Pods starting on other nodes than labeled nodes for the namespace #5615
Comments
Yeah you can't do that. Don't edit the static pod manifests; they are managed by RKE2 and your changes will be lost when RKE2 restarts. The same is true of the PSA config file; you should provide your own instead of editing the one managed by RKE2. Assuming you name your custom PSA config file at custom-pss.yaml, you could do something like this with your config.yaml: pod-security-admission-config-file: /etc/rancher/rke2/custom-pss.yaml
kube-apiserver-arg:
- "--enable-admission-plugins=NodeRestriction,PodNodeSelector" |
Thank you @brandond for your help on this. I understand I can provide Thank you for your help on this! |
|
Just do as I suggested. the file should be mounted into the pod automatically. |
Environmental Info:
RKE2 Version:
rke2 -v1.26.9
Node(s) CPU architecture, OS, and Version:
Linux rancher01 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Cluster Configuration:
3 servers, 10 agents
Describe the bug:
kube-apiserver.yaml and assigning node to namespace using podnodeselector does not work
Steps To Reproduce:
podNodeSelectorPluginConfig:
clusterDefaultNodeSelector: all
dev: dev
test: test
devops: devops
...
plugins:
path: podnodeselector.yaml
"e.g: scheduler.alpha.kubernetes.io/node-selector: env=test"
Expected behavior:
Test pods should only start on the env=test nodes.
Actual behavior:
Test pods should are deployed on other nodes.
Note:- I realized that all my above changes are reverted.
Additional context / logs:
None (n/a)
The text was updated successfully, but these errors were encountered: