Bug 1814325

Summary: [Docs] Required key name for NoSchedule taints on master nodes.
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: DocumentationAssignee: Michael Burke <mburke>
Status: CLOSED CURRENTRELEASE QA Contact: Sunil Choudhary <schoudha>
Severity: high Docs Contact: Vikram Goyal <vigoyal>
Priority: high    
Version: 4.3.0CC: aos-bugs, fandrade, jokerman, mvardhan, vigoyal, wkulhane
Target Milestone: ---   
Target Release: 4.3.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-03 03:33:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Howe 2020-03-17 16:31:30 UTC 
Document URL: 

https://docs.openshift.com/container-platform/4.3/nodes/scheduling/nodes-scheduler-taints-tolerations.html

Describe the issue: 

We need to add documentation that states any taints added to the master node must contain have the key "node-role.kubernetes.io/master" set. 

Since some critical cluster components required to run in the cluster contain the toleration:  

```
  - key: node-role.kubernetes.io/master
    operator: Exists
```

If any taint is set on a worker node the dns pod will not run on the nodes. I guess this is ok since it will always run on the masters. 

If any taint is set on the masters though that does not have the key "node-role.kubernetes.io/master" set, then it will not run on the masters. 


Suggestions for improvement: 

Add documentation as to what taints can be set on master nodes as to not break the cluster components. 

Additional information: 

https://github.com/openshift/cluster-dns-operator/commit/6be3d017118b89203f00b9a915ffdfdb9975f145

https://github.com/openshift/cluster-dns-operator/blob/release-4.2/assets/dns/daemonset.yaml#L141
Comment 1 Wolfgang Kulhanek 2020-03-17 17:07:41 UTC 
Is that actually true (DNS only needs to run on master nodes)? I thought we introduced a change (in 3.10?) to make DNS run on all nodes to reduce the load on masters...
Comment 8 Michael Burke 2020-08-17 18:36:11 UTC 
Ryan --

Is the request here to document "If a NoSchedule taint is added to the master it must have the key   node-role.kubernetes.io/master" and nothing further? 

If so, this appears to be default in 4.5. I would like to mention this also.

See: https://github.com/openshift/openshift-docs/pull/24846

Michael
Comment 9 Michael Burke 2020-09-29 15:08:07 UTC 
Sunil -- Please take a look.

Michael
Comment 10 Sunil Choudhary 2020-11-26 09:45:31 UTC 
Hi, yeah that is correct. lgtm
Comment 11 Michael Burke 2020-12-03 03:33:04 UTC 
Changes are live: https://docs.openshift.com/container-platform/4.6/nodes/scheduling/nodes-scheduler-taints-tolerations.html#nodes-scheduler-taints-tolerations-adding_nodes-scheduler-taints-tolerations
Comment 12 Red Hat Bugzilla 2024-02-04 04:25:51 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days