Merge pull request #47 from mnencia/optional-taint

Add setting to allow_scheduling_on_control_plane
This commit is contained in:
Karim Naufal 2022-02-07 16:46:57 +01:00 committed by GitHub
commit c6e6115bb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 22 additions and 8 deletions

View File

@ -57,6 +57,7 @@ resource "hcloud_server" "first_control_plane" {
node_ip = local.first_control_plane_network_ip node_ip = local.first_control_plane_network_ip
token = random_password.k3s_token.result token = random_password.k3s_token.result
node_name = self.name node_name = self.name
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
}) })
destination = "/etc/rancher/k3s/config.yaml" destination = "/etc/rancher/k3s/config.yaml"

View File

@ -59,6 +59,7 @@ resource "hcloud_server" "control_planes" {
node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index) node_ip = cidrhost(hcloud_network.k3s.ip_range, 3 + count.index)
token = random_password.k3s_token.result token = random_password.k3s_token.result
node_name = self.name node_name = self.name
allow_scheduling_on_control_plane = var.allow_scheduling_on_control_plane
}) })
destination = "/etc/rancher/k3s/config.yaml" destination = "/etc/rancher/k3s/config.yaml"

View File

@ -10,5 +10,7 @@ tls-san: ${node_ip}
kubelet-arg: "cloud-provider=external" kubelet-arg: "cloud-provider=external"
token: ${token} token: ${token}
node-name: ${node_name} node-name: ${node_name}
%{ if !allow_scheduling_on_control_plane }
node-taint: node-taint:
- node-role.kubernetes.io/master:NoSchedule - node-role.kubernetes.io/master:NoSchedule
%{ endif }

View File

@ -10,5 +10,7 @@ tls-san: ${node_ip}
kubelet-arg: "cloud-provider=external" kubelet-arg: "cloud-provider=external"
token: ${token} token: ${token}
node-name: ${node_name} node-name: ${node_name}
%{ if !allow_scheduling_on_control_plane }
node-taint: node-taint:
- node-role.kubernetes.io/master:NoSchedule - node-role.kubernetes.io/master:NoSchedule
%{ endif }

View File

@ -29,3 +29,6 @@ agents_num = 2
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
# traefik_acme_tls = true # traefik_acme_tls = true
# traefik_acme_email = "mail@example.com" # traefik_acme_email = "mail@example.com"
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
# allow_scheduling_on_control_plane = true

View File

@ -82,7 +82,7 @@ variable "hetzner_csi_containers_latest" {
variable "traefik_acme_tls" { variable "traefik_acme_tls" {
type = bool type = bool
default = false default = false
description = "Wheter to include the TLS configuration with the Traefik configuration" description = "Whether to include the TLS configuration with the Traefik configuration"
} }
variable "traefik_acme_email" { variable "traefik_acme_email" {
@ -91,3 +91,8 @@ variable "traefik_acme_email" {
description = "Email used to recieved expiration notice for certificate" description = "Email used to recieved expiration notice for certificate"
} }
variable "allow_scheduling_on_control_plane" {
type = bool
default = false
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
}