Add nodeSelctor for other services and node labels before CNI setup (#7613)

3 years ago · 7db76f8809
10 changed files with 20 additions and 7 deletions
--- a/cluster.yml
+++ b/cluster.yml
@ -86,8 +86,8 @@
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes/kubeadm, tags: kubeadm}
    - { role: network_plugin, tags: network }
    - { role: kubernetes/node-label, tags: node-label }
    - { role: network_plugin, tags: network }
 - hosts: calico_rr
  gather_facts: False
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@ -10,15 +10,18 @@ dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'f
 enable_coredns_reverse_dns_lookups: true
 coredns_ordinal_suffix: ""
 # dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
 coredns_deployment_nodeselector: "kubernetes.io/os: linux"
 # nodelocaldns
 nodelocaldns_cpu_requests: 100m
 nodelocaldns_memory_limit: 170Mi
 nodelocaldnsdns_memory_requests: 70Mi
 nodelocaldns_memory_requests: 70Mi
 nodelocaldns_ds_nodeselector: "kubernetes.io/os: linux"
 # Limits for dns-autoscaler
 dns_autoscaler_cpu_requests: 20m
 dns_autoscaler_memory_requests: 10Mi
 dns_autoscaler_deployment_nodeselector: "kubernetes.io/os: linux"
 # Netchecker
 deploy_netchecker: false
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@ -25,9 +25,9 @@ spec:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
        createdby: 'kubespray'
    spec:
      priorityClassName: system-cluster-critical
      nodeSelector:
        kubernetes.io/os: linux
        {{ coredns_deployment_nodeselector }}
      priorityClassName: system-cluster-critical
      serviceAccountName: coredns
      tolerations:
        - key: node-role.kubernetes.io/master
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
@ -32,6 +32,8 @@ spec:
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      nodeSelector:
        {{ dns_autoscaler_deployment_nodeselector}}
      priorityClassName: system-cluster-critical
      securityContext:
        supplementalGroups: [ 65534 ]
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
@ -18,6 +18,8 @@ spec:
        prometheus.io/scrape: 'true'
        prometheus.io/port: '9253'
    spec:
      nodeSelector:
        {{ nodelocaldns_ds_nodeselector }}
      priorityClassName: system-cluster-critical
      serviceAccountName: nodelocaldns
      hostNetwork: true
@ -35,7 +37,7 @@ spec:
            memory: {{ nodelocaldns_memory_limit }}
          requests:
            cpu: {{ nodelocaldns_cpu_requests }}
            memory: {{ nodelocaldnsdns_memory_requests }}
            memory: {{ nodelocaldns_memory_requests }}
        args: [ "-localip", "{{ nodelocaldns_ip }}", "-conf", "/etc/coredns/Corefile", "-upstreamsvc", "coredns" ]
        securityContext:
          privileged: true
--- a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
@ -4,6 +4,7 @@ calico_policy_controller_cpu_limit: 100m
 calico_policy_controller_memory_limit: 256M
 calico_policy_controller_cpu_requests: 30m
 calico_policy_controller_memory_requests: 64M
 calico_policy_controller_deployment_nodeselector: "kubernetes.io/os: linux"
 # SSL
 calico_cert_dir: "/etc/calico/certs"
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@ -20,7 +20,7 @@ spec:
        k8s-app: calico-kube-controllers
    spec:
      nodeSelector:
        kubernetes.io/os: linux
        {{ calico_policy_controller_deployment_nodeselector }}
      hostNetwork: true
      serviceAccountName: calico-kube-controllers
      tolerations:
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@ -39,6 +39,9 @@ calico_node_memory_requests: 64M
 calico_node_cpu_requests: 150m
 calico_felix_chaininsertmode: Insert
 # Calico daemonset nodeselector
 calico_ds_nodeselector: "kubernetes.io/os: linux"
 # Virtual network ID to use for VXLAN traffic. A value of 0 means “use the kernel default”.
 calico_vxlan_vni: 4096
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@ -26,6 +26,8 @@ spec:
        prometheus.io/port: "{{ calico_felix_prometheusmetricsport }}"
 {% endif %}
    spec:
      nodeSelector:
        {{ calico_ds_nodeselector }}
      priorityClassName: system-node-critical
      hostNetwork: true
      serviceAccountName: calico-node
--- a/scale.yml
+++ b/scale.yml
@ -96,5 +96,5 @@
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes/kubeadm, tags: kubeadm }
    - { role: network_plugin, tags: network }
    - { role: kubernetes/node-label, tags: node-label }
    - { role: network_plugin, tags: network }