From 7db76f8809ba268e34773df3543d378dcf48c01d Mon Sep 17 00:00:00 2001
From: efrikin <sadeless@gmail.com>
Date: Tue, 25 May 2021 23:40:43 +0300
Subject: [PATCH] Add nodeSelctor for other services and node labels before CNI
setup (#7613)
---
cluster.yml | 2 +-
roles/kubernetes-apps/ansible/defaults/main.yml | 5 ++++-
.../ansible/templates/coredns-deployment.yml.j2 | 4 ++--
.../kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2 | 2 ++
.../ansible/templates/nodelocaldns-daemonset.yml.j2 | 4 +++-
.../policy_controller/calico/defaults/main.yml | 1 +
.../calico/templates/calico-kube-controllers.yml.j2 | 2 +-
roles/network_plugin/calico/defaults/main.yml | 3 +++
roles/network_plugin/calico/templates/calico-node.yml.j2 | 2 ++
scale.yml | 2 +-
10 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/cluster.yml b/cluster.yml
index c2ba9a7bd..2830c4fb9 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -86,8 +86,8 @@
roles:
- { role: kubespray-defaults }
- { role: kubernetes/kubeadm, tags: kubeadm}
- - { role: network_plugin, tags: network }
- { role: kubernetes/node-label, tags: node-label }
+ - { role: network_plugin, tags: network }
- hosts: calico_rr
gather_facts: False
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index 4dd08b7bf..b3067e771 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -10,15 +10,18 @@ dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'f
enable_coredns_reverse_dns_lookups: true
coredns_ordinal_suffix: ""
# dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
+coredns_deployment_nodeselector: "kubernetes.io/os: linux"
# nodelocaldns
nodelocaldns_cpu_requests: 100m
nodelocaldns_memory_limit: 170Mi
-nodelocaldnsdns_memory_requests: 70Mi
+nodelocaldns_memory_requests: 70Mi
+nodelocaldns_ds_nodeselector: "kubernetes.io/os: linux"
# Limits for dns-autoscaler
dns_autoscaler_cpu_requests: 20m
dns_autoscaler_memory_requests: 10Mi
+dns_autoscaler_deployment_nodeselector: "kubernetes.io/os: linux"
# Netchecker
deploy_netchecker: false
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index cb9625649..e2e10ebd5 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -25,9 +25,9 @@ spec:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
createdby: 'kubespray'
spec:
- priorityClassName: system-cluster-critical
nodeSelector:
- kubernetes.io/os: linux
+ {{ coredns_deployment_nodeselector }}
+ priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
diff --git a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
index b49c41264..e09a87341 100644
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
@@ -32,6 +32,8 @@ spec:
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
+ nodeSelector:
+ {{ dns_autoscaler_deployment_nodeselector}}
priorityClassName: system-cluster-critical
securityContext:
supplementalGroups: [ 65534 ]
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
index b92749c8b..4d725577e 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
@@ -18,6 +18,8 @@ spec:
prometheus.io/scrape: 'true'
prometheus.io/port: '9253'
spec:
+ nodeSelector:
+ {{ nodelocaldns_ds_nodeselector }}
priorityClassName: system-cluster-critical
serviceAccountName: nodelocaldns
hostNetwork: true
@@ -35,7 +37,7 @@ spec:
memory: {{ nodelocaldns_memory_limit }}
requests:
cpu: {{ nodelocaldns_cpu_requests }}
- memory: {{ nodelocaldnsdns_memory_requests }}
+ memory: {{ nodelocaldns_memory_requests }}
args: [ "-localip", "{{ nodelocaldns_ip }}", "-conf", "/etc/coredns/Corefile", "-upstreamsvc", "coredns" ]
securityContext:
privileged: true
diff --git a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
index 93d12c901..472636384 100644
--- a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
@@ -4,6 +4,7 @@ calico_policy_controller_cpu_limit: 100m
calico_policy_controller_memory_limit: 256M
calico_policy_controller_cpu_requests: 30m
calico_policy_controller_memory_requests: 64M
+calico_policy_controller_deployment_nodeselector: "kubernetes.io/os: linux"
# SSL
calico_cert_dir: "/etc/calico/certs"
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index f861d918d..47c878d2e 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -20,7 +20,7 @@ spec:
k8s-app: calico-kube-controllers
spec:
nodeSelector:
- kubernetes.io/os: linux
+ {{ calico_policy_controller_deployment_nodeselector }}
hostNetwork: true
serviceAccountName: calico-kube-controllers
tolerations:
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index b35416221..ce6d12292 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -39,6 +39,9 @@ calico_node_memory_requests: 64M
calico_node_cpu_requests: 150m
calico_felix_chaininsertmode: Insert
+# Calico daemonset nodeselector
+calico_ds_nodeselector: "kubernetes.io/os: linux"
+
# Virtual network ID to use for VXLAN traffic. A value of 0 means “use the kernel default”.
calico_vxlan_vni: 4096
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 4aa342103..155189b9a 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -26,6 +26,8 @@ spec:
prometheus.io/port: "{{ calico_felix_prometheusmetricsport }}"
{% endif %}
spec:
+ nodeSelector:
+ {{ calico_ds_nodeselector }}
priorityClassName: system-node-critical
hostNetwork: true
serviceAccountName: calico-node
diff --git a/scale.yml b/scale.yml
index 5e218791a..33b9eeb0c 100644
--- a/scale.yml
+++ b/scale.yml
@@ -96,5 +96,5 @@
roles:
- { role: kubespray-defaults }
- { role: kubernetes/kubeadm, tags: kubeadm }
- - { role: network_plugin, tags: network }
- { role: kubernetes/node-label, tags: node-label }
+ - { role: network_plugin, tags: network }
--
GitLab