From 7e6eb731dda5b08d98e2a8727cc3328480ecae25 Mon Sep 17 00:00:00 2001 From: Marco Nenciarini Date: Mon, 7 Feb 2022 16:09:46 +0100 Subject: [PATCH] Add setting to allow_scheduling_on_control_plane --- master.tf | 7 ++++--- servers.tf | 9 +++++---- templates/master_config.yaml.tpl | 2 ++ templates/server_config.yaml.tpl | 2 ++ terraform.tfvars.example | 3 +++ variables.tf | 7 ++++++- 6 files changed, 22 insertions(+), 8 deletions(-) diff --git a/master.tf b/master.tf index a32dffb..3c69cc3 100644 --- a/master.tf +++ b/master.tf @@ -54,9 +54,10 @@ resource "hcloud_server" "first_control_plane" { # Generating k3s master config file provisioner "file" { content = templatefile("${path.module}/templates/master_config.yaml.tpl", { - node_ip = local.first_control_plane_network_ip - token = random_password.k3s_token.result - node_name = self.name + node_ip = local.first_control_plane_network_ip + token = random_password.k3s_token.result + node_name = self.name + allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane }) destination = "/etc/rancher/k3s/config.yaml" diff --git a/servers.tf b/servers.tf index 8c71049..5c54663 100644 --- a/servers.tf +++ b/servers.tf @@ -55,10 +55,11 @@ resource "hcloud_server" "control_planes" { # Generating k3s server config file provisioner "file" { content = templatefile("${path.module}/templates/server_config.yaml.tpl", { - first_control_plane_url = "https://${local.first_control_plane_network_ip}:6443" - node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index) - token = random_password.k3s_token.result - node_name = self.name + first_control_plane_url = "https://${local.first_control_plane_network_ip}:6443" + node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index) + token = random_password.k3s_token.result + node_name = self.name + allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane }) destination = "/etc/rancher/k3s/config.yaml" diff --git a/templates/master_config.yaml.tpl b/templates/master_config.yaml.tpl index f9e15e2..5da9450 100644 --- a/templates/master_config.yaml.tpl +++ b/templates/master_config.yaml.tpl @@ -10,5 +10,7 @@ tls-san: ${node_ip} kubelet-arg: "cloud-provider=external" token: ${token} node-name: ${node_name} +%{ if !allow_scheduling_on_control_plane } node-taint: - node-role.kubernetes.io/master:NoSchedule +%{ endif } diff --git a/templates/server_config.yaml.tpl b/templates/server_config.yaml.tpl index 43d31f1..60bd076 100644 --- a/templates/server_config.yaml.tpl +++ b/templates/server_config.yaml.tpl @@ -10,5 +10,7 @@ tls-san: ${node_ip} kubelet-arg: "cloud-provider=external" token: ${token} node-name: ${node_name} +%{ if !allow_scheduling_on_control_plane } node-taint: - node-role.kubernetes.io/master:NoSchedule +%{ endif } diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 15d500b..88f5ed0 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -29,3 +29,6 @@ agents_num = 2 # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices # traefik_acme_tls = true # traefik_acme_email = "mail@example.com" + +# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false". +# allow_scheduling_on_control_plane = true diff --git a/variables.tf b/variables.tf index 7852470..e55a491 100644 --- a/variables.tf +++ b/variables.tf @@ -82,7 +82,7 @@ variable "hetzner_csi_containers_latest" { variable "traefik_acme_tls" { type = bool default = false - description = "Wheter to include the TLS configuration with the Traefik configuration" + description = "Whether to include the TLS configuration with the Traefik configuration" } variable "traefik_acme_email" { @@ -91,3 +91,8 @@ variable "traefik_acme_email" { description = "Email used to recieved expiration notice for certificate" } +variable "allow_scheduling_on_control_plane" { + type = bool + default = false + description = "Whether to allow non-control-plane workloads to run on the control-plane nodes" +}