How to set CoreDNS Operator into unmanaged state

Solution Verified - Updated 13 Jun 2024

Environment

Red Hat OpenShift Container Platform (RHOCP)
- 4

Issue

During troubleshooting an issue Red Hat Support Engineer has requested changes be performed to the CoreDNS configurations and deployments, these configurations are controlled by the OpenShift Cluster DNS Operator, which manages most of the resources within the openshift-dns namespace.
To perform changes to these managed resources, the Cluster DNS Operator must be disabled first.
The Cluster Version Operator (CVO) manages the Cluster DNS Operator and most of the resources in the openshift-dns-operator namespace. Therefore, the Cluster DNS Operator must be removed from the CVO management before it can be disabled to allow changes to the DNS configurations.

NOTE: This should not be performed without the request of an Red Hat OpenShift Support Engineers and will result in the OpenShift Cluster in an unsupported state

Resolution

Ensure Cluster DNS Operator is removed from Cluster Version Operator management by editing the ClusterVersion object as below:

$ oc edit clusterversion version
...
spec:
  overrides:
  - group: apps
    kind: Deployment
    name: dns-operator
    namespace: openshift-dns-operator
    unmanaged: true

Scale down the Cluster DNS Operator.
NOTE: This will result changes to DNS configurations persisting and will only revert changes once the Operator is re-enabled.
```
$ oc scale -n openshift-dns-operator --replicas=0 deploy/dns-operator
```
Once complete, revert changes to the DNS by configuring the Cluster Version Operator to manage the Cluster DNS Operator again as below:
```
$ oc edit clusterversion version
...
spec:
  overrides: []
```

NOTE: This change MUST be reverted before any cluster updates are performed

Root Cause

The Cluster Version Operator (CVO) manages all Cluster Operator deployments within OpenShift and is responsible for Cluster Operator upgrades during an OpenShift upgrade.
The CVO can be configured to exclude resources from it management list using the ClusterVersion resource.
The clusterversion.spec.overrides list allows the ability to specify resources that are included in the OpenShift management but should be temporarily excluded for testing purposes.
Generally speaking, it is possible to set other Cluster Operators as unmanaged following the procedure of this article. For instance to set the Ingress Cluster Operator as unmanaged, you would add the following entry in clusterversion.spec.overrides:

     - group: apps
       kind: Deployment
       name: ingress-operator
       namespace: openshift-ingress-operator
       unmanaged: true

The general caveat mentioned above applies for all Cluster Operators, this should not be performed without the request of an Red Hat OpenShift Support Engineers and will put the OpenShift Cluster in an unsupported state.

SBR

Product(s)

Red Hat OpenShift Container Platform

Components

Networking

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.