Node collector can not exclude nodes by the same label key #2434
Description
What steps did you take and what happened:
I've deployed the Trivy operator through helm with the following nodeCollector exclusion defined.
nodeCollector:
excludeNodes: "role=master,role=etcd,role=additional-control-plane-component"
Currently, the nodes within my cluster are differentiated by the value of the role label.
The node collector exclusion code naively populates a map[string]string with label key and values. This causes any label with a repeated key to overwrite the previous value.
trivy-operator/pkg/trivyoperator/config.go
Lines 360 to 376 in 7961baa
This ultimately results in node-collector pods being created with a NodeSelector which attempts to schedule the pod to tainted control plane nodes.
What did you expect to happen:
I'd expect to be able to exclude nodes based on multiple values of the same label. I would prefer to avoid adding a unique label key per node pool.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
- Trivy-Operator version (use
trivy-operator version):
- Chart version: 0.25.0
- Trivy version: 0.23.0 - Kubernetes version (use
kubectl version):
- N/A - OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc):
- N/A