Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node taint k3s-controlplane=true:NoExecute #1401

Closed
Kerwood opened this issue Feb 9, 2020 · 4 comments
Closed

Node taint k3s-controlplane=true:NoExecute #1401

Kerwood opened this issue Feb 9, 2020 · 4 comments

Comments

@Kerwood
Copy link

Kerwood commented Feb 9, 2020
edited
Loading

Version: v1.17.2+k3s1

Describe the bug
Well, not sure if its a bug.
I use k3sup for creating a cluster. By default, I don't want any work loads/pod scheduled on my master node other than what the master needs. For this i tried to use below parameter in the install command.

--node-taint k3s-controlplane=true:NoExecute

I kinda works, but it stops other kube-system pods at deploying as well.

NAMESPACE     NAME                                          READY   STATUS    RESTARTS   AGE
kube-system   pod/metrics-server-6d684c7b5-c8kmd            0/1     Pending   0          4m57s
kube-system   pod/local-path-provisioner-58fb86bdfd-fpxh5   0/1     Pending   0          4m57s
kube-system   pod/coredns-d798c9dd-nsg8f                    0/1     Pending   0          4m57s

Events:
  Type     Reason            Age        From               Message
  ----     ------            ----       ----               -------
  Warning  FailedScheduling  <unknown>  default-scheduler  0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.

Expected behavior
I expected the master to function as normal, but not deploy new work loads/pods on the master node.

Not sure if there's a smarter way to achieve this.

Edit:

I found this in the docs.

By default, server nodes will be schedulable and thus your workloads can get launched on them. If you wish to have a dedicated control plane where no user workloads will run, you can use taints. The node-taint parameter will allow you to configure nodes with taints, for example --node-taint k3s-controlplane=true:NoExecute.

But it's preventing the above kube-system pods from deploying.

https://rancher.com/docs/k3s/latest/en/installation/ha/
@Kerwood
Copy link
Author

Kerwood commented Feb 11, 2020
edited
Loading

My bad...

@Kerwood Kerwood closed this as completed Feb 11, 2020
@Kerwood Kerwood reopened this Feb 11, 2020
@Kerwood
Copy link
Author

Kerwood commented Feb 11, 2020

Nope.. That didn't fix it at all..

@Kerwood
Copy link
Author

Kerwood commented Feb 12, 2020

Here's my fix.. I just wish this was default on a fresh installation.

1.Taint the master with below command.

kubectl taint node dev-k3s-master k3s-controlplane=true:NoSchedule

2. Add tolerance on the control-plane services.

kubectl edit deployments local-path-provisioner -n kube-system

And add the following to the containers spec.

spec:
  ...
  template:
  ...
    spec:
    ...
      tolerations:
      - effect: NoExecute
        operator: Exists
      - effect: NoSchedule
        operator: Exists

Do the same for metrics-server and coredns. The latter will have will have tolerations: present, so just add the two effects to the list.

@Kerwood Kerwood closed this as completed Feb 12, 2020
@louiznk louiznk mentioned this issue Mar 5, 2020
Merged
@poblin-orange poblin-orange mentioned this issue Nov 5, 2020
Closed
@FinalDoom
Copy link

Just a note for anyone who finds this, you don't have to modify any files (sticky config) as they already have tolerations, if you use the standard one:

kubectl taint node k3s-controller node-role.kubernetes.io/control-plane=true:NoSchedule

@k3s-io k3s-io locked and limited conversation to collaborators Nov 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FinalDoom @Kerwood