Noticed an issue with bootstrap-only mode when the bootstrap completion annotation fails to be written.
When conditions are satisfied, the controller removes the taint and marks bootstrap as completed via a node annotation. If that annotation write fails, the taint is already removed but completion is never recorded.
Looking at the flow:
markBootstrapCompleted is only called during taint removal- if it fails, later reconciles may not call it again while the taint stays absent
- so the controller has no completion marker on the node
Because of that, if conditions change later, the controller can reapply the taint — even though bootstrap-only mode should not reapply after the first success.
Once the taint has been removed in bootstrap-only mode, it shouldn’t be added again just because the annotation step didn’t succeed.
Noticed an issue with bootstrap-only mode when the bootstrap completion annotation fails to be written.
When conditions are satisfied, the controller removes the taint and marks bootstrap as completed via a node annotation. If that annotation write fails, the taint is already removed but completion is never recorded.
Looking at the flow:
markBootstrapCompletedis only called during taint removalBecause of that, if conditions change later, the controller can reapply the taint — even though bootstrap-only mode should not reapply after the first success.
Once the taint has been removed in bootstrap-only mode, it shouldn’t be added again just because the annotation step didn’t succeed.