Add maintenance toleration for caas-registry

[ta/caas-registry.git] / ansible / roles / swift / templates / main / swift_main.yml

diff --git a/ansible/roles/swift/templates/main/swift_main.yml b/ansible/roles/swift/templates/main/swift_main.yml
index 7953160..d514e46 100644 (file)
--- a/ansible/roles/swift/templates/main/swift_main.yml
+++ b/ansible/roles/swift/templates/main/swift_main.yml
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 #}
 ---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: swift
@@ -33,6 +33,11 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       nodeSelector:
         nodetype: caas_master
+      tolerations:
+      - key: "node-maintenancemode"
+        value: "enabled"
+        operator: "Equal"
+        effect: "NoExecute"
       securityContext:
         runAsUser: {{ caas.uid.swift }}
       containers:
@@ -40,7 +45,7 @@ spec:
           image: {{ container_image_names | select('search', '/swift') | list | last }}
           securityContext:
             capabilities:
-              add: ["NET_BIND_SERVICE"]
+              add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
           args:
             - BACKEND
           resources: