Managing an upgrade to OpenShift 4.18 or later for a cluster with an existing NUMA-aware scheduler configuration
From OpenShift 4.18, the NUMA Resources Operator no longer creates a custom SELinux policy to enable the installation of Operator components on a target node. Instead, the Operator uses a built-in container SELinux policy. This change removes the additional node reboot that was required when installing the Operator in earlier versions of OpenShift.
However, in clusters with an existing NUMA-aware scheduler configuration, if you upgrade to 4.18, the NUMA Resources Operator removes the MachineConfig resource that previously applied the custom SELinux policy. This action triggers one additional reboot for each configured node. Also, resource topology exporter pods might temporarily enter a CrashLoopBackOff state during this process. This is expected behavior as the Operator transitions to the built-in SELinux policy.
If you need to defer the additional reboot you can apply an annotation before upgrading to OpenShift 4.18. Use the following procedure to apply the annotation by using a patch command.
IMPORTANT You can use this annotation to manage the timing of the transition. However, when the annotation is removed, the target nodes will reboot. This annotation is not part of the NUMAResourcesOperator API and will be deprecated in a future release.
Prerequisites
-
You have OpenShift version 4.17 or earlier with an existing NUMA-aware scheduler configuration.
-
You have the OpenShift CLI (
oc) installed. -
You want to defer the additional reboot that is triggered by the removal of the custom SELinux policy when upgrading to OpenShift 4.18 or later.
Procedure
-
Patch the
NUMAResourcesOperatorobject to add theconfig.node.openshift-kni.io/selinux-policyannotation by running the following command:$ oc patch numaresourcesoperators.nodetopology.openshift.io numaresourcesoperator \ --type='json' -p '[{"op": "add", "path": "/spec/nodeGroups/0/annotations", "value": {"config.node.openshift-kni.io/selinux-policy":"custom"}}]'
This patch example will patch the numaresourcesoperators object named numaresourcesoperator adding the config.node.openshift-kni.io/selinux-policy:"custom" annotation to the nodeGroups object at index 0.