Bug 2029466 - [4.8] Kubelet can call the NodePublishVolume function of a CSI driver without calling NodeStageVolume
Summary: [4.8] Kubelet can call the NodePublishVolume function of a CSI driver without...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.8
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
: 4.8.z
Assignee: Jan Safranek
QA Contact: Wei Duan
URL:
Whiteboard:
Depends On: 1936408
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-12-06 15:18 UTC by Emmanuel Kasper
Modified: 2022-02-16 06:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Fixed mounting of volumes to Pods after Kubernetes timed out when cleaning up the volumes from a previous Pod.
Clone Of:
Environment:
Last Closed: 2022-02-16 06:51:40 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift kubernetes pull 1146 0 None open Bug 2029466: UPSTREAM: 107014: Mark volume as uncertain after Unmount* fails 2022-01-26 10:58:00 UTC
Red Hat Product Errata RHBA-2022:0484 0 None None None 2022-02-16 06:51:59 UTC

Description Emmanuel Kasper 2021-12-06 15:18:21 UTC 
Description of problem:

Version-Release number of selected component (if applicable):

Kubelet can call the NodePublishVolume function of a CSI driver without calling NodeStageVolume.

How reproducible: Sometimes

This has been fixed already in https://github.com/kubernetes/kubernetes/issues/100182 but and integrated in OpenShift 4.9 but it makes sense to backport the fix for 4.8 since this is an EUS release.
Comment 2 Jan Safranek 2021-12-14 08:55:32 UTC 
This is the same bug as https://bugzilla.redhat.com/show_bug.cgi?id=1936408, only for 4.8
Comment 3 Jan Safranek 2021-12-14 11:42:58 UTC 
Upstream cherry-pick: https://github.com/kubernetes/kubernetes/pull/107014
Comment 4 Emmanuel Kasper 2021-12-17 09:24:45 UTC 
This behaviour can potentially cause a worker node outage under the following condition:
if NodePublishVolume is called while the mount point which should have been created by NodeStageVolume is not there, the pod using the volume will write on the root partition of the worker node. If you write a lot of data you will fillup the root partition, making the node unschedulable.
Comment 14 errata-xmlrpc 2022-02-16 06:51:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.31 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0484
Note You need to log in before you can comment on or make changes to this bug.