subPath volume mount umbrella issue #61563
Description
This issue is tracking the status of the fixes for functional regressions related to the design change required to address CVE-2017-1002101.
- "CreateContainerConfigError: failed to prepare subPath for volumeMount" error with configMap volume #61076: subPath volume mounts cannot be used with secret, configmap, projected, or downwardAPI volumes. Fixed in 1.10.0, 1.9.5, 1.8.10, and 1.7.15.
- CreateContainerConfigError: Error: failed to prepare subPath for volumeMount when using an emptyDir and the subPath is a file #61178: cleanup of subPath volume mounts, and setup of subPath volume mounts when restarting a container does not work properly. Fixed in 1.10.0, 1.9.5, 1.8.10, and 1.7.15.
- Subpath volumes don't receive set-GID flag #61283: subpath mounts in pods using fsGroup do not have set-GID bits set properly. Fixed in 1.10.0, 1.9.7, 1.8.11, 1.7.16.
- pvc volumes used with subPath volume mounts don't support reconstruction #61372: volume reconstruction does not work with persistent volumes mounted via subPath. Fixed in 1.10.0, 1.9.7, 1.8.11, 1.7.16.
- Mounting socket files from subPaths fail #61377: special types of files, such as unix sockets, cannot be mounted via subPath. Fixed in 1.10.1, 1.9.7, 1.8.11.
- CreateContainerConfigError : failed to prepare subPath for volumeMount (possibly only for readOnly volumes) #62752: CreateContainerConfigError : failed to prepare subPath for volumeMount (possibly only for readOnly volumes). Fixed in Kubernetes v1.8.14+, v1.9.9+, v1.10.4+.
- hostPath volumes used with subPath volume mounts don't support reconstruction #61446: volume reconstruction does not work with host path volumes mounted via subPath. No immediate plans to address.
- Container Can not Run: oci runtime error: container_linux.go: not a directory. When mounting Configmaps and a subpath in the same directory #61545: subpath mounts nested within atomic writer volumes (configmap, secret, downwardAPI, projected) do not work. No immediate plans to address.
/sig storage
/kind bug
/priority critical-urgent
/assign @msau42 @jsafrane @saad-ali @childsb