Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-1860

The node is assigned kata-oc role even though it was not selected to install kata runtime

XMLWordPrintable

    • 1
    • False
    • None
    • False
    • KATA-2418 - sandboxed containers: rework kataconfig status reporting
    • Kata Sprint #229, Kata Sprint #233, Kata Sprint #234
    • 0
    • 0.000

      Description

      The node does not have kata runtime installed yet it is assigned the kata-oc role indicating to the user that all nodes are capable of providing kata runtime to the pods.

      Steps to reproduce

      1. installed the sandbox container operator from the image.
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name:  katacatalog
        namespace: openshift-marketplace
      spec:
        sourceType: grpc
        image: quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-operator-catalog:1.3.1-3
        publisher: Red Hat
        updateStrategy:
          registryPoll:
            interval: 10m0s

      Subscription YAML

      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        labels:
          operators.coreos.com/sandboxed-containers-operator.openshift-sandboxed-containers-op: ""
        name: sandboxed-containers-operator
        namespace: openshift-sandboxed-containers-operator
      spec:
        channel: stable-1.3
        name: sandboxed-containers-operator
        source: katacatalog
        sourceNamespace: openshift-marketplace

      2.  Create kataconfig after operator is installed successfully

      apiVersion: kataconfiguration.openshift.io/v1
      kind: KataConfig
      metadata:
        generation: 2
        name: kataconfig
      spec:
        checkNodeEligibility: false
        kataConfigPoolSelector: null
        kataMonitorImage: registry-proxy.engineering.redhat.com/rh-osbs/openshift-sandboxed-containers-operator-monitor:1.3.0
        logLevel: debug
        kataConfigPoolSelector:
          matchExpressions:
            - values:
                - worker-0
                - worker-1
              operator: In
              key: kubernetes.io/hostname

      Expected result

      The node should not have been assigned kata-oc role as the kata runtime is not installed on it.

      Actual result

      The node is assigned kata-oc role.

      Impact

      The user could run into scenario where the pod is attempted be scheduled to run using kata runtime class on the node that does not have runtime installed.

      Env

      oc version

      Client Version: 4.12.0-0.nightly-2022-07-25-055755
      Kustomize Version: v4.5.4
      Server Version: 4.12.0-ec.5
      Kubernetes Version: v1.25.2+4bd0702

      oc get csv -n openshift-sandboxed-containers-operator

      NAME                                   DISPLAY                                   VERSION   REPLACES                               PHASE
      metallb-operator.v4.12.0               MetalLB Operator                          4.12.0    metallb-operator.4.12.0-202211081106   Succeeded
      sandboxed-containers-operator.v1.3.0   OpenShift sandboxed containers Operator   1.3.0                                            Succeeded

      Baremetal cluster

       

      Additional helpful info

      oc get nodes
      NAME                                       STATUS   ROLES                  AGE   VERSION
      master-0                                   Ready    control-plane,master   10h   v1.25.2+4bd0702
      master-1                                   Ready    control-plane,master   10h   v1.25.2+4bd0702
      master-2                                   Ready    control-plane,master   10h   v1.25.2+4bd0702
      openshift-qe-024.lab.eng.rdu2.redhat.com   Ready    kata-oc,sriov,worker   9h    v1.25.2+4bd0702
      openshift-qe-027.lab.eng.rdu2.redhat.com   Ready    kata-oc,sriov,worker   9h    v1.25.2+4bd0702
      worker-0                                   Ready    kata-oc,worker         10h   v1.25.2+4bd0702
      worker-1                                   Ready    kata-oc,worker         9h    v1.25.2+4bd0702

       

      oc get kataconfig -n openshift-sandboxed-containers-operator -o yaml

      apiVersion: v1
      items:
      - apiVersion: kataconfiguration.openshift.io/v1
        kind: KataConfig
        metadata:
          creationTimestamp: "2022-11-21T19:19:04Z"
          finalizers:
          - kataconfiguration.openshift.io/finalizer
          generation: 1
          name: kataconfig
          resourceVersion: "292119"
          uid: 3106c26a-e5ec-4647-a476-424869f45d44
        spec:
          checkNodeEligibility: false
          kataConfigPoolSelector:
            matchExpressions:
            - key: kubernetes.io/hostname
              operator: In
              values:
              - worker-0
              - worker-1
          kataMonitorImage: registry-proxy.engineering.redhat.com/rh-osbs/openshift-sandboxed-containers-operator-monitor:1.3.0
          logLevel: debug
        status:
          installationStatus:
            IsInProgress: "false"
            completed:
              completedNodesCount: 2
              completedNodesList:
              - worker-0
              - worker-1
            failed: {}
            inprogress: {}
          prevMcpGeneration: 3
          runtimeClass: kata
          totalNodesCount: 2
          unInstallationStatus:
            completed: {}
            failed: {}
            inProgress:
              status: ""
          upgradeStatus: {}
      kind: List
      metadata:
        resourceVersion: ""

       

       

       

       

       

       

       

       

              pmores Pavel Mores (Inactive)
              rhn-support-asood Arti Sood
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: