From 996cc3344a041eedd5c0fdd7a7c808a2407b4084 Mon Sep 17 00:00:00 2001 From: Rafael Camargos Date: Mon, 27 Sep 2021 22:37:24 -0300 Subject: [PATCH] Add toleration to Nginx IC daemonset and job A toleration needs to be added to all resources that create pods since the node-role.kubernetes.io/master taint will be restored to all master nodes. This ensures that the pods will run on the master node. Tested in an AIO-SX by enabling the taint and: - Deleting pods - Performing an application update - Removing and reinstalling the application - Deleting the ValidatingWebhookConfiguration and reapplying the app In every case mentioned the resources would come up again. Story: 2009232 Task: 43343 Change-Id: Ide2ce4ac66f01da412822f6fc7d658da80de4f32 Signed-off-by: Rafael Camargos --- .../stx-nginx-ingress-controller-helm.spec | 3 +++ .../files/0001-add-toleration.patch | 27 +++++++++++++++++++ .../nginx_ingress_controller_manifest.yaml | 5 ++++ 3 files changed, 35 insertions(+) create mode 100644 stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-add-toleration.patch diff --git a/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec b/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec index 7e1a779..89c022f 100644 --- a/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec +++ b/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec @@ -30,6 +30,8 @@ Source5: nginx_ingress_controller_manifest.yaml BuildArch: noarch +Patch01: 0001-add-toleration.patch + BuildRequires: helm BuildRequires: chartmuseum BuildRequires: python-k8sapp-nginx-ingress-controller @@ -40,6 +42,7 @@ StarlingX Nginx Ingress Controller Application Armada Helm Charts %prep %setup -n helm-charts +%patch01 -p1 %build # Host a server for the charts diff --git a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-add-toleration.patch b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-add-toleration.patch new file mode 100644 index 0000000..4575056 --- /dev/null +++ b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-add-toleration.patch @@ -0,0 +1,27 @@ +From 8901108acc3b364c9121481f9556acbf2e4edb6d Mon Sep 17 00:00:00 2001 +From: Rafael Camargos +Date: Mon, 27 Sep 2021 22:31:26 -0300 +Subject: [PATCH] Add toleration to daemonset + +--- + charts/ingress-nginx/templates/controller-daemonset.yaml | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml +index aa8693b47..6df0a9809 100644 +--- a/charts/ingress-nginx/templates/controller-daemonset.yaml ++++ b/charts/ingress-nginx/templates/controller-daemonset.yaml +@@ -61,6 +61,10 @@ spec: + value: {{ $value | quote }} + {{- end }} + {{- end }} ++ tolerations: ++ - key: "node-role.kubernetes.io/master" ++ operator: "Exists" ++ effect: "NoSchedule" + containers: + - name: controller + {{- with .Values.controller.image }} +-- +2.17.1 + diff --git a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml index 9e709ce..3447a66 100644 --- a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml +++ b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml @@ -49,6 +49,11 @@ data: admissionWebhooks: # default port 8443 conflicts with lighttpd using https port: 5443 + patch: + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" defaultBackend: image: repository: k8s.gcr.io/defaultbackend