Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-9274

Ingress-canary daemonset does not tolerate Infra taints NoExecute

XMLWordPrintable

    • +
    • Moderate
    • None
    • 2
    • Sprint 236, Sprint 237, Sprint 238, Sprint 239
    • 4
    • Rejected
    • Unspecified
    • Hide
      * Previously, if cluster administrators configured an infra node using a taint with the `NoExecute` effect, the Ingress Operator's canary pods would not be scheduled on these infra nodes. After some time, the DaemonSet configuration would get overridden, and the pods would be terminated on the infra nodes.
      +
      With this release, the Ingress Operator now configures the canary DaemonSet to tolerate a `node-role.kubernetes.io/infra` node taint that specifies the `NoExecute` effect. As a result, canary pods are scheduled on infra nodes regardless of what effect has been specified. (link:https://issues.redhat.com/browse/OCPBUGS-9274[*OCPBUGS-9274*])
      Show
      * Previously, if cluster administrators configured an infra node using a taint with the `NoExecute` effect, the Ingress Operator's canary pods would not be scheduled on these infra nodes. After some time, the DaemonSet configuration would get overridden, and the pods would be terminated on the infra nodes. + With this release, the Ingress Operator now configures the canary DaemonSet to tolerate a `node-role.kubernetes.io/infra` node taint that specifies the `NoExecute` effect. As a result, canary pods are scheduled on infra nodes regardless of what effect has been specified. (link: https://issues.redhat.com/browse/OCPBUGS-9274 [* OCPBUGS-9274 *])
    • Bug Fix
    • Done

      Description of problem:
      Ingress-canary Daemon Set does not tolerate Infra taint "NoExecute"

      Version-Release number of selected component (if applicable):
      OCPv4.9

      How reproducible:
      Always

      Steps to Reproduce:
      1.Label and Taint Node
      $ oc describe node worker-0.cluster49.lab.pnq2.cee.redhat.com | grep infra
      Roles: custom,infra,test
      node-role.kubernetes.io/infra= <----
      Taints: node-role.kubernetes.io/infra=reserved:NoExecute <----
      node-role.kubernetes.io/infra=reserved:NoSchedule <----

      2.Edit ingress-canary ds and add NoExecute toleration
      $ oc get ds -o yaml | grep -i tole -A6
      tolerations:

      • effect: NoSchedule
        key: node-role.kubernetes.io/infra
        value: reserved
      • effect: NoExecute <----
        key: node-role.kubernetes.io/infra <----
        value: reserved <----

      3. The Daemon Set configuration gets overwritten after some time, probably by the managing operator, and the pods are terminated on the infra nodes.

      Actual results:
      Infra taint toleration NoExecute gets overwritten :
      $ oc get ds -o yaml | grep -i tole -A6
      tolerations:

      • effect: NoSchedule
        key: node-role.kubernetes.io/infra
        operator: Exists

      Expected results:
      Ingress canary Daemon Set should be able to tolerate the NoExecute taint toleration.

      Additional info: Same taint as the product documentation are used (node-role.kubernetes.io/infra)

              mmasters1@redhat.com Miciah Masters
              rhn-support-sgurnale Sunil Gurnale
              Shudi Li Shudi Li
              Red Hat Employee
              Votes:
              1 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: