kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow aws-iam-authenticator to be scheduled onto dedicated apiserver nodes

This commit is contained in:
Peter Rifel 2021-09-26 11:09:30 -05:00
parent c742621468
commit 42ecabae28
No known key found for this signature in database
GPG Key ID: BC6469E5B16DB2B6
4 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template
View File

@ -129,11 +129,15 @@ spec:
# run on each master node # run on each master node
nodeSelector: nodeSelector:
node-role.kubernetes.io/master: "" {{ APIServerNodeRole }}: ""
priorityClassName: system-node-critical priorityClassName: system-node-critical
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
key: node-role.kubernetes.io/master key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/api-server
- key: node.cloudprovider.kubernetes.io/uninitialized
operator: Exists
- key: CriticalAddonsOnly - key: CriticalAddonsOnly
operator: Exists operator: Exists

8
upup/pkg/fi/cloudup/template_functions.go
View File

@ -101,6 +101,7 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
dest["GetNodeInstanceGroups"] = tf.GetNodeInstanceGroups dest["GetNodeInstanceGroups"] = tf.GetNodeInstanceGroups
dest["HasHighlyAvailableControlPlane"] = tf.HasHighlyAvailableControlPlane dest["HasHighlyAvailableControlPlane"] = tf.HasHighlyAvailableControlPlane
dest["ControlPlaneControllerReplicas"] = tf.ControlPlaneControllerReplicas dest["ControlPlaneControllerReplicas"] = tf.ControlPlaneControllerReplicas
dest["APIServerNodeRole"] = tf.APIServerNodeRole
dest["CloudTags"] = tf.CloudTagsForInstanceGroup dest["CloudTags"] = tf.CloudTagsForInstanceGroup
dest["KubeDNS"] = func() *kops.KubeDNSConfig { dest["KubeDNS"] = func() *kops.KubeDNSConfig {
@ -299,6 +300,13 @@ func (tf *TemplateFunctions) ControlPlaneControllerReplicas() int {
return 1 return 1
} }
func (tf *TemplateFunctions) APIServerNodeRole() string {
if featureflag.APIServerNodes.Enabled() {
return "node-role.kubernetes.io/api-server"
}
return "node-role.kubernetes.io/master"
}
// HasHighlyAvailableControlPlane returns true of the cluster has more than one control plane node. False otherwise. // HasHighlyAvailableControlPlane returns true of the cluster has more than one control plane node. False otherwise.
func (tf *TemplateFunctions) HasHighlyAvailableControlPlane() bool { func (tf *TemplateFunctions) HasHighlyAvailableControlPlane() bool {
cp := 0 cp := 0

4
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/authentication.aws-k8s-1.12.yaml
View File

@ -189,6 +189,10 @@ spec:
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
key: node-role.kubernetes.io/master key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/api-server
- key: node.cloudprovider.kubernetes.io/uninitialized
operator: Exists
- key: CriticalAddonsOnly - key: CriticalAddonsOnly
operator: Exists operator: Exists
volumes: volumes:

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml
View File

@ -47,7 +47,7 @@ spec:
k8s-addon: storage-aws.addons.k8s.io k8s-addon: storage-aws.addons.k8s.io
- id: k8s-1.12 - id: k8s-1.12
manifest: authentication.aws/k8s-1.12.yaml manifest: authentication.aws/k8s-1.12.yaml
manifestHash: 7fab0163a43a38470011072ed69967e28c8d6acf5f47ad9c82f437878f78eb77 manifestHash: e560afb9c07a966239a54546698ff2ce489b26cbc51db6508914fc68cfb8b599
name: authentication.aws name: authentication.aws
selector: selector:
role.kubernetes.io/authentication: "1" role.kubernetes.io/authentication: "1"