Bug 1452010
| Summary: | Need have the admission controller PodPreset enabled | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Weihua Meng <wmeng> |
| Component: | Node | Assignee: | Derek Carr <decarr> |
| Status: | CLOSED ERRATA | QA Contact: | DeShuai Ma <dma> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.6.0 | CC: | aos-bugs, decarr, jokerman, mmccomas |
| Target Milestone: | --- | ||
| Target Release: | 3.6.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: |
undefined
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-10-25 13:02:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Weihua Meng
2017-05-18 07:15:11 UTC
PodPreset will default to off, but here is the PR that adds support in Origin: https://github.com/openshift/origin/pull/14461 PR merged. This bug is on latest ocp36, move to ON_QA # openshift version
openshift v3.6.106
kubernetes v1.6.1+5115d708d7
etcd 3.2.0
Steps to verify:
1. enable PodPreset admission controller in master-config.yaml as below
-------
admissionConfig:
pluginConfig:
PodPreset:
configuration:
kind: DefaultAdmissionConfig
apiVersion: v1
disable: false
2. Create a PodPreset and pod(the pod need match the label)
# cat podpreset.yaml
kind: PodPreset
apiVersion: settings.k8s.io/v1alpha1
metadata:
name: allow-database
spec:
selector:
matchLabels:
role: frontend
env:
- name: DB_PORT
value: "6379"
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
name: hello-pod
role: frontend
name: hello-pod
spec:
containers:
- image: "docker.io/deshuai/hello-pod:latest"
imagePullPolicy: IfNotPresent
name: hello-pod
ports:
- containerPort: 8080
protocol: TCP
resources: {}
securityContext:
capabilities: {}
privileged: false
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /tmp
name: tmp
dnsPolicy: ClusterFirst
restartPolicy: Always
serviceAccount: ""
volumes:
- emptyDir: {}
name: tmp
3. When pod is running, check the podpreset related value is injected to pod
[root@qe-dma36-master-1 tmp]# oc get po hello-pod
NAME READY STATUS RESTARTS AGE
hello-pod 1/1 Running 0 6m
[root@qe-dma36-master-1 tmp]# oc get po hello-pod -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
openshift.io/scc: anyuid
podpreset.admission.kubernetes.io/allow-database: "8352"
creationTimestamp: 2017-06-14T08:36:39Z
labels:
name: hello-pod
role: frontend
name: hello-pod
namespace: default
resourceVersion: "8386"
selfLink: /api/v1/namespaces/default/pods/hello-pod
uid: 95e85316-50dc-11e7-948a-42010af00013
spec:
containers:
- env:
- name: DB_PORT
value: "6379"
image: docker.io/deshuai/hello-pod:latest
imagePullPolicy: IfNotPresent
name: hello-pod
ports:
- containerPort: 8080
protocol: TCP
resources: {}
securityContext:
capabilities:
drop:
- MKNOD
- SYS_CHROOT
privileged: false
seLinuxOptions:
level: s0:c6,c5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /tmp
name: tmp
- mountPath: /cache
name: cache-volume
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-bq787
readOnly: true
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: default-dockercfg-25t3s
nodeName: qe-dma36-node-registry-router-1
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
seLinuxOptions:
level: s0:c6,c5
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: tmp
- emptyDir: {}
name: cache-volume
- name: default-token-bq787
secret:
defaultMode: 420
secretName: default-token-bq787
status:
conditions:
- lastProbeTime: null
lastTransitionTime: 2017-06-14T08:36:39Z
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: 2017-06-14T08:36:43Z
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: 2017-06-14T08:36:39Z
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://c0a6090283eed44040786491ecec652485beea5f277c7278774a5fdee1463408
image: docker.io/deshuai/hello-pod:latest
imageID: docker-pullable://docker.io/deshuai/hello-pod@sha256:90b815d55c95fffafd7b68a997787d0b939cdae1bca785c6f52b5d3ffa70714f
lastState: {}
name: hello-pod
ready: true
restartCount: 0
state:
running:
startedAt: 2017-06-14T08:36:42Z
hostIP: 10.240.0.20
phase: Running
podIP: 10.128.0.17
qosClass: BestEffort
startTime: 2017-06-14T08:36:39Z
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3049 |