Red Hat Bugzilla – Bug 1563317
Mounting socket files from subPaths fail
Last modified: 2018-04-30 00:01:03 EDT
+++ This bug was initially created as a clone of Bug #1558564 +++ Description of problem: Mounting sockets or special files from subpaths fails. Version-Release number of selected component (if applicable): 3.9.x How reproducible: Steps to Reproduce: 1. Create a pod definition that uses "/" as hostPath. 2. Try and mount something like "/run/docker.sock" as a subpath within a container. 3. The pod will fail to start The reason of this regression is - openat system call being used on https://github.com/kubernetes/kubernetes/blob/master/pkg/util/mount/mount_linux.go#L1138 does not work for special files like Unix sockets and it will throw - Errno::ENXIO: No such device or address /run/docker.sock Actual results: The pod fails to start Expected results: The pod should start --- Additional comment from Hemant Kumar on 2018-03-20 10:34:25 EDT --- For now, while we make the fix. One possible workaround is to directly mount "/run/docker.sock" via a new volume entry and a new VolumeMounts entry that does not uses subpath. Something like: VolumeMounts: [ { mountPath: "/run/docker.sock", name: docker_sock, readOnly: true} ], volumes: [ { name: docker_sock, hostPath: { path: "/run/docker.sock", type: "" }, ] --- Additional comment from Hemant Kumar on 2018-03-22 16:41:08 EDT --- PR upstream for the fix https://github.com/kubernetes/kubernetes/pull/61480 --- Additional comment from Hemant Kumar on 2018-03-26 11:30:50 EDT --- Opened PR for Openshift/origin - https://github.com/openshift/origin/pull/19100
# oc version oc v3.6.173.0.113 kubernetes v1.6.1+5115d708d7 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://qe-lxia-36-master-nfs-1:8443 openshift v3.6.173.0.113 kubernetes v1.6.1+5115d708d7 # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.3 (Maipo) # uname -a Linux qe-lxia-36-master-nfs-1 3.10.0-514.26.1.el7.x86_64 #1 SMP Tue Jun 20 01:16:02 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux First try to mount /run/docker.sock to /, the pod failed to start, 9s 8s 2 kubelet, qe-lxia-36-node-registry-router-1 spec.containers{test-container} Warning Failed Error: Error response from daemon: {"message":"Invalid bind mount spec \"/run/docker.sock:/\": Invalid specification: destination can't be '/' in '/run/docker.sock:/'"} Then change mount point to /mnt, the pod is up and runing, $ oc get pods testpd NAME READY STATUS RESTARTS AGE testpd 1/1 Running 0 24s $ cat pod.yaml apiVersion: v1 kind: Pod metadata: name: testpd spec: containers: - image: k8s.gcr.io/test-webserver name: test-container volumeMounts: - mountPath: /mnt name: test-volume subpath: mysock volumes: - name: test-volume hostPath: path: /run/docker.sock type: ""
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1233