KSM Deployment has tolerations that are too broad #1165

Kab1r · 2025-02-08T17:15:51Z

KSM Deployment is configured with tolerations that allow pods to be scheduled on any node with NoSchedule and NoExecute

Description

KSM pods are being scheduled on nodes that are reserved for other purposes.
This kind of broad toleration is generally only used on DaemonSets.

KSM pods should not be allowed to schedule on all tainted nodes.

Setup cluster with at least two nodes.
Taint one node with application=reserved:NoSchedule
Deploy NRI Bundle
Observe that KSM is created with toleration that allows scheduling on the tainted node, though it may not have been scheduled on the node depending on the order in which pods were created

EKS
newrelic-infrastructure-3.38.0

Looking at commit history, it appears that KSM was at least documented as a DaemonSet at some point.

Suggested Priority (P1,P2,P3,P4,P5):
Suggested T-Shirt size (S, M, L, XL, Unknown):

The text was updated successfully, but these errors were encountered:

workato-integration · 2025-02-08T17:15:56Z

Kab1r added the bug Categorizes issue or PR as related to a bug. label Feb 8, 2025