Created attachment 1290585 [details] unresponsive script on build pod page Description of problem: Page with pod in terminating state freeze browser Version-Release number of selected component (if applicable): v3.6.121 Firefox version: 50.1.0 How reproducible: Always Steps to Reproduce: 1. Create nodejs application from catalog with "Try sample repo" source 2. Wait until all resources are created 3. Delete nodejs build pod on web page 4. Go to nodejs build pod page Actual results: The pod is in terminating state. Page becomes unresponsive and Firefox freezes(after some time popup window appears with option to stop the script, see attachment) Expected results: UI works well Additional info: The problem only happens when: pod is "build pod" and pod is deleted through web. Other pods deleted though web, or build pod deleted in oc, don't have this problem
Looks like we're getting spammed with watch updates. I see this error in the logs, which might be the cause. E0622 12:55:15.552128 12295 garbagecollector.go:167] Error syncing item &garbagecollector.node{identity:garbagecollector.objectReference{OwnerReference:v1.OwnerReference{APIVersion:"v1", Kind:"Pod", Name:"nodejs-ex-2-build", UID:"7cc85b03-5748-11e7-aed8-9e0e2b8a4114", Controller:(*bool)(nil), BlockOwnerDeletion:(*bool)(nil)}, Namespace:"delete-build-pod"}, dependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:0, readerWait:0}, dependents:map[*garbagecollector.node]struct {}{}, deletingDependents:true, deletingDependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:0, readerWait:0}, beingDeleted:true, beingDeletedLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:0, readerWait:0}, owners:[]v1.OwnerReference{v1.OwnerReference{APIVersion:"build.openshift.io/v1", Kind:"Build", Name:"nodejs-ex-2", UID:"7cc533f5-5748-11e7-aed8-9e0e2b8a4114", Controller:(*bool)(0xc4366d34d0), BlockOwnerDeletion:(*bool)(nil)}}}: pods "nodejs-ex-2-build" is forbidden: unable to validate against any security context constraint: [provider restricted: .spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed provider restricted: .spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used]
This is likely fixed by https://github.com/openshift/origin/pull/14816
PR linked in comment 2 did not resolve the issue
The issue is not web console specific, it occurs if the build pod is deleted with Foreground propagationPolicy
The suspicion is that this is somehow related to SCCs in combination with garbage collection. Sending to Build component for the moment to help narrow down what about the build pod might be triggering this.
This affects web console performance of other pages that watch pods like the overview.
Easily reproducible with a simple pod example that uses SCC apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged name: test-build-pod-issue spec: containers: - image: openshift/hello-openshift imagePullPolicy: IfNotPresent name: hello securityContext: privileged: true restartPolicy: Never 1) Have a user with privileged SCC create the pod in a project. 2) Have a user without privileged SCC but with pod DELETE rights, delete the pod with Foreground propagationPolicy Pod will be stuck in Terminating.
Clearly an SCC+GC issue so will go ahead and transfer to @deads
https://github.com/openshift/origin/pull/14867
That pull merged. @eparis POST is the correct status?
POST means you posted a PR for review. MODIFIED means the actual code base has been modified to fix this issue.
Issue fixed in v3.6.126.1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716