Bug 1915081
| Summary: | node-ca toleration not updating | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Christoph Blecker <cblecker> |
| Component: | Image Registry | Assignee: | Oleg Bulatov <obulatov> |
| Status: | CLOSED WONTFIX | QA Contact: | Wenjing Zheng <wzheng> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.5 | CC: | aos-bugs, rmarasch |
| Target Milestone: | --- | Keywords: | ServiceDeliveryImpact |
| Target Release: | 4.5.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-19 13:27:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1893977 | ||
| Bug Blocks: | |||
Workaround:
The node-ca daemonset can be patched with the following:
oc patch -n openshift-image-registry daemonset/node-ca --type=merge -p '{"spec":{"template":{"spec":{"tolerations":[{"operator":"Exists"}]}}}}'
As 4.5 has reached its Maintenance Support phase and this is a medium severity BZ with a workaround, we are not going to fix it. |
Description of problem: The node-ca daemonset tolerations don't match expected configuration from the operator. Version-Release number of selected component (if applicable): 4.5.16 How reproducible: Unknown Steps to Reproduce: 1. 2. 3. Actual results: apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "4472" creationTimestamp: "2019-06-20T15:59:21Z" generation: 4472 name: node-ca namespace: openshift-image-registry resourceVersion: "541513829" selfLink: /apis/apps/v1/namespaces/openshift-image-registry/daemonsets/node-ca uid: 5e1dc93b-9374-11e9-8e82-02f26c1531a4 spec: revisionHistoryLimit: 10 selector: matchLabels: name: node-ca template: metadata: creationTimestamp: null labels: name: node-ca spec: containers: - command: - /bin/sh - -c - | while [ true ]; do for f in $(ls /tmp/serviceca); do echo $f ca_file_path="/tmp/serviceca/${f}" f=$(echo $f | sed -r 's/(.*)\.\./\1:/') reg_dir_path="/etc/docker/certs.d/${f}" if [ -e "${reg_dir_path}" ]; then cp -u $ca_file_path $reg_dir_path/ca.crt else mkdir $reg_dir_path cp $ca_file_path $reg_dir_path/ca.crt fi done for d in $(ls /etc/docker/certs.d); do echo $d dp=$(echo $d | sed -r 's/(.*):/\1\.\./') reg_conf_path="/tmp/serviceca/${dp}" if [ ! -e "${reg_conf_path}" ]; then rm -rf /etc/docker/certs.d/$d fi done sleep 60 done image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:313e7b5a1e8d45f529e75c1726f9791c915ddebb168e34d75a1220e64d19b0ba imagePullPolicy: IfNotPresent name: node-ca resources: {} securityContext: privileged: true procMount: Default terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp/serviceca name: serviceca - mountPath: /etc/docker/certs.d name: host dnsPolicy: ClusterFirst nodeSelector: beta.kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: node-ca serviceAccountName: node-ca terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists volumes: - hostPath: path: /etc/docker/certs.d type: "" name: host - configMap: defaultMode: 420 name: image-registry-certificates name: serviceca updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate status: currentNumberScheduled: 10 desiredNumberScheduled: 10 numberAvailable: 10 numberMisscheduled: 0 numberReady: 10 observedGeneration: 4472 updatedNumberScheduled: 10 Expected results: https://github.com/openshift/cluster-image-registry-operator/blob/d9969bbbf8b5ac89e9e1aee5ca3a6319f37cb1e6/bindata/nodecadaemon.yaml#L18-L19 Additional info: