add master node taint and tolerances for pods to run on masters
Does not depend on host node labels.
Change-Id: I6c834a62f92bf508f60eb24c74a19dec47d5e44c
diff --git a/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml b/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml
index 1471a73..b5f25e9 100644
--- a/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml
+++ b/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml
@@ -23,6 +23,9 @@
k8s-app: calico-policy
spec:
hostNetwork: true
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
containers:
- name: calico-policy-controller
image: {{ master.addons.calico_policy.image }}
diff --git a/kubernetes/files/kube-addons/dns/kubedns-autoscaler.yaml b/kubernetes/files/kube-addons/dns/kubedns-autoscaler.yaml
index be4190b..2260a7b 100644
--- a/kubernetes/files/kube-addons/dns/kubedns-autoscaler.yaml
+++ b/kubernetes/files/kube-addons/dns/kubedns-autoscaler.yaml
@@ -12,6 +12,9 @@
labels:
k8s-app: kube-dns-autoscaler
spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
containers:
- name: autoscaler
image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
diff --git a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
index bfc4d47..514bc26 100644
--- a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
+++ b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
@@ -45,6 +45,9 @@
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
containers:
- name: kubedns
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.11.0
diff --git a/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml b/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml
index 8c452e0..b1828ce 100644
--- a/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml
+++ b/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml
@@ -20,6 +20,9 @@
app: helm
name: tiller
spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
containers:
- image: {{ master.addons.helm.tiller_image }}
imagePullPolicy: IfNotPresent
diff --git a/kubernetes/files/kube-addons/netchecker/netchecker-agent.yml b/kubernetes/files/kube-addons/netchecker/netchecker-agent.yml
index 52d0443..755bf11 100644
--- a/kubernetes/files/kube-addons/netchecker/netchecker-agent.yml
+++ b/kubernetes/files/kube-addons/netchecker/netchecker-agent.yml
@@ -13,6 +13,9 @@
labels:
app: netchecker-agent
spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
containers:
- name: netchecker-agent
image: {{ master.addons.netchecker.agent_image }}
diff --git a/kubernetes/files/kube-addons/netchecker/netchecker-server.yml b/kubernetes/files/kube-addons/netchecker/netchecker-server.yml
index 88170f1..fdd52ab 100644
--- a/kubernetes/files/kube-addons/netchecker/netchecker-server.yml
+++ b/kubernetes/files/kube-addons/netchecker/netchecker-server.yml
@@ -11,6 +11,9 @@
labels:
app: netchecker-server
spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
containers:
- name: netchecker-server
image: {{ master.addons.netchecker.server_image }}
diff --git a/kubernetes/files/kube-addons/registry/registry-rc.yaml b/kubernetes/files/kube-addons/registry/registry-rc.yaml
index 9e1a1de..055e596 100644
--- a/kubernetes/files/kube-addons/registry/registry-rc.yaml
+++ b/kubernetes/files/kube-addons/registry/registry-rc.yaml
@@ -20,6 +20,9 @@
version: v0
kubernetes.io/cluster-service: "true"
spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
containers:
- name: registry
image: registry:2.5.1
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index 674fec2..3e89830 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -227,6 +227,13 @@
{%- endfor %}
+{%- if master.get('unschedulable', 'false') %}
+kubernetes_taint_master_{{ master.host.name }}:
+ cmd.run:
+ - name: kubectl taint --overwrite nodes {{ master.host.name }} node-role.kubernetes.io/master=:NoSchedule
+
+{%- endif %}
+
{%- if master.registry.secret is defined %}
{%- for name,registry in master.registry.secret.iteritems() %}
diff --git a/metadata/service/master/cluster.yml b/metadata/service/master/cluster.yml
index b7364ce..ddeba5e 100644
--- a/metadata/service/master/cluster.yml
+++ b/metadata/service/master/cluster.yml
@@ -7,8 +7,11 @@
kubernetes:
master:
enabled: true
+ unschedulable: true
registry:
host: tcpcloud
+ host:
+ name: ${linux:system:name}
service_addresses: 10.254.0.0/16
admin:
username: ${_param:kubernetes_admin_user}
diff --git a/metadata/service/master/single.yml b/metadata/service/master/single.yml
index 3a6440c..d9d24a1 100644
--- a/metadata/service/master/single.yml
+++ b/metadata/service/master/single.yml
@@ -7,8 +7,11 @@
kubernetes:
master:
enabled: true
+ unschedulable: false
registry:
host: tcpcloud
+ host:
+ name: ${linux:system:name}
service_addresses: 10.254.0.0/16
admin:
username: ${_param:kubernetes_admin_user}
diff --git a/tests/pillar/master_cluster.sls b/tests/pillar/master_cluster.sls
index a38467e..05434a1 100644
--- a/tests/pillar/master_cluster.sls
+++ b/tests/pillar/master_cluster.sls
@@ -31,12 +31,15 @@
username: admin
registry:
host: tcpcloud
+ host:
+ name: node040
apiserver:
address: 10.0.175.100
insecure_address: 127.0.0.1
insecure_port: 8080
ca: kubernetes
enabled: true
+ unschedulable: true
etcd:
members:
- host: 10.0.175.100