-
Bug
-
Resolution: Done
-
Medium
-
OSC 1.3.3
-
None
Description
The node does not have kata runtime installed yet it is assigned the kata-oc role indicating to the user that all nodes are capable of providing kata runtime to the pods.
Steps to reproduce
- installed the sandbox container operator from the image.
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: katacatalog
namespace: openshift-marketplace
spec:
sourceType: grpc
image: quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-operator-catalog:1.3.1-3
publisher: Red Hat
updateStrategy:
registryPoll:
interval: 10m0s
Subscription YAML
apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: labels: operators.coreos.com/sandboxed-containers-operator.openshift-sandboxed-containers-op: "" name: sandboxed-containers-operator namespace: openshift-sandboxed-containers-operator spec: channel: stable-1.3 name: sandboxed-containers-operator source: katacatalog sourceNamespace: openshift-marketplace
2. Create kataconfig after operator is installed successfully
apiVersion: kataconfiguration.openshift.io/v1 kind: KataConfig metadata: generation: 2 name: kataconfig spec: checkNodeEligibility: false kataConfigPoolSelector: null kataMonitorImage: registry-proxy.engineering.redhat.com/rh-osbs/openshift-sandboxed-containers-operator-monitor:1.3.0 logLevel: debug kataConfigPoolSelector: matchExpressions: - values: - worker-0 - worker-1 operator: In key: kubernetes.io/hostname
Expected result
The node should not have been assigned kata-oc role as the kata runtime is not installed on it.
Actual result
The node is assigned kata-oc role.
Impact
The user could run into scenario where the pod is attempted be scheduled to run using kata runtime class on the node that does not have runtime installed.
Env
oc version
Client Version: 4.12.0-0.nightly-2022-07-25-055755 Kustomize Version: v4.5.4 Server Version: 4.12.0-ec.5 Kubernetes Version: v1.25.2+4bd0702
oc get csv -n openshift-sandboxed-containers-operator
NAME DISPLAY VERSION REPLACES PHASE metallb-operator.v4.12.0 MetalLB Operator 4.12.0 metallb-operator.4.12.0-202211081106 Succeeded sandboxed-containers-operator.v1.3.0 OpenShift sandboxed containers Operator 1.3.0 Succeeded
Baremetal cluster
Additional helpful info
oc get nodes
NAME STATUS ROLES AGE VERSION
master-0 Ready control-plane,master 10h v1.25.2+4bd0702
master-1 Ready control-plane,master 10h v1.25.2+4bd0702
master-2 Ready control-plane,master 10h v1.25.2+4bd0702
openshift-qe-024.lab.eng.rdu2.redhat.com Ready kata-oc,sriov,worker 9h v1.25.2+4bd0702
openshift-qe-027.lab.eng.rdu2.redhat.com Ready kata-oc,sriov,worker 9h v1.25.2+4bd0702
worker-0 Ready kata-oc,worker 10h v1.25.2+4bd0702
worker-1 Ready kata-oc,worker 9h v1.25.2+4bd0702
oc get kataconfig -n openshift-sandboxed-containers-operator -o yaml
apiVersion: v1 items: - apiVersion: kataconfiguration.openshift.io/v1 kind: KataConfig metadata: creationTimestamp: "2022-11-21T19:19:04Z" finalizers: - kataconfiguration.openshift.io/finalizer generation: 1 name: kataconfig resourceVersion: "292119" uid: 3106c26a-e5ec-4647-a476-424869f45d44 spec: checkNodeEligibility: false kataConfigPoolSelector: matchExpressions: - key: kubernetes.io/hostname operator: In values: - worker-0 - worker-1 kataMonitorImage: registry-proxy.engineering.redhat.com/rh-osbs/openshift-sandboxed-containers-operator-monitor:1.3.0 logLevel: debug status: installationStatus: IsInProgress: "false" completed: completedNodesCount: 2 completedNodesList: - worker-0 - worker-1 failed: {} inprogress: {} prevMcpGeneration: 3 runtimeClass: kata totalNodesCount: 2 unInstallationStatus: completed: {} failed: {} inProgress: status: "" upgradeStatus: {} kind: List metadata: resourceVersion: ""
- links to
- mentioned on
