Kubelet is not running when labeling node-role.kubernetes.io/<role>

[talnovik]

What happened:

Creating a cluster failed on curl to healthz path failed
Caused by adding the label node-role.kubernetes.io/worker to the node labels on the kind cluster config file

What you expected to happen:

I expected that the node will receive the label

How to reproduce it (as minimally and precisely as possible):

Creating a cluster the the label mentioned above the in the cluster config file

Environment:

• kind version: (use kind version):0.17.0
• Runtime info: (use docker info or podman info): runc
• OS (e.g. from /etc/os-release):centos 7
• Kubernetes version: (use kubectl version):1.25.3

[BenTheElder]

kubernetes.io / k8.sio namespace is restricted to API approved labels, this is not kind specific

[BenTheElder]

https://kubernetes.io/docs/reference/labels-annotations-taints/

Kubernetes reserves all labels and annotations in the kubernetes.io and k8s.io namespaces.

Kubelet will refuse to start if an invalid kubernetes.io or k8s.io label is used. Your custom labels can also conflict with kubeadm.

I recommend using a label in your own namespace, not manipulating Kubernetes's namespaces

[BenTheElder]

xref kubernetes/kubeadm#2509

[vlasov-y]

@BenTheElder https://github.com/vlasov-y/node-role-labeler

[BenTheElder]

I can't recommend using this, the official policy is that the k8s.io and kubernetes.io namespaces are reserved for the Kubernetes project. For other third party usage, I STRONGLY encourage picking your own namespace and applying your custom labels under that.

[BenTheElder]

https://kubernetes.io/docs/reference/labels-annotations-taints/

Kubernetes reserves all labels and annotations in the kubernetes.io and k8s.io namespaces.

(this is why kubelet blocks you from applying custom values under these namespaces)

[vlasov-y]

https://kubernetes.io/docs/reference/labels-annotations-taints/

Kubernetes reserves all labels and annotations in the kubernetes.io and k8s.io namespaces.

(this is why kubelet blocks you from applying custom values under these namespaces)

That is as clear as day, but let's say I have a cluster autoscaler and EKS. I am the one who control both and I want to have a fancy roles assigned to nodes without any crutches - I cannot do that, because node-role.kubernetes.io is reserved. Project I have mentioned solves this particular case.
If k9s or similar could consider node-role.cluster.local as node role labels and show roles from that keys in roles column from nodes view, that would be cool.

[BenTheElder]

There's no guarantee that kubernetes doesn't directly do more with reserved namespaces in the future and conflict with your nonstandard usage. I would strongly encourage using your own namespace and selecting tools that will show those values or patching the tools you use.