[k8s] Improve the taint of master node kubelet

Improve the taint of master node kubelet to get the conformance
test passed and update the OCCM and Helm/Tiller tolerations accordingly.

Task: 39223
Story: 2007256

Change-Id: Ief452e05ddf13a1d1ee77641311c3ae7abbe90f2

magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

@@ -432,7 +432,7 @@ if [ -f /etc/sysconfig/docker ] ; then
 fi
 
 KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
-KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"
+KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=node-role.kubernetes.io/master=:NoSchedule"
 KUBELET_ARGS="${KUBELET_ARGS} --node-labels=magnum.openstack.org/role=${NODEGROUP_ROLE}"
 KUBELET_ARGS="${KUBELET_ARGS} --node-labels=magnum.openstack.org/nodegroup=${NODEGROUP_NAME}"
 

magnum/drivers/common/templates/kubernetes/fragments/enable-helm-tiller.sh

@@ -139,13 +139,14 @@ spec:
           readOnly: true
       serviceAccountName: tiller
       tolerations:
-      # make runnable on master nodes
-      - key: dedicated
-        value: master
-        effect: NoSchedule
+      # Make sure the pod can be scheduled on master kubelet.
+      - effect: NoSchedule
+        operator: Exists
+      # Mark the pod as a critical add-on for rescheduling.
       - key: CriticalAddonsOnly
-        value: "True"
-        effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
       # run only on master nodes
       nodeSelector:
         node-role.kubernetes.io/master: ""

magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh

@@ -378,14 +378,14 @@ spec:
       - key: node.cloudprovider.kubernetes.io/uninitialized
         value: "true"
         effect: NoSchedule
-      # this is to have the daemonset runnable on master nodes
-      # the taint may vary depending on your cluster setup
-      - key: dedicated
-        value: master
-        effect: NoSchedule
+      # Make sure the pod can be scheduled on master kubelet.
+      - effect: NoSchedule
+        operator: Exists
+      # Mark the pod as a critical add-on for rescheduling.
       - key: CriticalAddonsOnly
-        value: "True"
-        effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
       # this is to restrict CCM to only run on master nodes
       # the node selector may vary depending on your cluster setup
       nodeSelector:

releasenotes/notes/improve-k8s-master-kubelet-taint-0c56ffede270116d.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    The taint of master node kubelet has been improved to get the
+    conformance test (sonobuoy) passed.