7 files changed, 84 insertions, 35 deletions
diff --git a/docs/dckrman.sh b/docs/dckrman.sh
index 18fb364bf..48685a14b 100755
--- a/docs/dckrman.sh
+++ b/docs/dckrman.sh
@@ -5,3 +5,5 @@ for i in $@; do
     echo .so man1/$b > $filename
 done
 echo .so man5/containerfile.5 > $(dirname $1)/dockerfile.5
+echo .so man5/containerignore.5 > $(dirname $1)/.dockerignore.5
+echo .so man5/containerignore.5 > $(dirname $1)/dockerignore.5
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 15d936d17..0dabd49bd 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -35,8 +35,8 @@ location.
 When a Git repository is set as the URL, the repository is cloned locally and
 then set as the context.
 
-NOTE: `podman build` uses code sourced from the `buildah` project to build
-container images.  This `buildah` code creates `buildah` containers for the
+NOTE: `podman build` uses code sourced from the `Buildah` project to build
+container images.  This `Buildah` code creates `Buildah` containers for the
 `RUN` options in container storage. In certain situations, when the
 `podman build` crashes or users kill the `podman build` process, these external
 containers can be left in container storage. Use the `podman ps --all --storage`
@@ -256,7 +256,7 @@ specifying **--disable-compression=false**.
 
 #### **--disable-content-trust**
 
-This is a Docker specific option to disable image verification to a Docker
+This is a Docker specific option to disable image verification to a container
 registry and is not supported by Podman.  This flag is a NOOP and provided
 solely for scripting compatibility. (This option is not available with the remote Podman client)
 
@@ -328,7 +328,7 @@ than once, attempting to use this option will trigger an error.
 
 #### **--ignorefile**
 
-Path to an alternative .dockerignore file.
+Path to an alternative .containerignore file.
 
 #### **--ipc**=*how*
 
@@ -845,15 +845,15 @@ $ podman build .
 
 $ podman build -f Containerfile.simple .
 
-$ cat $HOME/Dockerfile | podman build -f - .
+$ cat $HOME/Containerfile | podman build -f - .
 
-$ podman build -f Dockerfile.simple -f Containerfile.notsosimple .
+$ podman build -f Containerfile.simple -f Containerfile.notsosimple .
 
-$ podman build -f Dockerfile.in $HOME
+$ podman build -f Containerfile.in $HOME
 
 $ podman build -t imageName .
 
-$ podman build --tls-verify=true -t imageName -f Dockerfile.simple .
+$ podman build --tls-verify=true -t imageName -f Containrfile.simple .
 
 $ podman build --tls-verify=false -t imageName .
 
@@ -861,7 +861,7 @@ $ podman build --runtime-flag log-format=json .
 
 $ podman build --runtime-flag debug .
 
-$ podman build --authfile /tmp/auths/myauths.json --cert-dir $HOME/auth --tls-verify=true --creds=username:password -t imageName -f Dockerfile.simple .
+$ podman build --authfile /tmp/auths/myauths.json --cert-dir $HOME/auth --tls-verify=true --creds=username:password -t imageName -f Containerfile.simple .
 
 $ podman build --memory 40m --cpu-period 10000 --cpu-quota 50000 --ulimit nofile=1024:1028 -t imageName .
 
@@ -940,22 +940,26 @@ $ podman build -f dev/Containerfile https://10.10.10.1/podman/context.tar.gz
 
 ## Files
 
-### `.dockerignore`
+### .containerignore/.dockerignore
 
-If the file .dockerignore exists in the context directory, `buildah copy` reads
-its contents. Use the `--ignorefile` flag to override .dockerignore path location.
+If the file *.containerignore* or *.dockerignore* exists in the context directory,
+`podman build` reads its contents. Use the `--ignorefile` flag to override the
+.containerignore path location.
 Podman uses the content to exclude files and directories from the context
 directory, when executing COPY and ADD directives in the
 Containerfile/Dockerfile
 
-Users can specify a series of Unix shell globals in a .dockerignore file to
+The .containerignore and .dockerignore files use the same syntax; if both
+are in the context directory, podman build will only use .containerignore.
+
+Users can specify a series of Unix shell globals in a .containerignore file to
 identify files/directories to exclude.
 
 Podman supports a special wildcard string `**` which matches any number of
 directories (including zero). For example, **/*.go will exclude all files that
 end with .go that are found in all directories.
 
-Example .dockerignore file:
+Example .containerignore file:
 
 ```
 # exclude this content for image
@@ -975,7 +979,7 @@ Excludes files and directories starting with `output` from any directory.
 Excludes files named src and the directory src as well as any content in it.
 
 Lines starting with ! (exclamation mark) can be used to make exceptions to
-exclusions. The following is an example .dockerignore file that uses this
+exclusions. The following is an example .containerignore file that uses this
 mechanism:
 ```
 *.doc
@@ -984,10 +988,10 @@ mechanism:
 
 Exclude all doc files except Help.doc from the image.
 
-This functionality is compatible with the handling of .dockerignore files
+This functionality is compatible with the handling of .containerignore files
 described here:
 
-https://docs.docker.com/engine/reference/builder/#dockerignore-file
+https://github.com/containers/buildah/blob/main/docs/containerignore.5.md
 
 **registries.conf** (`/etc/containers/registries.conf`)
 
@@ -1009,10 +1013,10 @@ If you are using `useradd` within your build script, you should pass the
 useradd to stop creating the lastlog file.
 
 ## SEE ALSO
-podman(1), buildah(1), containers-certs.d(5), containers-registries.conf(5), crun(8), runc(8), useradd(8), podman-ps(1), podman-rm(1)
+podman(1), buildah(1), containers-certs.d(5), containers-registries.conf(5), crun(8), runc(8), useradd(8), podman-ps(1), podman-rm(1), Containerfile(5), containerignore(5)
 
 ## HISTORY
-Aug 2020, Additional options and .dockerignore added by Dan Walsh `<dwalsh@redhat.com>`
+Aug 2020, Additional options and .containerignore added by Dan Walsh `<dwalsh@redhat.com>`
 
 May 2018, Minor revisions added by Joe Doss `<joe@solidadmin.com>`
 
diff --git a/libpod/kube.go b/libpod/kube.go
index eb7743886..d68140d5e 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -481,10 +481,16 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
 	if err != nil {
 		return kubeContainer, kubeVolumes, nil, annotations, err
 	}
-	if reflect.DeepEqual(imgData.Config.Cmd, kubeContainer.Command) {
+	// If the user doesn't set a command/entrypoint when creating the container with podman and
+	// is using the image command or entrypoint from the image, don't add it to the generated kube yaml
+	if reflect.DeepEqual(imgData.Config.Cmd, kubeContainer.Command) || reflect.DeepEqual(imgData.Config.Entrypoint, kubeContainer.Command) {
 		kubeContainer.Command = nil
 	}
 
+	if imgData.User == c.User() {
+		kubeSec.RunAsGroup, kubeSec.RunAsUser = nil, nil
+	}
+
 	kubeContainer.WorkingDir = c.WorkingDir()
 	kubeContainer.Ports = ports
 	// This should not be applicable
diff --git a/libpod/network/cni/cni_types.go b/libpod/network/cni/cni_types.go
index fbf917c2d..87beceff3 100644
--- a/libpod/network/cni/cni_types.go
+++ b/libpod/network/cni/cni_types.go
@@ -182,7 +182,7 @@ func newIPAMLocalHostRange(subnet types.IPNet, leaseRange *types.LeaseRange, gw
 			hostRange.RangeStart = leaseRange.StartIP.String()
 		}
 		if leaseRange.EndIP != nil {
-			hostRange.RangeStart = leaseRange.EndIP.String()
+			hostRange.RangeEnd = leaseRange.EndIP.String()
 		}
 	}
 
diff --git a/libpod/network/cni/config_test.go b/libpod/network/cni/config_test.go
index 5181cd900..0dfc6173c 100644
--- a/libpod/network/cni/config_test.go
+++ b/libpod/network/cni/config_test.go
@@ -621,7 +621,7 @@ var _ = Describe("Config", func() {
 			err = libpodNet.NetworkRemove(network1.Name)
 			Expect(err).To(BeNil())
 
-			endIP := "10.0.0.10"
+			endIP := "10.0.0.30"
 			network = types.Network{
 				Driver: "bridge",
 				Subnets: []types.Subnet{
@@ -665,6 +665,22 @@ var _ = Describe("Config", func() {
 			Expect(network1.Subnets[0].Gateway.String()).To(Equal("10.0.0.1"))
 			Expect(network1.Subnets[0].LeaseRange.StartIP.String()).To(Equal(startIP))
 			Expect(network1.Subnets[0].LeaseRange.EndIP.String()).To(Equal(endIP))
+
+			// create a new interface to force a config load from disk
+			libpodNet, err = getNetworkInterface(cniConfDir, false)
+			Expect(err).To(BeNil())
+
+			network1, err = libpodNet.NetworkInspect(network1.Name)
+			Expect(err).To(BeNil())
+			Expect(network1.Name).ToNot(BeEmpty())
+			Expect(network1.ID).ToNot(BeEmpty())
+			Expect(network1.NetworkInterface).ToNot(BeEmpty())
+			Expect(network1.Driver).To(Equal("bridge"))
+			Expect(network1.Subnets).To(HaveLen(1))
+			Expect(network1.Subnets[0].Subnet.String()).To(Equal(subnet))
+			Expect(network1.Subnets[0].Gateway.String()).To(Equal("10.0.0.1"))
+			Expect(network1.Subnets[0].LeaseRange.StartIP.String()).To(Equal(startIP))
+			Expect(network1.Subnets[0].LeaseRange.EndIP.String()).To(Equal(endIP))
 		})
 
 		It("create bridge with subnet and invalid lease range", func() {
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 3e6f1e8c4..d48e3b2cd 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -803,7 +803,7 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(containers[0].Args).To(Equal([]string{"10s"}))
 	})
 
-	It("podman generate kube - no command", func() {
+	It("podman generate kube - use command from image unless explicitly set in the podman command", func() {
 		session := podmanTest.Podman([]string{"create", "--name", "test", ALPINE})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -812,8 +812,8 @@ var _ = Describe("Podman generate kube", func() {
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
-		// Now make sure that the container's command is not set to the
-		// entrypoint and it's arguments to "10s".
+		// Now make sure that the container's command in the kube yaml is not set to the
+		// image command.
 		pod := new(v1.Pod)
 		err := yaml.Unmarshal(kube.Out.Contents(), pod)
 		Expect(err).To(BeNil())
@@ -831,8 +831,8 @@ var _ = Describe("Podman generate kube", func() {
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
-		// Now make sure that the container's command is not set to the
-		// entrypoint and it's arguments to "10s".
+		// Now make sure that the container's command in the kube yaml is set to the
+		// command passed via the cli to podman create.
 		pod = new(v1.Pod)
 		err = yaml.Unmarshal(kube.Out.Contents(), pod)
 		Expect(err).To(BeNil())
@@ -842,10 +842,10 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(containers[0].Command).To(Equal(cmd))
 	})
 
-	It("podman generate kube - use entrypoint from image", func() {
+	It("podman generate kube - use entrypoint from image unless --entrypoint is set", func() {
 		// Build an image with an entrypoint.
 		containerfile := `FROM quay.io/libpod/alpine:latest
-ENTRYPOINT /bin/sleep`
+ENTRYPOINT ["sleep"]`
 
 		targetPath, err := CreateTempDirInTempDir()
 		Expect(err).To(BeNil())
@@ -866,17 +866,34 @@ ENTRYPOINT /bin/sleep`
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
-		// Now make sure that the container's command is set to the
-		// entrypoint and it's arguments to "10s".
+		// Now make sure that the container's command in the kube yaml is NOT set to the
+		// entrypoint but the arguments should be set to "10s".
 		pod := new(v1.Pod)
 		err = yaml.Unmarshal(kube.Out.Contents(), pod)
 		Expect(err).To(BeNil())
 
 		containers := pod.Spec.Containers
 		Expect(len(containers)).To(Equal(1))
-
-		Expect(containers[0].Command).To(Equal([]string{"/bin/sh", "-c", "/bin/sleep"}))
 		Expect(containers[0].Args).To(Equal([]string{"10s"}))
+
+		session = podmanTest.Podman([]string{"create", "--pod", "new:testpod-2", "--entrypoint", "echo", image, "hello"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		kube = podmanTest.Podman([]string{"generate", "kube", "testpod-2"})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		// Now make sure that the container's command in the kube yaml is set to the
+		// entrypoint defined by the --entrypoint flag and the arguments should be set to "hello".
+		pod = new(v1.Pod)
+		err = yaml.Unmarshal(kube.Out.Contents(), pod)
+		Expect(err).To(BeNil())
+
+		containers = pod.Spec.Containers
+		Expect(len(containers)).To(Equal(1))
+		Expect(containers[0].Command).To(Equal([]string{"echo"}))
+		Expect(containers[0].Args).To(Equal([]string{"hello"}))
 	})
 
 	It("podman generate kube - --privileged container", func() {
@@ -942,7 +959,7 @@ USER test1`
 		pod := new(v1.Pod)
 		err = yaml.Unmarshal(kube.Out.Contents(), pod)
 		Expect(err).To(BeNil())
-		Expect(*pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(int64(10001)))
+		Expect(pod.Spec.Containers[0].SecurityContext.RunAsUser).To(BeNil())
 	})
 
 	It("podman generate kube on named volume", func() {
diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
index ae9f112b5..c9e13e7d2 100644
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -43,7 +43,7 @@ var _ = Describe("Podman network create", func() {
 
 	It("podman network create with name and subnet", func() {
 		netName := "subnet-" + stringid.GenerateNonCryptoID()
-		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", netName})
+		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ip-range", "10.11.12.0/26", netName})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeCNINetwork(netName)
 		Expect(nc).Should(Exit(0))
@@ -61,7 +61,11 @@ var _ = Describe("Podman network create", func() {
 		result := results[0]
 		Expect(result.Name).To(Equal(netName))
 		Expect(result.Subnets).To(HaveLen(1))
+		Expect(result.Subnets[0].Subnet.String()).To(Equal("10.11.12.0/24"))
 		Expect(result.Subnets[0].Gateway.String()).To(Equal("10.11.12.1"))
+		Expect(result.Subnets[0].LeaseRange).ToNot(BeNil())
+		Expect(result.Subnets[0].LeaseRange.StartIP.String()).To(Equal("10.11.12.1"))
+		Expect(result.Subnets[0].LeaseRange.EndIP.String()).To(Equal("10.11.12.63"))
 
 		// Once a container executes a new network, the nic will be created. We should clean those up
 		// best we can