Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1516887

Summary: Nested secret missing when booting RHEL7.4 kernel (3.10.0-693.el7.x86_64)
Product: OpenShift Container Platform Reporter: Paul Dwyer <pdwyer>
Component: ContainersAssignee: Jhon Honce <jhonce>
Status: CLOSED DUPLICATE QA Contact: DeShuai Ma <dma>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.5.1CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-24 09:08:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul Dwyer 2017-11-23 13:47:14 UTC 
This may be a duplicate of bz 1516569, but I believe kernel version is important here.

Description of problem:
Attaching 2 secrets to a pod where 1 is nested below the other.
This works fine until boot RHEL7.4 kernel (3.10.0-693.el7.x86_64)


Version-Release number of selected component (if applicable):
# oc version
oc v3.5.5.31.36
kubernetes v1.5.2+43a9be4

How reproducible:
everytime

Steps to Reproduce:
Steps to Reproduce:

# mkdir ./basedir; echo "basefile1" > ./basedir/basefile1 ; echo "basefile2" > ./basedir/basefile2
# mkdir ./nestdir;  echo "nestfile1" > ./nestdir/nestfile1 ; echo "nestfile2" > ./nestdir/nestfile2

# oc create secret generic basedir --from-file ./basedir
# oc create secret generic nestdir --from-file ./nestdir

# oc new-app --template=httpd-example
# oc volume dc/httpd-example  --add --mount-path=/var/lib/basedir -t secret --secret-name='basedir' --name basedir
# oc volume dc/httpd-example  --add --mount-path=/var/lib/basedir/nestdir -t secret --secret-name='nestdir' --name nestdir

-- Pod shows as running and healthy 


Actual results:
In kernels below 3.10.0-693.el7.x86_64:
rsh to pod and nested secret exists

cd /var/lib/basedir/
sh-4.2$ ls
basefile1  basefile2 nestdir

In kernel 3.10.0-693.el7.x86_64:
rsh to pod and nested secret exists

cd /var/lib/basedir/
sh-4.2$ ls
basefile1  basefile2


Expected results:
nested secret to be available in pod


Additional info:
Checking mounts on the node I see them both as expected

mount | grep -e basedir -e nestdir
tmpfs on /var/lib/origin/openshift.local.volumes/pods/3caebd9b-d04e-11e7-82f8-fa163e187e87/volumes/kubernetes.io~secret/basedir type tmpfs (rw,relatime,seclabel)
tmpfs on /var/lib/origin/openshift.local.volumes/pods/3caebd9b-d04e-11e7-82f8-fa163e187e87/volumes/kubernetes.io~secret/nestdir type tmpfs (rw,relatime,seclabel)

no errors in logs
Nov 23 08:27:41 node-0.pdwyernew01961656.quicklab.pnq2.cee.redhat.com atomic-openshift-node[4568]: I1123 08:27:41.938570    4568 operation_executor.go:1077] MountVolume.SetUp succeeded for volume "kubernetes.io/secret/3caebd9b-d04e-11e7-82f8-fa163e187e87-nestdir" (spec.Name: "nestdir") pod "3caebd9b-d04e-11e7-82f8-fa163e187e87" (UID: "3caebd9b-d04e-11e7-82f8-fa163e187e87").
Nov 23 08:27:41 node-0.pdwyernew01961656.quicklab.pnq2.cee.redhat.com atomic-openshift-node[4568]: I1123 08:27:41.940681    4568 operation_executor.go:1077] MountVolume.SetUp succeeded for volume "kubernetes.io/secret/3caebd9b-d04e-11e7-82f8-fa163e187e87-basedir" (spec.Name: "basedir") pod "3caebd9b-d04e-11e7-82f8-fa163e187e87" (UID: "3caebd9b-d04e-11e7-82f8-fa163e187e87").