Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
Cloned from here:
https://bugzilla.redhat.com/show_bug.cgi?id=1228189#c10
Docker on RHEL7 should not claim the /run/secrets directory as this prevents
other projects delivering other secret content into it. For example the
Service Accounts in Kubernetes is storing all secrets into:
/run/secrets/kubernetes.io/...
directory which is over-mounted by tmpfs volume mount with RHEL secrets.
The RHEL secrets should be delivered from namespaced directory, like:
/run/secrets/rhel7(?)
Version-Release number of selected component (if applicable):
How reproducible:
$ docker run -it -v /foo:/var/run/secrets/foo rhel7-image /bin/bash
$ ls /var/run/secrets/foo # -> directory not found
$ ls /var/run/secrets
rhel7.repo rhsm
Expected results:
RHEL7 docker delivers the its own secrets into namespaced directory under '/var/run/secrets'.
Additional info:
Fixed in git, Lokesh can you do a docker-1.6.2 rebuild for rhel.
Comment 7Timothy St. Clair
2015-06-10 13:44:30 UTC
I seem to still be having a failed secrets mount on Atomic 7.1.3 image when running kubernetes networking tests.
https://github.com/GoogleCloudPlatform/kubernetes/issues/9208#issuecomment-109434815
# docker version
Client version: 1.6.2
Client API version: 1.18
Go version (client): go1.4.2
Git commit (client): ac7d43f/1.6.2
OS/Arch (client): linux/amd64
Server version: 1.6.2
Server API version: 1.18
Go version (server): go1.4.2
Git commit (server): ac7d43f/1.6.2
OS/Arch (server): linux/amd64
# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
* 2015-06-08 15:08:12 7.1.3 cf92d91ef9 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
Okay(In reply to Timothy St. Clair from comment #9)
> Because we only see this issue with the latest k8's on a 7.1.3 host I'm
> going to move this back to ON_QA, b/c we had not seen this until recently.
Okay, it's works fine for me in docker-1.6.2-10.el7.x86_64, so i'd like to move it to verified, feel free reopen if it can be reproduced.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHBA-2015-1536.html