Merge pull request #47 from mnencia/optional-taint

Add setting to allow_scheduling_on_control_plane
This commit is contained in:
Karim Naufal 2022-02-07 16:46:57 +01:00 committed by GitHub
commit c6e6115bb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 22 additions and 8 deletions

View File

@ -54,9 +54,10 @@ resource "hcloud_server" "first_control_plane" {
# Generating k3s master config file
provisioner "file" {
content = templatefile("${path.module}/templates/master_config.yaml.tpl", {
node_ip = local.first_control_plane_network_ip
token = random_password.k3s_token.result
node_name = self.name
node_ip = local.first_control_plane_network_ip
token = random_password.k3s_token.result
node_name = self.name
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
})
destination = "/etc/rancher/k3s/config.yaml"

View File

@ -55,10 +55,11 @@ resource "hcloud_server" "control_planes" {
# Generating k3s server config file
provisioner "file" {
content = templatefile("${path.module}/templates/server_config.yaml.tpl", {
first_control_plane_url = "https://${local.first_control_plane_network_ip}:6443"
node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
token = random_password.k3s_token.result
node_name = self.name
first_control_plane_url = "https://${local.first_control_plane_network_ip}:6443"
node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
token = random_password.k3s_token.result
node_name = self.name
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
})
destination = "/etc/rancher/k3s/config.yaml"

View File

@ -10,5 +10,7 @@ tls-san: ${node_ip}
kubelet-arg: "cloud-provider=external"
token: ${token}
node-name: ${node_name}
%{ if !allow_scheduling_on_control_plane }
node-taint:
- node-role.kubernetes.io/master:NoSchedule
%{ endif }

View File

@ -10,5 +10,7 @@ tls-san: ${node_ip}
kubelet-arg: "cloud-provider=external"
token: ${token}
node-name: ${node_name}
%{ if !allow_scheduling_on_control_plane }
node-taint:
- node-role.kubernetes.io/master:NoSchedule
%{ endif }

View File

@ -29,3 +29,6 @@ agents_num = 2
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
# traefik_acme_tls = true
# traefik_acme_email = "mail@example.com"
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
# allow_scheduling_on_control_plane = true

View File

@ -82,7 +82,7 @@ variable "hetzner_csi_containers_latest" {
variable "traefik_acme_tls" {
type = bool
default = false
description = "Wheter to include the TLS configuration with the Traefik configuration"
description = "Whether to include the TLS configuration with the Traefik configuration"
}
variable "traefik_acme_email" {
@ -91,3 +91,8 @@ variable "traefik_acme_email" {
description = "Email used to recieved expiration notice for certificate"
}
variable "allow_scheduling_on_control_plane" {
type = bool
default = false
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
}