fix: schedule testkube MongoDB on non-FIPS nodes (#1639)

zanejohnson-azure · web-flow · commit 4dceb993b938 · 2026-04-10T17:05:35.000-07:00
MongoDB 8.0.15 core dumps on FIPS-enabled Azure Linux (Mariner) nodes
due to crypto incompatibility. Add nodeAffinity rule to exclude nodes
with kubernetes.azure.com/fips_enabled label so MongoDB schedules on
non-FIPS Ubuntu/Azure Linux nodes instead.
diff --git a/test/testkube/helm-testkube-values.yaml b/test/testkube/helm-testkube-values.yaml
@@ -117,9 +117,16 @@ mongodb:
     tag: 8.2.5
     # -- MongoDB image pull Secret
     pullSecrets: []
-  nodeSelector: 
+  nodeSelector:
     kubernetes.io/os: linux
     kubernetes.io/arch: amd64
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: kubernetes.azure.com/fips_enabled
+            operator: DoesNotExist
   # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm
   # -- Uncomment to schedule a multi-arch image to any available architecture type in a GGP Standard k8s cluster.
   #  tolerations:
