feat: Auto tolerate DaemonSets with mutating admission controller #7
Description
When requirements change or a new NodeReadinessGateRule with a new taint need to be managed in a setpu, existing components (DaemonSets) don't tolerate it. This require the admin to manually update every DaemonSet manifest to add the toleration. This is not great for operational ergonomics as in a typical enterprise setup the ownership are spread across different teams.
Proposed Solution
For better UX, an optional mutating admission webhook could automatically inject tolerations for readiness.k8s.io/* taints into DaemonSets.
How it works
- Watch DaemonSet create/update operations
- Automatically add tolerations for all
NoScheduletaints withreadiness.k8s.io/prefix - Disabled by default (separate deployment from main controller)
This will ensure no manual manifest updates are required when adding new readiness rules, and guarantee safer operations of critical daemon-sets during project evolution