https://openshift-gce-devel.appspot.com/build/origin-ci-test/pr-logs/pull/18816/pull-ci-origin-e2e-gcp/2916/#sig-storage-csi-volumes-csi-plugin-test-using-csi-driver-hostpath-should-provision-storage-suiteopenshiftconformanceparallel-suitek8s [sig-storage] CSI Volumes CSI plugin test using CSI driver: hostPath should provision storage It looks like it might fail because the pod isn't privileged - if I run the test and then rsh into external-provisioner, I can't ls /csi/csi.sock due to a permission denied. Two of the pods loop and fail trying to connect, but the listener doesn't report an error. I will disable the test for now, but it would be good to turn this on and test it. - apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged creationTimestamp: 2018-08-27T17:13:00Z labels: app: hostpath-driver name: csi-pod namespace: e2e-tests-csi-mock-plugin-8rtpn resourceVersion: "16876" selfLink: /api/v1/namespaces/e2e-tests-csi-mock-plugin-8rtpn/pods/csi-pod uid: 7373f68b-aa1c-11e8-8daa-42010a8e0005 spec: containers: - args: - --v=5 - --provisioner=csi-hostpath - --csi-address=/csi/csi.sock image: quay.io/k8scsi/csi-provisioner:v0.2.1 imagePullPolicy: Always name: external-provisioner resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: csi-hostpath-service-account-token-hwx8f readOnly: true - args: - --v=5 - --csi-address=/csi/csi.sock env: - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: quay.io/k8scsi/driver-registrar:v0.2.0 imagePullPolicy: Always name: driver-registrar resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: csi-hostpath-service-account-token-hwx8f readOnly: true - args: - --v=5 - --csi-address=$(ADDRESS) env: - name: ADDRESS value: /csi/csi.sock image: quay.io/k8scsi/csi-attacher:v0.2.0 imagePullPolicy: Always name: external-attacher resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: csi-hostpath-service-account-token-hwx8f readOnly: true - args: - --v=5 - --endpoint=$(CSI_ENDPOINT) - --nodeid=$(KUBE_NODE_NAME) env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: quay.io/k8scsi/hostpathplugin:v0.2.0 imagePullPolicy: Always name: hostpath-driver resources: {} securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /var/lib/kubelet/pods mountPropagation: Bidirectional name: mountpoint-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: csi-hostpath-service-account-token-hwx8f readOnly: true dnsPolicy: ClusterFirst imagePullSecrets: - name: csi-hostpath-service-account-dockercfg-vggbr nodeName: claytondev-ig-n-l5mc priority: 0 restartPolicy: Never schedulerName: default-scheduler securityContext: {} serviceAccount: csi-hostpath-service-account serviceAccountName: csi-hostpath-service-account terminationGracePeriodSeconds: 30 volumes: - hostPath: path: /var/lib/kubelet/plugins/csi-hostpath type: DirectoryOrCreate name: socket-dir - hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate name: mountpoint-dir - name: csi-hostpath-service-account-token-hwx8f secret: defaultMode: 420 secretName: csi-hostpath-service-account-token-hwx8f
Upstream PR was merged: https://github.com/kubernetes/kubernetes/pull/69215 OKD backport: https://github.com/openshift/origin/pull/20967