Merge pull request #1275 from louiznk/feat/toleration/control_plane

feat: add NoSchedule toleration on key node-role.kubernetes.io/master
2020-03-25 12:14:17 -07:00 · 2020-03-25 12:14:17 -07:00 · ceb6bfbbf3
parent 805dcc07ab 45ab3e54ac
commit ceb6bfbbf3
6 changed files with 52 additions and 9 deletions
--- a/manifests/coredns.yaml
+++ b/manifests/coredns.yaml
@ -99,6 +99,9 @@ spec:
      tolerations:
        - key: "CriticalAddonsOnly"
          operator: "Exists"
+        - key: "node-role.kubernetes.io/master"
+          operator: "Exists"
+          effect: "NoSchedule"
      nodeSelector:
        beta.kubernetes.io/os: linux
      containers:
--- a/manifests/local-storage.yaml
+++ b/manifests/local-storage.yaml
@ -51,6 +51,12 @@ spec:
        app: local-path-provisioner
    spec:
      serviceAccountName: local-path-provisioner-service-account
+      tolerations:
+          - key: "CriticalAddonsOnly"
+            operator: "Exists"
+          - key: "node-role.kubernetes.io/master"
+            operator: "Exists"
+            effect: "NoSchedule"
      containers:
      - name: local-path-provisioner
        image: rancher/local-path-provisioner:v0.0.11
--- a/manifests/metrics-server/metrics-server-deployment.yaml
+++ b/manifests/metrics-server/metrics-server-deployment.yaml
@ -23,6 +23,12 @@ spec:
        k8s-app: metrics-server
    spec:
      serviceAccountName: metrics-server
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+        - key: "node-role.kubernetes.io/master"
+          operator: "Exists"
+          effect: "NoSchedule"
      volumes:
      # mount in tmp so we can safely use from-scratch images and/or read-only containers
      - name: tmp-dir
--- a/manifests/traefik.yaml
+++ b/manifests/traefik.yaml
@ -5,9 +5,21 @@ metadata:
  namespace: kube-system
 spec:
  chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
-  set:
-    rbac.enabled: "true"
-    ssl.enabled: "true"
-    metrics.prometheus.enabled: "true"
-    kubernetes.ingressEndpoint.useDefaultPublishedService: "true"
+  valuesContent: |-
+    rbac:
+      enabled: true
+    ssl:
+      enabled: true
+    metrics:
+      prometheus:
+        enabled: true
+    kubernetes:
+      ingressEndpoint:
+        useDefaultPublishedService: true
    image: "rancher/library-traefik"
+    tolerations:
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
--- a/pkg/deploy/zz_generated_bindata.go
+++ b/pkg/deploy/zz_generated_bindata.go
--- a/pkg/servicelb/controller.go
+++ b/pkg/servicelb/controller.go
@ -356,6 +356,22 @@ func (h *handler) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) {

 		ds.Spec.Template.Spec.Containers = append(ds.Spec.Template.Spec.Containers, container)
 	}
+
+	// Add toleration to noderole.kubernetes.io/master=*:NoSchedule
+	noScheduleToleration := core.Toleration{
+		Key:      "noderole.kubernetes.io/master",
+		Operator: "Exists",
+		Effect:   "NoSchedule",
+	}
+	ds.Spec.Template.Spec.Tolerations = append(ds.Spec.Template.Spec.Tolerations, noScheduleToleration)
+
+	// Add toleration to CriticalAddonsOnly
+	criticalAddonsOnlyToleration := core.Toleration{
+		Key:      "CriticalAddonsOnly",
+		Operator: "Exists",
+	}
+	ds.Spec.Template.Spec.Tolerations = append(ds.Spec.Template.Spec.Tolerations, criticalAddonsOnlyToleration)
+
 	// Add node selector only if label "svccontroller.k3s.cattle.io/enablelb" exists on the nodes
 	selector, err := labels.Parse(daemonsetNodeLabel)
 	if err != nil {