diff options
28 files changed, 112 insertions, 60 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 2badd7b5a..68eca4ef5 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -139,6 +139,22 @@ build_task: _gc='git config --file /root/.gitconfig' $_gc user.email "TMcTestFace@example.com" $_gc user.name "Testy McTestface" + # Nightly dependency-bump job: fetch latest versions of the + # Big Three dependencies, and run full CI test suite. Notification + # email will go out to monitor-list upon failure. + if [[ "$CIRRUS_CRON" = "treadmill" ]]; then + for pkg in common image/v5 storage; do + echo "go mod edit --require containers/$pkg@main" + go mod edit --require github.com/containers/$pkg@main + make vendor + done + git add vendor + # Show what changed. + echo "git diff go.mod, then git diff --stat:" + git diff go.mod + git diff --stat + HOME=/root git commit --allow-empty -asm"Bump containers/common,image,storage" + fi # Attempt to prevent flakes by confirming basic environment expectations, # network service connectivity and essential container image availability. prebuild_script: &prebuild $SCRIPT_BASE/prebuild.sh diff --git a/contrib/cirrus/check_go_changes.sh b/contrib/cirrus/check_go_changes.sh index a92ab03af..aa8f4ccf4 100755 --- a/contrib/cirrus/check_go_changes.sh +++ b/contrib/cirrus/check_go_changes.sh @@ -30,9 +30,17 @@ $(egrep -B 5 -A 5 "$regex"<<<"$diffs")" fi } -if [[ -n "$CIRRUS_TAG" ]] || ! req_env_vars CIRRUS_CHANGE_IN_REPO CIRRUS_PR DEST_BRANCH -then - warn "Skipping: Golang code checks cannot run in this context" +# Defined by Cirrus-CI +# shellcheck disable=SC2154 +if [[ "$CIRRUS_BRANCH" =~ pull ]]; then + for var in CIRRUS_CHANGE_IN_REPO CIRRUS_PR DEST_BRANCH; do + if [[ -z "${!var}" ]]; then + warn "Skipping: Golang code checks require non-empty '\$$var'" + exit 0 + fi + done +else + warn "Skipping: Golang code checks in tag and branch contexts" exit 0 fi diff --git a/docs/source/markdown/.gitignore b/docs/source/markdown/.gitignore index 57a64e1c1..584e88e75 100644 --- a/docs/source/markdown/.gitignore +++ b/docs/source/markdown/.gitignore @@ -12,6 +12,7 @@ podman-login.1.md podman-logout.1.md podman-logs.1.md podman-manifest-add.1.md +podman-manifest-annotate.1.md podman-manifest-create.1.md podman-manifest-push.1.md podman-pause.1.md @@ -25,6 +26,7 @@ podman-pod-stats.1.md podman-pod-stop.1.md podman-pull.1.md podman-push.1.md +podman-restart.1.md podman-rm.1.md podman-run.1.md podman-search.1.md diff --git a/docs/source/markdown/options/features.md b/docs/source/markdown/options/features.md new file mode 100644 index 000000000..b6ac4de34 --- /dev/null +++ b/docs/source/markdown/options/features.md @@ -0,0 +1,4 @@ +#### **--features** + +Specify the features list which the list or index records as requirements for +the image. This option is rarely used. diff --git a/docs/source/markdown/options/pod.run.md b/docs/source/markdown/options/pod.run.md new file mode 100644 index 000000000..6ba3c718b --- /dev/null +++ b/docs/source/markdown/options/pod.run.md @@ -0,0 +1,5 @@ +#### **--pod**=*name* + +Run container in an existing pod. If you want Podman to make the pod for you, prefix the pod name with **new:**. +To make a pod with more granular options, use the **podman pod create** command before creating a container. +If a container is run with a pod, and the pod has an infra-container, the infra-container will be started before the container is. diff --git a/docs/source/markdown/options/time.md b/docs/source/markdown/options/time.md new file mode 100644 index 000000000..85d571d18 --- /dev/null +++ b/docs/source/markdown/options/time.md @@ -0,0 +1,3 @@ +#### **--time**, **-t**=*seconds* + +Seconds to wait before forcibly stopping <<the container|running containers within the pod>>. diff --git a/docs/source/markdown/options/variant.container.md b/docs/source/markdown/options/variant.container.md new file mode 100644 index 000000000..ed7cd29d3 --- /dev/null +++ b/docs/source/markdown/options/variant.container.md @@ -0,0 +1,3 @@ +#### **--variant**=*VARIANT* + +Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. diff --git a/docs/source/markdown/options/variant.manifest.md b/docs/source/markdown/options/variant.manifest.md new file mode 100644 index 000000000..b1d7b28aa --- /dev/null +++ b/docs/source/markdown/options/variant.manifest.md @@ -0,0 +1,5 @@ +#### **--variant** + +Specify the variant which the list or index records for the image. This option +is typically used to distinguish between multiple entries which share the same +architecture value, but which expect different versions of its instruction set. diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 503e6fac7..b7f621866 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -276,10 +276,7 @@ This option conflicts with **--add-host**. @@option platform -#### **--pod**=*name* - -Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`. -To make a pod with more granular options, use the `podman pod create` command before creating a container. +@@option pod.run @@option pod-id-file.container @@ -398,8 +395,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the @@option uts.container -#### **--variant**=*VARIANT* -Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. +@@option variant.container @@option volume diff --git a/docs/source/markdown/podman-kube-play.1.md.in b/docs/source/markdown/podman-kube-play.1.md.in index d3a6eaa03..dea47c307 100644 --- a/docs/source/markdown/podman-kube-play.1.md.in +++ b/docs/source/markdown/podman-kube-play.1.md.in @@ -155,7 +155,7 @@ Note: When joining multiple networks you should use the **--network name:mac=\<m @@option network -The *host* network mode should be configured in the YAML file. +When no network option is specified and *host* network mode is not configured in the YAML file, a new network stack is created and pods are attached to it making possible pod to pod communication. @@option no-hosts diff --git a/docs/source/markdown/podman-manifest-add.1.md.in b/docs/source/markdown/podman-manifest-add.1.md.in index 6a9df69b4..f7b9457bc 100644 --- a/docs/source/markdown/podman-manifest-add.1.md.in +++ b/docs/source/markdown/podman-manifest-add.1.md.in @@ -39,10 +39,7 @@ retrieved from the image's configuration information. @@option creds -#### **--features** - -Specify the features list which the list or index records as requirements for -the image. This option is rarely used. +@@option features #### **--os** @@ -58,11 +55,7 @@ image. This option is rarely used. @@option tls-verify -#### **--variant** - -Specify the variant which the list or index records for the image. This option -is typically used to distinguish between multiple entries which share the same -architecture value, but which expect different versions of its instruction set. +@@option variant.manifest ## Transport diff --git a/docs/source/markdown/podman-manifest-annotate.1.md b/docs/source/markdown/podman-manifest-annotate.1.md.in index a6f82aa9a..71e80c0e7 100644 --- a/docs/source/markdown/podman-manifest-annotate.1.md +++ b/docs/source/markdown/podman-manifest-annotate.1.md.in @@ -23,10 +23,7 @@ the image. This is usually automatically retrieved from the image's configuration information, so it is rarely necessary to use this option. -#### **--features** - -Specify the features list which the list or index records as requirements for -the image. This option is rarely used. +@@option features #### **--os** @@ -44,11 +41,7 @@ for the image. This option is rarely used. Specify the OS version which the list or index records as a requirement for the image. This option is rarely used. -#### **--variant** - -Specify the variant which the list or index records for the image. This option -is typically used to distinguish between multiple entries which share the same -architecture value, but which expect different versions of its instruction set. +@@option variant.manifest ## EXAMPLE diff --git a/docs/source/markdown/podman-pod-rm.1.md.in b/docs/source/markdown/podman-pod-rm.1.md.in index 5d708b65c..abfa97f5b 100644 --- a/docs/source/markdown/podman-pod-rm.1.md.in +++ b/docs/source/markdown/podman-pod-rm.1.md.in @@ -27,9 +27,9 @@ Instead of providing the pod name or ID, remove the last created pod. (This opti @@option pod-id-file.pod -#### **--time**, **-t**=*seconds* +@@option time -Seconds to wait before forcibly stopping running containers within the pod. The --force option must be specified to use the --time option. +The --force option must be specified to use the --time option. ## EXAMPLE diff --git a/docs/source/markdown/podman-pod-stop.1.md.in b/docs/source/markdown/podman-pod-stop.1.md.in index 575a5fa30..e6ffa4f76 100644 --- a/docs/source/markdown/podman-pod-stop.1.md.in +++ b/docs/source/markdown/podman-pod-stop.1.md.in @@ -23,9 +23,7 @@ Instead of providing the pod name or ID, stop the last created pod. (This option @@option pod-id-file.pod -#### **--time**, **-t**=*seconds* - -Seconds to wait before forcibly stopping the containers in the pod. +@@option time ## EXAMPLE diff --git a/docs/source/markdown/podman-pull.1.md.in b/docs/source/markdown/podman-pull.1.md.in index 46adec97b..2add9d703 100644 --- a/docs/source/markdown/podman-pull.1.md.in +++ b/docs/source/markdown/podman-pull.1.md.in @@ -73,9 +73,7 @@ Suppress output information when pulling images @@option tls-verify -#### **--variant**=*VARIANT* - -Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. +@@option variant.container ## FILES diff --git a/docs/source/markdown/podman-restart.1.md b/docs/source/markdown/podman-restart.1.md.in index 513b9a1bf..71543ef6a 100644 --- a/docs/source/markdown/podman-restart.1.md +++ b/docs/source/markdown/podman-restart.1.md.in @@ -56,9 +56,7 @@ to run containers such as CRI-O, the last started container could be from either Restart all containers that are already in the *running* state. -#### **--time**, **-t**=*seconds* - -Seconds to wait before forcibly stopping the container. +@@option time ## EXAMPLES diff --git a/docs/source/markdown/podman-rm.1.md.in b/docs/source/markdown/podman-rm.1.md.in index 6f4366ce9..b3bff4934 100644 --- a/docs/source/markdown/podman-rm.1.md.in +++ b/docs/source/markdown/podman-rm.1.md.in @@ -63,9 +63,9 @@ whose OCI runtime has become unavailable. Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) -#### **--time**, **-t**=*seconds* +@@option time -Seconds to wait before forcibly stopping the container. The --force option must be specified to use the --time option. +The --force option must be specified to use the --time option. #### **--volumes**, **-v** diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 88547e126..d596ee902 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -302,11 +302,7 @@ This is used to override the Podman provided user setup in favor of entrypoint c @@option platform -#### **--pod**=*name* - -Run container in an existing pod. If you want Podman to make the pod for you, prefix the pod name with **new:**. -To make a pod with more granular options, use the **podman pod create** command before creating a container. -If a container is run with a pod, and the pod has an infra-container, the infra-container will be started before the container is. +@@option pod.run @@option pod-id-file.container @@ -439,8 +435,7 @@ echo "asdf" | podman run --rm -i someimage /bin/cat @@option uts.container -#### **--variant**=*VARIANT* -Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. +@@option variant.container @@option volume diff --git a/docs/source/markdown/podman-stop.1.md.in b/docs/source/markdown/podman-stop.1.md.in index 7b32ca4b0..ec5fd79b6 100644 --- a/docs/source/markdown/podman-stop.1.md.in +++ b/docs/source/markdown/podman-stop.1.md.in @@ -54,9 +54,7 @@ Valid filters are listed below: Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) -#### **--time**, **-t**=*seconds* - -Seconds to wait before forcibly stopping the container +@@option time ## EXAMPLES @@ -44,7 +44,7 @@ require ( github.com/onsi/ginkgo v1.16.5 github.com/onsi/gomega v1.20.2 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0-rc1 + github.com/opencontainers/image-spec v1.1.0-rc2 github.com/opencontainers/runc v1.1.4 github.com/opencontainers/runtime-spec v1.0.3-0.20211214071223-8958f93039ab github.com/opencontainers/runtime-tools v0.9.1-0.20220714195903-17b3287fafb7 @@ -1376,8 +1376,9 @@ github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198/go.mod h1:j4h1pJW6ZcJTgMZWP3+7RlG3zTaP02aDZ/Qw0sppK7Q= -github.com/opencontainers/image-spec v1.1.0-rc1 h1:lfG+OTa7V8PD3PKvkocSG9KAcA9MANqJn53m31Fvwkc= github.com/opencontainers/image-spec v1.1.0-rc1/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= +github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= +github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc h1:qjkUzmFsOFbQyjObybk40mRida83j5IHRaKzLGdBbEU= github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc/go.mod h1:wUOQGsiKae6VzA/UvlCK3cO+pHk8F2VQHlIoITEfMM8= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go index cce482441..d61df5232 100644 --- a/pkg/api/handlers/compat/images.go +++ b/pkg/api/handlers/compat/images.go @@ -403,7 +403,7 @@ func GetImage(w http.ResponseWriter, r *http.Request) { } inspect, err := handlers.ImageDataToImageInspect(r.Context(), newImage) if err != nil { - utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to convert ImageData to ImageInspect '%s': %w", inspect.ID, err)) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to convert ImageData to ImageInspect '%s': %w", name, err)) return } utils.WriteResponse(w, http.StatusOK, inspect) diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 8779acfda..bec5c4cb5 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -40,6 +40,9 @@ import ( // container-specific sd-notify modes. const sdNotifyAnnotation = "io.containers.sdnotify" +// default network created/used by kube +const kubeDefaultNetwork = "podman-default-kube-network" + // createServiceContainer creates a container that can later on // be associated with the pods of a K8s yaml. It will be started along with // the first pod. @@ -114,6 +117,19 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options report := &entities.PlayKubeReport{} validKinds := 0 + // when no network options are specified, create a common network for all the pods + if len(options.Networks) == 0 { + _, err := ic.NetworkCreate( + ctx, nettypes.Network{ + Name: kubeDefaultNetwork, + DNSEnabled: true, + }, + ) + if err != nil && !errors.Is(err, nettypes.ErrNetworkExists) { + return nil, err + } + } + // read yaml document content, err := io.ReadAll(body) if err != nil { @@ -338,6 +354,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY return nil, err } + // add kube default network if no network is explicitly added + if podOpt.Net.Network.NSMode != "host" && len(options.Networks) == 0 { + options.Networks = []string{kubeDefaultNetwork} + } + if len(options.Networks) > 0 { ns, networks, netOpts, err := specgen.ParseNetworkFlag(options.Networks) if err != nil { diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 651cb1074..8b9e43f65 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -3000,6 +3000,21 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`}) Expect(logs.OutputToString()).To(Equal(netns)) }) + It("podman play kube test with kube default network", func() { + pod := getPod() + err := generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + inspect := podmanTest.Podman([]string{"inspect", pod.Name, "--format", "{{ .InfraConfig.Networks }}"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).To(Equal("[podman-default-kube-network]")) + }) + It("podman play kube persistentVolumeClaim", func() { volName := "myvol" volDevice := "tmpfs" diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go index 2a18ce106..03d76ce43 100644 --- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go +++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go @@ -26,8 +26,8 @@ type Artifact struct { // Blobs is a collection of blobs referenced by this manifest. Blobs []Descriptor `json:"blobs,omitempty"` - // Refers is an optional link to any existing manifest within the repository. - Refers *Descriptor `json:"refers,omitempty"` + // Subject (reference) is an optional link from the artifact to another manifest forming an association between the artifact and the other manifest. + Subject *Descriptor `json:"subject,omitempty"` // Annotations contains arbitrary metadata for the artifact manifest. Annotations map[string]string `json:"annotations,omitempty"` diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go index 7f2df9863..730a09359 100644 --- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go +++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go @@ -30,8 +30,8 @@ type Manifest struct { // Layers is an indexed list of layers referenced by the manifest. Layers []Descriptor `json:"layers"` - // Refers is an optional link to any existing manifest within the repository. - Refers *Descriptor `json:"refers,omitempty"` + // Subject is an optional link from the image manifest to another manifest forming an association between the image manifest and the other manifest. + Subject *Descriptor `json:"subject,omitempty"` // Annotations contains arbitrary metadata for the image manifest. Annotations map[string]string `json:"annotations,omitempty"` diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/version.go b/vendor/github.com/opencontainers/image-spec/specs-go/version.go index bf4d8cc7e..d27903579 100644 --- a/vendor/github.com/opencontainers/image-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/image-spec/specs-go/version.go @@ -25,7 +25,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-rc1" + VersionDev = "-rc2" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index d2de96573..58dcf0196 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -611,7 +611,7 @@ github.com/onsi/gomega/types # github.com/opencontainers/go-digest v1.0.0 ## explicit; go 1.13 github.com/opencontainers/go-digest -# github.com/opencontainers/image-spec v1.1.0-rc1 +# github.com/opencontainers/image-spec v1.1.0-rc2 ## explicit; go 1.17 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 |