Description of problem: This KEP: <https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md> defines a new label and taint for control-plane nodes: "node-role.kubernetes.io/control-plane". The KEP also deprecates the old "node-role.kubernetes.io/master" label and taint. The KEP was implemented upstream in Kubernetes 1.20 (specifically in kubeadm) with <https://github.com/kubernetes/kubernetes/pull/95382>. OpenShift 4.9 control-plane nodes do not have the label. Version-Release number of selected component (if applicable): Server Version: 4.9.0-0.ci-2021-08-19-160130 Kubernetes Version: v1.22.0-rc.0.1619+dc932e96e93466-dirty How reproducible: 100%. Steps to Reproduce: 1. Launch an OpenShift 4.9 cluster. 2. Check the node labels. 3. Check the node taints. Actual results: % oc get nodes --show-labels | grep -e 'node-role\.kubernetes\.io/[^=]\+' -o node-role.kubernetes.io/master node-role.kubernetes.io/master node-role.kubernetes.io/master node-role.kubernetes.io/worker node-role.kubernetes.io/worker node-role.kubernetes.io/worker % oc get nodes -ojson | jq -c '.items|.[]|.spec.taints' [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}] [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}] [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}] null null null Expected results: Control-plane nodes should have the "node-role.kubernetes.io/control-plane" label and taint. Additional info: The KEP suggests there will be some deprecation period during which the old label and taint will co-exist with the new label and taint: "Minimum deprecation period for GA features is 1 year. Estimated 1.24, but may depend on user feedback."
I assume in the MCO repository, we would need to do two things: 1. change the kubelet service template to label/taint with control-plane 2. change our nodeselector labelling to use the new label Is that understanding correct? Also looping in the node team for the kubelet service template.
Not completed this sprint.
Control-plane labels were added into 4.12 nightlies. We are following up in jira in regards to controllers to help manage the migration. https://github.com/openshift/machine-config-operator/pull/3273
% oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.12.0-0.nightly-2022-10-15-094115 True False 163m Cluster version is 4.12.0-0.nightly-2022-10-15-094115 % oc get nodes NAME STATUS ROLES AGE VERSION ip-10-0-153-107.us-east-2.compute.internal Ready worker 178m v1.25.2+5bf2e1f ip-10-0-154-141.us-east-2.compute.internal Ready control-plane,master 3h3m v1.25.2+5bf2e1f ip-10-0-168-115.us-east-2.compute.internal Ready worker 92m v1.25.2+5bf2e1f ip-10-0-170-72.us-east-2.compute.internal Ready control-plane,master 3h4m v1.25.2+5bf2e1f ip-10-0-205-170.us-east-2.compute.internal Ready worker 179m v1.25.2+5bf2e1f ip-10-0-218-17.us-east-2.compute.internal Ready control-plane,master 3h4m v1.25.2+5bf2e1f % oc get nodes --show-labels | grep -e 'node-role\.kubernetes\.io/[^=]\+' -o node-role.kubernetes.io/worker node-role.kubernetes.io/control-plane node-role.kubernetes.io/master node-role.kubernetes.io/worker node-role.kubernetes.io/control-plane node-role.kubernetes.io/master node-role.kubernetes.io/worker node-role.kubernetes.io/control-plane node-role.kubernetes.io/master % oc get nodes -ojson | jq -c '.items|.[]|.spec.taints' null [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}] null [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}] null [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]
OCP is no longer using Bugzilla and this bug appears to have been left in an orphaned state. If the bug is still relevant, please open a new issue in the OCPBUGS Jira project: https://issues.redhat.com/projects/OCPBUGS/summary