OPA podDisruptionBudget blocking OKD4 cluster deployment/update
Due to OPA helm deploying a podDisruptionBudget
it blocks the deployment and updating of the single node in dev clusters.
A possible solution could be to schedule OPA pods on master nodes with:
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 120
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 120
NOTE: we must deploy with nodeSelectors
that match at least 2 nodes, or it will block cluster deployment/update