summaryrefslogtreecommitdiff
path: root/cmd/podman/pod_create.go
diff options
context:
space:
mode:
authorhaircommander <pehunt@redhat.com>2018-07-27 13:58:50 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-23 18:16:28 +0000
commitd5e690914dc78eca8664442e7677eb5004522bfd (patch)
tree3f7ed30e4302c871c16126a0032b8a3d51c46f98 /cmd/podman/pod_create.go
parent63dd200e7e47261454c7e55fed2ad972144e147f (diff)
downloadpodman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.gz
podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.bz2
podman-d5e690914dc78eca8664442e7677eb5004522bfd.zip
Added option to share kernel namespaces in libpod and podman
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
Diffstat (limited to 'cmd/podman/pod_create.go')
-rw-r--r--cmd/podman/pod_create.go57
1 files changed, 56 insertions, 1 deletions
diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go
index 568ace6e7..6975c9386 100644
--- a/cmd/podman/pod_create.go
+++ b/cmd/podman/pod_create.go
@@ -3,6 +3,7 @@ package main
import (
"fmt"
"os"
+ "strings"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
@@ -11,6 +12,11 @@ import (
"github.com/urfave/cli"
)
+var (
+ // CRI-O default kernel namespaces
+ DefaultKernelNamespaces = "ipc,net,uts"
+)
+
var podCreateDescription = "Creates a new empty pod. The pod ID is then" +
" printed to stdout. You can then start it at any time with the" +
" podman pod start <pod_id> command. The pod will be created with the" +
@@ -33,10 +39,27 @@ var podCreateFlags = []cli.Flag{
Name: "name, n",
Usage: "Assign a name to the pod",
},
+ cli.BoolTFlag{
+ Name: "pause",
+ Usage: "Create a pause container associated with the pod to share namespaces with",
+ },
+ cli.StringFlag{
+ Name: "pause-image",
+ Usage: "The image of the pause container to associate with the pod",
+ },
+ cli.StringFlag{
+ Name: "pause-command",
+ Usage: "The command to run on the pause container when the pod is started",
+ },
cli.StringFlag{
Name: "pod-id-file",
Usage: "Write the pod ID to the file",
},
+ cli.StringFlag{
+ Name: "share",
+ Usage: "A comma deliminated list of kernel namespaces the pod will share",
+ Value: DefaultKernelNamespaces,
+ },
}
var podCreateCommand = cli.Command{
@@ -71,6 +94,9 @@ func podCreateCmd(c *cli.Context) error {
return errors.Wrapf(err, "unable to write pod id file %s", c.String("pod-id-file"))
}
}
+ if !c.BoolT("pause") && c.IsSet("share") && c.String("share") != "none" && c.String("share") != "" {
+ return errors.Errorf("You cannot share kernel namespaces on the pod level without a pause container")
+ }
if c.IsSet("cgroup-parent") {
options = append(options, libpod.WithPodCgroupParent(c.String("cgroup-parent")))
@@ -88,10 +114,39 @@ func podCreateCmd(c *cli.Context) error {
options = append(options, libpod.WithPodName(c.String("name")))
}
+ if c.BoolT("pause") {
+ options = append(options, libpod.WithPauseContainer())
+ for _, toShare := range strings.Split(c.String("share"), ",") {
+ switch toShare {
+ case "net":
+ options = append(options, libpod.WithPodNet())
+ case "mnt":
+ //options = append(options, libpod.WithPodMNT())
+ logrus.Debug("Mount Namespace sharing functionality not supported")
+ case "pid":
+ options = append(options, libpod.WithPodPID())
+ case "user":
+ // Note: more set up needs to be done before this doesn't error out a create.
+ logrus.Debug("User Namespace sharing functionality not supported")
+ case "ipc":
+ options = append(options, libpod.WithPodIPC())
+ case "uts":
+ options = append(options, libpod.WithPodUTS())
+ case "":
+ case "none":
+ continue
+ default:
+ return errors.Errorf("Invalid kernel namespace to share: %s. Options are: %s, or none", toShare, strings.Join(libpod.KernelNamespaces, ","))
+ }
+ }
+ }
+
// always have containers use pod cgroups
+ // User Opt out is not yet supported
options = append(options, libpod.WithPodCgroups())
- pod, err := runtime.NewPod(options...)
+ ctx := getContext()
+ pod, err := runtime.NewPod(ctx, options...)
if err != nil {
return err
}