Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.16.z
Component/s: Node Feature Discovery Operator
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

The node affinity being used are not sufficient if any additional node labels are used.

If you look at the code:
https://github.com/openshift/cluster-nfd-operator/blob/master/internal/daemonset/worker.go#L30-L54

It produces a config like:


      spec:
        affinity:
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: node-role.kubernetes.io/master
                  operator: DoesNotExist
              - matchExpressions:
                - key: node-role.kubernetes.io/worker
                  operator: Exists

There are 2 distinct 'matchExpressions'. These matchExpressions are not additive when defined as separate expressions. That means only one of them needs to be true. In the case of an infrastructure node, it has no worker or master label. The first expression is true and the second one looking for the worker label is longer relevant.

https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

If you specify multiple terms in nodeSelectorTerms associated with nodeAffinity types, then the Pod can be scheduled onto a node if one of the specified terms can be satisfied (terms are ORed).

We would want them to be on the same matchExpressions, so they get ANDed.

The pods then end up starting with:

  nodeSelector:
    node-role.kubernetes.io/worker: ""

And can not start because there is in fact no worker label on those infra nodes.

status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2025-11-06T21:46:02Z"
    message: '0/10 nodes are available: 1 node(s) didn''t match Pod''s node affinity/selector.
      preemption: 0/10 nodes are available: 10 Preemption is not helpful for scheduling.'
    reason: Unschedulable
    status: "False"
    type: PodScheduled
  phase: Pending

Version-Release number of selected component (if applicable):

4.16.0-202507211806

How reproducible:

Always

Steps to Reproduce:

    1. Cluster that has master, work and infra labeled nodes
    2.
    3.

Actual results:

DS tries to put pods on the infra nodes, but they will sit pending due to the lack of a worker label.

Expected results:

Only run on worker nodes

Additional info:

Assignee:: Yevgeny Shnaidman

Reporter:: Matt Robson

Need Info From:: None

Contributors:: None

QA Contact:: Guy Gordani

Doc Contact:: None

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/11/10 6:37 PM

Updated:: 2025/11/26 9:00 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates