From 85fa6af3136f8be5005a7f2a95ff72ad826f57dd Mon Sep 17 00:00:00 2001
From: my-git9 <xin.li@daocloud.io>
Date: Mon, 2 Jan 2023 05:59:32 +0800
Subject: [PATCH] cleanup: replace node-role.kubernetes.io/master (#9627)

Signed-off-by: xin.li <xin.li@daocloud.io>

Signed-off-by: xin.li <xin.li@daocloud.io>
---
 .../calico/templates/calico-apiserver.yml.j2              | 8 +++++---
 .../canal/templates/canal-calico-kube-controllers.yml.j2  | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 b/roles/network_plugin/calico/templates/calico-apiserver.yml.j2
index dabc7a3f5..3af74c74a 100644
--- a/roles/network_plugin/calico/templates/calico-apiserver.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-apiserver.yml.j2
@@ -1,4 +1,4 @@
-# Policy to ensure the API server isn't cut off. Can be modified, but ensure 
+# Policy to ensure the API server isn't cut off. Can be modified, but ensure
 # that the main API server is always able to reach the Calico API server.
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
@@ -94,6 +94,8 @@ spec:
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
       volumes:
       - name: calico-apiserver-certs
         secret:
@@ -104,8 +106,8 @@ spec:
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: calico-apiserver 
-  namespace: calico-apiserver 
+  name: calico-apiserver
+  namespace: calico-apiserver
 
 ---
 
diff --git a/roles/network_plugin/canal/templates/canal-calico-kube-controllers.yml.j2 b/roles/network_plugin/canal/templates/canal-calico-kube-controllers.yml.j2
index 1417022a8..a77a5f662 100644
--- a/roles/network_plugin/canal/templates/canal-calico-kube-controllers.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-calico-kube-controllers.yml.j2
@@ -31,6 +31,8 @@ spec:
           operator: Exists
         - key: node-role.kubernetes.io/master
           effect: NoSchedule
+        - key: node-role.kubernetes.io/control-plane
+          effect: NoSchedule
       serviceAccountName: calico-kube-controllers
       priorityClassName: system-cluster-critical
       # The controllers must run in the host network namespace so that