Document URL: https://docs.openshift.com/container-platform/4.3/nodes/scheduling/nodes-scheduler-taints-tolerations.html Describe the issue: We need to add documentation that states any taints added to the master node must contain have the key "node-role.kubernetes.io/master" set. Since some critical cluster components required to run in the cluster contain the toleration: ``` - key: node-role.kubernetes.io/master operator: Exists ``` If any taint is set on a worker node the dns pod will not run on the nodes. I guess this is ok since it will always run on the masters. If any taint is set on the masters though that does not have the key "node-role.kubernetes.io/master" set, then it will not run on the masters. Suggestions for improvement: Add documentation as to what taints can be set on master nodes as to not break the cluster components. Additional information: https://github.com/openshift/cluster-dns-operator/commit/6be3d017118b89203f00b9a915ffdfdb9975f145 https://github.com/openshift/cluster-dns-operator/blob/release-4.2/assets/dns/daemonset.yaml#L141
Is that actually true (DNS only needs to run on master nodes)? I thought we introduced a change (in 3.10?) to make DNS run on all nodes to reduce the load on masters...
Ryan -- Is the request here to document "If a NoSchedule taint is added to the master it must have the key node-role.kubernetes.io/master" and nothing further? If so, this appears to be default in 4.5. I would like to mention this also. See: https://github.com/openshift/openshift-docs/pull/24846 Michael
Sunil -- Please take a look. Michael
Hi, yeah that is correct. lgtm
Changes are live: https://docs.openshift.com/container-platform/4.6/nodes/scheduling/nodes-scheduler-taints-tolerations.html#nodes-scheduler-taints-tolerations-adding_nodes-scheduler-taints-tolerations
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days