Critical DaemonSets Missing Universal Toleration

Solution Unverified - Updated -


When a node is configured with Taints, it prevents several critical cluster daemonsets from being scheduled on that node(s), causing the cluster to become unstable.

The DaemonSets affected are:

  1. The machine-config-daemon ds, in the openshift-machine-config-operator project
  2. The node-ca ds, in the openshift-image-registry project
  3. The dns-default ds, in the openshift-dns project*

This issue is currently being tracked in bugzilla.

If OpenShift Container Storage (OCS) is deployed, it includes the following DaemonSets which are also unable to schedule on nodes that are tainted or on master nodes. (with the exception of storage nodes containing the taint):

  1. The csi-cephfsplugin ds, in the openshift-storage project
  2. The csi-rbdplugin ds, in the openshift-storage project

* While the dns-default ds is affected by this issue, testing has determined that it does not critically impact cluster functionality and stability.


  • Red Hat OpenShift Container Platform (OCP) 4.1 - 4.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In