Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1554871 - [3.5] subpath volume mounts do not work with secret, configmap, projected, or downwardAPI volumes
[3.5] subpath volume mounts do not work with secret, configmap, projected, or...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage (Show other bugs)
3.5.1
Unspecified Unspecified
unspecified Severity high
: ---
: 3.5.z
Assigned To: Jan Safranek
chaoyang
:
Depends On: 1554670
Blocks: 1554864
  Show dependency treegraph
 
Reported: 2018-03-13 09:41 EDT by Jan Safranek
Modified: 2018-04-30 01:01 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1554670
Environment:
Last Closed: 2018-04-30 01:00:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1235 None None None 2018-04-30 01:01 EDT

  None (edit)
Description Jan Safranek 2018-03-13 09:41:10 EDT 
+++ This bug was initially created as a clone of Bug #1554670 +++

Description of problem:

Version-Release number of selected component (if applicable):

3.9.7-1

How reproducible:

Always

Steps to Reproduce:
1. Create a pod with a secret, configmap, downwardAPI and projected volume
2. Create volume mounts for each of those volumes that make use of the subPath feature

Actual results:

The pod will not start with errors like 

failed to prepare subPath for volumeMount "config" of container "mumble": subpath "/var/lib/kubelet/pods/66fa673c-266d-11e8-8ebf-00155d00a406/volumes/kubernetes.io~configmap/config/..2018_03_13_03_19_55.572152209/mumble.ini" not within volume path "/var/lib/kubelet/pods/66fa673c-266d-11e8-8ebf-00155d00a406/volumes/kubernetes.io~configmap/config"


Expected results:

Pod starts properly and volume mounts work


Regression introduced as part of the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1519365

Upstream issue: https://github.com/kubernetes/kubernetes/issues/61076#issuecomment-372554309

The security fix was backported all the way to 3.3, which means this regression was as well.

--- Additional comment from Jordan Liggitt on 2018-03-13 09:10:27 EDT ---

this affects use of subPath volume mounts with any secret, configmap, projected, or downwardAPI volume

--- Additional comment from Jordan Liggitt on 2018-03-13 09:13:45 EDT ---

upstream fix in https://github.com/kubernetes/kubernetes/pull/61080
Comment 1 Jan Safranek 2018-03-14 07:15:48 EDT 
OSE PR: https://github.com/openshift/ose/pull/1122
Comment 3 chaoyang 2018-04-17 01:56:57 EDT 
This is verified with 
openshift v3.5.5.31.67
kubernetes v1.5.2+43a9be4

Subpath mounts worked with secret, configmap, projected, and downwardAPI volumes
Comment 8 errata-xmlrpc 2018-04-30 01:00:57 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1235
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.