From 08b1b1d5a479e35d55d91ce2b60fb2a37aaa763d Mon Sep 17 00:00:00 2001 From: Abhijit Hoskeri Date: Mon, 20 Oct 2025 17:49:29 -0700 Subject: [PATCH] Do not log untolerated taint in pod status updates. The taint toleration plugin records taint keys and values from non-matching nodes. Taint keys and values may be sensitive information in some environments. Use a generic message, and show the info in logs instead. --- .../framework/plugins/tainttoleration/taint_toleration.go | 4 ++-- .../plugins/tainttoleration/taint_toleration_test.go | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration.go b/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration.go index 38dd3b7df3d..e34311188b2 100644 --- a/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration.go +++ b/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration.go @@ -115,8 +115,8 @@ func (pl *TaintToleration) Filter(ctx context.Context, state fwk.CycleState, pod return nil } - errReason := fmt.Sprintf("node(s) had untolerated taint {%s: %s}", taint.Key, taint.Value) - return fwk.NewStatus(fwk.UnschedulableAndUnresolvable, errReason) + klog.FromContext(ctx).V(4).Info("node had untolerated taints", "node", klog.KObj(node), "pod", klog.KObj(pod), "untoleratedTaint", taint) + return fwk.NewStatus(fwk.UnschedulableAndUnresolvable, "node(s) had untolerated taint(s)") } // preScoreState computed at PreScore and used at Score. diff --git a/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration_test.go b/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration_test.go index 306bbe98073..3478ae79e43 100644 --- a/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration_test.go +++ b/pkg/scheduler/framework/plugins/tainttoleration/taint_toleration_test.go @@ -283,7 +283,7 @@ func TestTaintTolerationFilter(t *testing.T) { pod: podWithTolerations("pod1", []v1.Toleration{}), node: nodeWithTaints("nodeA", []v1.Taint{{Key: "dedicated", Value: "user1", Effect: "NoSchedule"}}), wantStatus: fwk.NewStatus(fwk.UnschedulableAndUnresolvable, - "node(s) had untolerated taint {dedicated: user1}"), + "node(s) had untolerated taint(s)"), }, { name: "A pod which can be scheduled on a dedicated node assigned to user1 with effect NoSchedule", @@ -295,7 +295,7 @@ func TestTaintTolerationFilter(t *testing.T) { pod: podWithTolerations("pod1", []v1.Toleration{{Key: "dedicated", Operator: "Equal", Value: "user2", Effect: "NoSchedule"}}), node: nodeWithTaints("nodeA", []v1.Taint{{Key: "dedicated", Value: "user1", Effect: "NoSchedule"}}), wantStatus: fwk.NewStatus(fwk.UnschedulableAndUnresolvable, - "node(s) had untolerated taint {dedicated: user1}"), + "node(s) had untolerated taint(s)"), }, { name: "A pod can be scheduled onto the node, with a toleration uses operator Exists that tolerates the taints on the node", @@ -319,7 +319,7 @@ func TestTaintTolerationFilter(t *testing.T) { pod: podWithTolerations("pod1", []v1.Toleration{{Key: "foo", Operator: "Equal", Value: "bar", Effect: "PreferNoSchedule"}}), node: nodeWithTaints("nodeA", []v1.Taint{{Key: "foo", Value: "bar", Effect: "NoSchedule"}}), wantStatus: fwk.NewStatus(fwk.UnschedulableAndUnresolvable, - "node(s) had untolerated taint {foo: bar}"), + "node(s) had untolerated taint(s)"), }, { name: "The pod has a toleration that keys and values match the taint on the node, the effect of toleration is empty, " +