Description of problem: By mistake, put binary secret into container env var, container run fails with cryptic random message like: $ oc logs hello-sinatra-3-f4v8x container_linux.go:247: starting container process caused "process_linux.go:291: setting cgroup config for ready process caused \"open /sys/fs/cgroup/cpu,cpuacct/system.slice/docker-ae38bec5b56d56780a990a2e9520af10861e6cc60b12373f769580feb1be5b5e.scope/cpu.shares: no such file or directory\"" container_linux.go:247: starting container process caused "process_linux.go:295: setting oom score for ready process caused \"write /proc/74956/oom_score_adj: invalid argument\"" $ oc secret new perl /usr/bin/perl $ oc edit dc spec: containers: - env: - name: binary valueFrom: secretKeyRef: key: perl name: perl The docker command for same works and it looks like docker filters some binary code for env: # docker run --env "foo=`cat /usr/bin/perl`" --rm -it registry.access.redhat.com/rhel7 bash Version-Release number of selected component (if applicable): atomic-openshift-3.5.5.15-1.git.0.4b5f317.el7.x86_64 docker-1.12.6-16.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. See description 2. 3. Actual results: Failed with various random message, like cgroups file not found, invalid argument, invalid header, etc. Expected results: Better error message, or filter the binary like docker does. Additional info:
Related upstream issue: https://github.com/kubernetes/kubernetes/issues/32432
This looks like it should be available since 3.10. There are no customer updates in the case since before 2017, and the reported customer version was 3.4. Closing current release. If this issue persists with the customer, please reopen with additional information.