Bug 1973580 - Windows pod with a Projected Volume is stuck at ContainerCreating
Summary: Windows pod with a Projected Volume is stuck at ContainerCreating
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Windows Containers
Version: 4.7
Hardware: x86_64
OS: Windows
urgent
urgent
Target Milestone: ---
: 4.8.0
Assignee: Aravindh Puthiyaparambil
QA Contact: gaoshang
URL:
Whiteboard:
Depends On: 1971745
Blocks: 1975553
TreeView+ depends on / blocked
 
Reported: 2021-06-18 08:20 UTC by OpenShift BugZilla Robot
Modified: 2021-09-27 18:33 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Windows Pods with a Projected Volume and with a RunAsUser present in the Pod's SecurityContext results in os.Chown() being executed for entities being projected. Consequence: os.Chown() is not implemented for Windows and results in an error being thrown and the Pod is stuck in ContainerCreating. Fix: Don't execute os.Chown() if the kubelet is running on Windows Result: Pods go to running
Clone Of:
Environment:
Last Closed: 2021-09-27 18:33:50 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift kubernetes pull 815 0 None open [release-4.8] Bug 1973580: only chown if non-windows machine with projected volumes 2021-06-18 08:20:50 UTC
Github openshift windows-machine-config-operator pull 482 0 None open Bug 1973580: [submodule][kubelet] Update to 766a5fe58d1 2021-06-23 16:35:57 UTC

Comment 1 Aravindh Puthiyaparambil 2021-06-21 21:50:33 UTC 
Blocker flag did not get copied over on the cherry-pick
Comment 2 Aravindh Puthiyaparambil 2021-06-21 21:56:12 UTC 
I will open the PR to update the WMCO kubelet submodule once https://github.com/openshift/kubernetes/pull/815 merges
Comment 3 gaoshang 2021-06-25 06:17:56 UTC 
This bug has been verified on OCP 4.8.0-0.nightly-2021-06-23-201305 and passed, thanks.

Version-Release number of selected component (if applicable):
WMCO commit: 2043f8e518dd2f73498bde9f044ecda97f2f853e
OCP build: 4.8.0-0.nightly-2021-06-23-201305

Steps:
1, Build WMCO from master branch and install the operator on OCP 4.8
2, Bootstrap Windows node
3, Create the Secrets for Projected Volume
oc new-project winc-test
echo -n "admin" > ./username.txt
echo -n "1f2d1e2e67df" > ./password.txt
oc create secret generic user --from-file=./username.txt
oc create secret generic pass --from-file=./password.txt

4, Create Windows Pod with Projected Volume
e.g.
oc create -f https://raw.githubusercontent.com/sgaoshang/winc-test/master/data/WinWebServer_Projected_Volume.yaml

5, Check creating Windows pod with a Projected Volume succeed and the projected-volume directory contains your projected sources

$ oc get pod -owide
NAME                             READY   STATUS    RESTARTS   AGE   IP           NODE              NOMINATED NODE   READINESS GATES
win-webserver-66bbf764c5-rl9vb   1/1     Running   0          16m   10.132.0.2   winworker-h2wdm   <none>           <none>

$ oc exec -it win-webserver-66bbf764c5-rl9vb powershell
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.   

Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\> ls .\projected-volume\ 


    Directory: C:\projected-volume


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----         6/25/2021   2:00 AM                ..2021_06_25_06_00_02.8261305
                                                  19
d----l         6/25/2021   2:00 AM                ..data
-a---l         6/25/2021   2:00 AM              0 password.txt
-a---l         6/25/2021   2:00 AM              0 username.txt


PS C:\> cat .\projected-volume\username.txt
admin
PS C:\> cat .\projected-volume\password.txt
1f2d1e2e67df
Note You need to log in before you can comment on or make changes to this bug.