When requirements change or a new NodeReadinessRule with a new taint need to be managed, existing components (DaemonSets) don't tolerate it. This require the admin to manually update every DaemonSet manifest to add the toleration. This is not great for operational ergonomics as in a typical enterprise setup the ownership are spread across different teams.

Proposed Solution

For better UX, an optional mutating admission policy could automatically inject tolerations for readiness.k8s.io/* taints into DaemonSets.

How it works

• Watch DaemonSet create/update operations
• Automatically add tolerations for all NoSchedule taints with readiness.k8s.io/ prefix
• Disabled by default (separate deployment from main controller)

This will ensure no manual manifest updates are required when adding new readiness rules, and guarantee safer operations of critical daemon-sets during project evolution