KSM Deployment has tolerations that are too broad

[Kab1r]

KSM Deployment is configured with tolerations that allow pods to be scheduled on any node with NoSchedule and NoExecute

Description

KSM pods are being scheduled on nodes that are reserved for other purposes.
This kind of broad toleration is generally only used on DaemonSets.

Expected Behavior

KSM pods should not be allowed to schedule on all tainted nodes.

Steps to Reproduce

1. Setup cluster with at least two nodes.
2. Taint one node with application=reserved:NoSchedule
3. Deploy NRI Bundle
4. Observe that KSM is created with toleration that allows scheduling on the tainted node, though it may not have been scheduled on the node depending on the order in which pods were created

Your Environment

EKS
newrelic-infrastructure-3.38.0

Additional context

Looking at commit history, it appears that KSM was at least documented as a DaemonSet at some point.

For Maintainers Only or Hero Triaging this bug

Suggested Priority (P1,P2,P3,P4,P5):
Suggested T-Shirt size (S, M, L, XL, Unknown):

[workato-integration]

https://new-relic.atlassian.net/browse/NR-367817