diff --git a/cluster/reconcile.go b/cluster/reconcile.go index 866ad436..15fe86cb 100644 --- a/cluster/reconcile.go +++ b/cluster/reconcile.go @@ -16,7 +16,8 @@ import ( ) const ( - unschedulableEtcdTaint = "node-role.kubernetes.io/etcd=true:NoExecute" + unschedulableEtcdTaint = "node-role.kubernetes.io/etcd=true:NoExecute" + unschedulableControlTaint = "node-role.kubernetes.io/controlplane=true:NoExecute" ) func ReconcileCluster(ctx context.Context, kubeCluster, currentCluster *Cluster, updateOnly bool) error { @@ -72,6 +73,9 @@ func reconcileWorker(ctx context.Context, currentCluster, kubeCluster *Cluster, if host.IsEtcd { host.ToDelTaints = append(host.ToDelTaints, unschedulableEtcdTaint) } + if host.IsControl { + host.ToDelTaints = append(host.ToDelTaints, unschedulableControlTaint) + } } return nil } diff --git a/services/workerplane.go b/services/workerplane.go index de6792fd..4d20496b 100644 --- a/services/workerplane.go +++ b/services/workerplane.go @@ -11,7 +11,8 @@ import ( ) const ( - unschedulableEtcdTaint = "node-role.kubernetes.io/etcd=true:NoExecute" + unschedulableEtcdTaint = "node-role.kubernetes.io/etcd=true:NoExecute" + unschedulableControlTaint = "node-role.kubernetes.io/controlplane=true:NoExecute" ) func RunWorkerPlane(ctx context.Context, allHosts []*hosts.Host, localConnDialerFactory hosts.DialerFactory, prsMap map[string]v3.PrivateRegistry, workerNodePlanMap map[string]v3.RKEConfigNodePlan, certMap map[string]pki.CertificatePKI, updateWorkersOnly bool, alpineImage string) error { @@ -23,9 +24,16 @@ func RunWorkerPlane(ctx context.Context, allHosts []*hosts.Host, localConnDialer continue } } - if !host.IsControl && !host.IsWorker { - // Add unschedulable taint - host.ToAddTaints = append(host.ToAddTaints, unschedulableEtcdTaint) + if !host.IsWorker { + if host.IsEtcd { + // Add unschedulable taint + host.ToAddTaints = append(host.ToAddTaints, unschedulableEtcdTaint) + } + if host.IsControl { + // Add unschedulable taint + host.ToAddTaints = append(host.ToAddTaints, unschedulableControlTaint) + } + } runHost := host // maps are not thread safe diff --git a/templates/calico.go b/templates/calico.go index de2c5dde..dc104a99 100644 --- a/templates/calico.go +++ b/templates/calico.go @@ -183,8 +183,9 @@ spec: operator: Exists - effect: NoExecute operator: Exists - - key: "node-role.kubernetes.io/master" + - key: "node-role.kubernetes.io/controlplane" operator: "Exists" + effect: "NoExecute" - key: "node-role.kubernetes.io/etcd" operator: "Exists" effect: "NoExecute" diff --git a/templates/canal.go b/templates/canal.go index 74408ef9..4a953194 100644 --- a/templates/canal.go +++ b/templates/canal.go @@ -240,8 +240,9 @@ spec: operator: Exists - effect: NoExecute operator: Exists - - key: "node-role.kubernetes.io/master" + - key: "node-role.kubernetes.io/controlplane" operator: "Exists" + effect: "NoExecute" - key: "node-role.kubernetes.io/etcd" operator: "Exists" effect: "NoExecute" diff --git a/templates/flannel.go b/templates/flannel.go index 8cebf0bb..d6bd8a75 100644 --- a/templates/flannel.go +++ b/templates/flannel.go @@ -148,9 +148,9 @@ spec: mountPath: /host/opt/cni/bin/ hostNetwork: true tolerations: - - key: node-role.kubernetes.io/master + - key: node-role.kubernetes.io/controlplane operator: Exists - effect: NoSchedule + effect: NoExecute - key: node-role.kubernetes.io/etcd operator: Exists effect: NoExecute diff --git a/templates/job-deployer.go b/templates/job-deployer.go index 6fa70b54..fcde45f8 100644 --- a/templates/job-deployer.go +++ b/templates/job-deployer.go @@ -14,6 +14,13 @@ spec: metadata: name: pi spec: + tolerations: + - key: node-role.kubernetes.io/controlplane + operator: Exists + effect: NoExecute + - key: node-role.kubernetes.io/etcd + operator: Exists + effect: NoExecute hostNetwork: true serviceAccountName: rke-job-deployer nodeName: {{$nodeName}} diff --git a/templates/weave.go b/templates/weave.go index b96e0d01..6612c185 100644 --- a/templates/weave.go +++ b/templates/weave.go @@ -96,6 +96,12 @@ items: seLinuxOptions: {} serviceAccountName: weave-net tolerations: + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + effect: "NoExecute" + - key: "node-role.kubernetes.io/etcd" + operator: "Exists" + effect: "NoExecute" - effect: NoExecute operator: Exists volumes: