titan-iac/infrastructure/longhorn/core/longhorn-csi-toleration-ensure-job.yaml

# infrastructure/longhorn/core/longhorn-csi-toleration-ensure-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: longhorn-csi-toleration-ensure-3
  namespace: longhorn-system
spec:
  backoffLimit: 0
  activeDeadlineSeconds: 240
  ttlSecondsAfterFinished: 3600
  template:
    spec:
      serviceAccountName: longhorn-service-account
      restartPolicy: Never
      nodeSelector:
        kubernetes.io/hostname: titan-11
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values: ["arm64"]
                  - key: node-role.kubernetes.io/worker
                    operator: Exists
      containers:
        - name: patch
          image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
          command: ["/bin/sh", "-c"]
          args:
            - |
              set -euo pipefail

              ns="longhorn-system"
              ds="longhorn-csi-plugin"
              key="veles.bstein.dev/simulation"
              value="true"
              effect="NoSchedule"

              current="$(kubectl -n "${ns}" get daemonset "${ds}" -o json)"
              if echo "${current}" | jq -e \
                --arg key "${key}" \
                --arg value "${value}" \
                --arg effect "${effect}" \
                '.spec.template.spec.tolerations[]? | select(.key == $key and .value == $value and .effect == $effect)' >/dev/null; then
                echo "${ds} already tolerates ${key}=${value}:${effect}"
              else
                patch="$(echo "${current}" | jq -c \
                  --arg key "${key}" \
                  --arg value "${value}" \
                  --arg effect "${effect}" \
                  '{
                    spec: {
                      template: {
                        spec: {
                          tolerations: ((.spec.template.spec.tolerations // []) + [
                            {key: $key, operator: "Equal", value: $value, effect: $effect}
                          ])
                        }
                      }
                    }
                  }')"
                kubectl -n "${ns}" patch daemonset "${ds}" --type=merge -p "${patch}"
              fi

              for attempt in $(seq 1 90); do
                if kubectl get csinode titan-23 -o json | jq -e '.spec.drivers[]? | select(.name == "driver.longhorn.io")' >/dev/null; then
                  echo "driver.longhorn.io registered on titan-23"
                  exit 0
                fi
                sleep 2
              done

              echo "driver.longhorn.io did not register on titan-23 before timeout" >&2
              exit 1