Comments (13)
The master noSchedule taint toleration was replicated from the kube-dns deployment manifest in kubeadm.
I don't know the original reason for it, but it may be due to the fact that when building a cluster, initially there is only a master and no nodes, and cluster DNS may be needed for some base operation before nodes are added.
@luxas, do you know the original reason for adding the master taint toleration to the cluster dns service in kubeadm?
from deployment.
@bowei, are you familiar with the reasoning behind adding the master taint toleration to kube-dns?
from deployment.
@swade1987, in lieu of input from kubeadm or kube-dns, what are the reasons you think coredns should not be able to run on master node?
from deployment.
from deployment.
"almost certainly" is almost certainly an exageration... ;)
from deployment.
It seems there is some inconsistency on this position within kubernetes.
For example: kubernetes/kubernetes#54945 is a request to add the master taint toleration to kube-dns... which means it wasn't there before. Though I think the addon directory that the PR modifies is deprecated... so the kube-dns manifests could have been out of date...
from deployment.
Yeah - i confirmed the kubernetes/cluster/addons directory is "legacy" per its readme, and "deprecated" per the kubernetes addons web page.
Anyways, one argument to leave the toleration in place: In a scenario where coredns cannot for whatever reason be scheduled to a worker node, then running it on the master is better than not running it at all.
from deployment.
I always go with the separation of concerns
mindset. Leave master nodes to be master nodes and act as just
the kubernetes control plane.
from deployment.
from deployment.
Would it be better to have the default be the preferred practice e.g. separation of concerns therefore no master toleration and then document that if people want to schedule to master nodes to add the toleration?
from deployment.
Guess it's whether you consider service discovery a critical service that is part of the control plane or an add on extra thing. Most things won't work without it. So a PreferNoSchedule
makes sense to me.
That said, these manifests are not gospel and can be tweaked for specific deployments.
from deployment.
The kube-dns manifests in the addons directory are current. It looks like the toleration is only in kubeadm.
Regarding where kube-dns runs, in general, the master node typically does not run things such as kube-proxy or kube-dns. In some deployments, the master node is not actually part of the normal cluster network. This means pods running on the master node will not be network reachable, hence services such as kube-dns won't work with pods scheduled on the master.
Of course for clusters where the master node(s) are not special, this can be tweaked.
from deployment.
OK - I merged this. The kubeadm team can leave the taint toleration in if that's what they prefer.
One size isn't going to fit all. And I don't think we can even prescribe a "preferred" deployment manifest. There isn't a "typical" deployment. This deployment is just a suggestion. etc etc
from deployment.
Related Issues (20)
- Helm stable/coredns now won't install HOT 11
- Enable github pages for gh-pages branch HOT 5
- MIssing update in CoreDNS-k8s_version.md HOT 3
- Update CoreDNS-k8s_version.md for recent K8S versions 1.21 and 1.22
- Warnings During Package Build HOT 1
- Debian/Ubuntu Package Service Fails to Start HOT 1
- open /var/lib/kubernetes/ca.pem: no such file or directory HOT 1
- Is there an easy way to build a specific version? HOT 4
- Unmet Build Dependency: dh-systemd (Missing on 22.04 LTS Ubuntu) HOT 2
- coredns is stuck in ContainerCreating status HOT 1
- CoreDNS's default configuration cause information Leaks and DoS in kubernetes HOT 8
- How to install CoreDNS in a fresh cluster, running no kube-dns? HOT 1
- 不小心删除了coredns 的deployment,怎么恢复 HOT 2
- Deprecate Kubernetes deployment scripts
- $ symbol escape
- Update to v1.10.1 please HOT 4
- Issue on debian, invalid characters in version number
- Coredns in Debian repository
- oilers stuck ContainerCreating
- CoreDNS DNS Server Failed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deployment.