+++ This bug was initially created as a clone of Bug #1554670 +++
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a pod with a secret, configmap, downwardAPI and projected volume
2. Create volume mounts for each of those volumes that make use of the subPath feature
The pod will not start with errors like
failed to prepare subPath for volumeMount "config" of container "mumble": subpath "/var/lib/kubelet/pods/66fa673c-266d-11e8-8ebf-00155d00a406/volumes/kubernetes.io~configmap/config/..2018_03_13_03_19_55.572152209/mumble.ini" not within volume path "/var/lib/kubelet/pods/66fa673c-266d-11e8-8ebf-00155d00a406/volumes/kubernetes.io~configmap/config"
Pod starts properly and volume mounts work
Regression introduced as part of the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1519365
Upstream issue: https://github.com/kubernetes/kubernetes/issues/61076#issuecomment-372554309
The security fix was backported all the way to 3.3, which means this regression was as well.
--- Additional comment from Jordan Liggitt on 2018-03-13 09:10:27 EDT ---
this affects use of subPath volume mounts with any secret, configmap, projected, or downwardAPI volume
--- Additional comment from Jordan Liggitt on 2018-03-13 09:13:45 EDT ---
upstream fix in https://github.com/kubernetes/kubernetes/pull/61080
OSE PR: https://github.com/openshift/ose/pull/1122
This is verified with
Subpath mounts worked with secret, configmap, projected, and downwardAPI volumes
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.