Cilium v1.19.1 not working out-of-the-box - node taints #744
Description
My test setup involves:
- 3 master nodes, 2 worker nodes
- CiIlium v1.19.1 with native routing, custom cilium-values file
Note:
- with
v1.17.2everything goes smooth,hetzner-k3scompletes successfully (Note: due to native routign mode I had toip route add 10.244.0.0/16 via 10.0.0.1on each node manually, to make PodCIDR actually routable across the private network). - with
v1.19.1it gets stuck waiting for Cilium agents to be ready
I've found that:
cilium(agent pods) crashes, becausecillium-operatordidn't create Cilium CRDs yetcillium-operatorpod is not schedullable due to node taints
Node taints are:
NAME TAINTS
test-master1 [map[effect:NoExecute key:CriticalAddonsOnly value:true] map[effect:NoSchedule key:node.cloudprovider.kubernetes.io/uninitialized value:true]]
test-master2 [map[effect:NoExecute key:CriticalAddonsOnly value:true] map[effect:NoSchedule key:node.cloudprovider.kubernetes.io/uninitialized value:true]]
test-master3 [map[effect:NoExecute key:CriticalAddonsOnly value:true] map[effect:NoSchedule key:node.cloudprovider.kubernetes.io/uninitialized value:true]]
The cilium-operator deployment tolerations are:
[
{
"key": "node-role.kubernetes.io/control-plane",
"operator": "Exists"
},
{
"key": "node-role.kubernetes.io/master",
"operator": "Exists"
},
{
"key": "node.kubernetes.io/not-ready",
"operator": "Exists"
},
{
"key": "node.cilium.io/agent-not-ready",
"operator": "Exists"
},
{
"effect": "NoExecute",
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"tolerationSeconds": 300
}
]Manually adding CriticalAddonsOnly toleration to the cilium-operator deployment tolerations solves the issue.