Bug 2029466

Summary: [4.8] Kubelet can call the NodePublishVolume function of a CSI driver without calling NodeStageVolume
Product: OpenShift Container Platform Reporter: Emmanuel Kasper <ekasprzy>
Component: StorageAssignee: Jan Safranek <jsafrane>
Storage sub component: Kubernetes QA Contact: Wei Duan <wduan>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: aos-bugs, jsafrane, tsmetana
Version: 4.8   
Target Milestone: ---   
Target Release: 4.8.z   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Fixed mounting of volumes to Pods after Kubernetes timed out when cleaning up the volumes from a previous Pod.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-16 06:51:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1936408    
Bug Blocks:    

Description Emmanuel Kasper 2021-12-06 15:18:21 UTC 
Description of problem:

Version-Release number of selected component (if applicable):

Kubelet can call the NodePublishVolume function of a CSI driver without calling NodeStageVolume.

How reproducible: Sometimes

This has been fixed already in https://github.com/kubernetes/kubernetes/issues/100182 but and integrated in OpenShift 4.9 but it makes sense to backport the fix for 4.8 since this is an EUS release.
Comment 2 Jan Safranek 2021-12-14 08:55:32 UTC 
This is the same bug as https://bugzilla.redhat.com/show_bug.cgi?id=1936408, only for 4.8
Comment 3 Jan Safranek 2021-12-14 11:42:58 UTC 
Upstream cherry-pick: https://github.com/kubernetes/kubernetes/pull/107014
Comment 4 Emmanuel Kasper 2021-12-17 09:24:45 UTC 
This behaviour can potentially cause a worker node outage under the following condition:
if NodePublishVolume is called while the mount point which should have been created by NodeStageVolume is not there, the pod using the volume will write on the root partition of the worker node. If you write a lot of data you will fillup the root partition, making the node unschedulable.
Comment 14 errata-xmlrpc 2022-02-16 06:51:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.31 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0484