Merge pull request #47 from mnencia/optional-taint
Add setting to allow_scheduling_on_control_plane
This commit is contained in:
commit
c6e6115bb9
@ -54,9 +54,10 @@ resource "hcloud_server" "first_control_plane" {
|
||||
# Generating k3s master config file
|
||||
provisioner "file" {
|
||||
content = templatefile("${path.module}/templates/master_config.yaml.tpl", {
|
||||
node_ip = local.first_control_plane_network_ip
|
||||
token = random_password.k3s_token.result
|
||||
node_name = self.name
|
||||
node_ip = local.first_control_plane_network_ip
|
||||
token = random_password.k3s_token.result
|
||||
node_name = self.name
|
||||
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
|
||||
})
|
||||
destination = "/etc/rancher/k3s/config.yaml"
|
||||
|
||||
|
@ -55,10 +55,11 @@ resource "hcloud_server" "control_planes" {
|
||||
# Generating k3s server config file
|
||||
provisioner "file" {
|
||||
content = templatefile("${path.module}/templates/server_config.yaml.tpl", {
|
||||
first_control_plane_url = "https://${local.first_control_plane_network_ip}:6443"
|
||||
node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
|
||||
token = random_password.k3s_token.result
|
||||
node_name = self.name
|
||||
first_control_plane_url = "https://${local.first_control_plane_network_ip}:6443"
|
||||
node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
|
||||
token = random_password.k3s_token.result
|
||||
node_name = self.name
|
||||
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
|
||||
})
|
||||
destination = "/etc/rancher/k3s/config.yaml"
|
||||
|
||||
|
@ -10,5 +10,7 @@ tls-san: ${node_ip}
|
||||
kubelet-arg: "cloud-provider=external"
|
||||
token: ${token}
|
||||
node-name: ${node_name}
|
||||
%{ if !allow_scheduling_on_control_plane }
|
||||
node-taint:
|
||||
- node-role.kubernetes.io/master:NoSchedule
|
||||
%{ endif }
|
||||
|
@ -10,5 +10,7 @@ tls-san: ${node_ip}
|
||||
kubelet-arg: "cloud-provider=external"
|
||||
token: ${token}
|
||||
node-name: ${node_name}
|
||||
%{ if !allow_scheduling_on_control_plane }
|
||||
node-taint:
|
||||
- node-role.kubernetes.io/master:NoSchedule
|
||||
%{ endif }
|
||||
|
@ -29,3 +29,6 @@ agents_num = 2
|
||||
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
||||
# traefik_acme_tls = true
|
||||
# traefik_acme_email = "mail@example.com"
|
||||
|
||||
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
|
||||
# allow_scheduling_on_control_plane = true
|
||||
|
@ -82,7 +82,7 @@ variable "hetzner_csi_containers_latest" {
|
||||
variable "traefik_acme_tls" {
|
||||
type = bool
|
||||
default = false
|
||||
description = "Wheter to include the TLS configuration with the Traefik configuration"
|
||||
description = "Whether to include the TLS configuration with the Traefik configuration"
|
||||
}
|
||||
|
||||
variable "traefik_acme_email" {
|
||||
@ -91,3 +91,8 @@ variable "traefik_acme_email" {
|
||||
description = "Email used to recieved expiration notice for certificate"
|
||||
}
|
||||
|
||||
variable "allow_scheduling_on_control_plane" {
|
||||
type = bool
|
||||
default = false
|
||||
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user