CloudNativePG and Control-Plane Node Taints
CloudNativePG (1.28) will not schedule initdb jobs onto tainted control-plane nodes, no amount of Argo forcing, SSA tricks, or YAML wizardry can override that.
CloudNativePG (1.28) will not schedule initdb jobs onto tainted control-plane nodes, no amount of Argo forcing, SSA tricks, or YAML wizardry can override that.
💡The Lesson
When deploying CloudNativePG clusters in Kubernetes environments with tainted control-plane nodes, the operator's internal logic explicitly prevents initdb jobs from being scheduled on control-plane nodes, regardless of your deployment tooling or workarounds.
🚫What Doesn't Work
- Argo CD sync options: Even with force sync or replace enabled.
- Server-Side Apply (SSA): Doesn't override operator behavior.
- Custom tolerations: The operator ignores user-supplied tolerations for initdb jobs.
- YAML manipulation: No amount of manual patching will change the scheduling logic.
✅The Solution
Ensure your Kubernetes cluster has properly configured worker nodes without control-plane taints, or remove the taints from nodes where you want database initialization to occur.
Check node taints:
kubectl get nodes -o json | jq '.items[] | {name: .metadata.name, taints: .spec.taints}'Remove control-plane taint if needed:
kubectl taint nodes <node-name> node-role.kubernetes.io/control-plane:NoSchedule-📚Context
- Version tested: CloudNativePG 1.28
- Related operators: Similar behavior may exist in other database operators.
- Best practice: Keep control-plane nodes tainted and use dedicated worker nodes for stateful workloads.