From 16de20c8e4a01953980aa41c275d4751730572b6 Mon Sep 17 00:00:00 2001 From: Michael McCulloch Date: Mon, 5 Feb 2024 08:01:28 -0700 Subject: [PATCH] only the control-plane master gets the ability to set taints --- tasks/control-plane-aux-setup.yml | 14 -------------- tasks/control-plane-setup.yml | 8 -------- tasks/main.yml | 14 ++++++++++++++ 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/tasks/control-plane-aux-setup.yml b/tasks/control-plane-aux-setup.yml index bed01c2..47ad1f5 100644 --- a/tasks/control-plane-aux-setup.yml +++ b/tasks/control-plane-aux-setup.yml @@ -5,17 +5,3 @@ args: creates: /etc/kubernetes/kubelet.conf tags: ["skip_ansible_lint"] - -- name: Allow pods on control plane (if configured). - command: "kubectl taint nodes {{ inventory_hostname_short }} node-role.kubernetes.io/control-plane-" - register: taint_removed - until: > - ("untainted" in taint_removed.stdout) or - ("not found" in taint_removed.stdout) - changed_when: "'untainted' in taint_removed.stdout" - failed_when: false - retries: 100 - delay: 5 - when: - - kubernetes_allow_pods_on_control_plane | bool - - join_ctrl_plane.changed diff --git a/tasks/control-plane-setup.yml b/tasks/control-plane-setup.yml index 669a95d..e22f839 100644 --- a/tasks/control-plane-setup.yml +++ b/tasks/control-plane-setup.yml @@ -190,11 +190,3 @@ register: weave_result changed_when: "'created' in weave_result.stdout" when: kubernetes_pod_network.cni == 'weave' - -# TODO: Check if taint exists with something like `kubectl describe nodes` -# instead of using kubernetes_init_stat.stat.exists check. -- name: Allow pods on control plane (if configured). - command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-" - when: - - kubernetes_allow_pods_on_control_plane | bool - - not kubernetes_init_stat.stat.exists diff --git a/tasks/main.yml b/tasks/main.yml index edbbad3..a6cdad4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -110,3 +110,17 @@ when: - kubernetes_allow_pods_on_control_plane | bool - not kubernetes_init_stat.stat.exists + +- name: Allow pods on control plane (if configured). + command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-" + register: taint_removed + until: > + ("untainted" in taint_removed.stdout) or + ("not found" in taint_removed.stdout) + changed_when: "'untainted' in taint_removed.stdout" + failed_when: false + retries: 100 + delay: 5 + when: + - join_ctrl_plane.changed + - inventory_hostname == groups['k8s_control_plane'][0]