techno-tim · timothystewart6 · Sep 25, 2022 · Sep 18, 2022 · Sep 19, 2022 · Sep 19, 2022
diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
@@ -22,16 +22,19 @@ k3s_token: "some-SUPER-DEDEUPER-secret-password"
 # it for each of your hosts, though.
 k3s_node_ip: '{{ ansible_facts[flannel_iface]["ipv4"]["address"] }}'
 
-k3s_single_node: "{{ 'true' if groups['k3s_cluster'] | length == 1 else 'false' }}"
+# Disable the taint manually by setting: k3s_master_taint = false
+k3s_master_taint: "{{ true if groups['node'] | default([]) | length >= 1 else false }}"
 
 # these arguments are recommended for servers as well as agents:
 extra_args: >-
  --flannel-iface={{ flannel_iface }}
  --node-ip={{ k3s_node_ip }}
 
-# change these to your liking, the only required one is --disable servicelb
+# change these to your liking, the only required are: --disable servicelb, --tls-san {{ apiserver_endpoint }}
 extra_server_args: >-
  {{ extra_args }}
+ {{ '--node-taint node-role.kubernetes.io/master=true:NoSchedule' if k3s_master_taint else '' }}
+ --tls-san {{ apiserver_endpoint }}
  --disable servicelb
  --disable traefik
 extra_agent_args: >-

diff --git a/molecule/ipv6/overrides.yml b/molecule/ipv6/overrides.yml
@@ -36,6 +36,8 @@
  # the default has IPv4 ranges only.
  extra_server_args: >-
  {{ extra_args }}
+ --tls-san {{ apiserver_endpoint }}
+ {{ '--node-taint node-role.kubernetes.io/master=true:NoSchedule' if k3s_master_taint else '' }}
  --disable servicelb
  --disable traefik
  --disable-network-policy

diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml
@@ -64,8 +64,7 @@
  cmd: "systemd-run -p RestartSec=2 \
  -p Restart=on-failure \
  --unit=k3s-init \
- k3s server {{ server_init_args }} \
- {{ '--node-taint CriticalAddonsOnly=true:NoExecute' if k3s_single_node|bool == false else ''}}"
+ k3s server {{ server_init_args }}"
  creates: "{{ systemd_dir }}/k3s.service"
  args:
  warn: false # The ansible systemd module does not support transient units

diff --git a/roles/k3s/master/templates/k3s.service.j2 b/roles/k3s/master/templates/k3s.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }} {{ '--node-taint CriticalAddonsOnly=true:NoExecute' if k3s_single_node|bool == false else ''}}
+ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead

diff --git a/roles/k3s/master/templates/metallb.crds.j2 b/roles/k3s/master/templates/metallb.crds.j2
@@ -1648,8 +1648,6 @@ spec:
  - effect: NoSchedule
  key: node-role.kubernetes.io/control-plane
  operator: Exists
- - key: CriticalAddonsOnly
- operator: Exists
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration

diff --git a/roles/k3s/master/templates/vip.yaml.j2 b/roles/k3s/master/templates/vip.yaml.j2
@@ -69,8 +69,6 @@ spec:
  operator: Exists
  - effect: NoExecute
  operator: Exists
- - key: CriticalAddonsOnly
- operator: Exists
  updateStrategy: {}
 status:
  currentNumberScheduled: 0

diff --git a/roles/k3s/post/tasks/main.yml b/roles/k3s/post/tasks/main.yml
@@ -28,9 +28,9 @@
  command: >-
  k3s kubectl wait {{ item.resource }}
  --namespace='metallb-system'
- {% if item.name | default(False) -%} {{ item.name }} {%- endif %}
- {% if item.selector | default(False) -%} --selector='{{ item.selector }}' {%- endif %}
- {% if item.condition | default(False) -%} {{ item.condition }} {%- endif %}
+ {% if item.name | default(False) -%}{{ item.name }}{%- endif %}
+ {% if item.selector | default(False) -%}--selector='{{ item.selector }}'{%- endif %}
+ {% if item.condition | default(False) -%}{{ item.condition }}{%- endif %}
  --timeout='{{ metal_lb_available_timeout }}'
  changed_when: false
  run_once: true