From a3dfe3bc083a2118ea3d081c2282aa2abbfe5abc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20W=C4=99grzyn?= <jakweg@google.com>
Date: Wed, 6 May 2026 11:54:01 +0000
Subject: [PATCH 1/2] Ignore SysctlChanged condition when using `kf doctor`

---
 pkg/kf/doctor/cluster.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pkg/kf/doctor/cluster.go b/pkg/kf/doctor/cluster.go
index 20e627786..46499c3f5 100644
--- a/pkg/kf/doctor/cluster.go
+++ b/pkg/kf/doctor/cluster.go
@@ -500,6 +500,17 @@ func diagnoseNodes(ctx context.Context, d *Diagnostic, kubernetes kubernetes.Int
 									cond.Message,
 								)
 							}
+						case cond.Type == "SysctlChanged":
+							if cond.Status != corev1.ConditionFalse {
+								if cond.Message != "{\"unmanaged\": {\"kernel.cad_pid\": \"1\"}}" {
+									d.Errorf(
+										"Condition %s is not healthy, current status is %q with message %q",
+										cond.Type,
+										cond.Status,
+										cond.Message,
+									)
+								}
+							}
 						default:
 							// Other conditions on the node should be false because they
 							// indicate specific failure conditions when set to true.

From 8ddad6a9f80695a49300b96ee469f5319a56eb55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20W=C4=99grzyn?= <jakweg@google.com>
Date: Thu, 7 May 2026 12:25:00 +0000
Subject: [PATCH 2/2] Generalize condition ignorance

---
 pkg/kf/doctor/cluster.go | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/pkg/kf/doctor/cluster.go b/pkg/kf/doctor/cluster.go
index 46499c3f5..89c227811 100644
--- a/pkg/kf/doctor/cluster.go
+++ b/pkg/kf/doctor/cluster.go
@@ -422,6 +422,11 @@ func diagnoseDaemonSets(ctx context.Context, d *Diagnostic, kubernetes kubernete
 	}
 }
 
+func conditionShouldBeIgnored(condition corev1.NodeCondition) bool {
+	shouldIgnore := condition.Type == "SysctlChanged" && condition.Status != corev1.ConditionFalse && condition.Message == "{\"unmanaged\": {\"kernel.cad_pid\": \"1\"}}"
+	return shouldIgnore
+}
+
 func diagnoseNodes(ctx context.Context, d *Diagnostic, kubernetes kubernetes.Interface) {
 	nodesList, err := kubernetes.CoreV1().Nodes().List(ctx, metav1.ListOptions{})
 	switch {
@@ -500,21 +505,10 @@ func diagnoseNodes(ctx context.Context, d *Diagnostic, kubernetes kubernetes.Int
 									cond.Message,
 								)
 							}
-						case cond.Type == "SysctlChanged":
-							if cond.Status != corev1.ConditionFalse {
-								if cond.Message != "{\"unmanaged\": {\"kernel.cad_pid\": \"1\"}}" {
-									d.Errorf(
-										"Condition %s is not healthy, current status is %q with message %q",
-										cond.Type,
-										cond.Status,
-										cond.Message,
-									)
-								}
-							}
 						default:
-							// Other conditions on the node should be false because they
-							// indicate specific failure conditions when set to true.
-							if cond.Status != corev1.ConditionFalse {
+							// Other conditions on the node should be false (unless known issue)
+							// because they indicate specific failure conditions when set to true.
+							if cond.Status != corev1.ConditionFalse && !conditionShouldBeIgnored(cond) {
 								d.Errorf(
 									"Condition %s is not healthy, current status is %q with message %q",
 									cond.Type,