fix: trivy node-collector toleration + argo-rollouts CRD sync
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Successful in 11s

- Add control-plane toleration to trivy nodeCollector so it can
  schedule on k8s-master (was stuck Pending indefinitely)
- Add ignoreDifferences for CRDs + ServerSideApply to argo-rollouts
  to resolve perpetual OutOfSync caused by Helm CRD management gap

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Claude 2026-02-23 09:20:40 +01:00
parent ddd757d3f4
commit 3b6195d698
2 changed files with 14 additions and 0 deletions

View File

@ -27,9 +27,18 @@ spec:
destination:
server: https://kubernetes.default.svc
namespace: argo-rollouts
ignoreDifferences:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
jsonPointers:
- /spec
- /metadata/annotations
- /metadata/labels
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true

View File

@ -30,6 +30,11 @@ spec:
limits:
cpu: 200m
memory: 512Mi
nodeCollector:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
scanJob:
resources:
requests: