From c483d893d8e26ffe7f3993d95871bd86c49f2424 Mon Sep 17 00:00:00 2001
From: Quan Tian <qtian@vmware.com>
Date: Wed, 10 Jun 2020 12:50:04 +0800
Subject: [PATCH] Make antrea-agent tolerant of NoExecute taints (#815)

As a node-critical Pod, antrea-agent should be tolerant of all NoExecute
taints regardless of their keys like kube-proxy and other CNIs do,
otherwise workload Pods' network won't work once antrea-agent is evicted.
---
 build/yamls/antrea-eks.yml   | 2 ++
 build/yamls/antrea-gke.yml   | 2 ++
 build/yamls/antrea-ipsec.yml | 2 ++
 build/yamls/antrea.yml       | 2 ++
 build/yamls/base/agent.yml   | 3 +++
 5 files changed, 11 insertions(+)

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
index ab10d4c369a..650d12945f3 100644
--- a/build/yamls/antrea-eks.yml
+++ b/build/yamls/antrea-eks.yml
@@ -727,6 +727,8 @@ spec:
         operator: Exists
       - effect: NoSchedule
         operator: Exists
+      - effect: NoExecute
+        operator: Exists
       volumes:
       - configMap:
           name: antrea-config-hmd2mdhg89
diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
index 5e1a02d2391..d9050a01bfd 100644
--- a/build/yamls/antrea-gke.yml
+++ b/build/yamls/antrea-gke.yml
@@ -725,6 +725,8 @@ spec:
         operator: Exists
       - effect: NoSchedule
         operator: Exists
+      - effect: NoExecute
+        operator: Exists
       volumes:
       - configMap:
           name: antrea-config-ff5ff2btgc
diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
index 45788a3b314..a923b2316dc 100644
--- a/build/yamls/antrea-ipsec.yml
+++ b/build/yamls/antrea-ipsec.yml
@@ -769,6 +769,8 @@ spec:
         operator: Exists
       - effect: NoSchedule
         operator: Exists
+      - effect: NoExecute
+        operator: Exists
       volumes:
       - configMap:
           name: antrea-config-fggkd66d2h
diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
index 4def33d336a..4458c4534c3 100644
--- a/build/yamls/antrea.yml
+++ b/build/yamls/antrea.yml
@@ -725,6 +725,8 @@ spec:
         operator: Exists
       - effect: NoSchedule
         operator: Exists
+      - effect: NoExecute
+        operator: Exists
       volumes:
       - configMap:
           name: antrea-config-mf4t8c67c8
diff --git a/build/yamls/base/agent.yml b/build/yamls/base/agent.yml
index 1f823257da1..1539e7713fe 100644
--- a/build/yamls/base/agent.yml
+++ b/build/yamls/base/agent.yml
@@ -25,6 +25,9 @@ spec:
         # Make sure it gets scheduled on all nodes.
         - effect: NoSchedule
           operator: Exists
+        # Make sure it doesn't get evicted.
+        - effect: NoExecute
+          operator: Exists
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: antrea-agent