By default defender daemonset doesn't have any node selector. You assume that it will be deployed to every node in the cluster. OpenShift 4+ uses Taints to prevent workload to be scheduled to masters.
...
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
...
To deploy defender to masters you need to add matching Toleration to daemonset.
...
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
volumes:
...
This is documentation issue, if not implemented to installer script/templates.
By default defender daemonset doesn't have any node selector. You assume that it will be deployed to every node in the cluster. OpenShift 4+ uses Taints to prevent workload to be scheduled to masters.
To deploy defender to masters you need to add matching Toleration to daemonset.
This is documentation issue, if not implemented to installer script/templates.