Bug 1951853 - dnses.operator.openshift.io resource's spec.nodePlacement.tolerations godoc incorrectly describes default behavior
Summary: dnses.operator.openshift.io resource's spec.nodePlacement.tolerations godoc i...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.8.0
Assignee: Miciah Dashiel Butler Masters
QA Contact: jechen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-21 01:13 UTC by Miciah Dashiel Butler Masters
Modified: 2022-08-04 22:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-27 23:02:18 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift api pull 904 0 None closed Bug 1951853: operator/dns: Describe default toleration 2021-06-08 05:07:58 UTC
Github openshift cluster-dns-operator pull 278 0 None open Bug 1951853: Bump openshift/api for node placement API godoc fix 2021-06-08 05:07:59 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:02:45 UTC

Description Miciah Dashiel Butler Masters 2021-04-21 01:13:14 UTC
Description of problem:

The godoc for the dnses.operator.openshift.io resource's spec.nodePlacement.tolerations field incorrectly states that the default value is an empty list of tolerations.

In fact, by default, the operator sets a toleration for the "node-role.kubernetes.io/master" taint, and the daemon controller adds some tolerations as well.  This default value is desirable so that pods on master nodes have local DNS pods, and also so that the cluster has DNS pods even if worker nodes are all unavailable at once.


Version-Release number of selected component (if applicable):

4.8.0-0.ci-2021-04-20-220659


How reproducible:

100%


Steps to Reproduce:

1. oc explain dnses.spec.nodePlacement.tolerations --api-version=operator.openshift.io/v1


Actual results:

    DESCRIPTION:
         tolerations is a list of tolerations applied to DNS pods. The default is an
         empty list. This default is subject to change. See
         https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
    
         The pod this Toleration is attached to tolerates any taint that matches the
         triple <key,value,effect> using the matching operator <operator>.



Expected results:

The documentation should give the actual default that the operator sets, namely a toleration for the existence of the "node-role.kubernetes.io/master" taint.

In addition, the documentation should mention that the daemon controller injects some default tolerations.

Finally, the documentation should include a warning against changing this default.

Comment 2 Miciah Dashiel Butler Masters 2021-06-02 14:01:20 UTC
Still need to vendor the change in cluster-dns-operator.

Comment 4 jechen 2021-06-10 23:57:42 UTC
Verified in 4.8.0-0.nightly-2021-06-10-210437 

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.8.0-0.nightly-2021-06-10-210437   True        False         91m     Cluster version is 4.8.0-0.nightly-2021-06-10-210437


$ oc explain dnses.spec.nodePlacement.tolerations --api-version=operator.openshift.io/v1
KIND:     DNS
VERSION:  operator.openshift.io/v1

RESOURCE: tolerations <[]Object>

DESCRIPTION:
     tolerations is a list of tolerations applied to DNS pods. If empty, the
     operator sets a toleration for the "node-role.kubernetes.io/master" taint.
     This default is subject to change. Specifying tolerations without including
     a toleration for the "node-role.kubernetes.io/master" taint may be risky as
     it could lead to an outage if all worker nodes become unavailable. Note
     that the daemon controller adds some tolerations as well. See
     https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

     The pod this Toleration is attached to tolerates any taint that matches the
     triple <key,value,effect> using the matching operator <operator>.

Comment 7 errata-xmlrpc 2021-07-27 23:02:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438


Note You need to log in before you can comment on or make changes to this bug.