Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-30156

HyperShift AddOnDeploymentConfig nodeSelector/tolerations configuration are not propagated to operator deployment

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • ACM 2.15.1
    • HyperShift
    • Incidents & Support
    • False
    • Hide

      None

      Show
      None
    • False
    • Moderate
    • None

      Description of problem:

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1. Install ACM 2.15.1
      2. Configure nodeSelector/tolerations in MulticlusterHub CR for infra nodes:
      apiVersion: operator.open-cluster-management.io/v1
      kind: MultiClusterHub
      metadata:
        annotations:
          argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
        name: multiclusterhub
        namespace: open-cluster-management
      spec:
        nodeSelector:
          node-role.kubernetes.io/infra: ""
        tolerations:
          - key: node-role.kubernetes.io/infra
            operator: Exists
      1. Check the AddOnDeploymentConfig hypershift-addon-deploy-config is updated with the nodeSelector/tolerations: 
      apiVersion: addon.open-cluster-management.io/v1alpha1
      kind: AddOnDeploymentConfig
      metadata:
        annotations:
          installer.multicluster.openshift.io/release-version: 2.10.1
        resourceVersion: '1961297'
        name: hypershift-addon-deploy-config
        namespace: multicluster-engine
        ownerReferences:
          - apiVersion: multicluster.openshift.io/v1
            blockOwnerDeletion: true
            controller: true
            kind: MultiClusterEngine
            name: multiclusterengine
            uid: 6f7f3330-9b80-4094-bb32-af9b650a2ed7
        labels:
          backplaneconfig.name: multiclusterengine
      spec:
        agentInstallNamespace: open-cluster-management-agent-addon
        customizedVariables:
          - name: hcMaxNumber
            value: '80'
          - name: hcThresholdNumber
            value: '60'
        nodePlacement:
          nodeSelector:
            node-role.kubernetes.io/infra: ''
          tolerations:
            - key: node-role.kubernetes.io/infra
              operator: Exists 

      Actual results:

      On hypershift namespace, the operator deployment is not updated with the configured nodeSelector/tolerations from AddOnDeploymentConfig hypershift-addon-deploy-config.

      kind: Deployment
      apiVersion: apps/v1
      metadata:
        name: operator
        namespace: hypershift
        uid: 758054a9-c9ed-4805-b35a-80ae514ca6bc
        resourceVersion: '1874472'
        generation: 2
        creationTimestamp: '2026-02-13T11:42:54Z'
        annotations:
          deployment.kubernetes.io/revision: '2'
          hypershift.openshift.io/install-cli-version: 'openshift/hypershift: d422e678c60ed6250c870365cd48d50355fa472f. Latest supported OCP: 4.20.0'
      spec:
        replicas: 2
        selector:
          matchLabels:
            name: operator
        template:
          metadata:
            creationTimestamp: null
            labels:
              app: operator
              hypershift.openshift.io/operator-component: operator
              name: operator
          spec:
            restartPolicy: Always
            initContainers:
              - resources: {}
                terminationMessagePath: /dev/termination-log
                name: init-environment
                command:
                  - /usr/bin/hypershift-operator
                securityContext:
                  privileged: false
                  runAsUser: 1000
                  readOnlyRootFilesystem: true
                imagePullPolicy: IfNotPresent
                volumeMounts:
                  - name: openshift-config-managed-trusted-ca-bundle
                    readOnly: true
                    mountPath: /var/run/ca-trust
                  - name: trusted-ca-bundle
                    mountPath: /trust-bundle
                terminationMessagePolicy: FallbackToLogsOnError
                image: 'registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4ce3a8f135c41e1914055faacc27eb48fe93dac7624e2ffb1d598cb9f8fb3fe4'
                args:
                  - init
            serviceAccountName: operator
            imagePullSecrets:
              - name: open-cluster-management-image-pull-credentials
            schedulerName: default-scheduler
            affinity:
              podAntiAffinity:
                preferredDuringSchedulingIgnoredDuringExecution:
                  - weight: 10
                    podAffinityTerm:
                      labelSelector:
                        matchExpressions:
                          - key: name
                            operator: In
                            values:
                              - operator
                      topologyKey: kubernetes.io/hostname
            terminationGracePeriodSeconds: 30
            securityContext: {}
            containers:
              - resources:
                  requests:
                    cpu: 10m
                    memory: 150Mi
                readinessProbe:
                  httpGet:
                    path: /metrics
                    port: 9000
                    scheme: HTTP
                  initialDelaySeconds: 15
                  timeoutSeconds: 5
                  periodSeconds: 60
                  successThreshold: 1
                  failureThreshold: 3
                terminationMessagePath: /dev/termination-log
                name: operator
                command:
                  - /usr/bin/hypershift-operator
                livenessProbe:
                  httpGet:
                    path: /metrics
                    port: 9000
                    scheme: HTTP
                  initialDelaySeconds: 60
                  timeoutSeconds: 5
                  periodSeconds: 60
                  successThreshold: 1
                  failureThreshold: 5
                env:
                  - name: MY_NAMESPACE
                    valueFrom:
                      fieldRef:
                        apiVersion: v1
                        fieldPath: metadata.namespace
                  - name: MY_NAME
                    valueFrom:
                      fieldRef:
                        apiVersion: v1
                        fieldPath: metadata.name
                  - name: METRICS_SET
                    value: Telemetry
                  - name: CERT_ROTATION_SCALE
                    value: 24h0m0s
                  - name: ENABLE_ETCD_RECOVERY
                    value: '1'
                  - name: IMAGE_AGENT_CAPI_PROVIDER
                    value: 'registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:bbee749c05a14106c6df56a886a663c9018eb0c0d8bb01a79883db1d38bf2087'
                  - name: IMAGE_KUBEVIRT_CAPI_PROVIDER
                    value: 'registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:60a7645c461a617bcd4e304f0dc6ff789d391310e00a7465ee0fc680996ba641'
                securityContext:
                  capabilities:
                    drop:
                      - ALL
                  privileged: false
                  runAsUser: 1000
                  readOnlyRootFilesystem: true
                  allowPrivilegeEscalation: false
                  seccompProfile:
                    type: RuntimeDefault
                ports:
                  - name: metrics
                    containerPort: 9000
                    protocol: TCP
                  - name: manager
                    containerPort: 9443
                    protocol: TCP
                imagePullPolicy: IfNotPresent
                volumeMounts:
                  - name: serving-cert
                    mountPath: /var/run/secrets/serving-cert
                  - name: trusted-ca-bundle
                    readOnly: true
                    mountPath: /etc/pki/ca-trust/extracted/pem
                terminationMessagePolicy: FallbackToLogsOnError
                image: 'registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4ce3a8f135c41e1914055faacc27eb48fe93dac7624e2ffb1d598cb9f8fb3fe4'
                args:
                  - run
                  - '--namespace=$(MY_NAMESPACE)'
                  - '--pod-name=$(MY_NAME)'
                  - '--metrics-addr=:9000'
                  - '--enable-dedicated-request-serving-isolation=true'
                  - '--enable-ocp-cluster-monitoring=false'
                  - '--enable-ci-debug-output=false'
                  - '--private-platform=None'
                  - '--cert-dir=/var/run/secrets/serving-cert'
                  - '--enable-validating-webhook=true'
                  - '--enable-uwm-telemetry-remote-write'
            serviceAccount: operator
            volumes:
              - name: serving-cert
                secret:
                  secretName: manager-serving-cert
                  defaultMode: 420
              - name: openshift-config-managed-trusted-ca-bundle
                configMap:
                  name: openshift-config-managed-trusted-ca-bundle
                  items:
                    - key: ca-bundle.crt
                      path: tls-ca-bundle.pem
                  defaultMode: 420
                  optional: true
              - name: trusted-ca-bundle
                emptyDir: {}
            dnsPolicy: ClusterFirst
            priorityClassName: hypershift-operator
        strategy:
          type: RollingUpdate
          rollingUpdate:
            maxUnavailable: 25%
            maxSurge: 25%
        revisionHistoryLimit: 10
        progressDeadlineSeconds: 600
      status:
        observedGeneration: 2
        replicas: 2
        updatedReplicas: 2
        readyReplicas: 2
        availableReplicas: 2
        conditions:
          - type: Available
            status: 'True'
            lastUpdateTime: '2026-02-13T11:44:10Z'
            lastTransitionTime: '2026-02-13T11:44:10Z'
            reason: MinimumReplicasAvailable
            message: Deployment has minimum availability.
          - type: Progressing
            status: 'True'
            lastUpdateTime: '2026-02-13T11:45:16Z'
            lastTransitionTime: '2026-02-13T11:42:54Z'
            reason: NewReplicaSetAvailable
            message: ReplicaSet "operator-646fcf86fd" has successfully progressed.
       

      Expected results:

      On hypershift namespace, the operator deployment is updated with the configured nodeSelector/tolerations from AddOnDeploymentConfig hypershift-addon-deploy-config.

       

      Additional info:

              rokejungrh Roke Jung
              laurent.tourreau Laurent TOURREAU
              David Huynh David Huynh
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: