Merge pull request #44341 from Amrita42/BZ2007613new

Author: Bob Furu

modules/running-compliance-scans.adoc

@@ -34,16 +34,15 @@ roles:
 - worker <4>
 - master <4>
 scanTolerations: <5>
-- effect: NoSchedule
-  key: node-role.kubernetes.io/master
-  operator: Exists
-schedule: 0 1 * * * <6>
+  default:
+  - operator: Exists
+  schedule: 0 1 * * * <6>
 ----
 <1> The Compliance Operator creates a persistent volume (PV) that contains the results of the scans. By default, the PV will use access mode `ReadWriteOnce` because the Compliance Operator cannot make any assumptions about the storage classes configured on the cluster. Additionally, `ReadWriteOnce` access mode is available on most clusters. If you need to fetch the scan results, you can do so by using a helper pod, which also binds the volume. Volumes that use the `ReadWriteOnce` access mode can be mounted by only one pod at time, so it is important to remember to delete the helper pods. Otherwise, the Compliance Operator will not be able to reuse the volume for subsequent scans.
 <2> The Compliance Operator keeps results of three subsequent scans in the volume; older scans are rotated.
 <3> The Compliance Operator will allocate one GB of storage for the scan results.
 <4> If the scan setting uses any profiles that scan cluster nodes, scan these node roles.
-<5> The default scan setting object also scans the control plane nodes.
+<5> The default scan setting object scans all the nodes.
 <6> The default scan setting object runs scans at 01:00 each day.
 +
 As an alternative to the default scan setting, you can use `default-auto-apply`, which has the following settings:
@@ -67,9 +66,8 @@ roles:
   - worker
   - master
 scanTolerations:
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/master
-    operator: Exists
+  default:
+  - operator: Exists
 ----
 <1> Setting `autoUpdateRemediations` and `autoApplyRemediations` flags to `true` allows you to easily create `ScanSetting` objects that auto-remediate without extra steps.