rancher: pushprox-kube-etcd-client does not tolerate node-role.kubernetes.io/master:NoSchedule taint

The current example breaks the Rancher Monitoring package when applied during the installation.

node-taint:
  - "CriticalAddonsOnly=true:NoExecute"

This breaks the pushprox-kube-etcd-client which has a toleration expecting a taint of node-role.kubernetes.io/master with an effect of NoSchedule

      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Equal

Proposed Changes

Change example to:

node-taint:
  - "node-role.kubernetes.io/master:NoSchedule"

Types of Changes

Updates documentation to use upstream standard taints.

Challenges to Accepting This Change

After reconfiguring my Ansible automation for building rke2 clusters I found out that if one applies this change, it breaks the helm controller integration due to the fact that the controller has its taints for the jobs it creates hard coded.

https://github.com/k3s-io/helm-controller/blob/4ed68f1ecd2ba59cdf5090fb2c166f7055f8cf99/pkg/helm/controller.go#L287

Applying this change without changing the behavior of the helm controller would break the RKE2 bootstrapping process.

Submitted by @estenrye in rancher/rke2#901

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 15 (8 by maintainers)

Most upvoted comments

Sorry I missed the tag @aiyengar2 but I agree, changing

      - effect: "NoSchedule"
        key: node-role.kubernetes.io/master
        operator: "Equal"

to

    - effect: "NoExecute"
      operator: "Exists"
    - effect: "NoSchedule"
      operator: "Exists"

sounds good to me

+1
brandond on May 21, 2021
Read more comments on GitHub
← rancher: Provisioning V2 / RKEv2 does not work with third party node drivers
rancher: rabbitmq-ha breaks with "MY_POD_NAME: not found" after scaling to 0 and back →