From 4acbe91b6c3a25a8f693df7c11789e1947842425 Mon Sep 17 00:00:00 2001
From: BMeach <43155420+BryceTech122@users.noreply.github.com>
Date: Sat, 17 Sep 2022 14:56:09 -0600
Subject: [PATCH] Fix master node taints in multi node installs (#93)

* Taint master nodes if more than one node

* Kick off fork workflow tests

Co-authored-by: Techno Tim <timothystewart6@gmail.com>
---
 inventory/sample/group_vars/all.yml        | 2 ++
 roles/k3s/master/tasks/main.yml            | 3 ++-
 roles/k3s/master/templates/k3s.service.j2  | 2 +-
 roles/k3s/master/templates/metallb.crds.j2 | 2 ++
 roles/k3s/master/templates/vip.yaml.j2     | 2 ++
 5 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
index 9acc3de..ea99993 100644
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -22,6 +22,8 @@ k3s_token: "some-SUPER-DEDEUPER-secret-password"
 # it for each of your hosts, though.
 k3s_node_ip: '{{ ansible_facts[flannel_iface]["ipv4"]["address"] }}'
 
+k3s_single_node: "{{ 'true' if groups['k3s_cluster'] | length == 1 else 'false' }}"
+
 # these arguments are recommended for servers as well as agents:
 extra_args: >-
   --flannel-iface={{ flannel_iface }}
diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml
index 7e6ecf1..dc43bce 100644
--- a/roles/k3s/master/tasks/main.yml
+++ b/roles/k3s/master/tasks/main.yml
@@ -64,7 +64,8 @@
     cmd: "systemd-run -p RestartSec=2 \
                       -p Restart=on-failure \
                       --unit=k3s-init \
-                      k3s server {{ server_init_args }}"
+                      k3s server {{ server_init_args }} \
+                      {{ '--node-taint CriticalAddonsOnly=true:NoExecute' if k3s_single_node|bool == false else ''}}"
     creates: "{{ systemd_dir }}/k3s.service"
   args:
     warn: false  # The ansible systemd module does not support transient units
diff --git a/roles/k3s/master/templates/k3s.service.j2 b/roles/k3s/master/templates/k3s.service.j2
index ae5cb48..33dd0e8 100644
--- a/roles/k3s/master/templates/k3s.service.j2
+++ b/roles/k3s/master/templates/k3s.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }}
+ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }} {{ '--node-taint CriticalAddonsOnly=true:NoExecute' if k3s_single_node|bool == false else ''}}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead
diff --git a/roles/k3s/master/templates/metallb.crds.j2 b/roles/k3s/master/templates/metallb.crds.j2
index 809733b..1bdda5a 100644
--- a/roles/k3s/master/templates/metallb.crds.j2
+++ b/roles/k3s/master/templates/metallb.crds.j2
@@ -1648,6 +1648,8 @@ spec:
       - effect: NoSchedule
         key: node-role.kubernetes.io/control-plane
         operator: Exists
+      - key: CriticalAddonsOnly
+        operator: Exists
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
diff --git a/roles/k3s/master/templates/vip.yaml.j2 b/roles/k3s/master/templates/vip.yaml.j2
index 2629398..e964046 100644
--- a/roles/k3s/master/templates/vip.yaml.j2
+++ b/roles/k3s/master/templates/vip.yaml.j2
@@ -69,6 +69,8 @@ spec:
         operator: Exists
       - effect: NoExecute
         operator: Exists
+      - key: CriticalAddonsOnly
+        operator: Exists
   updateStrategy: {}
 status:
   currentNumberScheduled: 0