The first node kURL is installed on will always be a primary node running Kubernetes control-plane components, including etcd. A common practice is to taint all primary nodes to prevent most pods from being scheduled on them. The kURL installer does not taint primaries by default because single-node installs must be capable of scheduling all pods.
Once a secondary node has been joined to a cluster, it's possible to taint the primary nodes with the following command:
cat tasks.sh | sudo bash -s taint_primaries
curl -L https://k8s.kurl.sh/latest/tasks.sh | sudo bash -s taint_primaries
Limitations: Currently the only supported CSI plugin for dedicated primaries is Rook versions 1.4.3+.
Production installations with the Rook add-on should use tainted primaries to avoid scheduling pods consuming Rook storage volumes on the same nodes where OSDs are running. By default, Rook 1.4.3+ will start an OSD on all nodes where an available block device is found, including secondary nodes. Use this procedure to ensure OSDs are scheduled only on tainted primaries to avoid problems with colocation:
kubectl -n kurl edit configmap ekco-config and change maintain_rook_storage_nodes to false and set max_ceph_pool_replication to the number of primaries in the cluster, up to a max of 3. Run kubectl -n kurl delete pod --selector=app=ekc-operator after the changes to the config map are applied.cat tasks.sh | sudo bash -s taint_primaries or online curl -L https://k8s.kurl.sh/latest/tasks.sh | sudo bash -s taint_primarieslsblk on all nodes. No rbd devices should be shown on primary nodes.cat /proc/mounts | grep 6789. That command should have no output on primary nodes.