node affinity now prevents CSI driver from being scheduled on a node with a label 'type=virtual-kublet'

Added affinity field for windows and linux

changes made to README

Author: manedurphy

manifest_staging/charts/secrets-store-csi-driver/README.md

@@ -26,6 +26,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `linux.image.repository`                | Linux image repository                                                                                                            | `k8s.gcr.io/csi-secrets-store/driver`               |
 | `linux.image.pullPolicy`                | Linux image pull policy                                                                                                           | `Always`                                            |
 | `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.21`                                           |
+| `linux.affinity`                         | Linux affinity                                                                                     | `key: type; operator: NotIn; values: [virtual-kubelet]`| 
 | `linux.driver.resources`                | The resource request/limits for the linux secrets-store container image                                                           | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
 | `linux.enabled`                         | Install secrets store csi driver on linux nodes                                                                                   | true                                                |
 | `linux.kubeletRootDir`                  | Configure the kubelet root dir                                                                                                    | `/var/lib/kubelet`                                  |
@@ -51,6 +52,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `windows.image.repository`              | Windows image repository                                                                                                          | `k8s.gcr.io/csi-secrets-store/driver`               |
 | `windows.image.pullPolicy`              | Windows image pull policy                                                                                                         | `IfNotPresent`                                      |
 | `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.21`                                           |
+| `windows.affinity`                         | Windows affinity                                                                                 | `key: type; operator: NotIn; values: [virtual-kubelet]`|
 | `windows.driver.resources`              | The resource request/limits for the windows secrets-store container image                                                         | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
 | `windows.enabled`                       | Install secrets store csi driver on windows nodes                                                                                 | false                                               |
 | `windows.kubeletRootDir`                | Configure the kubelet root dir                                                                                                    | `C:\var\lib\kubelet`                                |

manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml

@@ -28,6 +28,8 @@ spec:
 {{- end }}
     spec:
       serviceAccountName: secrets-store-csi-driver
+      affinity:
+{{ toYaml .Values.windows.affinity | indent 8 }}
       containers:
         - name: node-driver-registrar
           image: "{{ .Values.windows.registrarImage.repository }}:{{ .Values.windows.registrarImage.tag }}"

manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml

@@ -28,6 +28,8 @@ spec:
 {{- end }}
     spec:
       serviceAccountName: secrets-store-csi-driver
+      affinity:
+{{ toYaml .Values.linux.affinity | indent 8 }}
       containers:
         - name: node-driver-registrar
           image: "{{ .Values.linux.registrarImage.repository }}:{{ .Values.linux.registrarImage.tag }}"

manifest_staging/charts/secrets-store-csi-driver/values.yaml

@@ -5,6 +5,17 @@ linux:
     tag: v0.0.21
     pullPolicy: Always
 
+  ## Prevent the CSI driver from being scheduled on virtual-kublet nodes
+  affinity: 
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: type
+            operator: NotIn
+            values:
+            - virtual-kubelet
+
   driver:
     resources:
       limits:
@@ -43,6 +54,7 @@ linux:
         cpu: 10m
         memory: 20Mi
 
+
   updateStrategy:
     type: RollingUpdate
     rollingUpdate:
@@ -66,6 +78,17 @@ windows:
     tag: v0.0.21
     pullPolicy: IfNotPresent
 
+  ## Prevent the CSI driver from being scheduled on virtual-kublet nodes
+  affinity: 
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: type
+            operator: NotIn
+            values:
+            - virtual-kubelet
+
   driver:
     resources:
       limits: