particular category.'
+                        type: string
+                      tolerationSeconds:
+                        description: 'TolerationSeconds represents the period of time
+                          the toleration (which must be
+
+                          of effect NoExecute, otherwise this field is ignored) tolerates
+                          the taint. By default,
+
+                          it is not set, which means tolerate the taint forever (do
+                          not evict). Zero and
+
+                          negative values will be treated as 0 (evict immediately)
+                          by the system.'
+                        format: int64
+                        type: integer
+                      value:
+                        description: 'Value is the taint value the toleration matches
+                          to.
+
+                          If the operator is Exists, the value should be empty, otherwise
+                          just a regular string.'
+                        type: string
+                    type: object
+                  type: array
               type: object
             status:
               properties:

diff --git a/internal/cmd/controller/gitops/reconciler/gitjob_controller.go b/internal/cmd/controller/gitops/reconciler/gitjob_controller.go
@@ -548,6 +548,9 @@ func (r *GitJobReconciler) newGitJob(ctx context.Context, obj *v1alpha1.GitRepo)
 		return nil, err
 	}
 
+	// Add user defined tolerations
+	jobSpec.Template.Spec.Tolerations = append(jobSpec.Template.Spec.Tolerations, obj.Spec.Tolerations...)
+
 	job := &batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{
 			Annotations: map[string]string{

diff --git a/internal/cmd/controller/gitops/reconciler/gitjob_test.go b/internal/cmd/controller/gitops/reconciler/gitjob_test.go
@@ -683,6 +683,7 @@ func TestNewJob(t *testing.T) { // nolint:funlen
 		expectedInitContainers []corev1.Container
 		expectedVolumes        []corev1.Volume
 		expectedErr            error
+		expectedTolerations    []corev1.Toleration
 	}{
 		"simple (no credentials, no ca, no skip tls)": {
 			gitrepo: &fleetv1.GitRepo{
@@ -725,6 +726,77 @@ func TestNewJob(t *testing.T) { // nolint:funlen
 			},
 			client: fake.NewFakeClient(),
 		},
+		"simple with custom gitrepo tolerations": {
+			gitrepo: &fleetv1.GitRepo{
+				Spec: fleetv1.GitRepoSpec{
+					Repo: "repo",
+					Tolerations: []corev1.Toleration{
+						{
+							Key:      "key1",
+							Value:    "value1",
+							Operator: "Equals",
+							Effect:   "NoSchedule",
+						},
+						{
+							Key:      "key2",
+							Value:    "value2",
+							Operator: "Exists",
+							Effect:   "NoExecute",
+						},
+					},
+				},
+			},
+			expectedInitContainers: []corev1.Container{
+				{
+					Command: []string{
+						"fleet",
+					},
+					Args:  []string{"gitcloner", "repo", "/workspace", "--branch", "master"},
+					Image: "test",
+					Name:  "gitcloner-initializer",
+					VolumeMounts: []corev1.VolumeMount{
+						{
+							Name:      gitClonerVolumeName,
+							MountPath: "/workspace",
+						},
+						{
+							Name:      emptyDirVolumeName,
+							MountPath: "/tmp",
+						},
+					},
+					SecurityContext: securityContext,
+				},
+			},
+			expectedVolumes: []corev1.Volume{
+				{
+					Name: gitClonerVolumeName,
+					VolumeSource: corev1.VolumeSource{
+						EmptyDir: &corev1.EmptyDirVolumeSource{},
+					},
+				},
+				{
+					Name: emptyDirVolumeName,
+					VolumeSource: corev1.VolumeSource{
+						EmptyDir: &corev1.EmptyDirVolumeSource{},
+					},
+				},
+			},
+			client: fake.NewFakeClient(),
+			expectedTolerations: []corev1.Toleration{
+				{
+					Key:      "key1",
+					Value:    "value1",
+					Operator: "Equals",
+					Effect:   "NoSchedule",
+				},
+				{
+					Key:      "key2",
+					Value:    "value2",
+					Operator: "Exists",
+					Effect:   "NoExecute",
+				},
+			},
+		},
 		"simple with custom branch": {
 			gitrepo: &fleetv1.GitRepo{
 				Spec: fleetv1.GitRepoSpec{

diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/gitrepo_types.go b/pkg/apis/fleet.cattle.io/v1alpha1/gitrepo_types.go
@@ -1,6 +1,7 @@
 package v1alpha1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -135,6 +136,9 @@ type GitRepoSpec struct {
 	// Disables git polling. When enabled only webhooks will be used.
 	DisablePolling bool `json:"disablePolling,omitempty"`
 
+	// Tolerations specifies tolerations to be added when running fleet apply
+	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+
 	// OCIRegistry specifies the OCI registry related parameters
 	OCIRegistry *OCIRegistrySpec `json:"ociRegistry,omitempty"`
 }

diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated.deepcopy.go