Feature Request: Support nodeSelector Matching in Gatekeeper Mutation CRDs

[ugur99]

Describe the solution you'd like
EDIT: I forgot the fact that scheduling decisions are made by kube-scheduler after
the pod has been persisted; so it might not be possible to fetch the node info at this stage.

Support for nodeSelector match field in the mutation crds; like namespaceSelector

Motivation: Managing resource requests and limits for DaemonSets in large clusters with different types of node groups can be really frustrating. For example, you might have control-plane nodes and worker nodes, each needing different resource configurations, but there’s no straightforward way in Kubernetes to handle this automatically. Currently, Kubernetes doesn’t offer a built-in solution for this problem. While the community is discussing possible designs, nothing concrete has been implemented yet. Until a native solution arrives, having support for nodeSelector in Gatekeeper mutation CRDs would be nice. It would let us dynamically adjust resource settings for Pods based on the nodes group they run on, saving time and reducing complexity.

If there’s an easier way to handle this that I’ve overlooked, I’d love to hear about it!

ref issue

Environment:

• Gatekeeper version: latest stable
• Kubernetes version: (use kubectl version): 1.31.0