Enable scheduling of critical pods and network plugins on master

Added toleration to DNS, netchecker, fluentd, canal, and
calico policy.

Also small fixes to make yamllint pass.

roles/dnsmasq/templates/dnsmasq-autoscaler.yml

@@ -31,20 +31,23 @@ spec:
         scheduler.alpha.kubernetes.io/critical-pod: ''
         scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
     spec:
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       containers:
-      - name: autoscaler
-        image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
-        resources:
-          requests:
-            cpu: "20m"
-            memory: "10Mi"
-        command:
-        - /cluster-proportional-autoscaler
-        - --namespace=kube-system
-        - --configmap=dnsmasq-autoscaler
-        - --target=Deployment/dnsmasq
-        # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
-        # If using small nodes, "nodesPerReplica" should dominate.
-        - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
-        - --logtostderr=true
-        - --v={{ kube_log_level }}
+        - name: autoscaler
+          image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
+          resources:
+            requests:
+              cpu: "20m"
+              memory: "10Mi"
+          command:
+            - /cluster-proportional-autoscaler
+            - --namespace=kube-system
+            - --configmap=dnsmasq-autoscaler
+            - --target=Deployment/dnsmasq
+            # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+            # If using small nodes, "nodesPerReplica" should dominate.
+            - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
+            - --logtostderr=true
+            - --v={{ kube_log_level }}

roles/dnsmasq/templates/dnsmasq-deploy.yml

@@ -21,6 +21,9 @@ spec:
         kubernetes.io/cluster-service: "true"
         kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
     spec:
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       containers:
         - name: dnsmasq
           image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"

roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2

@@ -29,11 +29,15 @@ spec:
         k8s-app: kubedns-autoscaler
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
-        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
     spec:
       containers:
       - name: autoscaler
         image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
+        tolerations:
+          - effect: NoSchedule
+            operator: Exists
+          - effect: CriticalAddonsOnly
+            operator: exists
         resources:
           requests:
             cpu: "20m"

roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2

@@ -30,6 +30,8 @@ spec:
       tolerations:
       - key: "CriticalAddonsOnly"
         operator: "Exists"
+      - effect: NoSchedule
+        operator: Exists
       volumes:
       - name: kube-dns-config
         configMap:

roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2

@@ -12,6 +12,9 @@ spec:
       labels:
         app: netchecker-agent
     spec:
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       containers:
         - name: netchecker-agent
           image: "{{ agent_img }}"

roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2

@@ -16,6 +16,9 @@ spec:
 {% if kube_version | version_compare('v1.6', '>=') %}
       dnsPolicy: ClusterFirstWithHostNet
 {% endif %}
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       containers:
         - name: netchecker-agent
           image: "{{ agent_img }}"

roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2

@@ -17,6 +17,9 @@ spec:
         kubernetes.io/cluster-service: "true"
         version: "v{{ fluentd_version }}"
     spec:
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       containers:
       - name: fluentd-es
         image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"

roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2

@@ -21,6 +21,9 @@ spec:
         k8s-app: calico-policy
     spec:
       hostNetwork: true
+      tolerations:
+       - effect: NoSchedule
+         operator: Exists
       containers:
         - name: calico-policy-controller
           image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}

roles/network_plugin/canal/templates/canal-node.yml.j2

@@ -18,6 +18,9 @@ spec:
         k8s-app: canal-node
     spec:
       hostNetwork: true
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       volumes:
         # Used by calico/node.
         - name: lib-modules

roles/network_plugin/flannel/templates/flannel-pod.yml

@@ -8,6 +8,9 @@ metadata:
     app: "flannel"
     version: "v0.1"
 spec:
+  tolerations:
+    - effect: NoSchedule
+      operator: Exists
   volumes:
     - name: "subnetenv"
       hostPath:

roles/network_plugin/weave/templates/weave-net.yml.j2

@@ -153,4 +153,4 @@ items:
                 path: /var/lib/dbus
             - name: lib-modules
               hostPath:
-                path: /lib/modules
+                path: /lib/modules