Configuring sensor deployment coverage

groundcover's sensors are required to be running on every node for it to be monitored. By default, the sensor will be included across all installed clusters with the exception of control-plan and fargate nodes.

When installing groundcover using the CLI, detected taints will be displayed and a prompt for adding appropriate tolerations will be displayed.

The following configuration values will add tolerations allowing our sensor to run on all nodes:

agent:
  tolerations: 
   - operator: "Exists"

To prevent the sensor from starting on control plane nodes, and from attempting to start on fargate nodes, use nodeAffinity rules based on node labels:

affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
      - matchExpressions:
        - key: "node-role.kubernetes.io/control-plane"
          operator: "DoesNotExist"
        - key: eks.amazonaws.com/compute-type
          operator: NotIn
          values:
          - fargate

A priorityClass can be used for the sensor with a high priority (lower than default node and cluster critical priority class) and preemption policy to evict lower priority pods:

priorityClass:
  create: true
  fullname:
  value: 1000000000
  preemptionPolicy: PreemptLowerPriority

Exceptions can be set by overriding the above values.

Last updated 2 days ago