Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / f3dffa86205e880f26be6e019561efac1cd21e51^! / .
commitf3dffa86205e880f26be6e019561efac1cd21e51[log] [tgz]
authorMohammed Naser <mnaser@vexxhost.com>Mon May 23 14:33:14 2022 -0400
committerMohammed Naser <mnaser@vexxhost.com>Mon May 23 21:17:31 2022 +0000
tree7ba3b3653f247be88c5606e10b60b9c6397f4cdc
parent2144b3427d6fccc5efbaf022d204721ad4ed1f1c [diff]
Fix nodeSelector for services

Some services were running outside control plane so this patch
fixes some of those services.

Sem-Ver: bugfix
Change-Id: Ic417440cd5a274cb96f3c7e4ea261621e5fca85f

diff --git a/releasenotes/notes/fix-node-selectors-0ae3a7ae609b4227.yaml b/releasenotes/notes/fix-node-selectors-0ae3a7ae609b4227.yaml
new file mode 100644
index 0000000..56ac9f3
--- /dev/null
+++ b/releasenotes/notes/fix-node-selectors-0ae3a7ae609b4227.yaml

@@ -0,0 +1,3 @@
+---
+fixes:
+  - Fix services which are running on nodes other than the control plane.

diff --git a/roles/cert_manager/tasks/main.yml b/roles/cert_manager/tasks/main.yml
index 8d60917..88cbd8e 100644
--- a/roles/cert_manager/tasks/main.yml
+++ b/roles/cert_manager/tasks/main.yml

@@ -30,6 +30,17 @@
         - name: etc-ssl-certs
           mountPath: /etc/ssl/certs
           readOnly: true
+      nodeSelector:
+        openstack-control-plane: enabled
+      webhook:
+        nodeSelector:
+          openstack-control-plane: enabled
+      cainjector:
+        nodeSelector:
+          openstack-control-plane: enabled
+      startupapicheck:
+        nodeSelector:
+          openstack-control-plane: enabled
 
 - name: Create issuer
   kubernetes.core.k8s:

diff --git a/roles/cilium/tasks/main.yml b/roles/cilium/tasks/main.yml
index 98b5bb9..f41d119 100644
--- a/roles/cilium/tasks/main.yml
+++ b/roles/cilium/tasks/main.yml

@@ -19,3 +19,7 @@
     chart_version: 1.10.7
     release_namespace: kube-system
     kubeconfig: /etc/kubernetes/admin.conf
+    values:
+      operator:
+        nodeSelector:
+          openstack-control-plane: enabled

diff --git a/roles/kube_prometheus_stack/vars/main.yml b/roles/kube_prometheus_stack/vars/main.yml
index f8ede5a..5a14973 100644
--- a/roles/kube_prometheus_stack/vars/main.yml
+++ b/roles/kube_prometheus_stack/vars/main.yml

@@ -20,6 +20,9 @@
           targetLabel: "instance"
         - action: "labeldrop"
           regex: "^(container|endpoint|namespace|pod|service)$"
+    alertmanagerSpec:
+      nodeSelector:
+        openstack-control-plane: enabled
   grafana:
     serviceMonitor:
       relabelings:
@@ -27,6 +30,8 @@
           targetLabel: "instance"
         - action: "labeldrop"
           regex: "^(container|endpoint|namespace|pod|service)$"
+    nodeSelector:
+      openstack-control-plane: enabled
   kubeApiServer:
     serviceMonitor:
       relabelings:
@@ -126,6 +131,10 @@
       secrets:
         - kube-prometheus-stack-etcd-client-cert
   prometheusOperator:
+    admissionWebhooks:
+      patch:
+        nodeSelector:
+          openstack-control-plane: enabled
     serviceMonitor:
       relabelings:
         - sourceLabels: ["__meta_kubernetes_pod_name"]

diff --git a/roles/percona_xtradb_cluster/tasks/main.yml b/roles/percona_xtradb_cluster/tasks/main.yml
index 890f2b2..f92c767 100644
--- a/roles/percona_xtradb_cluster/tasks/main.yml
+++ b/roles/percona_xtradb_cluster/tasks/main.yml

@@ -20,6 +20,9 @@
     release_namespace: openstack
     create_namespace: true
     kubeconfig: /etc/kubernetes/admin.conf
+    values:
+      nodeSelector:
+        openstack-control-plane: enabled
 
 - name: Deploy cluster
   kubernetes.core.k8s: