There are many ways to specify to which nodes your sidecar should and should not be scheduled to.
In the cyral-sidecar chart, use the variable nodeSelector to force
your sidecar pods to run on a specific set of Kubernetes cluster
nodes. The syntax uses a label-value pair to specify the nodes:
nodeSelector:
SOME_LABEL: SOME_VALUELearn more about node selectors.
To set the node affinity for the pods, use the variable affinity. This will let you use
a very expressive language to define affinities and anti affinities for each pod on the deployment.
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/e2e-az-name
operator: In
values:
- e2e-az1
- e2e-az2
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: another-node-label-key
operator: In
values:
- another-node-label-valueTIP: You can configure presets for pod anti-affinity and pod affinity using the
podAntiAffinityPreset and podAffinityPreset keys in the values file.
Learn more about affinity and anti affinity.
You can set tolerations for your pod, so that it doesn't get scheduled to a tainted
node. To set the tolerations use the variable tolerations.
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule"Learn more about taints and tolerations.