fix: allow tolerations to be added (#2445)

deploy/cloud/helm/deploy.sh

@@ -49,6 +49,7 @@ export ISTIO_GATEWAY="${ISTIO_GATEWAY:=istio-system/istio-ingressgateway}"
 export INGRESS_CLASS="${INGRESS_CLASS:=nginx}"
 export VIRTUAL_SERVICE_SUPPORTS_HTTPS="${VIRTUAL_SERVICE_SUPPORTS_HTTPS:=false}"
 export ENABLE_LWS="${ENABLE_LWS:=false}"
+export DOCKER_REGISTRY_USE_KUBERNETES_SECRET="${DOCKER_REGISTRY_USE_KUBERNETES_SECRET:=false}"
 
 # Add command line options
 INTERACTIVE=false
@@ -114,6 +115,7 @@ if [[ -n "${DOCKER_USERNAME:-}" && -n "${DOCKER_PASSWORD:-}" ]]; then
     --docker-server="$DOCKER_SERVER_FOR_SECRET" \
     --namespace "$NAMESPACE" \
     --dry-run=client -o yaml | kubectl apply -f -
+  export DOCKER_REGISTRY_USE_KUBERNETES_SECRET=true
 else
   echo "DOCKER_USERNAME and/or DOCKER_PASSWORD not set — skipping docker secret creation."
 fi
@@ -163,8 +165,9 @@ echo "ISTIO_GATEWAY: $ISTIO_GATEWAY"
 echo "DYNAMO_INGRESS_SUFFIX: $DYNAMO_INGRESS_SUFFIX"
 echo "VIRTUAL_SERVICE_SUPPORTS_HTTPS: $VIRTUAL_SERVICE_SUPPORTS_HTTPS"
 echo "INSTALL_CRDS: $INSTALL_CRDS"
+echo "DOCKER_REGISTRY_USE_KUBERNETES_SECRET: $DOCKER_REGISTRY_USE_KUBERNETES_SECRET"
 
-envsubst '${NAMESPACE} ${RELEASE_NAME} ${DOCKER_USERNAME} ${DOCKER_PASSWORD} ${DOCKER_SERVER} ${IMAGE_TAG} ${DYNAMO_INGRESS_SUFFIX} ${PIPELINES_DOCKER_SERVER} ${PIPELINES_DOCKER_USERNAME} ${PIPELINES_DOCKER_PASSWORD} ${DOCKER_SECRET_NAME} ${INGRESS_ENABLED} ${ISTIO_ENABLED} ${INGRESS_CLASS} ${ISTIO_GATEWAY} ${VIRTUAL_SERVICE_SUPPORTS_HTTPS} ${ENABLE_LWS}' < dynamo-platform-values.yaml > generated-values.yaml
+envsubst '${NAMESPACE} ${RELEASE_NAME} ${DOCKER_USERNAME} ${DOCKER_PASSWORD} ${DOCKER_SERVER} ${IMAGE_TAG} ${DYNAMO_INGRESS_SUFFIX} ${PIPELINES_DOCKER_SERVER} ${PIPELINES_DOCKER_USERNAME} ${PIPELINES_DOCKER_PASSWORD} ${DOCKER_SECRET_NAME} ${INGRESS_ENABLED} ${ISTIO_ENABLED} ${INGRESS_CLASS} ${ISTIO_GATEWAY} ${VIRTUAL_SERVICE_SUPPORTS_HTTPS} ${ENABLE_LWS} ${DOCKER_REGISTRY_USE_KUBERNETES_SECRET}' < dynamo-platform-values.yaml > generated-values.yaml
 echo "generated file contents:"
 cat generated-values.yaml
 

deploy/cloud/helm/dynamo-platform-values.yaml

@@ -32,7 +32,7 @@ dynamo-operator:
       gateway: ${ISTIO_GATEWAY}
     ingressHostSuffix: ${DYNAMO_INGRESS_SUFFIX}
     dockerRegistry:
-      useKubernetesSecret: true
+      useKubernetesSecret: ${DOCKER_REGISTRY_USE_KUBERNETES_SECRET}
       server: ${PIPELINES_DOCKER_SERVER}
       username: ${PIPELINES_DOCKER_USERNAME}
       password: ${PIPELINES_DOCKER_PASSWORD}

deploy/cloud/helm/platform/components/operator/templates/deployment.yaml

@@ -41,6 +41,10 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.controllerManager.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - args: {{- toYaml .Values.controllerManager.kubeRbacProxy.args | nindent
           8 }}

deploy/cloud/helm/platform/components/operator/values.yaml

@@ -26,6 +26,7 @@ namespaceRestriction:
   # The target namespace to restrict to. If empty, defaults to the release namespace
   targetNamespace: ""
 controllerManager:
+  tolerations: []
   kubeRbacProxy:
     args:
     - --secure-listen-address=0.0.0.0:8443

deploy/cloud/helm/platform/values.yaml

@@ -23,6 +23,7 @@ dynamo-operator:
     enabled: true
     targetNamespace:
   controllerManager:
+    tolerations: []
     manager:
       image:
         repository: "nvcr.io/nvidia/ai-dynamo/kubernetes-operator"
@@ -76,6 +77,8 @@ etcd:
   livenessProbe:
     enabled: false
 
+  tolerations: []
+
 nats:
   enabled: true
   # reference a common CA Certificate or Bundle in all nats config `tls` blocks and nats-box contexts
@@ -337,7 +340,9 @@ nats:
 
     # merge or patch the pod template
     # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core
-    merge: {}
+    merge:
+      spec:
+        tolerations: []
     patch: []
 
   # headless service
@@ -435,3 +440,9 @@ nats:
     # service account
     serviceAccount:
       enabled: false
+
+    podTemplate:
+      merge:
+        spec:
+          tolerations: []
+      patch: []