Support for AKS node_taints in default_node_pool again #9183
Comments
|
@torumakabe Since I "broke" this. When I look at the linked issue - I'm not sure I follow whether 2020-09-01 API version will allow for that or they released a new API version? |
|
@favoretti According to the latest AKS release note, they allowed it without a new API version. https://github.com/Azure/AKS/blob/master/CHANGELOG.md#release-2020-10-26 The release is rolling out now, and it is available in some regions such as Japan East. So, node_taints in default_node_pool has been successfully applied with azurerm v2.34. |
|
I wasn't sure if this was supposed to work with the latest 2.39.0 but it appears not: ...at least for |
|
@dhirschfeld I wasn't able to do anything on this since deprecation, there was a chat on how to approach this, but didn't get further than that. If you could elaborate on your use-case for this - it might help HC folks to weigh in on re-introducing at least the taints that API allows for now. Also, what would be an argument against leaving default node pool small for kube-system purpose workloads and creating an additional one that one can taint with anything? |
Isn't that the exact purpose of i.e. a taint stops you from scheduling pods on a node (unless they have a tolerance). If there is no taint on the default node pool then IIUC there's nothing stopping user pods from being scheduled on that node pool which is what I'd like. I think you could get the same effect by defining an anti-affinity for the system node pool on every pod but that seems like a lot of boilerplate and if you forgot to do it then the pod could again be scheduled on a system node. Disclaimer: I'm not a k8s expert so I might be completely off track! |
|
@tombuildsstuff Any thoughts on this? I could re-add taints back with validation that allows |
For |
|
Hi, Do we have any updates on allowing the exception back? @favoretti or @tombuildsstuff As a workaround for anyone else reading this, I rolled back to v 2.34 now and it works to set taint on the default node pool. As per comment from Microsoft employee in this thread. |
|
Hello, everyone! @favoretti, As @luddskunk, I'm stuck with v2.34. |
|
I'm happy to add it back, but I am not the one to decide on it. @tombuildsstuff you ok with me re-adding this back? |
|
@favoretti @tombuildsstuff My customers needs it. they can't be stuck with 2.34 :'( |
|
So, PR is there, the rest is up to HC :) |
|
This is an essential feature to keep the default node pool clean ! We look forward to seeing this PR validated. Thanks in advance. |
|
Too bad! I can't wait! See you on February 11th then! Thank you ;) |
|
This has been released in version 2.47.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.47.0"
}
# ... other configuration ... |
|
To avoid confusion, it might be worth noting that this fix does not allow setting the default_node_pool {
node_taints = ["CriticalAddonsOnly=true:PreferNoSchedule"] # <- still not supported, use solution below
}... but introduces a new default_node_pool {
only_critical_addons_enabled = true # supported
} |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Community Note
Description
I understand the background of #8982 , then node_taints is no longer possible to configure from v2.35. But, AKS API allow exception for CriticalAddonsOnly taint on system nodepools (or all) from the latest update.
Azure/AKS#1833
This option is very useful and critical, so could you please consider support it again?
New or Affected Resource(s)
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: