Bug 1995858

Summary: Control-plane nodes are missing the node-role.kubernetes.io/control-plane label
Product: OpenShift Container Platform Reporter: Miciah Dashiel Butler Masters <mmasters>
Component: NodeAssignee: Ryan Phillips <rphillips>
Node sub component: Kubelet QA Contact: Weinan Liu <weinliu>
Status: CLOSED WONTFIX Docs Contact:
Severity: medium    
Priority: medium CC: aos-bugs, jerzhang, mfojtik, nagrawal, schoudha, tsweeney, wking, xxia
Version: 4.10   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-04-30 18:04:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miciah Dashiel Butler Masters 2021-08-19 23:30:36 UTC 
Description of problem:

This KEP: <https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md> defines a new label and taint for control-plane nodes: "node-role.kubernetes.io/control-plane".  The KEP also deprecates the old "node-role.kubernetes.io/master" label and taint.  The KEP was implemented upstream in Kubernetes 1.20 (specifically in kubeadm) with <https://github.com/kubernetes/kubernetes/pull/95382>. OpenShift 4.9 control-plane nodes do not have the label.  


Version-Release number of selected component (if applicable):

Server Version: 4.9.0-0.ci-2021-08-19-160130
Kubernetes Version: v1.22.0-rc.0.1619+dc932e96e93466-dirty


How reproducible:

100%.


Steps to Reproduce:
1. Launch an OpenShift 4.9 cluster.
2. Check the node labels.
3. Check the node taints.


Actual results:

    % oc get nodes --show-labels | grep -e 'node-role\.kubernetes\.io/[^=]\+' -o
    node-role.kubernetes.io/master
    node-role.kubernetes.io/master
    node-role.kubernetes.io/master
    node-role.kubernetes.io/worker
    node-role.kubernetes.io/worker
    node-role.kubernetes.io/worker
    % oc get nodes -ojson | jq -c '.items|.[]|.spec.taints'
    [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]
    [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]
    [{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]
    null
    null
    null


Expected results:

Control-plane nodes should have the "node-role.kubernetes.io/control-plane" label and taint.  


Additional info:

The KEP suggests there will be some deprecation period during which the old label and taint will co-exist with the new label and taint: "Minimum deprecation period for GA features is 1 year. Estimated 1.24, but may depend on user feedback."
Comment 1 Yu Qi Zhang 2021-08-30 16:38:43 UTC 
I assume in the MCO repository, we would need to do two things:

1. change the kubelet service template to label/taint with control-plane
2. change our nodeselector labelling to use the new label

Is that understanding correct? Also looping in the node team for the kubelet service template.
Comment 7 Tom Sweeney 2022-01-06 16:20:08 UTC 
Not completed this sprint.
Comment 8 Ryan Phillips 2022-08-16 14:32:44 UTC 
Control-plane labels were added into 4.12 nightlies. We are following up in jira in regards to controllers to help manage the migration.

https://github.com/openshift/machine-config-operator/pull/3273
Comment 9 Sunil Choudhary 2022-10-18 10:45:25 UTC 
% oc get clusterversion                           
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.12.0-0.nightly-2022-10-15-094115   True        False         163m    Cluster version is 4.12.0-0.nightly-2022-10-15-094115

% oc get nodes                                    
NAME                                         STATUS   ROLES                  AGE    VERSION
ip-10-0-153-107.us-east-2.compute.internal   Ready    worker                 178m   v1.25.2+5bf2e1f
ip-10-0-154-141.us-east-2.compute.internal   Ready    control-plane,master   3h3m   v1.25.2+5bf2e1f
ip-10-0-168-115.us-east-2.compute.internal   Ready    worker                 92m    v1.25.2+5bf2e1f
ip-10-0-170-72.us-east-2.compute.internal    Ready    control-plane,master   3h4m   v1.25.2+5bf2e1f
ip-10-0-205-170.us-east-2.compute.internal   Ready    worker                 179m   v1.25.2+5bf2e1f
ip-10-0-218-17.us-east-2.compute.internal    Ready    control-plane,master   3h4m   v1.25.2+5bf2e1f

% oc get nodes --show-labels | grep -e 'node-role\.kubernetes\.io/[^=]\+' -o
node-role.kubernetes.io/worker
node-role.kubernetes.io/control-plane
node-role.kubernetes.io/master
node-role.kubernetes.io/worker
node-role.kubernetes.io/control-plane
node-role.kubernetes.io/master
node-role.kubernetes.io/worker
node-role.kubernetes.io/control-plane
node-role.kubernetes.io/master


% oc get nodes -ojson | jq -c '.items|.[]|.spec.taints'
null
[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]
null
[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]
null
[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]
Comment 10 Rory Thrasher 2024-04-30 18:04:53 UTC 
OCP is no longer using Bugzilla and this bug appears to have been left in an orphaned state. If the bug is still relevant, please open a new issue in the OCPBUGS Jira project: https://issues.redhat.com/projects/OCPBUGS/summary