Bug 1475267

Summary: [3.3][containerized] Unable to mount secret volume on atomic host
Product: OpenShift Container Platform Reporter: Jianwei Hou <jhou>
Component: StorageAssignee: Pavel Pospisil <ppospisi>
Status: CLOSED NOTABUG QA Contact: Jianwei Hou <jhou>
Severity: low Docs Contact:
Priority: low    
Version: 3.3.1CC: aos-bugs, aos-storage-staff, bchilds, bleanhar, qcai
Target Milestone: ---Keywords: Regression
Target Release: 3.3.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-27 08:40:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jianwei Hou 2017-07-26 10:38:17 UTC
Description of problem:
Create a Pod using a secret volume, the volume can not be mounted.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Atomic Host release 7.2
openshift v3.3.1.46.6
kubernetes v1.3.0+52492b4
etcd 2.3.0+git

How reproducible:
Always

Steps to Reproduce:
1. Create a secret
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
  type: Opaque
  data:
    password: t
    username: t

2. Create a Pod.
{
 "apiVersion": "v1",
 "kind": "Pod",
  "metadata": {
    "name": "secretpd"
  },
  "spec": {
    "containers": [
      {
      "name": "c1",
      "image": "aosqe/hello-openshift",
      "volumeMounts": [
        {
        "name": "secret",
        "mountPath": "/mnt/secret",
        "readOnly": false
        }
       ]
     }
    ],
    "securityContext": {
        "fsGroup": 123456,
        "seLinuxOptions": {
            "level": "s0"
        }
    },
    "volumes": [{
      "name": "secret",
      "secret": {
        "secretName": "mysecret"
      }
    }]
  }
}


Actual results:
The secret volume didn't get mounted.

Expected results:
Pod is able to mount volume

Node Log (of failed PODs):
E0726 10:06:50.000272   14875 kubelet.go:2045] Unable to mount volumes for pod "secretpd_jhou(3d4e9926-71e9-11e7-95f2-fa163ef076fa)": timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]; skipping pod
E0726 10:06:50.000297   14875 pod_workers.go:183] Error syncing pod 3d4e9926-71e9-11e7-95f2-fa163ef076fa, skipping: timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]
I0726 10:06:50.000443   14875 server.go:656] Event(api.ObjectReference{Kind:"Pod", Namespace:"jhou", Name:"secretpd", UID:"3d4e9926-71e9-11e7-95f2-fa163ef076fa", APIVersion:"v1", ResourceVersion:"11792", FieldPath:""}): type: 'Warning' reason: 'FailedSync' Error syncing pod, skipping: timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]
I0726 10:06:50.000491   14875 server.go:656] Event(api.ObjectReference{Kind:"Pod", Namespace:"jhou", Name:"secretpd", UID:"3d4e9926-71e9-11e7-95f2-fa163ef076fa", APIVersion:"v1", ResourceVersion:"11792", FieldPath:""}): type: 'Warning' reason: 'FailedMount' Unable to mount volumes for pod "secretpd_jhou(3d4e9926-71e9-11e7-95f2-fa163ef076fa)": timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]

Additional info:

Comment 1 Qian Cai 2017-07-26 12:23:40 UTC
FYI, Atomic Host 7.2 is no longer supported. The support policy is only to support the latest version, i.e., 7.3.6 until 7.4 is out. However, if you are able to reproduce this on RHEL as well, the bug will still be valid.