Bug 1475267 - [3.3][containerized] Unable to mount secret volume on atomic host
[3.3][containerized] Unable to mount secret volume on atomic host
Status: CLOSED NOTABUG
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage (Show other bugs)
3.3.1
Unspecified Unspecified
low Severity low
: ---
: 3.3.1
Assigned To: Pavel Pospisil
Jianwei Hou
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-26 06:38 EDT by Jianwei Hou
Modified: 2017-07-27 04:40 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-07-27 04:40:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jianwei Hou 2017-07-26 06:38:17 EDT
Description of problem:
Create a Pod using a secret volume, the volume can not be mounted.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Atomic Host release 7.2
openshift v3.3.1.46.6
kubernetes v1.3.0+52492b4
etcd 2.3.0+git

How reproducible:
Always

Steps to Reproduce:
1. Create a secret
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
  type: Opaque
  data:
    password: t
    username: t

2. Create a Pod.
{
 "apiVersion": "v1",
 "kind": "Pod",
  "metadata": {
    "name": "secretpd"
  },
  "spec": {
    "containers": [
      {
      "name": "c1",
      "image": "aosqe/hello-openshift",
      "volumeMounts": [
        {
        "name": "secret",
        "mountPath": "/mnt/secret",
        "readOnly": false
        }
       ]
     }
    ],
    "securityContext": {
        "fsGroup": 123456,
        "seLinuxOptions": {
            "level": "s0"
        }
    },
    "volumes": [{
      "name": "secret",
      "secret": {
        "secretName": "mysecret"
      }
    }]
  }
}


Actual results:
The secret volume didn't get mounted.

Expected results:
Pod is able to mount volume

Node Log (of failed PODs):
E0726 10:06:50.000272   14875 kubelet.go:2045] Unable to mount volumes for pod "secretpd_jhou(3d4e9926-71e9-11e7-95f2-fa163ef076fa)": timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]; skipping pod
E0726 10:06:50.000297   14875 pod_workers.go:183] Error syncing pod 3d4e9926-71e9-11e7-95f2-fa163ef076fa, skipping: timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]
I0726 10:06:50.000443   14875 server.go:656] Event(api.ObjectReference{Kind:"Pod", Namespace:"jhou", Name:"secretpd", UID:"3d4e9926-71e9-11e7-95f2-fa163ef076fa", APIVersion:"v1", ResourceVersion:"11792", FieldPath:""}): type: 'Warning' reason: 'FailedSync' Error syncing pod, skipping: timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]
I0726 10:06:50.000491   14875 server.go:656] Event(api.ObjectReference{Kind:"Pod", Namespace:"jhou", Name:"secretpd", UID:"3d4e9926-71e9-11e7-95f2-fa163ef076fa", APIVersion:"v1", ResourceVersion:"11792", FieldPath:""}): type: 'Warning' reason: 'FailedMount' Unable to mount volumes for pod "secretpd_jhou(3d4e9926-71e9-11e7-95f2-fa163ef076fa)": timeout expired waiting for volumes to attach/mount for pod "secretpd"/"jhou". list of unattached/unmounted volumes=[secret default-token-gbeeu]

Additional info:
Comment 1 CAI Qian 2017-07-26 08:23:40 EDT
FYI, Atomic Host 7.2 is no longer supported. The support policy is only to support the latest version, i.e., 7.3.6 until 7.4 is out. However, if you are able to reproduce this on RHEL as well, the bug will still be valid.

Note You need to log in before you can comment on or make changes to this bug.