Merge pull request #95382 from neolit123/1.20-deprecate-master-label

kubeadm: deprecate the "node-role.kubernetes.io/master" label / taint
2025-07-27 21:47:07 +00:00 · 2020-11-11 06:06:10 -08:00 · 2020-11-11 06:06:10 -08:00 · 6b24a5796c
commit 6b24a5796c
parent 5d5ff49b9b fb7ddf88e9
13 changed files with 209 additions and 111 deletions
--- a/cmd/kubeadm/app/cmd/upgrade/apply.go
+++ b/cmd/kubeadm/app/cmd/upgrade/apply.go
@ -28,6 +28,7 @@ import (
 	"k8s.io/klog/v2"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/features"
 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade"
 	"k8s.io/kubernetes/cmd/kubeadm/app/preflight"
@ -163,6 +164,13 @@ func runApply(flags *applyFlags, args []string) error {
 		return errors.Wrap(err, "[upgrade/apply] FATAL")
 	}
 	// TODO: https://github.com/kubernetes/kubeadm/issues/2200
 	fmt.Printf("[upgrade/postupgrade] Applying label %s='' to Nodes with label %s='' (deprecated)\n",
 		kubeadmconstants.LabelNodeRoleControlPlane, kubeadmconstants.LabelNodeRoleOldControlPlane)
 	if err := upgrade.LabelOldControlPlaneNodes(client); err != nil {
 		return err
 	}
 	// Upgrade RBAC rules and addons.
 	klog.V(1).Infoln("[upgrade/postupgrade] upgrading RBAC rules and addons")
 	if err := upgrade.PerformPostUpgradeTasks(client, cfg, flags.dryRun); err != nil {
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@ -225,9 +225,12 @@ const (
 	// CertificateKeySize specifies the size of the key used to encrypt certificates on uploadcerts phase
 	CertificateKeySize = 32
-	// LabelNodeRoleMaster specifies that a node is a control-plane
+	// LabelNodeRoleOldControlPlane specifies that a node hosts control-plane components
-	// This is a duplicate definition of the constant in pkg/controller/service/controller.go
+	// DEPRECATED: https://github.com/kubernetes/kubeadm/issues/2200
-	LabelNodeRoleMaster = "node-role.kubernetes.io/master"
+	LabelNodeRoleOldControlPlane = "node-role.kubernetes.io/master"
 	// LabelNodeRoleControlPlane specifies that a node hosts control-plane components
 	LabelNodeRoleControlPlane = "node-role.kubernetes.io/control-plane"
 	// AnnotationKubeadmCRISocket specifies the annotation kubeadm uses to preserve the crisocket information given to kubeadm at
 	// init/join time for use later. kubeadm annotates the node object with this information
@ -414,15 +417,29 @@ const (
 )
 var (
 	// OldControlPlaneTaint is the taint to apply on the PodSpec for being able to run that Pod on the control-plane
 	// DEPRECATED: https://github.com/kubernetes/kubeadm/issues/2200
 	OldControlPlaneTaint = v1.Taint{
 		Key:    LabelNodeRoleOldControlPlane,
 		Effect: v1.TaintEffectNoSchedule,
 	}
 	// OldControlPlaneToleration is the toleration to apply on the PodSpec for being able to run that Pod on the control-plane
 	// DEPRECATED: https://github.com/kubernetes/kubeadm/issues/2200
 	OldControlPlaneToleration = v1.Toleration{
 		Key:    LabelNodeRoleOldControlPlane,
 		Effect: v1.TaintEffectNoSchedule,
 	}
 	// ControlPlaneTaint is the taint to apply on the PodSpec for being able to run that Pod on the control-plane
 	ControlPlaneTaint = v1.Taint{
-		Key:    LabelNodeRoleMaster,
+		Key:    LabelNodeRoleControlPlane,
 		Effect: v1.TaintEffectNoSchedule,
 	}
 	// ControlPlaneToleration is the toleration to apply on the PodSpec for being able to run that Pod on the control-plane
 	ControlPlaneToleration = v1.Toleration{
-		Key:    LabelNodeRoleMaster,
+		Key:    LabelNodeRoleControlPlane,
 		Effect: v1.TaintEffectNoSchedule,
 	}
--- a/cmd/kubeadm/app/phases/addons/dns/dns.go
+++ b/cmd/kubeadm/app/phases/addons/dns/dns.go
@ -135,7 +135,7 @@ func kubeDNSAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset.Interfa
 	dnsDeploymentBytes, err := kubeadmutil.ParseTemplate(KubeDNSDeployment,
 		struct {
-			DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, ControlPlaneTaintKey string
+			DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, OldControlPlaneTaintKey, ControlPlaneTaintKey string
 			Replicas                                                                                                                                      *int32
 		}{
 			DeploymentName: kubeadmconstants.KubeDNSDeploymentName,
@ -145,7 +145,9 @@ func kubeDNSAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset.Interfa
 			DNSBindAddr:    dnsBindAddr,
 			DNSProbeAddr:   dnsProbeAddr,
 			DNSDomain:      cfg.Networking.DNSDomain,
-			ControlPlaneTaintKey: kubeadmconstants.LabelNodeRoleMaster,
+			// TODO: https://github.com/kubernetes/kubeadm/issues/2200
 			OldControlPlaneTaintKey: kubeadmconstants.LabelNodeRoleOldControlPlane,
 			ControlPlaneTaintKey:    kubeadmconstants.LabelNodeRoleControlPlane,
 			Replicas:                replicas,
 		})
 	if err != nil {
@ -196,12 +198,14 @@ func createKubeDNSAddon(deploymentBytes, serviceBytes []byte, client clientset.I
 func coreDNSAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset.Interface, replicas *int32) error {
 	// Get the YAML manifest
 	coreDNSDeploymentBytes, err := kubeadmutil.ParseTemplate(CoreDNSDeployment, struct {
-		DeploymentName, Image, ControlPlaneTaintKey string
+		DeploymentName, Image, OldControlPlaneTaintKey, ControlPlaneTaintKey string
 		Replicas                                                             *int32
 	}{
 		DeploymentName: kubeadmconstants.CoreDNSDeploymentName,
 		Image:          images.GetDNSImage(cfg, kubeadmconstants.CoreDNSImageName),
-		ControlPlaneTaintKey: kubeadmconstants.LabelNodeRoleMaster,
+		// TODO: https://github.com/kubernetes/kubeadm/issues/2200
 		OldControlPlaneTaintKey: kubeadmconstants.LabelNodeRoleOldControlPlane,
 		ControlPlaneTaintKey:    kubeadmconstants.LabelNodeRoleControlPlane,
 		Replicas:                replicas,
 	})
 	if err != nil {
--- a/cmd/kubeadm/app/phases/addons/dns/dns_test.go
+++ b/cmd/kubeadm/app/phases/addons/dns/dns_test.go
@ -102,7 +102,7 @@ func TestCompileManifests(t *testing.T) {
 			name:     "KubeDNSDeployment manifest",
 			manifest: KubeDNSDeployment,
 			data: struct {
-				DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, ControlPlaneTaintKey string
+				DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, OldControlPlaneTaintKey, ControlPlaneTaintKey string
 				Replicas                                                                                                                                      *int32
 			}{
 				DeploymentName:          "foo",
@ -112,6 +112,7 @@ func TestCompileManifests(t *testing.T) {
 				DNSBindAddr:             "foo",
 				DNSProbeAddr:            "foo",
 				DNSDomain:               "foo",
 				OldControlPlaneTaintKey: "foo",
 				ControlPlaneTaintKey:    "foo",
 				Replicas:                &replicas,
 			},
@ -127,11 +128,12 @@ func TestCompileManifests(t *testing.T) {
 			name:     "CoreDNSDeployment manifest",
 			manifest: CoreDNSDeployment,
 			data: struct {
-				DeploymentName, Image, ControlPlaneTaintKey string
+				DeploymentName, Image, OldControlPlaneTaintKey, ControlPlaneTaintKey string
 				Replicas                                                             *int32
 			}{
 				DeploymentName:          "foo",
 				Image:                   "foo",
 				OldControlPlaneTaintKey: "foo",
 				ControlPlaneTaintKey:    "foo",
 				Replicas:                &replicas,
 			},
@ -506,7 +508,7 @@ func TestDeploymentsHaveSystemClusterCriticalPriorityClassName(t *testing.T) {
 			name:     "KubeDNSDeployment",
 			manifest: KubeDNSDeployment,
 			data: struct {
-				DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, ControlPlaneTaintKey string
+				DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, OldControlPlaneTaintKey, ControlPlaneTaintKey string
 				Replicas                                                                                                                                      *int32
 			}{
 				DeploymentName:          "foo",
@ -516,6 +518,7 @@ func TestDeploymentsHaveSystemClusterCriticalPriorityClassName(t *testing.T) {
 				DNSBindAddr:             "foo",
 				DNSProbeAddr:            "foo",
 				DNSDomain:               "foo",
 				OldControlPlaneTaintKey: "foo",
 				ControlPlaneTaintKey:    "foo",
 				Replicas:                &replicas,
 			},
@ -524,11 +527,12 @@ func TestDeploymentsHaveSystemClusterCriticalPriorityClassName(t *testing.T) {
 			name:     "CoreDNSDeployment",
 			manifest: CoreDNSDeployment,
 			data: struct {
-				DeploymentName, Image, ControlPlaneTaintKey, CoreDNSConfigMapName string
+				DeploymentName, Image, OldControlPlaneTaintKey, ControlPlaneTaintKey, CoreDNSConfigMapName string
 				Replicas                                                                                   *int32
 			}{
 				DeploymentName:          "foo",
 				Image:                   "foo",
 				OldControlPlaneTaintKey: "foo",
 				ControlPlaneTaintKey:    "foo",
 				CoreDNSConfigMapName:    "foo",
 				Replicas:                &replicas,
--- a/cmd/kubeadm/app/phases/addons/dns/manifests.go
+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go
@ -170,6 +170,8 @@ spec:
      tolerations:
      - key: CriticalAddonsOnly
        operator: Exists
      - key: {{ .OldControlPlaneTaintKey }}
        effect: NoSchedule
      - key: {{ .ControlPlaneTaintKey }}
        effect: NoSchedule
 `
@ -238,6 +240,8 @@ spec:
      tolerations:
      - key: CriticalAddonsOnly
        operator: Exists
      - key: {{ .OldControlPlaneTaintKey }}
        effect: NoSchedule
      - key: {{ .ControlPlaneTaintKey }}
        effect: NoSchedule
      nodeSelector:
--- a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go
+++ b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go
@ -28,7 +28,9 @@ import (
 // MarkControlPlane taints the control-plane and sets the control-plane label
 func MarkControlPlane(client clientset.Interface, controlPlaneName string, taints []v1.Taint) error {
-	fmt.Printf("[mark-control-plane] Marking the node %s as control-plane by adding the label \"%s=''\"\n", controlPlaneName, constants.LabelNodeRoleMaster)
+	// TODO: https://github.com/kubernetes/kubeadm/issues/2200
 	fmt.Printf("[mark-control-plane] Marking the node %s as control-plane by adding the labels \"%s=''\" and \"%s='' (deprecated)\"\n",
 		controlPlaneName, constants.LabelNodeRoleOldControlPlane, constants.LabelNodeRoleControlPlane)
 	if len(taints) > 0 {
 		taintStrs := []string{}
@ -54,7 +56,9 @@ func taintExists(taint v1.Taint, taints []v1.Taint) bool {
 }
 func markControlPlaneNode(n *v1.Node, taints []v1.Taint) {
-	n.ObjectMeta.Labels[constants.LabelNodeRoleMaster] = ""
+	// TODO: https://github.com/kubernetes/kubeadm/issues/2200
 	n.ObjectMeta.Labels[constants.LabelNodeRoleOldControlPlane] = ""
 	n.ObjectMeta.Labels[constants.LabelNodeRoleControlPlane] = ""
 	for _, nt := range n.Spec.Taints {
 		if !taintExists(nt, taints) {
--- a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go
+++ b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go
@ -38,49 +38,58 @@ func TestMarkControlPlane(t *testing.T) {
 	// future.
 	tests := []struct {
 		name           string
-		existingLabel  string
+		existingLabels []string
 		existingTaints []v1.Taint
 		newTaints      []v1.Taint
 		expectedPatch  string
 	}{
 		{
 			name:           "control-plane label and taint missing",
-			existingLabel:  "",
+			existingLabels: []string{""},
 			existingTaints: nil,
-			newTaints:      []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+			newTaints:      []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
-			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/master":""}},"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]}}`,
+			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":""}},"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]}}`,
 		},
 		{
 			name:           "control-plane label and taint missing but taint not wanted",
-			existingLabel:  "",
+			existingLabels: []string{""},
 			existingTaints: nil,
 			newTaints:      nil,
-			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/master":""}}}`,
+			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":""}}}`,
 		},
 		{
 			name:           "control-plane label missing",
-			existingLabel:  "",
+			existingLabels: []string{""},
-			existingTaints: []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+			existingTaints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
-			newTaints:      []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+			newTaints:      []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
-			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/master":""}}}`,
+			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":""}}}`,
 		},
 		{
 			name: "control-plane taint missing",
-			existingLabel:  kubeadmconstants.LabelNodeRoleMaster,
+			existingLabels: []string{
 				kubeadmconstants.LabelNodeRoleOldControlPlane,
 				kubeadmconstants.LabelNodeRoleControlPlane,
 			},
 			existingTaints: nil,
-			newTaints:      []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+			newTaints:      []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 			expectedPatch:  `{"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]}}`,
 		},
 		{
 			name: "nothing missing",
-			existingLabel:  kubeadmconstants.LabelNodeRoleMaster,
+			existingLabels: []string{
-			existingTaints: []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+				kubeadmconstants.LabelNodeRoleOldControlPlane,
-			newTaints:      []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+				kubeadmconstants.LabelNodeRoleControlPlane,
 			},
 			existingTaints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 			newTaints:      []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 			expectedPatch:  `{}`,
 		},
 		{
 			name: "has taint and no new taints wanted",
-			existingLabel: kubeadmconstants.LabelNodeRoleMaster,
+			existingLabels: []string{
 				kubeadmconstants.LabelNodeRoleOldControlPlane,
 				kubeadmconstants.LabelNodeRoleControlPlane,
 			},
 			existingTaints: []v1.Taint{
 				{
 					Key:    "node.cloudprovider.kubernetes.io/uninitialized",
@ -92,14 +101,17 @@ func TestMarkControlPlane(t *testing.T) {
 		},
 		{
 			name: "has taint and should merge with wanted taint",
-			existingLabel: kubeadmconstants.LabelNodeRoleMaster,
+			existingLabels: []string{
 				kubeadmconstants.LabelNodeRoleOldControlPlane,
 				kubeadmconstants.LabelNodeRoleControlPlane,
 			},
 			existingTaints: []v1.Taint{
 				{
 					Key:    "node.cloudprovider.kubernetes.io/uninitialized",
 					Effect: v1.TaintEffectNoSchedule,
 				},
 			},
-			newTaints:     []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+			newTaints:     []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 			expectedPatch: `{"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized"}]}}`,
 		},
 	}
@ -116,8 +128,8 @@ func TestMarkControlPlane(t *testing.T) {
 				},
 			}
-			if tc.existingLabel != "" {
+			for _, label := range tc.existingLabels {
-				controlPlaneNode.ObjectMeta.Labels[tc.existingLabel] = ""
+				controlPlaneNode.ObjectMeta.Labels[label] = ""
 			}
 			if tc.existingTaints != nil {
--- a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation.go
+++ b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation.go
@ -85,21 +85,22 @@ func mutatePodSpec(mutators map[string][]PodSpecMutatorFunc, name string, podSpe
 // addNodeSelectorToPodSpec makes Pod require to be scheduled on a node marked with the control-plane label
 func addNodeSelectorToPodSpec(podSpec *v1.PodSpec) {
 	if podSpec.NodeSelector == nil {
-		podSpec.NodeSelector = map[string]string{kubeadmconstants.LabelNodeRoleMaster: ""}
+		podSpec.NodeSelector = map[string]string{kubeadmconstants.LabelNodeRoleOldControlPlane: ""}
 		return
 	}
-	podSpec.NodeSelector[kubeadmconstants.LabelNodeRoleMaster] = ""
+	podSpec.NodeSelector[kubeadmconstants.LabelNodeRoleOldControlPlane] = ""
 }
 // setControlPlaneTolerationOnPodSpec makes the Pod tolerate the control-plane taint
 func setControlPlaneTolerationOnPodSpec(podSpec *v1.PodSpec) {
 	if podSpec.Tolerations == nil {
-		podSpec.Tolerations = []v1.Toleration{kubeadmconstants.ControlPlaneToleration}
+		// TODO: https://github.com/kubernetes/kubeadm/issues/2200
 		podSpec.Tolerations = []v1.Toleration{kubeadmconstants.OldControlPlaneToleration}
 		return
 	}
-	podSpec.Tolerations = append(podSpec.Tolerations, kubeadmconstants.ControlPlaneToleration)
+	podSpec.Tolerations = append(podSpec.Tolerations, kubeadmconstants.OldControlPlaneToleration)
 }
 // setHostIPOnPodSpec sets the environment variable HOST_IP using downward API
--- a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go
+++ b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go
@ -66,10 +66,10 @@ func TestMutatePodSpec(t *testing.T) {
 				},
 				NodeSelector: map[string]string{
-					kubeadmconstants.LabelNodeRoleMaster: "",
+					kubeadmconstants.LabelNodeRoleOldControlPlane: "",
 				},
 				Tolerations: []v1.Toleration{
-					kubeadmconstants.ControlPlaneToleration,
+					kubeadmconstants.OldControlPlaneToleration,
 				},
 				DNSPolicy: v1.DNSClusterFirstWithHostNet,
 			},
@ -80,10 +80,10 @@ func TestMutatePodSpec(t *testing.T) {
 			podSpec:   &v1.PodSpec{},
 			expected: v1.PodSpec{
 				NodeSelector: map[string]string{
-					kubeadmconstants.LabelNodeRoleMaster: "",
+					kubeadmconstants.LabelNodeRoleOldControlPlane: "",
 				},
 				Tolerations: []v1.Toleration{
-					kubeadmconstants.ControlPlaneToleration,
+					kubeadmconstants.OldControlPlaneToleration,
 				},
 				DNSPolicy: v1.DNSClusterFirstWithHostNet,
 			},
@ -94,10 +94,10 @@ func TestMutatePodSpec(t *testing.T) {
 			podSpec:   &v1.PodSpec{},
 			expected: v1.PodSpec{
 				NodeSelector: map[string]string{
-					kubeadmconstants.LabelNodeRoleMaster: "",
+					kubeadmconstants.LabelNodeRoleOldControlPlane: "",
 				},
 				Tolerations: []v1.Toleration{
-					kubeadmconstants.ControlPlaneToleration,
+					kubeadmconstants.OldControlPlaneToleration,
 				},
 				DNSPolicy: v1.DNSClusterFirstWithHostNet,
 			},
@ -126,7 +126,7 @@ func TestAddNodeSelectorToPodSpec(t *testing.T) {
 			podSpec: &v1.PodSpec{},
 			expected: v1.PodSpec{
 				NodeSelector: map[string]string{
-					kubeadmconstants.LabelNodeRoleMaster: "",
+					kubeadmconstants.LabelNodeRoleOldControlPlane: "",
 				},
 			},
 		},
@ -140,7 +140,7 @@ func TestAddNodeSelectorToPodSpec(t *testing.T) {
 			expected: v1.PodSpec{
 				NodeSelector: map[string]string{
 					"foo": "bar",
-					kubeadmconstants.LabelNodeRoleMaster: "",
+					kubeadmconstants.LabelNodeRoleOldControlPlane: "",
 				},
 			},
 		},
@ -168,7 +168,7 @@ func TestSetControlPlaneTolerationOnPodSpec(t *testing.T) {
 			podSpec: &v1.PodSpec{},
 			expected: v1.PodSpec{
 				Tolerations: []v1.Toleration{
-					kubeadmconstants.ControlPlaneToleration,
+					kubeadmconstants.OldControlPlaneToleration,
 				},
 			},
 		},
@ -182,7 +182,7 @@ func TestSetControlPlaneTolerationOnPodSpec(t *testing.T) {
 			expected: v1.PodSpec{
 				Tolerations: []v1.Toleration{
 					{Key: "foo", Value: "bar"},
-					kubeadmconstants.ControlPlaneToleration,
+					kubeadmconstants.OldControlPlaneToleration,
 				},
 			},
 		},
--- a/cmd/kubeadm/app/phases/upgrade/health.go
+++ b/cmd/kubeadm/app/phases/upgrade/health.go
@ -208,21 +208,34 @@ func deleteHealthCheckJob(client clientset.Interface, ns, jobName string) error
 // controlPlaneNodesReady checks whether all control-plane Nodes in the cluster are in the Running state
 func controlPlaneNodesReady(client clientset.Interface, _ *kubeadmapi.ClusterConfiguration) error {
-	selector := labels.SelectorFromSet(labels.Set(map[string]string{
+	// list nodes labeled with a "master" node-role
-		constants.LabelNodeRoleMaster: "",
+	selectorOldControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{
 		constants.LabelNodeRoleOldControlPlane: "",
 	}))
-	controlPlanes, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{
+	nodesWithOldLabel, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{
-		LabelSelector: selector.String(),
+		LabelSelector: selectorOldControlPlane.String(),
 	})
 	if err != nil {
-		return errors.Wrap(err, "couldn't list control-planes in cluster")
+		return errors.Wrapf(err, "could not list nodes labeled with %q", constants.LabelNodeRoleOldControlPlane)
 	}
-	if len(controlPlanes.Items) == 0 {
+	// list nodes labeled with a "control-plane" node-role
 	selectorControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{
 		constants.LabelNodeRoleControlPlane: "",
 	}))
 	nodesControlPlane, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{
 		LabelSelector: selectorControlPlane.String(),
 	})
 	if err != nil {
 		return errors.Wrapf(err, "could not list nodes labeled with %q", constants.LabelNodeRoleControlPlane)
 	}
 	nodes := append(nodesWithOldLabel.Items, nodesControlPlane.Items...)
 	if len(nodes) == 0 {
 		return errors.New("failed to find any nodes with a control-plane role")
 	}
-	notReadyControlPlanes := getNotReadyNodes(controlPlanes.Items)
+	notReadyControlPlanes := getNotReadyNodes(nodes)
 	if len(notReadyControlPlanes) != 0 {
 		return errors.Errorf("there are NotReady control-planes in the cluster: %v", notReadyControlPlanes)
 	}
--- a/cmd/kubeadm/app/phases/upgrade/postupgrade.go
+++ b/cmd/kubeadm/app/phases/upgrade/postupgrade.go
@ -22,9 +22,11 @@ import (
 	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/labels"
 	errorsutil "k8s.io/apimachinery/pkg/util/errors"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
@ -251,3 +253,31 @@ func rollbackFiles(files map[string]string, originalErr error) error {
 	}
 	return errors.Errorf("couldn't move these files: %v. Got errors: %v", files, errorsutil.NewAggregate(errs))
 }
 // LabelOldControlPlaneNodes finds all nodes with the legacy node-role label and also applies
 // the "control-plane" node-role label to them.
 // TODO: https://github.com/kubernetes/kubeadm/issues/2200
 func LabelOldControlPlaneNodes(client clientset.Interface) error {
 	selectorOldControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{
 		kubeadmconstants.LabelNodeRoleOldControlPlane: "",
 	}))
 	nodesWithOldLabel, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{
 		LabelSelector: selectorOldControlPlane.String(),
 	})
 	if err != nil {
 		return errors.Wrapf(err, "could not list nodes labeled with %q", kubeadmconstants.LabelNodeRoleOldControlPlane)
 	}
 	for _, n := range nodesWithOldLabel.Items {
 		if _, hasNewLabel := n.ObjectMeta.Labels[kubeadmconstants.LabelNodeRoleControlPlane]; hasNewLabel {
 			continue
 		}
 		err = apiclient.PatchNode(client, n.Name, func(n *v1.Node) {
 			n.ObjectMeta.Labels[kubeadmconstants.LabelNodeRoleControlPlane] = ""
 		})
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
--- a/cmd/kubeadm/app/util/config/cluster_test.go
+++ b/cmd/kubeadm/app/util/config/cluster_test.go
@ -303,7 +303,7 @@ func TestGetNodeRegistration(t *testing.T) {
 					},
 				},
 				Spec: v1.NodeSpec{
-					Taints: []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+					Taints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 				},
 			},
 		},
@ -583,7 +583,7 @@ func TestGetInitConfigurationFromCluster(t *testing.T) {
 					},
 				},
 				Spec: v1.NodeSpec{
-					Taints: []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+					Taints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 				},
 			},
 		},
@ -660,7 +660,7 @@ func TestGetInitConfigurationFromCluster(t *testing.T) {
 					},
 				},
 				Spec: v1.NodeSpec{
-					Taints: []v1.Taint{kubeadmconstants.ControlPlaneTaint},
+					Taints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 				},
 			},
 		},
--- a/cmd/kubeadm/app/util/config/initconfiguration.go
+++ b/cmd/kubeadm/app/util/config/initconfiguration.go
@ -83,7 +83,7 @@ func SetBootstrapTokensDynamicDefaults(cfg *[]kubeadmapi.BootstrapToken) error {
 }
 // SetNodeRegistrationDynamicDefaults checks and sets configuration values for the NodeRegistration object
-func SetNodeRegistrationDynamicDefaults(cfg *kubeadmapi.NodeRegistrationOptions, ControlPlaneTaint bool) error {
+func SetNodeRegistrationDynamicDefaults(cfg *kubeadmapi.NodeRegistrationOptions, controlPlaneTaint bool) error {
 	var err error
 	cfg.Name, err = kubeadmutil.GetHostname(cfg.Name)
 	if err != nil {
@ -91,8 +91,9 @@ func SetNodeRegistrationDynamicDefaults(cfg *kubeadmapi.NodeRegistrationOptions,
 	}
 	// Only if the slice is nil, we should append the control-plane taint. This allows the user to specify an empty slice for no default control-plane taint
-	if ControlPlaneTaint && cfg.Taints == nil {
+	if controlPlaneTaint && cfg.Taints == nil {
-		cfg.Taints = []v1.Taint{kubeadmconstants.ControlPlaneTaint}
+		// TODO: https://github.com/kubernetes/kubeadm/issues/2200
 		cfg.Taints = []v1.Taint{kubeadmconstants.OldControlPlaneTaint}
 	}
 	if cfg.CRISocket == "" {