Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane (#10532)

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane * Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane * Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane * Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane
2026-01-10 15:32:09 -03:30 · 2023-10-25 18:14:32 +02:00 · 2023-10-25 18:14:32 +02:00 · 7dcc22fe8c
commit 7dcc22fe8c
parent 47ed2b115d
4 changed files with 25 additions and 5 deletions
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@ -243,7 +243,6 @@
  command: "{{ kubectl }} taint node {{ inventory_hostname }} {{ item }}"
  delegate_to: "{{ first_kube_control_plane }}"
  with_items:
-    - "node-role.kubernetes.io/master:NoSchedule-"
    - "node-role.kubernetes.io/control-plane:NoSchedule-"
  when: inventory_hostname in groups['kube_node']
  failed_when: false
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@ -18,8 +18,6 @@ nodeRegistration:
 {% endif %}
 {% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube_node'] %}
  taints:
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/master
  - effect: NoSchedule
    key: node-role.kubernetes.io/control-plane
 {% else %}
--- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
@ -21,8 +21,6 @@ nodeRegistration:
  criSocket: {{ cri_socket }}
 {% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube_node'] %}
  taints:
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/master
  - effect: NoSchedule
    key: node-role.kubernetes.io/control-plane
 {% else %}
--- a/roles/upgrade/pre-upgrade/tasks/main.yml
+++ b/roles/upgrade/pre-upgrade/tasks/main.yml
@ -46,6 +46,31 @@
      false
      {%- endif %}

+# Legacy taint: key = node-role.kubernetes.io/master, effect = NoSchedule
+# New taint: key = node-role.kubernetes.io/control-plane, effect = NoSchedule
+#
+# During the upgrade to k8s v1.25 legacy taint is deleted:
+#   https://github.com/kubernetes/kubernetes/commit/ddd046f3dd88186cbc83b57e83144db96eae4af4
+#
+# In order to avoid taint lost we need to ensure node-role.kubernetes.io/control-plane:NoSchedule
+# if node-role.kubernetes.io/master:NoSchedule is set prior to k8s upgrade
+- name: See if node has legacy taints
+  command: >
+    {{ kubectl }} get node {{ kube_override_hostname | default(inventory_hostname) }}
+    -o jsonpath='{.spec.taints[?(@.key=="node-role.kubernetes.io/master")]}'
+  register: kubectl_node_legacy_taints
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  failed_when: false
+  changed_when: false
+
+- name: Migrate node legacy taints
+  command: >
+    {{ kubectl }} taint --overwrite node {{ kube_override_hostname | default(inventory_hostname) }}
+    node-role.kubernetes.io/control-plane:NoSchedule
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  when:
+    - kubectl_node_legacy_taints.stdout | length
+
 - name: Node draining
  delegate_to: "{{ groups['kube_control_plane'][0] }}"
  when: