kubeadm: run kube-proxy on non-master tainted nodes

[neolit123]

What this PR does / why we need it:
kube-proxy should be able to run on all nodes, independent
on the taint of such nodes.

This restriction was previously removed in bb28449 but
then was brought back in d194926.

/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/cc @luxas @detiber @dixudx @discordianfish @mxey
/kind bug
/area kube-proxy
/area kubeadm

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes kubernetes/kubeadm#699

Special notes for your reviewer:
we are removing the requirement again, but please have a look at all the implications here.
hopefully we don't have to bring it again.

Release note:

kubeadm: run kube-proxy on non-master tainted nodes

[k8s-ci-robot]

@neolit123: GitHub didn't allow me to request PR reviews from the following users: discordianfish, mxey.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

What this PR does / why we need it:
kube-proxy should be able to run on all nodes, independent
on the taint of such nodes.

This restriction was previously removed in bb28449 but
then was brought back in d194926.

/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/cc @luxas @detiber @dixudx @discordianfish @mxey
/kind bug
/area kube-proxy
/area kubeadm

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes kubernetes/kubeadm#699

Special notes for your reviewer:
we are removing the requirement again, but please have a look at all the implications here.
hopefully we don't have to bring it again.

Release note:

kubeadm: run kube-proxy on non-master tainted nodes

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[luxas]

Not sure here, let's check this up before merging wrt CriticalAddonsOnly

[luxas]

I think we should make this accept everything, with Exists only with a key, or have both this and an Exists-only thing. @timothysc WDYT?

[neolit123]

the explanations i found on CriticalAddonsOnly are kind of vague. to my understanding these two lines, would help to run the daemonset on a node that already has critical pods.

but this thread suggested that "priority and preemption" (beta in 1.11) handles this "transparently"?
#57659 (comment)
https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

[timothysc]

+1 re make it land everywhere.

[neolit123]

/retest

[neolit123]

/test pull-kubernetes-bazel-build

[timothysc]

You need to add back the CriticalAddons toleration b/c it's used by the kubelet and the scheduler - https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/

[timothysc]

@neolit123 - lets add

  labels:
    scheduler.alpha.kubernetes.io/critical-pod: ""
priorityClassName: system-node-critical

To prevent more PRs then lgtm

/approve

[timothysc]

/cc @kubernetes/sig-release-bugs

for whoever is the v1.11 - release manager.

[neolit123]

updated (hope i got it right).
/cc @foxish

[neolit123]

/test pull-kubernetes-e2e-gce

[timothysc]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: neolit123, timothysc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [timothysc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-github-robot]

[MILESTONENOTIFIER] Milestone Pull Request Needs Approval

@neolit123 @timothysc @kubernetes/sig-cluster-lifecycle-misc @kubernetes/sig-release-misc

Action required: This pull request must have the status/approved-for-milestone label applied by a SIG maintainer. If the label is not applied within 3 days, the pull request will be moved out of the v1.11 milestone.

Pull Request Labels

• sig/cluster-lifecycle sig/release: Pull Request will be escalated to these SIGs if needed.
• priority/important-soon: Escalate to the pull request owners and SIG owner; move out of milestone after several unsuccessful escalation attempts.
• kind/bug: Fixes a bug discovered during the current release.

Help

• Additional instructions
• Commands for setting labels

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[neolit123]

/test pull-kubernetes-e2e-kops-aws

[k8s-github-robot]

Automatic merge from submit-queue (batch tested with PRs 65931, 65705, 66033). If you want to cherry-pick this change to another branch, please follow the instructions here.

[k8s-ci-robot]

@neolit123: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
pull-kubernetes-e2e-kops-aws	8dcb980	link	/test pull-kubernetes-e2e-kops-aws

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[luxas]

Thanks!