diff --git a/templates/addons/calico-dual-stack/values.yaml b/templates/addons/calico-dual-stack/values.yaml index 8a786cc77f0..b77674592fa 100644 --- a/templates/addons/calico-dual-stack/values.yaml +++ b/templates/addons/calico-dual-stack/values.yaml @@ -17,3 +17,15 @@ installation: encapsulation: None natOutgoing: Enabled nodeSelector: all() +# By default, tigera tolerates all NoSchedule taints. This breaks upgrades +# when it continuously gets scheduled onto an out-of-date Node that is being +# deleted. Tolerate only the NoSchedule taints that are expected. +tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists diff --git a/templates/addons/calico-ipv6/values.yaml b/templates/addons/calico-ipv6/values.yaml index 4eea896cef8..f2566dde3e9 100644 --- a/templates/addons/calico-ipv6/values.yaml +++ b/templates/addons/calico-ipv6/values.yaml @@ -12,3 +12,15 @@ installation: encapsulation: None natOutgoing: Enabled nodeSelector: all() +# By default, tigera tolerates all NoSchedule taints. This breaks upgrades +# when it continuously gets scheduled onto an out-of-date Node that is being +# deleted. Tolerate only the NoSchedule taints that are expected. +tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists diff --git a/templates/addons/calico/values.yaml b/templates/addons/calico/values.yaml index 31defaf1d02..8c0154cb1a5 100644 --- a/templates/addons/calico/values.yaml +++ b/templates/addons/calico/values.yaml @@ -14,3 +14,15 @@ tigeraOperator: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl +# By default, tigera tolerates all NoSchedule taints. This breaks upgrades +# when it continuously gets scheduled onto an out-of-date Node that is being +# deleted. Tolerate only the NoSchedule taints that are expected. +tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists diff --git a/templates/addons/cluster-api-helm/calico-dual-stack.yaml b/templates/addons/cluster-api-helm/calico-dual-stack.yaml index 2c9ca62e436..f1dfa22aae1 100644 --- a/templates/addons/cluster-api-helm/calico-dual-stack.yaml +++ b/templates/addons/cluster-api-helm/calico-dual-stack.yaml @@ -38,3 +38,15 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists diff --git a/templates/addons/cluster-api-helm/calico-ipv6.yaml b/templates/addons/cluster-api-helm/calico-ipv6.yaml index 4a2d6ae8cca..e159a346db1 100644 --- a/templates/addons/cluster-api-helm/calico-ipv6.yaml +++ b/templates/addons/cluster-api-helm/calico-ipv6.yaml @@ -32,4 +32,16 @@ spec: image: tigera/operator registry: mcr.microsoft.com/oss calicoctl: - image: mcr.microsoft.com/oss/calico/ctl \ No newline at end of file + image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists diff --git a/templates/addons/cluster-api-helm/calico.yaml b/templates/addons/cluster-api-helm/calico.yaml index f4c895f705f..4030dc233d0 100644 --- a/templates/addons/cluster-api-helm/calico.yaml +++ b/templates/addons/cluster-api-helm/calico.yaml @@ -30,4 +30,16 @@ spec: image: tigera/operator registry: mcr.microsoft.com/oss calicoctl: - image: mcr.microsoft.com/oss/calico/ctl \ No newline at end of file + image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists diff --git a/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml b/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml index c0bd6bd85eb..2850e215e75 100644 --- a/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml +++ b/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml @@ -263,7 +263,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -283,6 +283,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml index b4b175f15de..8bd68f5375f 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml @@ -691,7 +691,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -711,6 +711,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml index 204a1b4ab7d..b577edc3a97 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml @@ -1026,4 +1026,16 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} diff --git a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml index c83ac472d3b..ef04ec3b9ed 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml @@ -1017,7 +1017,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -1039,4 +1039,16 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} diff --git a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml index e5fd45b1df1..417d4c73758 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml @@ -720,7 +720,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -740,6 +740,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-ci-version.yaml b/templates/test/ci/cluster-template-prow-ci-version.yaml index 1beb16a1468..7e5c635e02b 100644 --- a/templates/test/ci/cluster-template-prow-ci-version.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version.yaml @@ -720,7 +720,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -740,6 +740,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml b/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml index 99fbae1af3d..e5ae13cd5c9 100644 --- a/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml +++ b/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml @@ -414,7 +414,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -434,6 +434,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-custom-vnet.yaml b/templates/test/ci/cluster-template-prow-custom-vnet.yaml index 27945a02ac8..01d63d5555b 100644 --- a/templates/test/ci/cluster-template-prow-custom-vnet.yaml +++ b/templates/test/ci/cluster-template-prow-custom-vnet.yaml @@ -253,7 +253,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -273,6 +273,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-dual-stack.yaml b/templates/test/ci/cluster-template-prow-dual-stack.yaml index 4150d9fde82..2d8a219223f 100644 --- a/templates/test/ci/cluster-template-prow-dual-stack.yaml +++ b/templates/test/ci/cluster-template-prow-dual-stack.yaml @@ -363,6 +363,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-edgezone.yaml b/templates/test/ci/cluster-template-prow-edgezone.yaml index 799a0143728..df4919322c4 100644 --- a/templates/test/ci/cluster-template-prow-edgezone.yaml +++ b/templates/test/ci/cluster-template-prow-edgezone.yaml @@ -236,7 +236,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -256,6 +256,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml b/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml index f842a4e5bce..0245ea82598 100644 --- a/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml +++ b/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml @@ -31,7 +31,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -51,6 +51,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-flatcar.yaml b/templates/test/ci/cluster-template-prow-flatcar.yaml index 1f7b588a3c5..8099cb5aaa5 100644 --- a/templates/test/ci/cluster-template-prow-flatcar.yaml +++ b/templates/test/ci/cluster-template-prow-flatcar.yaml @@ -267,7 +267,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -287,6 +287,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-ipv6.yaml b/templates/test/ci/cluster-template-prow-ipv6.yaml index ed0bad8f71a..36880c687c8 100644 --- a/templates/test/ci/cluster-template-prow-ipv6.yaml +++ b/templates/test/ci/cluster-template-prow-ipv6.yaml @@ -361,7 +361,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -383,6 +383,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml index e0e58662f97..f104cf33f37 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml @@ -651,7 +651,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -671,6 +671,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml b/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml index 5b0eabd15ea..e854d1e997c 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml @@ -384,7 +384,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -404,6 +404,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-machine-pool.yaml b/templates/test/ci/cluster-template-prow-machine-pool.yaml index bd3451250e6..27846770989 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool.yaml @@ -378,7 +378,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -398,6 +398,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml b/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml index 46453d1aba6..8b843689b14 100644 --- a/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml +++ b/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml @@ -226,7 +226,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -246,6 +246,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-private.yaml b/templates/test/ci/cluster-template-prow-private.yaml index 6d90b155bd8..e8c0bb9bcb7 100644 --- a/templates/test/ci/cluster-template-prow-private.yaml +++ b/templates/test/ci/cluster-template-prow-private.yaml @@ -278,7 +278,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -298,6 +298,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-spot.yaml b/templates/test/ci/cluster-template-prow-spot.yaml index a86d90d34b1..63f0bf1d4ee 100644 --- a/templates/test/ci/cluster-template-prow-spot.yaml +++ b/templates/test/ci/cluster-template-prow-spot.yaml @@ -249,7 +249,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -269,6 +269,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow-topology.yaml b/templates/test/ci/cluster-template-prow-topology.yaml index d44cbf68c2e..f56ff5aedea 100644 --- a/templates/test/ci/cluster-template-prow-topology.yaml +++ b/templates/test/ci/cluster-template-prow-topology.yaml @@ -94,7 +94,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -114,6 +114,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/ci/cluster-template-prow.yaml b/templates/test/ci/cluster-template-prow.yaml index accac0e5b4e..cb332ffd199 100644 --- a/templates/test/ci/cluster-template-prow.yaml +++ b/templates/test/ci/cluster-template-prow.yaml @@ -452,7 +452,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -472,6 +472,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/dev/cluster-template-custom-builds-dra.yaml b/templates/test/dev/cluster-template-custom-builds-dra.yaml index 9d3387001d7..ec00cc22318 100644 --- a/templates/test/dev/cluster-template-custom-builds-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-dra.yaml @@ -645,7 +645,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -665,6 +665,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml index 8a8f9b8287d..4d938ceb3be 100644 --- a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml @@ -728,7 +728,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -748,6 +748,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/dev/cluster-template-custom-builds-load.yaml b/templates/test/dev/cluster-template-custom-builds-load.yaml index 395684934ca..5cbcea5475b 100644 --- a/templates/test/dev/cluster-template-custom-builds-load.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load.yaml @@ -692,7 +692,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -712,6 +712,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml index 9515e8c793f..3f75cbf53af 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml @@ -605,7 +605,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -625,6 +625,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/templates/test/dev/cluster-template-custom-builds.yaml b/templates/test/dev/cluster-template-custom-builds.yaml index ce28a071f53..5abb71a8882 100644 --- a/templates/test/dev/cluster-template-custom-builds.yaml +++ b/templates/test/dev/cluster-template-custom-builds.yaml @@ -686,7 +686,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -706,6 +706,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-remediation.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-remediation.yaml index c159fa410f6..c5f5c7bcc9c 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-remediation.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-remediation.yaml @@ -29,7 +29,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -49,6 +49,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-scale-in.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-scale-in.yaml index 766705dc9a2..29738c24cc9 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-scale-in.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-kcp-scale-in.yaml @@ -29,7 +29,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -49,6 +49,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-and-machine-pool.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-and-machine-pool.yaml index bd9121d66f1..b359745aaca 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-and-machine-pool.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-and-machine-pool.yaml @@ -29,7 +29,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -49,6 +49,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-pool.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-pool.yaml index f374bb36d79..90206dd88fe 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-pool.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-machine-pool.yaml @@ -29,7 +29,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -49,6 +49,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-remediation.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-remediation.yaml index 1a7f747dd0d..03e2ae42565 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-remediation.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-remediation.yaml @@ -29,7 +29,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -49,6 +49,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-node-drain.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-node-drain.yaml index 79bcf539f2f..3a843c1ff82 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-node-drain.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-node-drain.yaml @@ -29,7 +29,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -49,6 +49,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template.yaml index 0db3623164b..6a2d55cb91b 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template.yaml @@ -29,7 +29,7 @@ spec: namespace: tigera-operator releaseName: projectcalico repoURL: https://docs.tigera.io/calico/charts - valuesTemplate: |- + valuesTemplate: | installation: cni: type: Calico @@ -49,6 +49,18 @@ spec: registry: mcr.microsoft.com/oss calicoctl: image: mcr.microsoft.com/oss/calico/ctl + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists version: ${CALICO_VERSION} --- apiVersion: addons.cluster.x-k8s.io/v1alpha1