Description of problem: Creating a new env using latest build fails router deployment with following error 51s 51s 1 {kubelet ip-172-31-30-79.us-west-2.compute.internal} Warning FailedSync Error syncing pod, skipping: timeout expired waiting for volumes to attach/mount for pod "router-2-byrgc"/"default". list of unattached/unmounted volumes=[server-certificate] Version-Release number of selected component (if applicable): openshift v3.3.0.24-dirty kubernetes v1.3.0+507d3a7 etcd 2.3.0+git How reproducible: Always Actual results: Router deployment fails Expected results: Should show running router pod Additional info: root@ip-172-31-42-192: ~ # oc describe pod router-2-byrgc Name: router-2-byrgc Namespace: default Security Policy: hostnetwork Node: ip-172-31-30-79.us-west-2.compute.internal/172.31.30.79 Start Time: Tue, 23 Aug 2016 14:59:43 -0400 Labels: deployment=router-2 deploymentconfig=router router=router Status: Pending IP: 172.31.30.79 Controllers: ReplicationController/router-2 Containers: router: Container ID: Image: registry.ops.openshift.com/openshift3/ose-haproxy-router:v3.3.0.24 Image ID: Ports: 80/TCP, 443/TCP, 1936/TCP Requests: cpu: 100m memory: 256Mi State: Waiting Reason: ContainerCreating Ready: False Restart Count: 0 Liveness: http-get http://localhost:1936/healthz delay=10s timeout=1s period=10s #success=1 #failure=3 Readiness: http-get http://localhost:1936/healthz delay=10s timeout=1s period=10s #success=1 #failure=3 Volume Mounts: /etc/pki/tls/private from server-certificate (ro) /var/run/secrets/kubernetes.io/serviceaccount from router-token-93w7h (ro) Environment Variables: DEFAULT_CERTIFICATE_DIR: /etc/pki/tls/private ROUTER_EXTERNAL_HOST_HOSTNAME: ROUTER_EXTERNAL_HOST_HTTPS_VSERVER: ROUTER_EXTERNAL_HOST_HTTP_VSERVER: ROUTER_EXTERNAL_HOST_INSECURE: false ROUTER_EXTERNAL_HOST_PARTITION_PATH: ROUTER_EXTERNAL_HOST_PASSWORD: ROUTER_EXTERNAL_HOST_PRIVKEY: /etc/secret-volume/router.pem ROUTER_EXTERNAL_HOST_USERNAME: ROUTER_SERVICE_HTTPS_PORT: 443 ROUTER_SERVICE_HTTP_PORT: 80 ROUTER_SERVICE_NAME: router ROUTER_SERVICE_NAMESPACE: default ROUTER_SUBDOMAIN: STATS_PASSWORD: 65oHy794Oh STATS_PORT: 1936 STATS_USERNAME: admin Conditions: Type Status Initialized True Ready False PodScheduled True Volumes: server-certificate: Type: Secret (a volume populated by a Secret) SecretName: router-certs router-token-93w7h: Type: Secret (a volume populated by a Secret) SecretName: router-token-93w7h QoS Tier: Burstable Events: FirstSeen LastSeen Count From SubobjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 2m 2m 1 {default-scheduler } Normal Scheduled Successfully assigned router-2-byrgc to ip-172-31-30-79.us-west-2.compute.internal 51s 51s 1 {kubelet ip-172-31-30-79.us-west-2.compute.internal} Warning FailedMount Unable to mount volumes for pod "router-2-byrgc_default(c06ea8e2-6963-11e6-b6b7-022f4946b0b5)": timeout expired waiting for volumes to attach/mount for pod "router-2-byrgc"/"default". list of unattached/unmounted volumes=[server-certificate] 51s 51s 1 {kubelet ip-172-31-30-79.us-west-2.compute.internal} Warning FailedSync Error syncing pod, skipping: timeout expired waiting for volumes to attach/mount for pod "router-2-byrgc"/"default". list of unattached/unmounted volumes=[server-certificate]
Raising the priority as its blocking the env creation completely.
see https://bugzilla.redhat.com/show_bug.cgi?id=1349144#c19 for 'by hand' workaround. ansible issue for 'real fix'
That is assigned to abutcher (issue 2345)
As part of setting this up the stanza needs to added to master-config.yaml and to get the service annotation secrets to work the server-signer.{crt,key} needs to be created first. The user should be able to supply this crt/key.
*** This bug has been marked as a duplicate of bug 1349144 ***