Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-12987

[2.11.1] Regression - managed-serviceaccount-addon-agent pod missing PreferredDuringScheduling annotation - SNO DU profile

XMLWordPrintable

    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • 1
    • SF Train-17
    • Moderate
    • Yes

      Description of problem:

      
This is a regression of ACM-11315

SNO spoke with Telco RAN DU profile applied fails workload partitioning validation for this pod:

Name: "addon-agent",
Cpus: "2-19,22-39",
Namespace: "open-cluster-management-agent-addon",
PodName: "managed-serviceaccount-addon-agent-66c895b79f-qz4xr",

Pod is missing the target.workload.openshift.io/management: '{"effect":"PreferredDuringScheduling"}' annotation

      Version-Release number of selected component (if applicable):

      
###hub
OCP: 4.16.5
advanced-cluster-management.v2.11.1-3
multicluster-engine.v2.6.1-7
openshift-gitops-operator.v1.13.0-10
packageserver
topology-aware-lifecycle-manager.v4.17.0-17

###spoke:
OCP:4.17.0-0.nightly-2024-07-28-191830 
cluster-logging.v5.9.5
local-storage-operator.v4.17.0-202407251411
packageserver
ptp-operator.v4.17.0-202407271113
sriov-fec.v2.9.0
sriov-network-operator.v4.17.0-202407251643

      How reproducible:

      Always

      Steps to Reproduce:

      1. Install SNO spoke with above versions and Telco DU profile applied
2. Inspect pods for WLP annotations
3.

      Actual results:

      managed-serviceaccount-addon-agent pod is missing cpushares annotation

      Expected results:

      managed-serviceaccount-addon-agent has cpushares annotation.

      Additional info:

      
must-gather and sos report to be attached in a comment.

$ oc get pod -n open-cluster-management-agent-addon managed-serviceaccount-addon-agent-66c895b79f-qz4xr -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["fd01:0:0:1::48/64"],"mac_address":"0a:58:0a:5f:f7:38","gateway_ips":["fd01:0:0:1::1"],"routes":[{"dest":"fd01::/48","nextHop":"fd01:0:0:1::1"},{"dest":"fd02::/112","nextHop":"fd01:0:0:1::1"},{"dest":"fd98::/64","nextHop":"fd01:0:0:1::1"}],"ip_address":"fd01:0:0:1::48/64","gateway_ip":"fd01:0:0:1::1","role":"primary"}}'
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "ovn-kubernetes",
          "interface": "eth0",
          "ips": [
              "fd01:0:0:1::48"
          ],
          "mac": "0a:58:0a:5f:f7:38",
          "default": true,
          "dns": {}
      }]
    openshift.io/scc: restricted-v2
    seccomp.security.alpha.kubernetes.io/pod: runtime/default
  creationTimestamp: "2024-07-29T03:39:14Z"
  generateName: managed-serviceaccount-addon-agent-66c895b79f-
  labels:
    addon-agent: managed-serviceaccount
    pod-template-hash: 66c895b79f
  name: managed-serviceaccount-addon-agent-66c895b79f-qz4xr
  namespace: open-cluster-management-agent-addon
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: managed-serviceaccount-addon-agent-66c895b79f
    uid: 281e1d5e-cc7a-4236-9c35-261e6ede95cb
  resourceVersion: "153055"
  uid: 9e29a100-cdd9-4f03-9457-9b1675e0e270
spec:
  containers:
  - args:
    - --cluster-name=helix55
    - --kubeconfig=/managed/hub-kubeconfig/kubeconfig
    - --feature-gates=EphemeralIdentity=true
    command:
    - /agent
    env:
    - name: HUB_KUBECONFIG
      value: /managed/hub-kubeconfig/kubeconfig
    - name: CLUSTER_NAME
      value: helix55
    image: registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:256408e9aea625a249fb9a56c6b863d67440356fdd2eede4d4635a31ac16b543
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 8000
        scheme: HTTP
      initialDelaySeconds: 2
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: addon-agent
    resources: {}
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      runAsNonRoot: true
      runAsUser: 1000610000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /managed/hub-kubeconfig
      name: hub-kubeconfig
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-zrkwg
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  imagePullSecrets:
  - name: open-cluster-management-image-pull-credentials
  nodeName: helix55.lab.eng.rdu2.redhat.com
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1000610000
    seLinuxOptions:
      level: s0:c25,c5
    seccompProfile:
      type: RuntimeDefault
  serviceAccount: managed-serviceaccount
  serviceAccountName: managed-serviceaccount
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: hub-kubeconfig
    secret:
      defaultMode: 420
      secretName: managed-serviceaccount-hub-kubeconfig
  - name: kube-api-access-zrkwg
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
      - configMap:
          items:
          - key: service-ca.crt
            path: service-ca.crt
          name: openshift-service-ca.crt
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2024-07-29T20:24:47Z"
    status: "True"
    type: PodReadyToStartContainers
  - lastProbeTime: null
    lastTransitionTime: "2024-07-29T03:39:14Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2024-07-29T20:24:47Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2024-07-29T20:24:47Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2024-07-29T03:39:14Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: cri-o://43c9555cc5e2f35ebdd3d3817ba29d91990ce170bdb1f500ce7c491d080db3a3
    image: registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:256408e9aea625a249fb9a56c6b863d67440356fdd2eede4d4635a31ac16b543
    imageID: registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:256408e9aea625a249fb9a56c6b863d67440356fdd2eede4d4635a31ac16b543
    lastState: {}
    name: addon-agent
    ready: true
    restartCount: 3
    started: true
    state:
      running:
        startedAt: "2024-07-29T20:24:38Z"
  hostIP: 2620:52:0:800::1ff3
  hostIPs:
  - ip: 2620:52:0:800::1ff3
  phase: Running
  podIP: fd01:0:0:1::48
  podIPs:
  - ip: fd01:0:0:1::48
  qosClass: BestEffort
  startTime: "2024-07-29T03:39:14Z"

              jiazhu@redhat.com Jian Zhu
              rhn-support-dgonyier Dwaine Gonyier
              Brent Rowsell
              Hui Chen Hui Chen
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: