SUSE Support

Here When You Need Us

Update Enforcer daemonset tolerations

This document (000020934) is provided subject to the disclaimer at the end of this document.





By default, the NeuVector Enforcer daemonset YAML includes the default Kubernetes master node toleration.  

   - effect: NoSchedule

In many cases, nodes may have other taints that block the NeuVector Enforcer daemonset from deploying.  Below are ways to add additional tolerations to the Enforcer daemonset.


To learn the taints in place, describe the node.

❯ kubectl describe node gtk8s-master
Name: gtk8s-master

As we see from above taints, will block the enforcer from deploying to gtk8s-master.

Example 1: kubectl

Edit the neuvector-enforcer-pod daemonset and add the additional toleration for

❯ kubectl edit daemonset neuvector-enforcer-pod -n neuvector
 - effect: NoSchedule
 - effect: NoSchedule

Note: Similar to kubectl edit, you may have deployed using manifest which you should be able to edit and use `kubectl apply ...`.

Example 2: Helm Upgrade

If you use helm chart for the deployment, you can update the deployment with the following.  The change will redeploy the enforcer pods.

❯ helm upgrade nvlab --reuse-values -f tolerations.yaml --namespace=neuvector neuvector/core

Contents of the tolerations.YAML:

  - effect: NoSchedule
  - effect: NoSchedule


Alternatively, you can use --set instead of supplying a file.

❯ helm upgrade nvlab --reuse-values --namespace=neuvector neuvector/core --set enforcer.tolerations[0].effect=NoSchedule,enforcer.tolerations[0].key=node-role\.kubernetes\.io/control-plane,enforcer.tolerations[1].effect=NoSchedule,enforcer.tolerations[1].key=node-role\.kubernetes\.io/master

Note: You can always use --dry-run to review the resulting manifest before actual run.

helm upgrade --dry-run nvlab --reuse-values -f tolerations.yaml --namespace=neuvector neuvector/core



This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020934
  • Creation Date: 18-Jan-2023
  • Modified Date:18-Jan-2023
    • SUSE NeuVector

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.