From 714f20417ba2d4b04bac6611abfa800ed829eac8 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Wed, 22 Apr 2026 05:05:15 +0000 Subject: [PATCH] fix: tolerate control-plane taint when pinning Flux to cp1 Flux bootstrap patches the controllers onto k8s-cluster-cp-1, but the control-plane node is tainted NoSchedule. Add the matching toleration in both the checked-in patch manifest and the bootstrap workflow so the controllers can actually schedule and roll out on cp-1. --- .gitea/workflows/deploy.yml | 11 ++++++----- .../flux-system/gotk-controller-cp1-patches.yaml | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index fdf8cba..f7a4450 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -214,11 +214,12 @@ jobs: kubectl apply -f clusters/prod/flux-system/gitrepository-platform.yaml kubectl apply -f clusters/prod/flux-system/kustomization-infrastructure.yaml kubectl apply -f clusters/prod/flux-system/kustomization-apps.yaml - # Patch Flux controllers to run on cp-1 only - kubectl -n flux-system patch deployment source-controller --type='merge' -p='{"spec":{"template":{"spec":{"nodeSelector":{"kubernetes.io/hostname":"k8s-cluster-cp-1"}}}}}' - kubectl -n flux-system patch deployment kustomize-controller --type='merge' -p='{"spec":{"template":{"spec":{"nodeSelector":{"kubernetes.io/hostname":"k8s-cluster-cp-1"}}}}}' - kubectl -n flux-system patch deployment helm-controller --type='merge' -p='{"spec":{"template":{"spec":{"nodeSelector":{"kubernetes.io/hostname":"k8s-cluster-cp-1"}}}}}' - kubectl -n flux-system patch deployment notification-controller --type='merge' -p='{"spec":{"template":{"spec":{"nodeSelector":{"kubernetes.io/hostname":"k8s-cluster-cp-1"}}}}}' + # Patch Flux controllers to run on cp-1 and tolerate the control-plane taint + PATCH='{"spec":{"template":{"spec":{"nodeSelector":{"kubernetes.io/hostname":"k8s-cluster-cp-1"},"tolerations":[{"key":"node-role.kubernetes.io/control-plane","operator":"Exists","effect":"NoSchedule"}]}}}}' + kubectl -n flux-system patch deployment source-controller --type='merge' -p="$PATCH" + kubectl -n flux-system patch deployment kustomize-controller --type='merge' -p="$PATCH" + kubectl -n flux-system patch deployment helm-controller --type='merge' -p="$PATCH" + kubectl -n flux-system patch deployment notification-controller --type='merge' -p="$PATCH" kubectl -n flux-system rollout status deployment/source-controller --timeout=180s kubectl -n flux-system rollout status deployment/kustomize-controller --timeout=180s kubectl -n flux-system rollout status deployment/helm-controller --timeout=180s diff --git a/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml b/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml index e20eef5..c32851e 100644 --- a/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml +++ b/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml @@ -8,6 +8,10 @@ spec: spec: nodeSelector: kubernetes.io/hostname: k8s-cluster-cp-1 + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule --- apiVersion: apps/v1 kind: Deployment @@ -19,6 +23,10 @@ spec: spec: nodeSelector: kubernetes.io/hostname: k8s-cluster-cp-1 + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule --- apiVersion: apps/v1 kind: Deployment @@ -30,6 +38,10 @@ spec: spec: nodeSelector: kubernetes.io/hostname: k8s-cluster-cp-1 + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule --- apiVersion: apps/v1 kind: Deployment @@ -41,3 +53,7 @@ spec: spec: nodeSelector: kubernetes.io/hostname: k8s-cluster-cp-1 + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule