diff options
| author | Peter Hunt <pehunt@redhat.com> | 2020-09-10 17:22:53 -0400 |
|---|---|---|
| committer | Peter Hunt <pehunt@redhat.com> | 2020-09-10 17:22:55 -0400 |
| commit | b80b95eea0c2f32de6101e558ce5314e1bd08c25 (patch) | |
| tree | 6f018ff8ddb629b7a976b574f8ca67303ec2e9e1 | |
| parent | 96bc5eb4b77d00f59a342b7af1f6f3ecd35772a5 (diff) | |
| download | podman-b80b95eea0c2f32de6101e558ce5314e1bd08c25.tar.gz podman-b80b95eea0c2f32de6101e558ce5314e1bd08c25.tar.bz2 podman-b80b95eea0c2f32de6101e558ce5314e1bd08c25.zip | |
play/generate: support shareProcessNamespace
this is an option that allows a user to specify whether to share PID namespace in the pod
for play kube and generate kube
associated test added
Signed-off-by: Peter Hunt <pehunt@redhat.com>
| -rw-r--r-- | libpod/kube.go | 8 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/play.go | 6 | ||||
| -rw-r--r-- | test/e2e/generate_kube_test.go | 29 |
3 files changed, 42 insertions, 1 deletions
diff --git a/libpod/kube.go b/libpod/kube.go index 5f2c9e0fd..c4367db2f 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -69,12 +69,20 @@ func (p *Pod) GenerateForKube() (*v1.Pod, []v1.ServicePort, error) { return nil, servicePorts, err } servicePorts = containerPortsToServicePorts(ports) + } pod, err := p.podWithContainers(allContainers, ports) if err != nil { return nil, servicePorts, err } pod.Spec.HostAliases = extraHost + + if p.SharesPID() { + // unfortunately, go doesn't have a nice way to specify a pointer to a bool + b := true + pod.Spec.ShareProcessNamespace = &b + } + return pod, servicePorts, nil } diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 31ad51672..8b583fd3d 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -132,7 +132,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY libpod.WithInfraContainer(), libpod.WithPodName(podName), } - // TODO for now we just used the default kernel namespaces; we need to add/subtract this from yaml + // TODO we only configure Process namespace. We also need to account for Host{IPC,Network,PID} + // which is not currently possible with pod create + if podYAML.Spec.ShareProcessNamespace != nil && *podYAML.Spec.ShareProcessNamespace { + podOptions = append(podOptions, libpod.WithPodPID()) + } hostname := podYAML.Spec.Hostname if hostname == "" { diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 3c3fb5a4d..e886c6000 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -348,4 +348,33 @@ var _ = Describe("Podman generate kube", func() { Expect(inspect.ExitCode()).To(Equal(0)) Expect(inspect.OutputToString()).To(ContainSubstring(vol1)) }) + + It("podman generate kube sharing pid namespace", func() { + podName := "test" + podSession := podmanTest.Podman([]string{"pod", "create", "--name", podName, "--share", "pid"}) + podSession.WaitWithDefaultTimeout() + Expect(podSession.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"create", "--pod", podName, "--name", "test1", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + outputFile := filepath.Join(podmanTest.RunRoot, "pod.yaml") + kube := podmanTest.Podman([]string{"generate", "kube", podName, "-f", outputFile}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + rm := podmanTest.Podman([]string{"pod", "rm", "-f", podName}) + rm.WaitWithDefaultTimeout() + Expect(rm.ExitCode()).To(Equal(0)) + + play := podmanTest.Podman([]string{"play", "kube", outputFile}) + play.WaitWithDefaultTimeout() + Expect(play.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"pod", "inspect", podName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(`"pid"`)) + }) }) |