Bug 1270441
Summary: | The container in pod with user defined secret volume can't work | ||
---|---|---|---|
Product: | OKD | Reporter: | zhou ying <yinzhou> |
Component: | Deployments | Assignee: | Dan Mace <dmace> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | zhou ying <yinzhou> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.x | CC: | aos-bugs, bparees, pweil, yinzhou |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-23 21:15:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
zhou ying
2015-10-10 06:42:31 UTC
I'm not sure that there's any specific issue with deployments here. The secret is correctly added to the deployment template, and the pod gets the correct volumes as a result of the template change. The pod container fails to start- you'll need to use `docker logs 0368c644a3b8` to see why the container process failed. The container was not correctly created: [root@ip-172-18-2-48 amd64]# docker ps |grep hooks a6ce064da063 openshift/origin-pod:v1.0.6 "/pod" 2 minutes ago Up 2 minutes k8s_POD.829cf5d9_hooks-2-7k3my_zhy_88e0fcfa-764c-11e5-a55c-0e78887570a7_f54e5a0e oc logs hooks-2-7k3my Pod "hooks-2-7k3my" in namespace "zhy": container "mysql-55-centos7" is in waiting state. Can you attach your master logs when the container fails to be created? Also, the output of `oc get pod -o yaml`, `oc get dc -o yaml`, and `oc get rc -o yaml`. If you could provide steps to reproduce that would work from any machine, that would also be helpful (your example uses paths which aren't readable by my cluster locally, which could be another problem). pod Info: http://pastebin.test.redhat.com/321039 dc Info: http://pastebin.test.redhat.com/321040 rc Info: http://pastebin.test.redhat.com/321041 master logs: http://pastebin.test.redhat.com/321042 From your pod output, we can see that the hooks pod is created correctly. The container 52eeb9d354c229d91da813aed6a7b028bb78ad2684d3d6c5f6994dcfa25e5aa8 is repeatedly failing to start. You'll need to look at the docker logs to see why. Please share those logs here. When I use the hello-pod , the secret volume can be used, please see: http://pastebin.test.redhat.com/321731 http://pastebin.test.redhat.com/321733 But the mysql image still can use the secret volume, I use the `oc logs`: [root@ip-172-18-0-45 amd64]# oc get pods NAME READY STATUS RESTARTS AGE hooks-3-deploy 1/1 Running 0 22s hooks-3-posthook 1/1 Running 0 6s hooks-3-prehook 0/1 Completed 0 21s hooks-3-yqv4w 1/1 Running 0 7s [root@ip-172-18-0-45 amd64]# oc logs -f hooks-3-yqv4w Can't read /etc/scl/prefixes/mysql55, mysql55 is probably not installed. /var/lib/mysql/common.sh: line 101: mysql_install_db: command not found Running mysql_install_db ... [root@ip-172-18-0-45 amd64]# oc logs -f hooks-3-yqv4w Error from server: Internal error occurred: Pod "hooks-3-yqv4w" in namespace "zhouy" : pod is not in 'Running', 'Succeeded' or 'Failed' state - State: "Pending" Maybe this bug is related the image:openshift/mysql-55-centos7:latest. it appears you're configuring the secret to get mounted into "/etc": 4. Add the new secret to dc `oc volume dc/hooks --add --name=secret --type=secret --secret-name=my-secret --mount-path=/etc` that's a bad place to mount a secret because it's going to overwrite the entire contents of the /etc directory in the image, which is why mysql is failing to start with errors like: Can't read /etc/scl/prefixes/mysql55 Can you change this test scenario to mount the secret in a location where it will not overwrite critical image files and try again? Confirmed on /home ,wonderful! [root@ip-172-18-5-12 amd64]# oc volume dc/hooks --add --name=secret --type=secret --secret-name=my-secret --mount-path=/home deploymentconfigs/hooks [root@ip-172-18-5-12 amd64]# oc get pods NAME READY STATUS RESTARTS AGE hooks-2-ejjhf 1/1 Running 0 5m [root@ip-172-18-5-12 amd64]# oc exec hooks-2-ejjhf -- ls /home ssh-privatekey ssh-publickey |