20 files changed, 97 insertions, 16 deletions

diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
index 9308371d2..85e0c279c 100644
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@@ -78,6 +78,7 @@ func init() {
 	flags.StringVar(&kubeOptions.LogDriver, logDriverFlagName, "", "Logging driver for the container")
 	_ = kubeCmd.RegisterFlagCompletionFunc(logDriverFlagName, common.AutocompleteLogDriver)
 
+	flags.BoolVar(&kubeOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the pod's containers, instead use the version from the image")
 	flags.BoolVarP(&kubeOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
 	flags.BoolVar(&kubeOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 	flags.BoolVar(&kubeOptions.StartCLI, "start", true, "Start the pod after creating it")
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 7e3e0f431..a4b9722b8 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -138,6 +138,10 @@ Valid _mode_ values are:
   Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
   - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
 
+#### **--no-hosts**
+
+Do not create /etc/hosts within the pod's containers, instead use the version from the image
+
 #### **--quiet**, **-q**
 
 Suppress output information when pulling images
diff --git a/go.mod b/go.mod
index 3c2e55f07..6375155bc 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9
 	github.com/containernetworking/cni v1.0.1
 	github.com/containernetworking/plugins v1.0.1
-	github.com/containers/buildah v1.23.0
+	github.com/containers/buildah v1.23.1
 	github.com/containers/common v0.46.1-0.20210928081721-32e20295f1c6
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.16.0
diff --git a/go.sum b/go.sum
index bee514506..6dfb4b175 100644
--- a/go.sum
+++ b/go.sum
@@ -247,9 +247,9 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
 github.com/containernetworking/plugins v1.0.1 h1:wwCfYbTCj5FC0EJgyzyjTXmqysOiJE9r712Z+2KVZAk=
 github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containers/buildah v1.23.0 h1:qGIeSNOczUHzvnaaOS29HSMiYAjw6JgIXYksAyvqnLs=
-github.com/containers/buildah v1.23.0/go.mod h1:K0iMKgy/MffkkgELBXhSXwTy2HTT6hM0X8qruDR1FwU=
-github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo=
+github.com/containers/buildah v1.23.1 h1:Tpc9DsRuU+0Oofewpxb6OJVNQjCu7yloN/obUqzfDTY=
+github.com/containers/buildah v1.23.1/go.mod h1:4WnrN0yrA7ab0ppgunixu2WM1rlD2rG8QLJAKbEkZlQ=
+github.com/containers/common v0.44.2/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo=
 github.com/containers/common v0.46.1-0.20210928081721-32e20295f1c6 h1:DojkCc4a9f3WB25Fk0GDap1/OkKU9UmDLvPJyqw3TBc=
 github.com/containers/common v0.46.1-0.20210928081721-32e20295f1c6/go.mod h1:L4+sJlqi+R7frlbiWBW0baPra/cH8u5ZYwbxkukw3Lk=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go
index 0def32821..851e0f6c8 100644
--- a/pkg/api/handlers/libpod/play.go
+++ b/pkg/api/handlers/libpod/play.go
@@ -29,6 +29,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 		Start      bool     `schema:"start"`
 		StaticIPs  []string `schema:"staticIPs"`
 		StaticMACs []string `schema:"staticMACs"`
+		NoHosts    bool     `schema:"noHosts"`
 	}{
 		TLSVerify: true,
 		Start:     true,
@@ -102,6 +103,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 		Username:   username,
 		Password:   password,
 		Network:    query.Network,
+		NoHosts:    query.NoHosts,
 		Quiet:      true,
 		LogDriver:  query.LogDriver,
 		StaticIPs:  staticIPs,
diff --git a/pkg/bindings/play/play.go b/pkg/bindings/play/play.go
index 89a6f9b65..bdd13d03d 100644
--- a/pkg/bindings/play/play.go
+++ b/pkg/bindings/play/play.go
@@ -6,11 +6,10 @@ import (
 	"os"
 	"strconv"
 
-	"github.com/sirupsen/logrus"
-
 	"github.com/containers/podman/v3/pkg/auth"
 	"github.com/containers/podman/v3/pkg/bindings"
 	"github.com/containers/podman/v3/pkg/domain/entities"
+	"github.com/sirupsen/logrus"
 )
 
 func Kube(ctx context.Context, path string, options *KubeOptions) (*entities.PlayKubeReport, error) {
diff --git a/pkg/bindings/play/types.go b/pkg/bindings/play/types.go
index 787069169..fdfc4a6fa 100644
--- a/pkg/bindings/play/types.go
+++ b/pkg/bindings/play/types.go
@@ -17,6 +17,8 @@ type KubeOptions struct {
 	Password *string
 	// Network - name of the CNI network to connect to.
 	Network *string
+	// NoHosts - do not generate /etc/hosts file in pod's containers
+	NoHosts *bool
 	// Quiet - suppress output when pulling images.
 	Quiet *bool
 	// SignaturePolicy - path to a signature-policy file.
diff --git a/pkg/bindings/play/types_kube_options.go b/pkg/bindings/play/types_kube_options.go
index 65757cc5e..1a6324302 100644
--- a/pkg/bindings/play/types_kube_options.go
+++ b/pkg/bindings/play/types_kube_options.go
@@ -93,6 +93,21 @@ func (o *KubeOptions) GetNetwork() string {
 	return *o.Network
 }
 
+// WithNoHosts set field NoHosts to given value
+func (o *KubeOptions) WithNoHosts(value bool) *KubeOptions {
+	o.NoHosts = &value
+	return o
+}
+
+// GetNoHosts returns value of field NoHosts
+func (o *KubeOptions) GetNoHosts() bool {
+	if o.NoHosts == nil {
+		var z bool
+		return z
+	}
+	return *o.NoHosts
+}
+
 // WithQuiet set field Quiet to given value
 func (o *KubeOptions) WithQuiet(value bool) *KubeOptions {
 	o.Quiet = &value
diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
index f630b3f24..af4b0fc35 100644
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@@ -17,6 +17,9 @@ type PlayKubeOptions struct {
 	// Down indicates whether to bring contents of a yaml file "down"
 	// as in stop
 	Down bool
+	// Do not create /etc/hosts within the pod's containers,
+	// instead use the version from the image
+	NoHosts bool
 	// Username for authenticating against the registry.
 	Username string
 	// Password for authenticating against the registry.
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index cf72a6253..751d6cc05 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -181,7 +181,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		}
 	}
 
-	podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}}}
+	podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}, NoHosts: options.NoHosts}}
 	podOpt, err = kube.ToPodOpt(ctx, podName, podOpt, podYAML)
 	if err != nil {
 		return nil, err
diff --git a/pkg/domain/infra/tunnel/play.go b/pkg/domain/infra/tunnel/play.go
index e39751a18..0b1c3d2ca 100644
--- a/pkg/domain/infra/tunnel/play.go
+++ b/pkg/domain/infra/tunnel/play.go
@@ -13,7 +13,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, opts entit
 	options.WithCertDir(opts.CertDir).WithQuiet(opts.Quiet).WithSignaturePolicy(opts.SignaturePolicy).WithConfigMaps(opts.ConfigMaps)
 	options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Network).WithSeccompProfileRoot(opts.SeccompProfileRoot)
 	options.WithStaticIPs(opts.StaticIPs).WithStaticMACs(opts.StaticMACs)
-
+	options.WithNoHosts(opts.NoHosts)
 	if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
 		options.WithSkipTLSVerify(s == types.OptionalBoolTrue)
 	}
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 9389b1a20..194c8dce5 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -26,8 +26,8 @@ import (
 )
 
 func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, podYAML *v1.PodTemplateSpec) (entities.PodCreateOptions, error) {
-	//	p := specgen.NewPodSpecGenerator()
-	p.Net = &entities.NetOptions{}
+	p.Net = &entities.NetOptions{NoHosts: p.Net.NoHosts}
+
 	p.Name = podName
 	p.Labels = podYAML.ObjectMeta.Labels
 	// Kube pods must share {ipc, net, uts} by default
@@ -47,6 +47,9 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions,
 		p.Net.Network = specgen.Namespace{NSMode: "host"}
 	}
 	if podYAML.Spec.HostAliases != nil {
+		if p.Net.NoHosts {
+			return p, errors.New("HostAliases in yaml file will not work with --no-hosts")
+		}
 		hosts := make([]string, 0, len(podYAML.Spec.HostAliases))
 		for _, hostAlias := range podYAML.Spec.HostAliases {
 			for _, host := range hostAlias.Hostnames {
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 83ce751e6..a29d0ad46 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -1137,6 +1137,49 @@ var _ = Describe("Podman play kube", func() {
 		Expect(infraContainerImage).To(Equal(config.DefaultInfraImage))
 	})
 
+	It("podman play kube --no-host", func() {
+		err := writeYaml(checkInfraImagePodYaml, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", "--no-hosts", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		podInspect := podmanTest.Podman([]string{"pod", "inspect", "check-infra-image"})
+		podInspect.WaitWithDefaultTimeout()
+		Expect(podInspect).Should(Exit(0))
+
+		data := podInspect.InspectPodToJSON()
+		for _, ctr := range data.Containers {
+			if strings.HasSuffix(ctr.Name, "-infra") {
+				continue
+			}
+			exec := podmanTest.Podman([]string{"exec", ctr.ID, "cat", "/etc/hosts"})
+			exec.WaitWithDefaultTimeout()
+			Expect(exec).Should(Exit(0))
+			Expect(exec.OutputToString()).To(Not(ContainSubstring("check-infra-image")))
+		}
+	})
+
+	It("podman play kube test HostAliases with --no-hosts", func() {
+		pod := getPod(withHostAliases("192.168.1.2", []string{
+			"test1.podman.io",
+			"test2.podman.io",
+		}),
+			withHostAliases("192.168.1.3", []string{
+				"test3.podman.io",
+				"test4.podman.io",
+			}),
+		)
+		err := generateKubeYaml("pod", pod, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", "--no-hosts", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(125))
+		Expect(kube.ErrorToString()).To(ContainSubstring("HostAliases in yaml file will not work with --no-hosts"))
+	})
+
 	It("podman play kube should use customized infra_image", func() {
 		conffile := filepath.Join(podmanTest.TempDir, "container.conf")
 
diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml
index c9629b9a3..8bad5b111 100644
--- a/vendor/github.com/containers/buildah/.cirrus.yml
+++ b/vendor/github.com/containers/buildah/.cirrus.yml
@@ -6,7 +6,7 @@ env:
     #### Global variables used for all tasks
     ####
     # Name of the ultimate destination branch for this CI run, PR or post-merge.
-    DEST_BRANCH: "main"
+    DEST_BRANCH: "release-1.23"
     GOPATH: "/var/tmp/go"
     GOSRC: "${GOPATH}/src/github.com/containers/buildah"
     # Overrides default location (/tmp/cirrus) for repo clone
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 1864a4564..685c4f4d3 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 # Changelog
 
+## v1.23.1 (2021-09-27)
+
+    Vendor containers/common v0.44.2
+    post-1.23 branch fixups
+
 ## v1.23.0 (2021-09-13)
 
     Vendor in containers/common v0.44.0
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index 24a101016..8926b2e6f 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,3 +1,7 @@
+- Changelog for v1.23.1 (2021-09-27)
+  * Vendor containers/common v0.44.2
+  * post-1.23 branch fixups
+
 - Changelog for v1.23.0 (2021-09-13)
   * Vendor in containers/common v0.44.0
   * build(deps): bump github.com/containers/storage from 1.35.0 to 1.36.0
diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go
index fc56aeef8..4f3ebf01a 100644
--- a/vendor/github.com/containers/buildah/define/types.go
+++ b/vendor/github.com/containers/buildah/define/types.go
@@ -29,7 +29,7 @@ const (
 	Package = "buildah"
 	// Version for the Package.  Bump version in contrib/rpm/buildah.spec
 	// too.
-	Version = "1.23.0"
+	Version = "1.23.1"
 
 	// DefaultRuntime if containers.conf fails.
 	DefaultRuntime = "runc"
diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod
index c641a11a6..1a3c3e434 100644
--- a/vendor/github.com/containers/buildah/go.mod
+++ b/vendor/github.com/containers/buildah/go.mod
@@ -5,7 +5,7 @@ go 1.13
 require (
 	github.com/containerd/containerd v1.5.5
 	github.com/containernetworking/cni v0.8.1
-	github.com/containers/common v0.44.0
+	github.com/containers/common v0.44.2
 	github.com/containers/image/v5 v5.16.0
 	github.com/containers/ocicrypt v1.1.2
 	github.com/containers/storage v1.36.0
diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum
index 1733a00cb..4fe329c5d 100644
--- a/vendor/github.com/containers/buildah/go.sum
+++ b/vendor/github.com/containers/buildah/go.sum
@@ -230,8 +230,8 @@ github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII
 github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/common v0.44.0 h1:YpjfOxmWrnVyxugYgiWV1Vo/Xg8JUfe32QZz3SAMfUk=
-github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo=
+github.com/containers/common v0.44.2 h1:mSzW3NFXzQO/AfaMFb2qzDFcIu+vMEncIC33B4Qaag0=
+github.com/containers/common v0.44.2/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo=
 github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI=
 github.com/containers/image/v5 v5.16.0/go.mod h1:XgTpfAPLRGOd1XYyCU5cISFr777bLmOerCSpt/v7+Q4=
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE=
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 1927f8285..3ad22d633 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -79,7 +79,7 @@ github.com/containernetworking/cni/pkg/utils
 github.com/containernetworking/cni/pkg/version
 # github.com/containernetworking/plugins v1.0.1
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/buildah v1.23.0
+# github.com/containers/buildah v1.23.1
 github.com/containers/buildah
 github.com/containers/buildah/bind
 github.com/containers/buildah/chroot