+++ This bug was initially created as a clone of Bug #1554670 +++ Description of problem: Version-Release number of selected component (if applicable): 3.9.7-1 How reproducible: Always Steps to Reproduce: 1. Create a pod with a secret, configmap, downwardAPI and projected volume 2. Create volume mounts for each of those volumes that make use of the subPath feature Actual results: The pod will not start with errors like failed to prepare subPath for volumeMount "config" of container "mumble": subpath "/var/lib/kubelet/pods/66fa673c-266d-11e8-8ebf-00155d00a406/volumes/kubernetes.io~configmap/config/..2018_03_13_03_19_55.572152209/mumble.ini" not within volume path "/var/lib/kubelet/pods/66fa673c-266d-11e8-8ebf-00155d00a406/volumes/kubernetes.io~configmap/config" Expected results: Pod starts properly and volume mounts work Regression introduced as part of the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1519365 Upstream issue: https://github.com/kubernetes/kubernetes/issues/61076#issuecomment-372554309 The security fix was backported all the way to 3.3, which means this regression was as well. --- Additional comment from Jordan Liggitt on 2018-03-13 09:10:27 EDT --- this affects use of subPath volume mounts with any secret, configmap, projected, or downwardAPI volume --- Additional comment from Jordan Liggitt on 2018-03-13 09:13:45 EDT --- upstream fix in https://github.com/kubernetes/kubernetes/pull/61080
OSE PR: https://github.com/openshift/ose/pull/1122
This is verified with openshift v3.5.5.31.67 kubernetes v1.5.2+43a9be4 Subpath mounts worked with secret, configmap, projected, and downwardAPI volumes
https://bugzilla.redhat.com/show_bug.cgi?id=1554871#c3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1235