OCPBUGS-74232: volume-data-source-validator should run on master nodes

[RomanBednar]

The volume-data-source-validator deployment was missing nodeSelector and tolerations required to ensure it runs on master/control plane nodes. This is inconsistent with other control plane components in the same namespace (openshift-cluster-storage-operator) such as vsphere-problem-detector and the main cluster-storage-operator.

Added:

• nodeSelector with node-role.kubernetes.io/master label
• CriticalAddonsOnly toleration
• node-role.kubernetes.io/master toleration with NoSchedule effect

This ensures the validator pod:

• Only schedules on control plane nodes
• Tolerates the NoSchedule taint on master nodes
• Maintains consistency with other critical control plane components

cc @openshift/storage

[openshift-ci-robot]

@RomanBednar: This pull request references Jira Issue OCPBUGS-74232, which is invalid:

• expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The volume-data-source-validator deployment was missing nodeSelector and tolerations required to ensure it runs on master/control plane nodes. This is inconsistent with other control plane components in the same namespace (openshift-cluster-storage-operator) such as vsphere-problem-detector and the main cluster-storage-operator.

Added:

• nodeSelector with node-role.kubernetes.io/master label
• CriticalAddonsOnly toleration
• node-role.kubernetes.io/master toleration with NoSchedule effect

This ensures the validator pod:

• Only schedules on control plane nodes
• Tolerates the NoSchedule taint on master nodes
• Maintains consistency with other critical control plane components

cc @openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RomanBednar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [RomanBednar]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[RomanBednar]

/jira refresh
/cherry-pick release-4.21
/cherry-pick release-4.20

[openshift-cherrypick-robot]

@RomanBednar: once the present PR merges, I will cherry-pick it on top of release-4.20, release-4.21 in new PRs and assign them to you.

Details

In response to this:

/jira refresh
/cherry-pick release-4.21
/cherry-pick release-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

@RomanBednar: This pull request references Jira Issue OCPBUGS-74232, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

Details

In response to this:

/jira refresh
/cherry-pick release-4.21
/cherry-pick release-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[RomanBednar]

/retest-required

[duanwei33]

/verified by @duanwei33

$ curl -sL https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_cluster-storage-operator/659/pull-ci-openshift-cluster-storage-operator-main-e2e-gcp-csi/2014281016293724160/artifacts/e2e-gcp-csi/gather-extra/artifacts/pods.json | jq '.items[] | select(.metadata.labels | tostring | contains("volume-data-source-validator")) | {podName: .metadata.name, nodeName: .spec.nodeName, nodeSelector: .spec.nodeSelector}'
{
  "podName": "volume-data-source-validator-7fbd4f4889-49rqs",
  "nodeName": "ci-op-fy71pm30-c31b1-4mtgp-master-0",
  "nodeSelector": {
    "node-role.kubernetes.io/master": ""
  }
}

[duanwei33]

/retest-required

[openshift-ci-robot]

@duanwei33: This PR has been marked as verified by @duanwei33.

Details

In response to this:

/verified by @duanwei33

$ curl -sL https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_cluster-storage-operator/659/pull-ci-openshift-cluster-storage-operator-main-e2e-gcp-csi/2014281016293724160/artifacts/e2e-gcp-csi/gather-extra/artifacts/pods.json | jq '.items[] | select(.metadata.labels | tostring | contains("volume-data-source-validator")) | {podName: .metadata.name, nodeName: .spec.nodeName, nodeSelector: .spec.nodeSelector}'
{
 "podName": "volume-data-source-validator-7fbd4f4889-49rqs",
 "nodeName": "ci-op-fy71pm30-c31b1-4mtgp-master-0",
 "nodeSelector": {
   "node-role.kubernetes.io/master": ""
 }
}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[duanwei33]

Wait, after checking the failed hypershift job, the volume-data-source-validator is deployed to the guest cluster and the guest cluster only has worker nodes — so the storage CO is degraded.

  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2026-03-02T05:16:33Z"
      message: '0/3 nodes are available: 3 node(s) didn''t match Pod''s node affinity/selector.
        no new claims to deallocate, preemption: 0/3 nodes are available: 3 Preemption
        is not helpful for scheduling.'
      observedGeneration: 1
      reason: Unschedulable
      status: "False"
      type: PodScheduled
    phase: Pending

I think we need to add this like the csidriveroperators.

[duanwei33]

/verified cancel

[openshift-ci-robot]

@duanwei33: The /verified command must be used with one of the following actions: by, later, remove, or bypass. See https://docs.ci.openshift.org/docs/architecture/jira/#premerge-verification for more information.

Details

In response to this:

/verified cancel

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[duanwei33]

/verified remove

[openshift-ci-robot]

@duanwei33: /verified bypass and /verified remove do not support arguments. See https://docs.ci.openshift.org/docs/architecture/jira/#premerge-verification for more information.

Details

In response to this:

/verified remove

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[duanwei33]

/verified remove

[openshift-ci-robot]

@duanwei33: The verified label has been removed.

Details

In response to this:

/verified remove

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 97e37723-34a2-4fa8-ba7d-257ff737d210

📥 Commits

Reviewing files that changed from the base of the PR and between f7b0b15 and d9b6091.

📒 Files selected for processing (2)

• assets/volumedatasourcevalidator/04_deployment.yaml
• pkg/operator/volumedatasourcevalidator/controller.go

---

Walkthrough

The volume data source validator is updated to support control plane topology awareness by adding scheduling constraints to the deployment manifest and integrating infrastructure configuration informers and control plane topology hooks into the deployment controller.

Changes

Cohort / File(s)	Summary
Volume Data Source Validator Scheduling assets/volumedatasourcevalidator/04_deployment.yaml	Added nodeSelector and tolerations to Pod spec to restrict validator pod scheduling to master nodes with CriticalAddonsOnly and NoSchedule taints.
Validator Controller Configuration pkg/operator/volumedatasourcevalidator/controller.go	Integrated infrastructure config informer and control plane topology deployment hook to enable topology-aware scheduling logic.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can get early access to new features in CodeRabbit.

Enable the early_access setting to enable early access features such as new models, tools, and more.

[RomanBednar]

@duanwei33 I think we need WithControlPlaneTopologyHook to remove the node selector on hypershift - this is what problem detector is using too.

I'm assuming it is ok to run the validator in guest cluster (as before) because VolumePopulator objects should live in the guest cluster too I think because on hypershift populator authors would not have access to management cluster.

The validator could run in management cluster instead. However, that would require much more refactoring to a structure similar to CSI Operators, as you suggested.

[duanwei33]

@RomanBednar Thanks for the explanation, I see the WithControlPlaneTopologyHook implementation now. This works on both standard and hypershift clusters, and that's fine from my side.

[duanwei33]

/retest

[duanwei33]

/verified by @duanwei33

Just re-triggered the hypershift-aws-e2e-external job (one test case looks like a flake).

[openshift-ci-robot]

@duanwei33: This PR has been marked as verified by @duanwei33.

Details

In response to this:

/verified by @duanwei33

Just re-triggered the hypershift-aws-e2e-external job (one test case looks like a flake).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[RomanBednar]

/retest-required

[openshift-ci]

@RomanBednar: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.