Bug 1516887 - Nested secret missing when booting RHEL7.4 kernel (3.10.0-693.el7.x86_64)
Summary: Nested secret missing when booting RHEL7.4 kernel (3.10.0-693.el7.x86_64)
Keywords:
Status: CLOSED DUPLICATE of bug 1516569
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Containers
Version: 3.5.1
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: ---
Assignee: Jhon Honce
QA Contact: DeShuai Ma
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-23 13:47 UTC by Paul Dwyer
Modified: 2021-06-10 13:41 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-24 09:08:57 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Paul Dwyer 2017-11-23 13:47:14 UTC 
This may be a duplicate of bz 1516569, but I believe kernel version is important here.

Description of problem:
Attaching 2 secrets to a pod where 1 is nested below the other.
This works fine until boot RHEL7.4 kernel (3.10.0-693.el7.x86_64)


Version-Release number of selected component (if applicable):
# oc version
oc v3.5.5.31.36
kubernetes v1.5.2+43a9be4

How reproducible:
everytime

Steps to Reproduce:
Steps to Reproduce:

# mkdir ./basedir; echo "basefile1" > ./basedir/basefile1 ; echo "basefile2" > ./basedir/basefile2
# mkdir ./nestdir;  echo "nestfile1" > ./nestdir/nestfile1 ; echo "nestfile2" > ./nestdir/nestfile2

# oc create secret generic basedir --from-file ./basedir
# oc create secret generic nestdir --from-file ./nestdir

# oc new-app --template=httpd-example
# oc volume dc/httpd-example  --add --mount-path=/var/lib/basedir -t secret --secret-name='basedir' --name basedir
# oc volume dc/httpd-example  --add --mount-path=/var/lib/basedir/nestdir -t secret --secret-name='nestdir' --name nestdir

-- Pod shows as running and healthy 


Actual results:
In kernels below 3.10.0-693.el7.x86_64:
rsh to pod and nested secret exists

cd /var/lib/basedir/
sh-4.2$ ls
basefile1  basefile2 nestdir

In kernel 3.10.0-693.el7.x86_64:
rsh to pod and nested secret exists

cd /var/lib/basedir/
sh-4.2$ ls
basefile1  basefile2


Expected results:
nested secret to be available in pod


Additional info:
Checking mounts on the node I see them both as expected

mount | grep -e basedir -e nestdir
tmpfs on /var/lib/origin/openshift.local.volumes/pods/3caebd9b-d04e-11e7-82f8-fa163e187e87/volumes/kubernetes.io~secret/basedir type tmpfs (rw,relatime,seclabel)
tmpfs on /var/lib/origin/openshift.local.volumes/pods/3caebd9b-d04e-11e7-82f8-fa163e187e87/volumes/kubernetes.io~secret/nestdir type tmpfs (rw,relatime,seclabel)

no errors in logs
Nov 23 08:27:41 node-0.pdwyernew01961656.quicklab.pnq2.cee.redhat.com atomic-openshift-node[4568]: I1123 08:27:41.938570    4568 operation_executor.go:1077] MountVolume.SetUp succeeded for volume "kubernetes.io/secret/3caebd9b-d04e-11e7-82f8-fa163e187e87-nestdir" (spec.Name: "nestdir") pod "3caebd9b-d04e-11e7-82f8-fa163e187e87" (UID: "3caebd9b-d04e-11e7-82f8-fa163e187e87").
Nov 23 08:27:41 node-0.pdwyernew01961656.quicklab.pnq2.cee.redhat.com atomic-openshift-node[4568]: I1123 08:27:41.940681    4568 operation_executor.go:1077] MountVolume.SetUp succeeded for volume "kubernetes.io/secret/3caebd9b-d04e-11e7-82f8-fa163e187e87-basedir" (spec.Name: "basedir") pod "3caebd9b-d04e-11e7-82f8-fa163e187e87" (UID: "3caebd9b-d04e-11e7-82f8-fa163e187e87").
Note You need to log in before you can comment on or make changes to this bug.