Support all taints in network plugins manifests (#6208)

flannel, ovn and multus network plugins did not support all taint keys. This update changes the tolerations to support them all. According to the documentation: ``` There are two special cases: An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything. An empty effect matches all effects with key key. ``` Usage of the empty `key` and `effect` ensures the network plugin daemonset will be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
5 years ago · 7ff8fc259b
4 changed files with 4 additions and 15 deletions
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@ -29,13 +29,7 @@ spec:
      hostNetwork: true
      serviceAccountName: calico-node
      tolerations:
-        - effect: NoExecute
-          operator: Exists
-        - effect: NoSchedule
-          operator: Exists
-        # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
-        - key: CriticalAddonsOnly
-          operator: "Exists"
+      - operator: Exists
      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
      terminationGracePeriodSeconds: 0
--- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
@ -120,7 +120,6 @@ spec:
      dnsPolicy: ClusterFirstWithHostNet
      tolerations:
      - operator: Exists
-        effect: NoSchedule
      volumes:
        - name: run
          hostPath:
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
@ -99,7 +99,6 @@ spec:
    spec:
      tolerations:
      - operator: Exists
-        effect: NoSchedule
      priorityClassName: system-cluster-critical
      serviceAccountName: ovn
      hostNetwork: true
@ -210,8 +209,7 @@ spec:
        type: infra
    spec:
      tolerations:
-        - operator: Exists
-          effect: NoSchedule
+      - operator: Exists
      serviceAccountName: ovn
      hostPID: true
      containers:
@ -330,4 +328,4 @@ spec:
    app: kube-ovn-cni
  ports:
    - port: 10665
-      name: metrics
+      name: metrics
--- a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
+++ b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
@ -23,9 +23,7 @@ spec:
      nodeSelector:
        kubernetes.io/arch: amd64
      tolerations:
-      - key: node-role.kubernetes.io/master
-        operator: Exists
-        effect: NoSchedule
+      - operator: Exists
      serviceAccountName: multus
      containers:
      - name: kube-multus