Skip to content

Support for tolerations and nodeSelectors ? #436

New issue
New issue
Open
Open
Support for tolerations and nodeSelectors ?#436
@nmasse-itix

Description

@nmasse-itix
nmasse-itix
opened on Sep 24, 2025

I have an OpenShift 4.19.11 cluster with multi-architecture enabled : the cluster has x86_64 nodes as well as arm64 nodes.

I want to run tekton pipelines to build container images on both architectures.

I setup the Shared Resource CSI driver as such:

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-builds-operator
  namespace: openshift-builds
spec:
  channel: latest
  installPlanApproval: Automatic
  name: openshift-builds-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV: openshift-builds-operator.v1.5.1
---
apiVersion: sharedresource.openshift.io/v1alpha1
kind: SharedSecret
metadata:
  name: etc-pki-entitlement
spec:
  secretRef:
    name: etc-pki-entitlement
    namespace: openshift-config-managed
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: use-rhel-entitlement
rules:
  - apiGroups:
    - sharedresource.openshift.io
    resources:
    - sharedconfigmaps
    resourceNames:
    - openshift-config-managed
    verbs:
    - use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: monitor-rhel-entitlement
  namespace: openshift-config-managed
rules:
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["shared-config"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: monitor-rhel-entitlement
  namespace: openshift-config-managed
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: monitor-rhel-entitlement
subjects:
- kind: ServiceAccount
  name: csi-driver-shared-resource
  namespace: openshift-builds
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: buildbot-rhel-entitlement
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: use-rhel-entitlement
subjects:
- kind: ServiceAccount
  name: buildbot

And in my pipelinerun:

  workspaces:
  - name: etc-pki-entitlement
    csi:
      driver: csi.sharedresource.openshift.io
      readOnly: true
      volumeAttributes:
        sharedSecret: etc-pki-entitlement

But on ARM64 nodes, the buildah Pod that use the SharedSecret does not start because the csi.sharedresource.openshift.io CSI driver cannot be found.

It seems that this operator's DaemonSet is configured to deploy only on untainted nodes.

I have no other choice than to taint my ARM64 nodes since not every workload is ARM64 ready.

Any plan to add support for tolerations / nodeSelectors as in other openshift operators ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions