From 7ff8fc259b1ca63fe378e0201258f2a2a77f9733 Mon Sep 17 00:00:00 2001
From: Flavien <flav.hardy@gmail.com>
Date: Tue, 2 Jun 2020 14:38:15 +0200
Subject: [PATCH] Support all taints in network plugins manifests (#6208)

flannel, ovn and multus network plugins did not support all taint keys. This
update changes the tolerations to support them all.

According to the documentation:

```
There are two special cases: An empty key with operator Exists matches all keys,
values and effects which means this will tolerate everything. An empty effect matches
all effects with key key.
```

Usage of the empty `key` and `effect` ensures the network plugin daemonset will
be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
---
 roles/network_plugin/calico/templates/calico-node.yml.j2  | 8 +-------
 roles/network_plugin/flannel/templates/cni-flannel.yml.j2 | 1 -
 .../network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 | 6 ++----
 .../multus/templates/multus-daemonset.yml.j2              | 4 +---
 4 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 39961002e..6e3f19d8e 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -29,13 +29,7 @@ spec:
       hostNetwork: true
       serviceAccountName: calico-node
       tolerations:
-        - effect: NoExecute
-          operator: Exists
-        - effect: NoSchedule
-          operator: Exists
-        # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
-        - key: CriticalAddonsOnly
-          operator: "Exists"
+      - operator: Exists
       # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
       # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
       terminationGracePeriodSeconds: 0
diff --git a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
index da76ff650..efcebaf4c 100644
--- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
@@ -120,7 +120,6 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       tolerations:
       - operator: Exists
-        effect: NoSchedule
       volumes:
         - name: run
           hostPath:
diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
index 426b9b9e5..f6ca42c82 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
@@ -99,7 +99,6 @@ spec:
     spec:
       tolerations:
       - operator: Exists
-        effect: NoSchedule
       priorityClassName: system-cluster-critical
       serviceAccountName: ovn
       hostNetwork: true
@@ -210,8 +209,7 @@ spec:
         type: infra
     spec:
       tolerations:
-        - operator: Exists
-          effect: NoSchedule
+      - operator: Exists
       serviceAccountName: ovn
       hostPID: true
       containers:
@@ -330,4 +328,4 @@ spec:
     app: kube-ovn-cni
   ports:
     - port: 10665
-      name: metrics
\ No newline at end of file
+      name: metrics
diff --git a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
index 92f21ee15..9f8c3a1fe 100644
--- a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
+++ b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
@@ -23,9 +23,7 @@ spec:
       nodeSelector:
         kubernetes.io/arch: amd64
       tolerations:
-      - key: node-role.kubernetes.io/master
-        operator: Exists
-        effect: NoSchedule
+      - operator: Exists
       serviceAccountName: multus
       containers:
       - name: kube-multus
-- 
GitLab