fix: add tolerations to Cilium Operator for cloud provider initialization taint

mysticaltech · claude · mysticaltech · commit c196cd40d562 · 2025-08-28T14:42:12.000+02:00
Adds toleration for node.cloudprovider.kubernetes.io/uninitialized taint to the Cilium Operator deployment via Helm values. This ensures the operator can schedule during initial cluster creation when nodes are temporarily tainted by the cloud controller manager initialization process. The taint prevents normal pods from scheduling until the cloud provider completes initialization, but the operator needs to run during this period. Adding this toleration is safe and backward compatible - it only affects scheduling during bootstrap and doesn't force scheduling on tainted nodes if others are available. Fixes #1879 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/locals.tf b/locals.tf
@@ -593,6 +593,13 @@ hubble:
 %{endfor~}
 %{endif~}
 
+# Operator tolerations to ensure it can schedule during cluster initialization
+operator:
+  tolerations:
+    - key: node.cloudprovider.kubernetes.io/uninitialized
+      operator: Exists
+      effect: NoSchedule
+
 MTU: 1450
   EOT
 
