Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2087685

Summary: KASO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile
Product: OpenShift Container Platform Reporter: Harshal Patil <harpatil>
Component: NodeAssignee: Swarup Ghosh <swghosh>
Node sub component: Kubelet QA Contact: Weinan Liu <weinliu>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: weinliu
Version: 4.11   
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature: Rejection of extreme worker latency profile transition from/to Default <-> LowUpdateSlowReaction profile(s) through admission validation of nodes.config.openshift.io/v1/cluster object Reason: Operator(s) involved in updating the worker latency profile via Kubelet, Kube API Server and Kube Controller Manager on the cluster should not allow transition to/from Default <-> LowUpdateSlowReaction latency profiles as that could destabilize the cluster during transition. Result: Users cannot update the latency profile to and fro between extreme profiles on the config node object supported via resource validation admission.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-10 11:12:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Harshal Patil 2022-05-18 08:55:28 UTC 
During the testing with the latest nightly it appears that Kube API Server Operator is able to apply LowUpdateSlowReaction even though the cluster is at Default WorkerLatencyProfile. 


This violates the cluster stability analysis [1]. Transition from Default to LowUpdateSlowReaction and vice-versa should be prohibited. 


[1] https://github.com/openshift/enhancements/blob/master/enhancements/worker-latency-profile/worker-latency-profile.md#default---lowupdateslowreaction
Comment 1 Swarup Ghosh 2022-06-14 11:11:02 UTC 
The fix is merged through https://github.com/openshift/kubernetes/pull/1287. 
So essentially OpenShift/k8s API Server admission will reject any updates on the nodes.config.openshift.io/cluster object to/from Default <-> LowUpdateSlowReaction worker latency profile on the cluster, thus user will not be able to directly jump extreme profiles which helps favour cluster stability as described above. 

If users want to set LowUpdateSlowReaction profile for their cluster they should either do it at Day-0 or transition Default -> MediumUpdateAverageReaction -> LowUpdateSlowReaction in succession.
Comment 7 errata-xmlrpc 2022-08-10 11:12:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069