Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubelet should alway get lastest secret/configmap resource in pod add event #124701

Open
V0idk opened this issue May 6, 2024 · 4 comments
Open

kubelet should alway get lastest secret/configmap resource in pod add event #124701

V0idk opened this issue May 6, 2024 · 4 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. sig/node Categorizes an issue or PR as relevant to SIG Node.
Projects
SIG Node Bugs

Comments

@V0idk
Copy link

V0idk commented May 6, 2024
edited

What happened?

The logic is as follows:

  1. Manually update secret resources.
  2. kubelet listens to resources and updates the watch cache.
  3. Start the pod and query the volume attached to the secret resource.

but probabilistically, especially at lots of operating pressures. The third step is performed before the second step. As a result, the old secret is mounted when the pod is started.

image

image

https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/

What did you expect to happen?

image

solution: kubelet should alway get lastest secret/configmap resource in pod add event instead of using cache

How can we reproduce it (as minimally and precisely as possible)?

see What happend

Anything else we need to know?

No response

Kubernetes version

$ kubectl version
# paste output here

Cloud provider

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Install tools

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)
@V0idk V0idk added the kind/bug Categorizes issue or PR as related to a bug. label May 6, 2024
@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label May 6, 2024
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label May 6, 2024
@V0idk
Copy link
Author

V0idk commented May 6, 2024

/sig area/kubelet

@k8s-ci-robot
Copy link
Contributor

@V0idk: The label(s) sig/area/kubelet cannot be applied, because the repository doesn't have them.

In response to this:

/sig area/kubelet

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@V0idk V0idk changed the title secret/configmap should alway get lastest resource in pod add event kubelet should alway get lastest secret/configmap resource in pod add event May 6, 2024
@vaibhav2107
Copy link
Member

/sig node

@k8s-ci-robot k8s-ci-robot added sig/node Categorizes an issue or PR as relevant to SIG Node. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels May 6, 2024
@pacoxu pacoxu added this to Triage in SIG Node Bugs May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. sig/node Categorizes an issue or PR as relevant to SIG Node.
Projects
SIG Node Bugs
Triage
Milestone
No milestone
Development

No branches or pull requests
3 participants
@V0idk @k8s-ci-robot @vaibhav2107