-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.14.z
-
Moderate
-
None
-
False
-
Description of problem:
When using any NoExecute taint on a MachineSet except `node-role.kubernetes.io/infra`, the node will come up with a "uninitialzed" taint:
spec:
taints:
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
- effect: NoExecute
key: verySpecialPurpose
This is because the azure-cloud-node-manager does not tolerate any other "NoExecute" taints:
$ oc -n openshift-cloud-controller-manager get ds/azure-cloud-node-manager -o json | jq '.spec.template.spec.tolerations'
[
{
"effect": "NoSchedule",
"operator": "Exists"
},
{
"effect": "NoExecute",
"key": "node-role.kubernetes.io/infra",
"operator": "Exists"
},
{
"effect": "NoExecute",
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"tolerationSeconds": 120
},
{
"effect": "NoExecute",
"key": "node.kubernetes.io/not-ready",
"operator": "Exists",
"tolerationSeconds": 120
}
]
As a result, customers are unable to create such taints.
Version-Release number of selected component (if applicable):
How reproducible:
Add the following taint to a MachineSet on Azure: taints: - effect: NoExecute key: verySpecialPurpose
Actual results:
Following taint is automatically added: - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized
Expected results:
node to initialize with "NoExecute" taint normally
