Use preemptible node for scans #803
Description
Your Question
Currently, I am using preemptible nodes on my cluster to save costs, so I would like scans to be deployed on preemptible nodes. For secureCodeBox operator, I will deploy on a normal node (non-preemptible).
I tried apply 1 configuration as follows, but it doesn't work.
apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
name: "trivy-mediawiki"
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cloud.google.com/gke-nodepool
operator: In
values:
- preemptible
tolerations:
- key: "dedicated"
operator: "Equal"
value: "preemptible"
effect: "NoSchedule"
scanType: "trivy"
parameters:
- "mediawiki:stable"
❯ k apply -f preemptible-trivy-test.yaml
error: error validating "preemptible-trivy-test.yaml": error validating data: [ValidationError(Scan.spec): unknown field "affinity" in io.securecodebox.execution.v1.Scan.spec, ValidationError(Scan.spec): unknown field "tolerations" in io.securecodebox.execution.v1.Scan.spec]; if you choose to ignore these errors, turn validation off with --validate=false
So is there any way I can do this?