-
Bug
-
Resolution: Done
-
Undefined
-
ACM 2.11.0
-
False
-
None
-
False
-
-
-
-
Moderate
-
No
Description of problem:
SNO spoke with Telco RAN DU profile applied fails workload partitioning validation for this pod:
Name: "addon-agent",
Cpus: "2-19,22-39",
Namespace: "open-cluster-management-agent-addon",
PodName: "managed-serviceaccount-addon-agent-78995c5b-tpz4p",
Pod is missing the target.workload.openshift.io/management: '{"effect":"PreferredDuringScheduling"}' annotation
Version-Release number of selected component (if applicable):
###hub OCP: 4.16.0-0.nightly-2024-04-18-141003 advanced-cluster-management.v2.10.2 multicluster-engine.v2.5.3 openshift-gitops-operator.v1.12.0 packageserver topology-aware-lifecycle-manager.v4.14.4 ###spoke: OCP: 4.14.22 cluster-logging.v5.7.12 local-storage-operator.v4.14.0-202404030309 packageserver ptp-operator.v4.14.0-202404030309 sriov-fec.v2.8.0 sriov-network-operator.v4.14.0-202404030309
How reproducible:
Always
Steps to Reproduce:
1. Install SNO spoke with above versions and Telco DU profile applied 2. Inspect pods for WLP annotations 3.
Actual results:
managed-serviceaccount-addon-agent pod is missing cpushares annotation
Expected results:
managed-serviceaccount-addon-agent has cpushares annotation.
Additional info:
must-gather and sos report to be attached in a comment.
]$ oc get pods -n open-cluster-management-agent-addon managed-serviceaccount-addon-agent-78995c5b-tpz4p -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["fd01:0:0:1::4b/64"],"mac_address":"0a:58:9a:e4:a5:8e","gateway_ips":["fd01:0:0:1::1"],"routes":[{"dest":"fd01::/48","nextHop":"fd01:0:0:1::1"},{"dest":"fd02::/112","nextHop":"fd01:0:0:1::1"},{"dest":"fd98::/64","nextHop":"fd01:0:0:1::1"}],"ip_address":"fd01:0:0:1::4b/64","gateway_ip":"fd01:0:0:1::1"}}'
k8s.v1.cni.cncf.io/network-status: |-
[{
"name": "ovn-kubernetes",
"interface": "eth0",
"ips": [
"fd01:0:0:1::4b"
],
"mac": "0a:58:9a:e4:a5:8e",
"default": true,
"dns": {}
}]
openshift.io/scc: restricted-v2
seccomp.security.alpha.kubernetes.io/pod: runtime/default
creationTimestamp: "2024-04-22T19:07:10Z"
generateName: managed-serviceaccount-addon-agent-78995c5b-
labels:
addon-agent: managed-serviceaccount
pod-template-hash: 78995c5b
name: managed-serviceaccount-addon-agent-78995c5b-tpz4p
namespace: open-cluster-management-agent-addon
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: managed-serviceaccount-addon-agent-78995c5b
uid: 90a45ddc-d5b3-479b-81b9-3732989025f6
resourceVersion: "112381"
uid: eb614ae2-eff2-46cf-b490-963ab72ee9e1
spec:
containers:
- args:
- --cluster-name=kni-qe-66
- --kubeconfig=/managed/hub-kubeconfig/kubeconfig
- --feature-gates=EphemeralIdentity=true
command:
- /agent
env:
- name: HUB_KUBECONFIG
value: /managed/hub-kubeconfig/kubeconfig
- name: CLUSTER_NAME
value: kni-qe-66
- name: INSTALL_NAMESPACE
value: open-cluster-management-agent-addon
image: registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:80daccf5c1e15e3552c3105f8c8c61d6c8ad5a6b19394be9c17db7cae9688bfd
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8000
scheme: HTTP
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: addon-agent
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000630000
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /managed/hub-kubeconfig
name: hub-kubeconfig
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-k9xmn
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
imagePullSecrets:
- name: open-cluster-management-image-pull-credentials
nodeName: sno.kni-qe-66.lab.eng.rdu2.redhat.com
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1000630000
seLinuxOptions:
level: s0:c25,c15
seccompProfile:
type: RuntimeDefault
serviceAccount: managed-serviceaccount
serviceAccountName: managed-serviceaccount
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: hub-kubeconfig
secret:
defaultMode: 420
secretName: managed-serviceaccount-hub-kubeconfig
- name: kube-api-access-k9xmn
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- configMap:
items:
- key: service-ca.crt
path: service-ca.crt
name: openshift-service-ca.crt
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2024-04-22T19:07:10Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2024-04-23T03:08:09Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2024-04-23T03:08:09Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2024-04-22T19:07:10Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: cri-o://d7b7131e81f541c855ef8b0ba682c13340f6aa1f6dff0628193d52ddf2f37939
image: registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:80daccf5c1e15e3552c3105f8c8c61d6c8ad5a6b19394be9c17db7cae9688bfd
imageID: registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1f55bdbbc458ed9d40149055df9e50760875c2e1573335f39418446e0a9706c2
lastState: {}
name: addon-agent
ready: true
restartCount: 7
started: true
state:
running:
startedAt: "2024-04-23T03:08:08Z"
hostIP: 2620:52:0:199::100
phase: Running
podIP: fd01:0:0:1::4b
podIPs:
- ip: fd01:0:0:1::4b
qosClass: BestEffort
startTime: "2024-04-22T19:07:10Z"