Bug 1973580

Summary: Windows pod with a Projected Volume is stuck at ContainerCreating
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: Windows ContainersAssignee: Aravindh Puthiyaparambil <aravindh>
Status: CLOSED CURRENTRELEASE QA Contact: gaoshang <sgao>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.7CC: aos-bugs, aravindh, gmarkley, mankulka, nstielau, rphillips, sdodson
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: x86_64   
OS: Windows   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Windows Pods with a Projected Volume and with a RunAsUser present in the Pod's SecurityContext results in os.Chown() being executed for entities being projected. Consequence: os.Chown() is not implemented for Windows and results in an error being thrown and the Pod is stuck in ContainerCreating. Fix: Don't execute os.Chown() if the kubelet is running on Windows Result: Pods go to running
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-27 18:33:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1971745    
Bug Blocks: 1975553    

Comment 1 Aravindh Puthiyaparambil 2021-06-21 21:50:33 UTC 
Blocker flag did not get copied over on the cherry-pick
Comment 2 Aravindh Puthiyaparambil 2021-06-21 21:56:12 UTC 
I will open the PR to update the WMCO kubelet submodule once https://github.com/openshift/kubernetes/pull/815 merges
Comment 3 gaoshang 2021-06-25 06:17:56 UTC 
This bug has been verified on OCP 4.8.0-0.nightly-2021-06-23-201305 and passed, thanks.

Version-Release number of selected component (if applicable):
WMCO commit: 2043f8e518dd2f73498bde9f044ecda97f2f853e
OCP build: 4.8.0-0.nightly-2021-06-23-201305

Steps:
1, Build WMCO from master branch and install the operator on OCP 4.8
2, Bootstrap Windows node
3, Create the Secrets for Projected Volume
oc new-project winc-test
echo -n "admin" > ./username.txt
echo -n "1f2d1e2e67df" > ./password.txt
oc create secret generic user --from-file=./username.txt
oc create secret generic pass --from-file=./password.txt

4, Create Windows Pod with Projected Volume
e.g.
oc create -f https://raw.githubusercontent.com/sgaoshang/winc-test/master/data/WinWebServer_Projected_Volume.yaml

5, Check creating Windows pod with a Projected Volume succeed and the projected-volume directory contains your projected sources

$ oc get pod -owide
NAME                             READY   STATUS    RESTARTS   AGE   IP           NODE              NOMINATED NODE   READINESS GATES
win-webserver-66bbf764c5-rl9vb   1/1     Running   0          16m   10.132.0.2   winworker-h2wdm   <none>           <none>

$ oc exec -it win-webserver-66bbf764c5-rl9vb powershell
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.   

Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\> ls .\projected-volume\ 


    Directory: C:\projected-volume


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----         6/25/2021   2:00 AM                ..2021_06_25_06_00_02.8261305
                                                  19
d----l         6/25/2021   2:00 AM                ..data
-a---l         6/25/2021   2:00 AM              0 password.txt
-a---l         6/25/2021   2:00 AM              0 username.txt


PS C:\> cat .\projected-volume\username.txt
admin
PS C:\> cat .\projected-volume\password.txt
1f2d1e2e67df