From c7df73bad95cd0066442b3da94c969ab228c675f Mon Sep 17 00:00:00 2001
From: Sven Tasche <st@teuto.net>
Date: Thu, 13 Jun 2024 09:56:41 +0200
Subject: [PATCH] fix(base-cluster): fix nodeCollector is not scheduleable
 (#974)

---
 .../templates/monitoring/security/trivy.yaml       |  7 +++++++
 charts/base-cluster/values.schema.json             | 14 ++++++++++++++
 charts/base-cluster/values.yaml                    |  5 +++++
 3 files changed, 26 insertions(+)

diff --git a/charts/base-cluster/templates/monitoring/security/trivy.yaml b/charts/base-cluster/templates/monitoring/security/trivy.yaml
index fa37640d5..f124fb4dc 100644
--- a/charts/base-cluster/templates/monitoring/security/trivy.yaml
+++ b/charts/base-cluster/templates/monitoring/security/trivy.yaml
@@ -26,8 +26,15 @@ spec:
     {{- if .Values.global.imageRegistry }}
     image:
       registry: {{ $.Values.global.imageRegistry }}
+    {{- end }}
+    {{- if or .Values.global.imageRegistry .Values.monitoring.securityScanning.nodeCollector.tolerations }}
     nodeCollector:
+      {{- if .Values.global.imageRegistry }}
       registry: {{ $.Values.global.imageRegistry }}
+      {{- end}}
+      {{- with .Values.monitoring.securityScanning.nodeCollector.tolerations }}
+      tolerations: {{ toYaml . | nindent 8 }}
+      {{- end }}
     {{- end }}
     trivy:
     {{- if .Values.global.imageRegistry }}
diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json
index 6b6e081f7..2c4122dde 100644
--- a/charts/base-cluster/values.schema.json
+++ b/charts/base-cluster/values.schema.json
@@ -901,6 +901,17 @@
           "properties": {
             "enabled": {
               "type": "boolean"
+            },
+            "nodeCollector": {
+              "type": "object",
+              "properties": {
+                "tolerations": {
+                  "type": "array",
+                  "items": {
+                    "$ref": "#/$defs/tolerations"
+                  }
+                }
+              }
             }
           },
           "additionalProperties": false
@@ -1531,6 +1542,9 @@
     "quantity": {
       "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/_definitions.json#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity"
     },
+    "tolerations": {
+      "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration"
+    },
     "image": {
       "type": "object",
       "properties": {
diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml
index 2e8a91abf..e9625cab5 100644
--- a/charts/base-cluster/values.yaml
+++ b/charts/base-cluster/values.yaml
@@ -311,6 +311,11 @@ monitoring:
     enabled: true
   securityScanning:
     enabled: true
+    nodeCollector:
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
   tracing:
     enabled: false
     ingester: