Description of problem: The nmstate-webhook by default is configured with 2 replicas. However, it doesn't have podAntiAffinity configured and the two replicas may get scheduled on the same master node. So if this node goes down, we lose both replicas. Version-Release number of selected component (if applicable): version: v4.9.2 How reproducible: 100% Steps to Reproduce: Actual results: nmstate-webhook pods may get scheduled on the same node. Expected results: Configure podAntiAffinity on nmstate-webhook so that it will not be scheduled on the same node. Additional info:
The u/s fix https://github.com/nmstate/kubernetes-nmstate/pull/1012
Verified. OCP Version 4.10.8 kubernetes-nmstate-handler v4.10.1-3 nmstate-webhook deployment has topologySpreadConstarints, preventing from pods deploying on the same node. oc get deployment -n openshift-cnv nmstate-webhook -o yaml ... topologySpreadConstraints: - labelSelector: matchLabels: component: kubernetes-nmstate-webhook maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.10.1 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:4668