switch to use new K8s control-plane label

Upstream has deprecated 'node-role.kubernetes.io/master' to use 'node-role.kubernetes.io/control-plane' in k8s 1.24. Platform and applications need to be updated to use 'control-plane' with nodeSelector/Tolerations so we may upgrade from 'master'. This updates pod nodeSelector to use 'node-role.kubernetes.io/control-plane' instead of 'node-role.kubernetes.io/master'. This updates pod Tolerations to support both: - 'node-role.kubernetes.io/master' - 'node-role.kubernetes.io/control-plane' Note: The vault app stopped applying properly when stx moved to k8s 1.22 1.23 due to the use of deprecated APIs: https://github.com/hashicorp/vault-helm/blob/v0.6.0/templates/injector-mutating-webhook.yaml#L2 https://github.com/hashicorp/vault-helm/blob/v0.6.0/templates/server-clusterrolebinding.yaml#L4 The changes will still be merged to ensure that the files are updated when updating vault to a new version which is compatible w/ k8s 1.24+ Story: 2010301 Task: 46667 Signed-off-by: Saba Touheed Mujawar <sabatouheed.mujawar@windriver.com> Change-Id: I01e031a94755be01cd3e5d942e96d1b42c977329
2022-10-25 08:20:03 -04:00 · 2022-10-25 08:20:03 -04:00 · 94a9cd1022
commit 94a9cd1022
parent 12b115d1a2
1 changed files with 10 additions and 1 deletions
--- a/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml
+++ b/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml
@ -17,10 +17,13 @@ manager:
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
 injector:
  enabled: true
  nodeSelector: |
-    node-role.kubernetes.io/master: ""
+    node-role.kubernetes.io/control-plane: ""
  image:
    repository: hashicorp/vault-k8s
    tag: 0.4.0
@ -31,6 +34,9 @@ injector:
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
 server:
  affinity: |
    podAntiAffinity:
@ -48,6 +54,9 @@ server:
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
  auditStorage:
    enabled: true
    size: 10Gi