Description of problem: No topologySpreadConstraints shown in `oc describe resource` Version-Release number of selected component (if applicable): oc version Client Version: 4.11.0-0.nightly-2022-03-20-160505 Server Version: 4.11.0-0.ci.test-2022-03-23-004817-ci-ln-1sd5jv2-latest How reproducible: always Steps to Reproduce: 1.Describe the deploy or pod which has enabled topologySpreadConstraints 2. 3. Actual results: No topologySpreadConstraints shown in the `oc describe` output oc describe deploy/image-registry Name: image-registry Namespace: openshift-image-registry CreationTimestamp: Wed, 23 Mar 2022 11:31:11 +0800 Labels: docker-registry=default Annotations: deployment.kubernetes.io/revision: 1 imageregistry.operator.openshift.io/checksum: sha256:97639780fff14c1cba48b9afae7a45634e18860f38eafb9f80fd9b4a35ba2797 operator.openshift.io/spec-hash: 65ef49ec6fbbd07aaebddbb83e83473ec692fa2e42f718732e9a07c81f3484c3 release.openshift.io/version: 4.11.0-0.ci.test-2022-03-23-004817-ci-ln-1sd5jv2-latest Selector: docker-registry=default Replicas: 1 desired | 1 updated | 1 total | 0 available | 1 unavailable StrategyType: RollingUpdate MinReadySeconds: 0 RollingUpdateStrategy: 0 max unavailable, 25% max surge Pod Template: Labels: docker-registry=default Annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:2a4096ce412ad711f3f683be257146fae11fc001fd5c322f3fea77f08079a6fc target.workload.openshift.io/management: {"effect": "PreferredDuringScheduling"} Service Account: registry Containers: registry: Image: registry.build01.ci.openshift.org/ci-ln-1sd5jv2/stable@sha256:b23882be86cfaea8067d32d57c40a929c60876b2af37a8934dbba45d54ca6f86 Port: 5000/TCP Host Port: 0/TCP Command: /bin/sh -c mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract && exec /usr/bin/dockerregistry Requests: cpu: 100m memory: 256Mi Liveness: http-get https://:5000/healthz delay=5s timeout=5s period=10s #success=1 #failure=3 Readiness: http-get https://:5000/healthz delay=15s timeout=5s period=10s #success=1 #failure=3 Environment: REGISTRY_STORAGE: filesystem REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /registry REGISTRY_HTTP_ADDR: :5000 REGISTRY_HTTP_NET: tcp REGISTRY_HTTP_SECRET: 415392ef135f3e0af0db4a7120778b5d38961648d142b71f21b6a4fb8c3f7c7a5289631d2f5d4c466d3b339c0b68c0c326ca543e7f4bea7bfe6f224315c185ca REGISTRY_LOG_LEVEL: info REGISTRY_OPENSHIFT_QUOTA_ENABLED: true REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR: inmemory REGISTRY_STORAGE_DELETE_ENABLED: true REGISTRY_HEALTH_STORAGEDRIVER_ENABLED: true REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL: 10s REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD: 1 REGISTRY_OPENSHIFT_METRICS_ENABLED: true REGISTRY_OPENSHIFT_SERVER_ADDR: image-registry.openshift-image-registry.svc:5000 REGISTRY_HTTP_TLS_CERTIFICATE: /etc/secrets/tls.crt REGISTRY_HTTP_TLS_KEY: /etc/secrets/tls.key Mounts: /etc/pki/ca-trust/extracted from ca-trust-extracted (rw) /etc/pki/ca-trust/source/anchors from registry-certificates (rw) /etc/secrets from registry-tls (rw) /registry from registry-storage (rw) /usr/share/pki/ca-trust-source from trusted-ca (rw) /var/lib/kubelet/ from installation-pull-secrets (rw) /var/run/secrets/openshift/serviceaccount from bound-sa-token (ro) Volumes: registry-storage: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> registry-tls: Type: Projected (a volume that contains injected data from multiple sources) SecretName: image-registry-tls SecretOptionalName: <nil> ca-trust-extracted: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> registry-certificates: Type: ConfigMap (a volume populated by a ConfigMap) Name: image-registry-certificates Optional: false trusted-ca: Type: ConfigMap (a volume populated by a ConfigMap) Name: trusted-ca Optional: true installation-pull-secrets: Type: Secret (a volume populated by a Secret) SecretName: installation-pull-secrets Optional: true bound-sa-token: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3600 Priority Class Name: system-cluster-critical Conditions: Type Status Reason ---- ------ ------ Available False MinimumReplicasUnavailable Progressing False ProgressDeadlineExceeded OldReplicaSets: <none> NewReplicaSet: image-registry-7897866f55 (1/1 replicas created) Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal ScalingReplicaSet 146m deployment-controller Scaled up replica set image-registry-785f55f5d6 to 1 Normal ScalingReplicaSet 146m deployment-controller Scaled up replica set image-registry-7897866f55 to 1 Normal ScalingReplicaSet 23m deployment-controller Scaled up replica set image-registry-7897866f55 to 1 $oc get deploy/image-registry -o yaml | grep -i topology topologySpreadConstraints: topologyKey: topology.kubernetes.io/zone topologyKey: kubernetes.io/hostname topologyKey: node-role.kubernetes.io/worker Expected results: Should show the topologySpreadConstraints in the `oc describe` output Additional info:
This does not look like a bug instead it is a feature. Because there seems to be no promise that describe command shows everything get command shows(for example, tolerations is an another example for that). But I opened a PR for this https://github.com/kubernetes/kubernetes/pull/109563. If it is rejected by upstream community, I'd prefer closing that bug as wontfix.
Referenced upstream PR https://github.com/kubernetes/kubernetes/pull/109563 has been merged. This bug will be automatically fixed in next upstream bump for 4.12.
can't reproudce the issue now: [root@localhost ~]# oc version --client Client Version: 4.12.0-0.nightly-2022-10-18-192348 Kustomize Version: v4.5.7 [root@localhost ~]# oc describe deploy/image-registry Name: image-registry Namespace: openshift-image-registry CreationTimestamp: Wed, 19 Oct 2022 09:40:11 +0800 Labels: docker-registry=default Annotations: deployment.kubernetes.io/revision: 2 imageregistry.operator.openshift.io/checksum: sha256:13bb34765e2e15ef6167a988880b0b7390065acda75a9e98382aab658c9668fe operator.openshift.io/spec-hash: d98af570747ed96c1e94a50977a00f68faff96764cbfdd412b4106b6e5651b27 release.openshift.io/version: 4.12.0-0.nightly-arm64-2022-10-18-153953 Selector: docker-registry=default Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable StrategyType: RollingUpdate MinReadySeconds: 0 RollingUpdateStrategy: 0 max unavailable, 25% max surge Pod Template: Labels: docker-registry=default Annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:e811b0d8f5dbda126a276c9c016774d00c53e663c31db2cb61f70b34c9cf56c1 target.workload.openshift.io/management: {"effect": "PreferredDuringScheduling"} Service Account: registry Containers: registry: Image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b7249579348678a9e886808f69707134561bee55780362df8d9de5b993615d0 Port: 5000/TCP Host Port: 0/TCP Command: /bin/sh -c mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract && exec /usr/bin/dockerregistry Requests: cpu: 100m memory: 256Mi Liveness: http-get https://:5000/healthz delay=5s timeout=5s period=10s #success=1 #failure=3 Readiness: http-get https://:5000/healthz delay=15s timeout=5s period=10s #success=1 #failure=3 Environment: REGISTRY_STORAGE: filesystem REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /registry REGISTRY_HTTP_ADDR: :5000 REGISTRY_HTTP_NET: tcp REGISTRY_HTTP_SECRET: 5aa9687b8bf3d87cc70d10e5cfe5dc7c1800ade4bdd2728ec33984b344057b5652d8d8061e3980687c3eb14c05b95001428beedee2beb7585f64436ff283c9f0 REGISTRY_LOG_LEVEL: info REGISTRY_OPENSHIFT_QUOTA_ENABLED: true REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR: inmemory REGISTRY_STORAGE_DELETE_ENABLED: true REGISTRY_HEALTH_STORAGEDRIVER_ENABLED: true REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL: 10s REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD: 1 REGISTRY_OPENSHIFT_METRICS_ENABLED: true REGISTRY_OPENSHIFT_SERVER_ADDR: image-registry.openshift-image-registry.svc:5000 HTTP_PROXY: http://packetproxy:r3dh4t22@packet-aux-server-ext.qe.devcluster.openshift.com:3128 HTTPS_PROXY: http://packetproxy:r3dh4t22@packet-aux-server-ext.qe.devcluster.openshift.com:3128 NO_PROXY: .cluster.local,.svc,127.0.0.1,2604:1380::/32,api-int.yinzhou-a19.qe.devcluster.openshift.com,fd01::/48,fd02::/112,localhost,test.no-proxy.com REGISTRY_HTTP_TLS_CERTIFICATE: /etc/secrets/tls.crt REGISTRY_HTTP_TLS_KEY: /etc/secrets/tls.key Mounts: /etc/pki/ca-trust/extracted from ca-trust-extracted (rw) /etc/pki/ca-trust/source/anchors from registry-certificates (rw) /etc/secrets from registry-tls (rw) /registry from registry-storage (rw) /usr/share/pki/ca-trust-source from trusted-ca (rw) /var/lib/kubelet/ from installation-pull-secrets (rw) /var/run/secrets/openshift/serviceaccount from bound-sa-token (ro) Volumes: registry-storage: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> registry-tls: Type: Projected (a volume that contains injected data from multiple sources) SecretName: image-registry-tls SecretOptionalName: <nil> ca-trust-extracted: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> registry-certificates: Type: ConfigMap (a volume populated by a ConfigMap) Name: image-registry-certificates Optional: false trusted-ca: Type: ConfigMap (a volume populated by a ConfigMap) Name: trusted-ca Optional: true installation-pull-secrets: Type: Secret (a volume populated by a Secret) SecretName: installation-pull-secrets Optional: true bound-sa-token: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3600 Topology Spread Constraints: kubernetes.io/hostname:DoNotSchedule when max skew 1 is exceeded for selector docker-registry=default node-role.kubernetes.io/worker:DoNotSchedule when max skew 1 is exceeded for selector docker-registry=default
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399