All CNIs: support ANY toleration. (#3391)

Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
2026-02-28 09:39:12 +03:00 · 2018-09-27 14:28:54 +02:00
parent 232020ef96
commit 53d87e53c5
11 changed files with 58 additions and 31 deletions
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -18,6 +18,7 @@ spec:
      labels:
        k8s-app: calico-node
      annotations:
+        # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
        scheduler.alpha.kubernetes.io/critical-pod: ''
        kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
    spec:
@@ -27,8 +28,10 @@ spec:
      hostNetwork: true
      serviceAccountName: calico-node
      tolerations:
-        - effect: NoSchedule
-          operator: Exists
+        - operator: Exists
+        # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
+        - key: CriticalAddonsOnly
+          operator: "Exists"
      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
      terminationGracePeriodSeconds: 0
@@ -189,4 +192,4 @@ spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: {{ serial | default('20%') }}
-    type: RollingUpdate
+    type: RollingUpdate