Merge pull request #47 from mnencia/optional-taint
Add setting to allow_scheduling_on_control_plane
This commit is contained in:
commit
c6e6115bb9
@ -57,6 +57,7 @@ resource "hcloud_server" "first_control_plane" {
|
|||||||
node_ip = local.first_control_plane_network_ip
|
node_ip = local.first_control_plane_network_ip
|
||||||
token = random_password.k3s_token.result
|
token = random_password.k3s_token.result
|
||||||
node_name = self.name
|
node_name = self.name
|
||||||
|
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
|
||||||
})
|
})
|
||||||
destination = "/etc/rancher/k3s/config.yaml"
|
destination = "/etc/rancher/k3s/config.yaml"
|
||||||
|
|
||||||
|
@ -59,6 +59,7 @@ resource "hcloud_server" "control_planes" {
|
|||||||
node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
|
node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
|
||||||
token = random_password.k3s_token.result
|
token = random_password.k3s_token.result
|
||||||
node_name = self.name
|
node_name = self.name
|
||||||
|
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
|
||||||
})
|
})
|
||||||
destination = "/etc/rancher/k3s/config.yaml"
|
destination = "/etc/rancher/k3s/config.yaml"
|
||||||
|
|
||||||
|
@ -10,5 +10,7 @@ tls-san: ${node_ip}
|
|||||||
kubelet-arg: "cloud-provider=external"
|
kubelet-arg: "cloud-provider=external"
|
||||||
token: ${token}
|
token: ${token}
|
||||||
node-name: ${node_name}
|
node-name: ${node_name}
|
||||||
|
%{ if !allow_scheduling_on_control_plane }
|
||||||
node-taint:
|
node-taint:
|
||||||
- node-role.kubernetes.io/master:NoSchedule
|
- node-role.kubernetes.io/master:NoSchedule
|
||||||
|
%{ endif }
|
||||||
|
@ -10,5 +10,7 @@ tls-san: ${node_ip}
|
|||||||
kubelet-arg: "cloud-provider=external"
|
kubelet-arg: "cloud-provider=external"
|
||||||
token: ${token}
|
token: ${token}
|
||||||
node-name: ${node_name}
|
node-name: ${node_name}
|
||||||
|
%{ if !allow_scheduling_on_control_plane }
|
||||||
node-taint:
|
node-taint:
|
||||||
- node-role.kubernetes.io/master:NoSchedule
|
- node-role.kubernetes.io/master:NoSchedule
|
||||||
|
%{ endif }
|
||||||
|
@ -29,3 +29,6 @@ agents_num = 2
|
|||||||
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
||||||
# traefik_acme_tls = true
|
# traefik_acme_tls = true
|
||||||
# traefik_acme_email = "mail@example.com"
|
# traefik_acme_email = "mail@example.com"
|
||||||
|
|
||||||
|
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
|
||||||
|
# allow_scheduling_on_control_plane = true
|
||||||
|
@ -82,7 +82,7 @@ variable "hetzner_csi_containers_latest" {
|
|||||||
variable "traefik_acme_tls" {
|
variable "traefik_acme_tls" {
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
description = "Wheter to include the TLS configuration with the Traefik configuration"
|
description = "Whether to include the TLS configuration with the Traefik configuration"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "traefik_acme_email" {
|
variable "traefik_acme_email" {
|
||||||
@ -91,3 +91,8 @@ variable "traefik_acme_email" {
|
|||||||
description = "Email used to recieved expiration notice for certificate"
|
description = "Email used to recieved expiration notice for certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "allow_scheduling_on_control_plane" {
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
|
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user