Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pelotech/nidhogg
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: f27601d02a50dbcb612380431521f0a9704ab27e
Choose a base ref
..
head repository: pelotech/nidhogg
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e9f2d5937a6482d5a18991453f6469acbe3591bb
Choose a head ref
Showing with 22 additions and 8 deletions.
  1. +22 −8 docs/README.md
30 changes: 22 additions & 8 deletions docs/README.md
Original file line number Diff line number Diff line change
@@ -15,20 +15,31 @@ Nidhogg was built using [Kubebuilder](https://github.com/kubernetes-sigs/kubebui
## Usage

Nidhogg requires a yaml/json config file to tell it what Daemonsets to watch and what nodes to act on.
`nodeSelector` is a map of keys/values corresponding to node labels. `daemonsets` is an array of Daemonsets to watch, each containing two fields `name` and `namespace`. Nodes are tainted with taint that follows the format of `nidhogg.uswitch.com/namespace.name:NoSchedule`.

| Attribute name | Required/Optional | Description |
| :--- | :--- | :--- |
| `nodeSelector` | Required | Map of keys/values corresponding to node labels |
| `daemonsets` | Required | Array of Daemonsets to watch, each containing two fields `name` and `namespace` |
| `taintNamePrefix` | Optional | Prefix of the taint name, defaults to `nidhogg.uswitch.com` if not specified |
| `taintRemovalDelayInSeconds` | Optional | Delay to apply before removing taint on the node when ready, defaults to 0 if not specified |

Nodes are tainted with a taint that follows the format of `taintNamePrefix/namespace.name:NoSchedule`

Example:

YAML:
```yaml
nodeSelector:
node-role.kubernetes.io/node
- "node-role.kubernetes.io/node"
- "!node-role.kubernetes.io/master"
- "aws.amazon.com/ec2.asg.name in (standard, special)"
daemonsets:
- name: kiam
namespace: kube-system
taintNamePrefix: "nidhogg.uswitch.com"
taintRemovalDelayInSeconds: 10
```
JSON:
```json
{
"nodeSelector": [
@@ -41,13 +52,16 @@ JSON:
"name": "kiam",
"namespace": "kube-system"
}
]
],
"taintNamePrefix": "nidhogg.uswitch.com",
"taintRemovalDelayInSeconds": 10
}
```
This example will select any nodes in AWS ASGs named "standard" or "special" that have the label
`node-role.kubernetes.io/node` present, and no nodes with label `node-role.kubernetes.io/master`. If the matching nodes
do not have a running and ready pod from the `kiam` daemonset in the `kube-system` namespace. It will add a taint of
`nidhogg.uswitch.com/kube-system.kiam:NoSchedule` until there is a ready kiam pod on the node.
This example will select any nodes in AWS ASGs named "standard" or "special" that have the label `node-role.kubernetes.io/node` present, and no nodes with label `node-role.kubernetes.io/master`

If the matching nodes do not have a running and ready pod from the `kiam` daemonset in the `kube-system` namespace, it will add a taint of `nidhogg.uswitch.com/kube-system.kiam:NoSchedule` until there is a ready kiam pod on the node.

Whenever the pod becomes ready, a delay of 10s will be applied before removing the taint.

If you want pods to be able to run on the nidhogg tainted nodes you can add a toleration: