aks-engine icon indicating copy to clipboard operation
aks-engine copied to clipboard

Published 20 hours ago verified publisher icon Azure

Switch to "control-plane" labels and taints for v1.20 or afterward

Open mboersma opened this issue 4 years ago • 3 comments

Describe the bug

Kubernetes v1.20.0-beta.2 is where the transition to more inclusive language for control plane elements has begun, by deprecating labels and taints. A future release will remove support for the deprecated items. AKS Engine should adjust its templates and label-nodes.sh script to match.

See the release notes for details.

Steps To Reproduce

Expected behavior

AKS Engine version

Kubernetes version

Additional context

mboersma avatar Nov 18 '20 17:11 mboersma

As best I can tell, "stage 2" of implementing this change lands with Kubernetes 1.24. This seems to imply we will see things break unless we implement this change:

During the second stage the "master" label will be removed from new Nodes. User infrastructure must only manage the "control-plane" label at that point. New nodes will also have the "node-role.kubernetes.io/control-plane:NoSchedule" taint.

See https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md

So I think we still need to address this at least for Kubernetes 1.24 in AKS Engine.

mboersma avatar Mar 15 '22 16:03 mboersma

@mboersma I'm looking at https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#renaming-the-node-rolekubernetesiomaster-node-taint and it looks like this may not be a breaking change in 1.24 for AKS Engine - can you check and let me know if we have action we need to take? Thanks.

bridgetkromhout avatar Jun 21 '22 15:06 bridgetkromhout

@bridgetkromhout from the Urgent Upgrade Notes section in the Kubernetes v1.24.0 release notes:

Kubeadm: apply second stage of the plan to migrate kubeadm away from the usage of the word master in labels and taints. For new clusters, the label node-role.kubernetes.io/master will no longer be added to control plane nodes, only the label node-role.kubernetes.io/control-plane will be added. For clusters that are being upgraded to 1.24 with kubeadm upgrade apply, the command will remove the label node-role.kubernetes.io/master from existing control plane nodes. For new clusters, both the old taint node-role.kubernetes.io/master:NoSchedule and new taint node-role.kubernetes.io/control-plane:NoSchedule will be added to control plane nodes. In release 1.20 (first stage), a release note instructed to preemptively tolerate the new taint. For clusters that are being upgraded to 1.24 with kubeadm upgrade apply, the command will add the new taint node-role.kubernetes.io/control-plane:NoSchedule to existing control plane nodes. Please adapt your infrastructure to these changes. In 1.25 the old taint node-role.kubernetes.io/master:NoSchedule will be removed. (https://github.com/kubernetes/kubernetes/pull/107533, @neolit123)

tl:dr aks-engine doesn't use kubeadm, but aims for broad compatibility. So I don't think there are any action items here since 1.24 works and it's the last dance for aks-engine.

mboersma avatar Jun 21 '22 18:06 mboersma

So I don't think there are any action items here since 1.24 works and it's the last dance for aks-engine.

Thanks, @mboersma - resolving this issue.

bridgetkromhout avatar Sep 13 '22 21:09 bridgetkromhout