Add podman play kube --no-hosts options

This option will setup the containers to not modify their /etc/hosts
file and just use the one from the image.

Fixes: https://github.com/containers/podman/issues/9500

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

8 files changed, 30 insertions, 6 deletions

diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go
index 0def32821..851e0f6c8 100644
--- a/pkg/api/handlers/libpod/play.go
+++ b/pkg/api/handlers/libpod/play.go
@@ -29,6 +29,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 		Start      bool     `schema:"start"`
 		StaticIPs  []string `schema:"staticIPs"`
 		StaticMACs []string `schema:"staticMACs"`
+		NoHosts    bool     `schema:"noHosts"`
 	}{
 		TLSVerify: true,
 		Start:     true,
@@ -102,6 +103,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 		Username:   username,
 		Password:   password,
 		Network:    query.Network,
+		NoHosts:    query.NoHosts,
 		Quiet:      true,
 		LogDriver:  query.LogDriver,
 		StaticIPs:  staticIPs,
diff --git a/pkg/bindings/play/play.go b/pkg/bindings/play/play.go
index 89a6f9b65..bdd13d03d 100644
--- a/pkg/bindings/play/play.go
+++ b/pkg/bindings/play/play.go
@@ -6,11 +6,10 @@ import (
 	"os"
 	"strconv"
 
-	"github.com/sirupsen/logrus"
-
 	"github.com/containers/podman/v3/pkg/auth"
 	"github.com/containers/podman/v3/pkg/bindings"
 	"github.com/containers/podman/v3/pkg/domain/entities"
+	"github.com/sirupsen/logrus"
 )
 
 func Kube(ctx context.Context, path string, options *KubeOptions) (*entities.PlayKubeReport, error) {
diff --git a/pkg/bindings/play/types.go b/pkg/bindings/play/types.go
index 787069169..fdfc4a6fa 100644
--- a/pkg/bindings/play/types.go
+++ b/pkg/bindings/play/types.go
@@ -17,6 +17,8 @@ type KubeOptions struct {
 	Password *string
 	// Network - name of the CNI network to connect to.
 	Network *string
+	// NoHosts - do not generate /etc/hosts file in pod's containers
+	NoHosts *bool
 	// Quiet - suppress output when pulling images.
 	Quiet *bool
 	// SignaturePolicy - path to a signature-policy file.
diff --git a/pkg/bindings/play/types_kube_options.go b/pkg/bindings/play/types_kube_options.go
index 65757cc5e..1a6324302 100644
--- a/pkg/bindings/play/types_kube_options.go
+++ b/pkg/bindings/play/types_kube_options.go
@@ -93,6 +93,21 @@ func (o *KubeOptions) GetNetwork() string {
 	return *o.Network
 }
 
+// WithNoHosts set field NoHosts to given value
+func (o *KubeOptions) WithNoHosts(value bool) *KubeOptions {
+	o.NoHosts = &value
+	return o
+}
+
+// GetNoHosts returns value of field NoHosts
+func (o *KubeOptions) GetNoHosts() bool {
+	if o.NoHosts == nil {
+		var z bool
+		return z
+	}
+	return *o.NoHosts
+}
+
 // WithQuiet set field Quiet to given value
 func (o *KubeOptions) WithQuiet(value bool) *KubeOptions {
 	o.Quiet = &value
diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
index f630b3f24..af4b0fc35 100644
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@@ -17,6 +17,9 @@ type PlayKubeOptions struct {
 	// Down indicates whether to bring contents of a yaml file "down"
 	// as in stop
 	Down bool
+	// Do not create /etc/hosts within the pod's containers,
+	// instead use the version from the image
+	NoHosts bool
 	// Username for authenticating against the registry.
 	Username string
 	// Password for authenticating against the registry.
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index cf72a6253..751d6cc05 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -181,7 +181,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		}
 	}
 
-	podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}}}
+	podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}, NoHosts: options.NoHosts}}
 	podOpt, err = kube.ToPodOpt(ctx, podName, podOpt, podYAML)
 	if err != nil {
 		return nil, err
diff --git a/pkg/domain/infra/tunnel/play.go b/pkg/domain/infra/tunnel/play.go
index e39751a18..0b1c3d2ca 100644
--- a/pkg/domain/infra/tunnel/play.go
+++ b/pkg/domain/infra/tunnel/play.go
@@ -13,7 +13,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, opts entit
 	options.WithCertDir(opts.CertDir).WithQuiet(opts.Quiet).WithSignaturePolicy(opts.SignaturePolicy).WithConfigMaps(opts.ConfigMaps)
 	options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Network).WithSeccompProfileRoot(opts.SeccompProfileRoot)
 	options.WithStaticIPs(opts.StaticIPs).WithStaticMACs(opts.StaticMACs)
-
+	options.WithNoHosts(opts.NoHosts)
 	if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
 		options.WithSkipTLSVerify(s == types.OptionalBoolTrue)
 	}
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 9389b1a20..194c8dce5 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -26,8 +26,8 @@ import (
 )
 
 func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, podYAML *v1.PodTemplateSpec) (entities.PodCreateOptions, error) {
-	//	p := specgen.NewPodSpecGenerator()
-	p.Net = &entities.NetOptions{}
+	p.Net = &entities.NetOptions{NoHosts: p.Net.NoHosts}
+
 	p.Name = podName
 	p.Labels = podYAML.ObjectMeta.Labels
 	// Kube pods must share {ipc, net, uts} by default
@@ -47,6 +47,9 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions,
 		p.Net.Network = specgen.Namespace{NSMode: "host"}
 	}
 	if podYAML.Spec.HostAliases != nil {
+		if p.Net.NoHosts {
+			return p, errors.New("HostAliases in yaml file will not work with --no-hosts")
+		}
 		hosts := make([]string, 0, len(podYAML.Spec.HostAliases))
 		for _, hostAlias := range podYAML.Spec.HostAliases {
 			for _, host := range hostAlias.Hostnames {