From 1c6a9dc49114f9c0e94119fdcef446b2cd975a21 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Thu, 8 Jan 2026 18:43:18 +0900
Subject: [PATCH] PERF(repo): move system pods to master node

- Add nodeSelector for master node placement
- Add tolerations for NoExecute taint
- kube-state-metrics: schedule on master
- goldilocks-controller: schedule on master, reduce to 1 replica
- vpa-recommender: schedule on master, remove anti-affinity
- Free worker node resources for applications
---
 goldilocks/helm-values.yaml         | 11 ++++++++++-
 kube-state-metrics/helm-values.yaml |  9 +++++++++
 vpa/helm-values.yaml                | 17 ++++++++---------
 3 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/goldilocks/helm-values.yaml b/goldilocks/helm-values.yaml
index 1e37d34..c314d5e 100644
--- a/goldilocks/helm-values.yaml
+++ b/goldilocks/helm-values.yaml
@@ -47,7 +47,7 @@ dashboard:
 # Controller configuration
 controller:
   enabled: true
-  replicaCount: 2
+  replicaCount: 1
 
   resources:
     requests:
@@ -60,6 +60,15 @@ controller:
   # Set to false to only monitor namespaces with the label: goldilocks.fairwinds.com/enabled=true
   enableCostRecommendations: true
 
+  # Schedule on master node
+  nodeSelector:
+    node-role.kubernetes.io/master: ""
+
+  tolerations:
+    - key: node-role.kubernetes.io/master
+      operator: Exists
+      effect: NoExecute
+
 # VPA configuration (should already be installed)
 vpa:
   # Set to false since we're installing VPA separately
diff --git a/kube-state-metrics/helm-values.yaml b/kube-state-metrics/helm-values.yaml
index 6807665..119dc48 100644
--- a/kube-state-metrics/helm-values.yaml
+++ b/kube-state-metrics/helm-values.yaml
@@ -14,6 +14,15 @@ resources:
   limits:
     memory: 150Mi
 
+# Schedule on master node
+nodeSelector:
+  node-role.kubernetes.io/master: ""
+
+tolerations:
+  - key: node-role.kubernetes.io/master
+    operator: Exists
+    effect: NoExecute
+
 service:
   type: ClusterIP
   clusterIP: None
diff --git a/vpa/helm-values.yaml b/vpa/helm-values.yaml
index c29f2b0..9007471 100644
--- a/vpa/helm-values.yaml
+++ b/vpa/helm-values.yaml
@@ -13,15 +13,14 @@ recommender:
     limits:
       memory: 192Mi
 
-  affinity:
-    podAntiAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-        - weight: 100
-          podAffinityTerm:
-            labelSelector:
-              matchLabels:
-                app: vpa-recommender
-            topologyKey: kubernetes.io/hostname
+  # Schedule on master node
+  nodeSelector:
+    node-role.kubernetes.io/master: ""
+
+  tolerations:
+    - key: node-role.kubernetes.io/master
+      operator: Exists
+      effect: NoExecute
 
 # Updater - applies recommended resource requests to pods
 # Disabled because we're using updateMode: Off (recommendations only)