Merge pull request #47 from mnencia/optional-taint

Add setting to allow_scheduling_on_control_plane
2022-02-07 16:46:57 +01:00 · 2022-02-07 16:46:57 +01:00 · c6e6115bb9
commit c6e6115bb9
parent ee7a0af8aa 7e6eb731dd
6 changed files with 22 additions and 8 deletions
--- a/master.tf
+++ b/master.tf
@ -54,9 +54,10 @@ resource "hcloud_server" "first_control_plane" {
  # Generating k3s master config file
  provisioner "file" {
    content = templatefile("${path.module}/templates/master_config.yaml.tpl", {
-      node_ip   = local.first_control_plane_network_ip
-      token     = random_password.k3s_token.result
-      node_name = self.name
+      node_ip                           = local.first_control_plane_network_ip
+      token                             = random_password.k3s_token.result
+      node_name                         = self.name
+      allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
    })
    destination = "/etc/rancher/k3s/config.yaml"

--- a/servers.tf
+++ b/servers.tf
@ -55,10 +55,11 @@ resource "hcloud_server" "control_planes" {
  # Generating k3s server config file
  provisioner "file" {
    content = templatefile("${path.module}/templates/server_config.yaml.tpl", {
-      first_control_plane_url = "https://${local.first_control_plane_network_ip}:6443"
-      node_ip                 = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
-      token                   = random_password.k3s_token.result
-      node_name               = self.name
+      first_control_plane_url           = "https://${local.first_control_plane_network_ip}:6443"
+      node_ip                           = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
+      token                             = random_password.k3s_token.result
+      node_name                         = self.name
+      allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
    })
    destination = "/etc/rancher/k3s/config.yaml"

--- a/templates/master_config.yaml.tpl
+++ b/templates/master_config.yaml.tpl
@ -10,5 +10,7 @@ tls-san: ${node_ip}
 kubelet-arg: "cloud-provider=external"
 token: ${token}
 node-name: ${node_name}
+%{ if !allow_scheduling_on_control_plane }
 node-taint:
 - node-role.kubernetes.io/master:NoSchedule
+%{ endif }
--- a/templates/server_config.yaml.tpl
+++ b/templates/server_config.yaml.tpl
@ -10,5 +10,7 @@ tls-san: ${node_ip}
 kubelet-arg: "cloud-provider=external"
 token: ${token}
 node-name: ${node_name}
+%{ if !allow_scheduling_on_control_plane }
 node-taint:
 - node-role.kubernetes.io/master:NoSchedule
+%{ endif }
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@ -29,3 +29,6 @@ agents_num                = 2
 # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
 # traefik_acme_tls = true
 # traefik_acme_email = "mail@example.com"
+
+# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
+# allow_scheduling_on_control_plane = true
--- a/variables.tf
+++ b/variables.tf
@ -82,7 +82,7 @@ variable "hetzner_csi_containers_latest" {
 variable "traefik_acme_tls" {
  type        = bool
  default     = false
-  description = "Wheter to include the TLS configuration with the Traefik configuration"
+  description = "Whether to include the TLS configuration with the Traefik configuration"
 }

 variable "traefik_acme_email" {
@ -91,3 +91,8 @@ variable "traefik_acme_email" {
  description = "Email used to recieved expiration notice for certificate"
 }

+variable "allow_scheduling_on_control_plane" {
+  type        = bool
+  default     = false
+  description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
+}