Merge pull request #112008 from pacoxu/kubeadm-taint

Kubeadm cleanup for taint / toleration with master label

cmd/kubeadm/app/cmd/upgrade/apply.go

@@ -32,7 +32,6 @@ import (
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
 	cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
-	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/features"
 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade"
 	"k8s.io/kubernetes/cmd/kubeadm/app/preflight"
@@ -158,16 +157,6 @@ func runApply(flags *applyFlags, args []string) error {
 		return errors.Wrap(err, "[upgrade/apply] FATAL")
 	}
 
-	// Clean this up in 1.26
-	// TODO: https://github.com/kubernetes/kubeadm/issues/2200
-	fmt.Printf("[upgrade/postupgrade] Removing the old taint %s from all control plane Nodes. "+
-		"After this step only the %s taint will be present on control plane Nodes.\n",
-		kubeadmconstants.OldControlPlaneTaint.String(),
-		kubeadmconstants.ControlPlaneTaint.String())
-	if err := upgrade.RemoveOldControlPlaneTaint(client); err != nil {
-		return err
-	}
-
 	// Upgrade RBAC rules and addons.
 	klog.V(1).Infoln("[upgrade/postupgrade] upgrading RBAC rules and addons")
 	if err := upgrade.PerformPostUpgradeTasks(client, cfg, flags.patchesDir, flags.dryRun, flags.applyPlanFlags.out); err != nil {

cmd/kubeadm/app/constants/constants.go

@@ -254,10 +254,6 @@ const (
 	// CertificateKeySize specifies the size of the key used to encrypt certificates on uploadcerts phase
 	CertificateKeySize = 32
 
-	// LabelNodeRoleOldControlPlane specifies that a node hosts control-plane components
-	// DEPRECATED: https://github.com/kubernetes/kubeadm/issues/2200
-	LabelNodeRoleOldControlPlane = "node-role.kubernetes.io/master"
-
 	// LabelNodeRoleControlPlane specifies that a node hosts control-plane components
 	LabelNodeRoleControlPlane = "node-role.kubernetes.io/control-plane"
 
@@ -439,20 +435,6 @@ const (
 )
 
 var (
-	// OldControlPlaneTaint is the taint to apply on the PodSpec for being able to run that Pod on the control-plane
-	// DEPRECATED: https://github.com/kubernetes/kubeadm/issues/2200
-	OldControlPlaneTaint = v1.Taint{
-		Key:    LabelNodeRoleOldControlPlane,
-		Effect: v1.TaintEffectNoSchedule,
-	}
-
-	// OldControlPlaneToleration is the toleration to apply on the PodSpec for being able to run that Pod on the control-plane
-	// DEPRECATED: https://github.com/kubernetes/kubeadm/issues/2200
-	OldControlPlaneToleration = v1.Toleration{
-		Key:    LabelNodeRoleOldControlPlane,
-		Effect: v1.TaintEffectNoSchedule,
-	}
-
 	// ControlPlaneTaint is the taint to apply on the PodSpec for being able to run that Pod on the control-plane
 	ControlPlaneTaint = v1.Taint{
 		Key:    LabelNodeRoleControlPlane,

cmd/kubeadm/app/phases/addons/dns/dns.go

@@ -105,15 +105,13 @@ func EnsureDNSAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset.Inter
 func coreDNSAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset.Interface, replicas *int32, out io.Writer, printManifest bool) error {
 	// Get the YAML manifest
 	coreDNSDeploymentBytes, err := kubeadmutil.ParseTemplate(CoreDNSDeployment, struct {
-		DeploymentName, Image, OldControlPlaneTaintKey, ControlPlaneTaintKey string
+		DeploymentName, Image, ControlPlaneTaintKey string
-		Replicas                                                             *int32
+		Replicas                                    *int32
 	}{
-		DeploymentName: kubeadmconstants.CoreDNSDeploymentName,
+		DeploymentName:       kubeadmconstants.CoreDNSDeploymentName,
-		Image:          images.GetDNSImage(cfg),
+		Image:                images.GetDNSImage(cfg),
-		// TODO: https://github.com/kubernetes/kubeadm/issues/2200
+		ControlPlaneTaintKey: kubeadmconstants.LabelNodeRoleControlPlane,
-		OldControlPlaneTaintKey: kubeadmconstants.LabelNodeRoleOldControlPlane,
+		Replicas:             replicas,
-		ControlPlaneTaintKey:    kubeadmconstants.LabelNodeRoleControlPlane,
-		Replicas:                replicas,
 	})
 	if err != nil {
 		return errors.Wrap(err, "error when parsing CoreDNS deployment template")

cmd/kubeadm/app/phases/addons/dns/dns_test.go

@@ -43,14 +43,13 @@ func TestCompileManifests(t *testing.T) {
 			name:     "CoreDNSDeployment manifest",
 			manifest: CoreDNSDeployment,
 			data: struct {
-				DeploymentName, Image, OldControlPlaneTaintKey, ControlPlaneTaintKey string
+				DeploymentName, Image, ControlPlaneTaintKey string
-				Replicas                                                             *int32
+				Replicas                                    *int32
 			}{
-				DeploymentName:          "foo",
+				DeploymentName:       "foo",
-				Image:                   "foo",
+				Image:                "foo",
-				OldControlPlaneTaintKey: "foo",
+				ControlPlaneTaintKey: "foo",
-				ControlPlaneTaintKey:    "foo",
+				Replicas:             &replicas,
-				Replicas:                &replicas,
 			},
 		},
 		{
@@ -127,15 +126,14 @@ func TestDeploymentsHaveSystemClusterCriticalPriorityClassName(t *testing.T) {
 			name:     "CoreDNSDeployment",
 			manifest: CoreDNSDeployment,
 			data: struct {
-				DeploymentName, Image, OldControlPlaneTaintKey, ControlPlaneTaintKey, CoreDNSConfigMapName string
+				DeploymentName, Image, ControlPlaneTaintKey, CoreDNSConfigMapName string
-				Replicas                                                                                   *int32
+				Replicas                                                          *int32
 			}{
-				DeploymentName:          "foo",
+				DeploymentName:       "foo",
-				Image:                   "foo",
+				Image:                "foo",
-				OldControlPlaneTaintKey: "foo",
+				ControlPlaneTaintKey: "foo",
-				ControlPlaneTaintKey:    "foo",
+				CoreDNSConfigMapName: "foo",
-				CoreDNSConfigMapName:    "foo",
+				Replicas:             &replicas,
-				Replicas:                &replicas,
 			},
 		},
 	}

cmd/kubeadm/app/phases/addons/dns/manifests.go

@@ -92,8 +92,6 @@ spec:
       tolerations:
       - key: CriticalAddonsOnly
         operator: Exists
-      - key: {{ .OldControlPlaneTaintKey }}
-        effect: NoSchedule
       - key: {{ .ControlPlaneTaintKey }}
         effect: NoSchedule
       nodeSelector:

cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go

@@ -89,7 +89,6 @@ func TestMarkControlPlane(t *testing.T) {
 		{
 			name: "has taint and should merge with wanted taint",
 			existingLabels: []string{
-				kubeadmconstants.LabelNodeRoleOldControlPlane,
 				kubeadmconstants.LabelNodeRoleControlPlane,
 				kubeadmconstants.LabelExcludeFromExternalLB,
 			},

cmd/kubeadm/app/phases/upgrade/health.go

@@ -124,10 +124,6 @@ func createJob(client clientset.Interface, cfg *kubeadmapi.ClusterConfiguration)
 						RunAsNonRoot: pointer.Bool(true),
 					},
 					Tolerations: []v1.Toleration{
-						{
-							Key:    constants.LabelNodeRoleOldControlPlane,
-							Effect: v1.TaintEffectNoSchedule,
-						},
 						{
 							Key:    constants.LabelNodeRoleControlPlane,
 							Effect: v1.TaintEffectNoSchedule,

cmd/kubeadm/app/phases/upgrade/postupgrade.go

@@ -27,10 +27,8 @@ import (
 
 	"github.com/pkg/errors"
 
-	v1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
 	errorsutil "k8s.io/apimachinery/pkg/util/errors"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
@@ -44,7 +42,6 @@ import (
 	kubeletphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubelet"
 	patchnodephase "k8s.io/kubernetes/cmd/kubeadm/app/phases/patchnode"
 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig"
-	"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
 	dryrunutil "k8s.io/kubernetes/cmd/kubeadm/app/util/dryrun"
 )
 
@@ -215,45 +212,6 @@ func rollbackFiles(files map[string]string, originalErr error) error {
 	return errors.Errorf("couldn't move these files: %v. Got errors: %v", files, errorsutil.NewAggregate(errs))
 }
 
-// RemoveOldControlPlaneTaint finds all nodes with the new "control-plane" node-role label
-// and removes the old "control-plane" taint to them.
-// TODO: https://github.com/kubernetes/kubeadm/issues/2200
-func RemoveOldControlPlaneTaint(client clientset.Interface) error {
-	selectorControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{
-		kubeadmconstants.LabelNodeRoleControlPlane: "",
-	}))
-	nodes, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{
-		LabelSelector: selectorControlPlane.String(),
-	})
-	if err != nil {
-		return errors.Wrapf(err, "could not list nodes labeled with %q", kubeadmconstants.LabelNodeRoleControlPlane)
-	}
-
-	for _, n := range nodes.Items {
-		// Check if the node has the old taint
-		hasOldTaint := false
-		taints := []v1.Taint{}
-		for _, t := range n.Spec.Taints {
-			if t.String() == kubeadmconstants.OldControlPlaneTaint.String() {
-				hasOldTaint = true
-				continue
-			}
-			// Collect all other taints
-			taints = append(taints, t)
-		}
-		// If the old taint is present remove it
-		if hasOldTaint {
-			err = apiclient.PatchNode(client, n.Name, func(n *v1.Node) {
-				n.Spec.Taints = taints
-			})
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
 // CleanupKubeletDynamicEnvFileContainerRuntime reads the kubelet dynamic environment file
 // from disk, ensure that the container runtime flag is removed.
 // TODO: Temporary workaround. Remove in 1.27: