Add support for injecting tolerations to sonobuoy pod

[masap]

What this PR does / why we need it:
Add support for injecting tolerations to sonobuoy pod

Which issue(s) this PR fixes

• Fixes Add support for injecting tolerations to sonobuoy pod #1973.

We can inject some tolerations to sonobuoy aggregator pod by adding trailing description into sonobuoy config json.

{
  "AggregatorTolerations": [
    {
      "effect": "NoSchedule",
      "key": "key1",
      "operator": "Equal",
      "value": "value1"
    },
    {
      "effect": "NoSchedule",
      "key": "key2",
      "operator": "Equal",
      "value": "value2"
    }
  ]
}

Special notes for your reviewer:

Release note:

release-note

[leodotcloud]

@franknstyle Can you please review this?

[leodotcloud]

@franknstyle Gentle reminder.

[franknstyle]

@masap can you take a look at CI failures please

[masap]

@franknstyle I got it, I will take a look.

[masap]

@franknstyle I checked the golangci-lint errors. It contains some false positives. For example, it says Error: certPEM declared and not used (typecheck). But certPEM is declared at https://github.com/vmware-tanzu/sonobuoy/blob/main/pkg/plugin/driver/base.go#L108 and used at https://github.com/vmware-tanzu/sonobuoy/blob/main/pkg/plugin/driver/base.go#L133. And the codes are not related my PR. I guess these are existing issues. Could you check these errors?

[masap]

@franknstyle I think I can fix these warnings by myself. To do this, I would like to run the lint locally. But trailing command does not show the error. How to run the lint locally?

$ source ./scripts/build_funcs.sh; lint

[franknstyle]

@franknstyle I think I can fix these warnings by myself. To do this, I would like to run the lint locally. But trailing command does not show the error. How to run the lint locally?

$ source ./scripts/build_funcs.sh; lint

Thank you @masap, if you have a look in ./scripts/build_funcs.sh there is a lint func that wraps the call to golangci-lint

[masap]

if you have a look in ./scripts/build_funcs.sh there is a lint func that wraps the call to golangci-lint

Thank you for your response @franknstyle. It seems the lint() is top level func. And it does not show warning.

$ source ./scripts/build_funcs.sh; lint
level=info msg="[config_reader] Config search paths: [./ /go/src/github.com/vmware-tanzu/sonobuoy /go/src/github.com/vmware-tanzu /go/src/github.com /go/src /go / /root]"
level=info msg="[config_reader] Used config file .golangci.yaml"
level=info msg="[lintersdb] Active 7 linters: [errcheck gosimple govet ineffassign staticcheck typecheck unused]"
level=info msg="[loader] Go packages loading at mode 575 (name|exports_file|imports|files|types_sizes|compiled_files|deps) took 16.109270387s"
level=info msg="[runner/filename_unadjuster] Pre-built 0 adjustments in 12.345302ms"
level=info msg="[linters_context/goanalysis] analyzers took 54.656587971s with top 10 stages: buildir: 47.467751288s, inspect: 1.333221181s, nilness: 1.23890435s, printf: 928.289267ms, fact_deprecated: 749.06002ms, ctrlflow: 735.500759ms, fact_purity: 704.232615ms, typedness: 412.549992ms, SA5012: 394.636286ms, S1038: 75.358947ms"
level=info msg="[runner] Issues before processing: 35, after processing: 0"
level=info msg="[runner] Processors filtering stat (out/in): cgo: 35/35, exclude: 35/35, filename_unadjuster: 35/35, autogenerated_exclude: 35/35, path_prettifier: 35/35, exclude-rules: 0/35, skip_files: 35/35, skip_dirs: 35/35, identifier_marker: 35/35"
level=info msg="[runner] processing took 1.677831ms with stages: identifier_marker: 605.969µs, autogenerated_exclude: 444.957µs, path_prettifier: 437.984µs, skip_dirs: 105.429µs, exclude-rules: 73.819µs, cgo: 3.506µs, filename_unadjuster: 1.983µs, nolint: 842ns, max_same_issues: 641ns, source_code: 330ns, uniq_by_line: 280ns, severity-rules: 270ns, exclude: 261ns, max_from_linter: 260ns, skip_files: 250ns, fixer: 230ns, diff: 210ns, path_shortener: 170ns, sort_results: 160ns, max_per_file_from_linter: 140ns, path_prefixer: 140ns"
level=info msg="[runner] linters took 7.906365733s with stages: goanalysis_metalinter: 7.904619489s"
level=info msg="File cache stats: 0 entries of total size 0B"
level=info msg="Memory: 242 samples, avg is 488.2MB, max is 2266.6MB"
level=info msg="Execution took 24.034036056s"

[franknstyle]

Let's disable typecheck and review in a following issue. Can you add a commit for adding

linters:
  disable:
    - typecheck

to .github/workflows/ci-lint.yaml

[masap]

Do you mean .golangci.yaml? I sent a fix.

[franknstyle]

Hi @masap,

Looks like we are failing a vuln scan now. Are you able to update the go mod to 1.21.4 and go mod tidy so stdlib get's updated.

Thank you.

[masap]

Hmm, lint error still exists. According to [1], we can't disable typecheck.

We upgraded golang 1.20 -> 1.21 by commit 9a64023. But according to [2], go1.21 is officially supported since golangci-lint v1.54.1. So, I upgraded golangci-lint to v1.54.2.

Looks like we are failing a vuln scan now. Are you able to update the go mod to 1.21.4 and go mod tidy so stdlib get's updated.

I will fix this as well.

[1] https://golangci-lint.run/welcome/faq/#why-do-you-have-typecheck-errors
[2] golangci/golangci-lint#3933

[masap]

Looks like we are failing a vuln scan now. Are you able to update the go mod to 1.21.4 and go mod tidy so stdlib get's updated.

Fixed.

[leodotcloud]

@franknstyle Could you enable auto pipeline builds for this PR? This would help ensure the pipelines pass and reduce turnaround time, especially considering the timezone differences between all of us?

[masap]

I have confirmed that it passes, except for Windows-related checks with my local Github actions.

[masap]

I confirmed all checks are passed.

[leodotcloud]

Thanks @masap, hope the pipeline will go through once @franknstyle approves.

[leodotcloud]

@franknstyle Can you please take a look at this PR again?

[masap]

I fixed a CI error caused by new CVE (CVE-2024-24791).