fix master taint implementation - linting problems (#95)

* add virtual-ip to certificate SAN entries Adds the kube-vip IP as a Subject Alternative Name in the TLS cert. It is needed otherwise you cannot access the cluster. * fixes bug with master taints (#1) - improves taint logic * fixes typo * fixes formatting * fixes undefined group['node'] if missing from hosts.ini (#2) * fixes undefined group['node'] if missing from hosts.ini - improves application of master taint by centralizing code * improves molecule testing, fixes linting * hacking at linter problems, small tweaks - increases the metallb timeout error due to intermittent testing errors in GitHub actions * improves context by renaming taint variable - makes variable boolean * fix bug * removes linting hacks Co-authored-by: Ioannis Angelakopoulos <ioangel@gmail.com>
2022-09-25 04:12:24 +03:00
parent d5b37acd8a
commit cd76fa05a7
7 changed files with 12 additions and 12 deletions
--- a/roles/k3s/master/tasks/main.yml
+++ b/roles/k3s/master/tasks/main.yml
@@ -64,8 +64,7 @@
    cmd: "systemd-run -p RestartSec=2 \
                      -p Restart=on-failure \
                      --unit=k3s-init \
-                      k3s server {{ server_init_args }} \
-                      {{ '--node-taint CriticalAddonsOnly=true:NoExecute' if k3s_single_node|bool == false else ''}}"
+                      k3s server {{ server_init_args }}"
    creates: "{{ systemd_dir }}/k3s.service"
  args:
    warn: false  # The ansible systemd module does not support transient units
--- a/roles/k3s/master/templates/k3s.service.j2
+++ b/roles/k3s/master/templates/k3s.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }} {{ '--node-taint CriticalAddonsOnly=true:NoExecute' if k3s_single_node|bool == false else ''}}
+ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead
--- a/roles/k3s/master/templates/metallb.crds.j2
+++ b/roles/k3s/master/templates/metallb.crds.j2
@@ -1648,8 +1648,6 @@ spec:
      - effect: NoSchedule
        key: node-role.kubernetes.io/control-plane
        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
--- a/roles/k3s/master/templates/vip.yaml.j2
+++ b/roles/k3s/master/templates/vip.yaml.j2
@@ -69,8 +69,6 @@ spec:
        operator: Exists
      - effect: NoExecute
        operator: Exists
-      - key: CriticalAddonsOnly
-        operator: Exists
  updateStrategy: {}
 status:
  currentNumberScheduled: 0