Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15463

[release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13]


    • No
    • OCPNODE Sprint 238 (Blue)
    • 1
    • Rejected
    • False
    • Hide



      Description of problem:

      Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf on the nodes in RHOCP4.13 although this was possible in RHOCP4.12.

      Version-Release number of selected component (if applicable):

         Red Hat OpenShift Container Platform Version Number: 4
         Release Number: 13
         Kubernetes Version: v1.26.3+b404935
         Docker Version: N/A
         Related Package Version: 
      	   - cri-o-1.26.3-3.rhaos4.13.git641290e.el9.x86_64
         Related Middleware/Application: none
         Underlying RHEL Release Number: Red Hat Enterprise Linux CoreOS release 4.13
         Underlying RHEL Architecture: x86_64
         Underlying RHEL Kernel Version: 5.14.0-284.13.1.el9_2.x86_64
      Drivers or hardware or architecture dependency: none

      How reproducible:


      Steps to Reproduce:

          1. Deploy OCP cluster using RHCOS
          2. Set protectKernelDefaults as true using the document [1]

      Actual results:

      protectKernelDefaults can't be set.

      Expected results:

       protectKernelDefaults can be set.

      Additional info:

      protectKernelDefaults in NOT set in kubelet.conf
          # oc debug node/ocp4-worker1
          # chroot /host
          # cat /etc/kubernetes/kubelet.conf
            "protectKernelDefaults": true, <- NOT modified. Moreover, the format is changed to json.
      Also    "protectKernelDefaults: false" does not seem to be set into the machineConfig created by kubeletConfig Kind. See below:
          # oc get mc 99-worker-generated-kubelet -o yaml
            - contents:
                compression: "" 
                source: data:text/plain;charset=utf-8;base64, [The contents of kubelet.conf encoded with base64]
              mode: 420
              overwrite: true
              path: /etc/kubernetes/kubelet.conf
          // Write [The contents of kubelet.conf encoded with base64] to the file.
          # vim kubelet.conf 
          // Decode [The contents of kubelet.conf encoded with base64]
          # cat kubelet.conf | base64 -d
          "protectKernelDefaults": true, <- "protectKernelDefaults: false" is not set.
      [1] https://access.redhat.com/solutions/6974438

            svanka@redhat.com Sai Ramesh Vanka
            rhn-support-mvalsecc Michele Valsecchi
            Sunil Choudhary Sunil Choudhary
            Fujitsu Confidential Group, Red Hat Bugzilla Authorized, Red Hat Bugzilla See Partner Bugs
            0 Vote for this issue
            5 Start watching this issue