aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CONTRIBUTING.md11
-rw-r--r--cmd/podman/networks/list.go4
-rw-r--r--cmd/podman/play/kube.go5
-rw-r--r--contrib/gate/Dockerfile41
-rw-r--r--contrib/gate/README.md6
-rwxr-xr-xcontrib/gate/entrypoint.sh23
-rw-r--r--docs/source/markdown/podman-play-kube.1.md4
-rw-r--r--docs/tutorials/image_signing.md26
-rw-r--r--docs/tutorials/mac_win_client.md4
-rw-r--r--docs/tutorials/podman_tutorial.md14
-rw-r--r--docs/tutorials/remote_client.md18
-rw-r--r--docs/tutorials/rootless_tutorial.md8
-rw-r--r--pkg/api/handlers/libpod/play.go5
-rw-r--r--pkg/api/server/register_play.go5
-rw-r--r--pkg/bindings/play/play.go5
-rw-r--r--pkg/domain/entities/play.go2
-rw-r--r--pkg/domain/infra/abi/play.go26
-rw-r--r--test/e2e/play_kube_test.go15
-rw-r--r--test/e2e/pod_pod_namespaces_test.go (renamed from test/e2e/pod_pod_namespaces.go)0
-rw-r--r--test/e2e/run_seccomp_test.go (renamed from test/e2e/run_seccomp.go)0
-rw-r--r--test/e2e/run_security_labels_test.go (renamed from test/e2e/run_security_labels.go)0
-rw-r--r--test/e2e/run_working_dir_test.go (renamed from test/e2e/run_working_dir.go)0
-rw-r--r--test/e2e/search_test.go4
23 files changed, 96 insertions, 130 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1d2c26750..30fddf82b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -286,16 +286,7 @@ commit automatically with `git commit -s`.
### Go Format and lint
-All code changes must pass ``make validate`` and ``make lint``, as
-executed in a standard container. The container image for this
-purpose is provided at: ``quay.io/libpod/gate:master``. With
-other tags available for different branches as needed. These
-images are built automatically after merges to the branch.
-
-#### Building the gate container locally
-
-For local use, debugging, or experimentation, the gate image may
-be built locally from the repository root, with the command:
+All code changes must pass ``make validate`` and ``make lint``.
```
podman build -t gate -f contrib/gate/Dockerfile .
diff --git a/cmd/podman/networks/list.go b/cmd/podman/networks/list.go
index bab6b45ea..f2a5a431a 100644
--- a/cmd/podman/networks/list.go
+++ b/cmd/podman/networks/list.go
@@ -87,8 +87,11 @@ func networkList(cmd *cobra.Command, args []string) error {
nlprs = append(nlprs, ListPrintReports{r})
}
+ // Headers() gets lost resolving the embedded field names so add them
headers := report.Headers(ListPrintReports{}, map[string]string{
+ "Name": "name",
"CNIVersion": "version",
+ "Version": "version",
"Plugins": "plugins",
})
renderHeaders := true
@@ -110,7 +113,6 @@ func networkList(cmd *cobra.Command, args []string) error {
if err := tmpl.Execute(w, headers); err != nil {
return err
}
-
}
return tmpl.Execute(w, nlprs)
}
diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
index a9e91bd68..db70ad7d4 100644
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@@ -22,6 +22,7 @@ type playKubeOptionsWrapper struct {
TLSVerifyCLI bool
CredentialsCLI string
+ StartCLI bool
}
var (
@@ -68,6 +69,7 @@ func init() {
flags.BoolVarP(&kubeOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
flags.BoolVar(&kubeOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ flags.BoolVar(&kubeOptions.StartCLI, "start", true, "Start the pod after creating it")
authfileFlagName := "authfile"
flags.StringVar(&kubeOptions.Authfile, authfileFlagName, auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
@@ -100,6 +102,9 @@ func kube(cmd *cobra.Command, args []string) error {
if cmd.Flags().Changed("tls-verify") {
kubeOptions.SkipTLSVerify = types.NewOptionalBool(!kubeOptions.TLSVerifyCLI)
}
+ if cmd.Flags().Changed("start") {
+ kubeOptions.Start = types.NewOptionalBool(kubeOptions.StartCLI)
+ }
if kubeOptions.Authfile != "" {
if _, err := os.Stat(kubeOptions.Authfile); err != nil {
return err
diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile
deleted file mode 100644
index 0a4d57416..000000000
--- a/contrib/gate/Dockerfile
+++ /dev/null
@@ -1,41 +0,0 @@
-FROM fedora:32
-
-ENV GOPATH="/var/tmp/go" \
- GOBIN="/var/tmp/go/bin" \
- PATH="/var/tmp/go/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" \
- SRCPATH="/usr/src/libpod" \
- GOSRC="/var/tmp/go/src/github.com/containers/podman"
-
-# Only needed for installing build-time dependencies, then will be removed
-COPY . $GOSRC
-
-# Install packages from dependencies.txt, ignoring commented lines
-# Note: adding conmon and crun so podman command checks will work
-RUN dnf -y install \
- $(grep "^[^#]" $GOSRC/contrib/dependencies.txt) diffutils containers-common fuse-overlayfs conmon crun runc --exclude container-selinux; \
- sed -i -e 's|^#mount_program|mount_program|g' -e 's/# size.*/skip_mount_home = "true"/g' /etc/containers/storage.conf \
- && dnf clean all
-
-# Install dependencies
-RUN set -x && \
- mkdir -p "$GOBIN" && \
- mkdir -p /etc/cni/net.d && \
- mkdir -p /etc/containers && \
- install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \
- python3 -m pip install pre-commit
-
-# Install cni config
-COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist
-# Make sure we have some policy for pulling images
-COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml
-
-WORKDIR "$GOSRC"
-RUN make install.tools && \
- cd / && \
- rm -rf "$GOSRC" && \
- mkdir -p "$GOSRC"
-VOLUME ["/usr/src/libpod"]
-# This entrypoint will synchronize the above volume ($SRCPATH) to $GOSRC before
-# executing make. This ensures the original source remains prestine and is never
-# modified by any lint/validation checks.
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/contrib/gate/README.md b/contrib/gate/README.md
deleted file mode 100644
index 6c33e1d74..000000000
--- a/contrib/gate/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
-
-The "gate" image is a standard container image for lint-checking and validating
-changes to the libpod repository. It must be built from the repository root as
-[described in the contibutors guide](https://github.com/containers/podman/blob/master/CONTRIBUTING.md#go-format-and-lint).
-The image is also used in [CI/CD automation](../../.cirrus.yml).
diff --git a/contrib/gate/entrypoint.sh b/contrib/gate/entrypoint.sh
deleted file mode 100755
index 102d012e5..000000000
--- a/contrib/gate/entrypoint.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-die() {
- echo "${2:-FATAL ERROR (but no message given!)} (gate container entrypoint)"
- exit ${1:-1}
-}
-
-[[ -n "$SRCPATH" ]] || die 1 "ERROR: \$SRCPATH must be non-empty"
-[[ -n "$GOPATH" ]] || die 2 "ERROR: \$GOPATH must be non-empty"
-[[ -n "$GOSRC" ]] || die 3 "ERROR: \$GOSRC must be non-empty"
-[[ -r "${SRCPATH}/contrib/gate/Dockerfile" ]] || \
- die 4 "ERROR: Expecting libpod repository root at $SRCPATH"
-
-# Working from a copy avoids needing to perturb the actual source files
-# if/when developers use gate container for local testing
-echo "Copying $SRCPATH to $GOSRC"
-mkdir -vp "$GOSRC"
-/usr/bin/rsync --recursive --links --quiet --safe-links \
- --perms --times --delete "${SRCPATH}/" "${GOSRC}/"
-cd "$GOSRC"
-exec make "$@"
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index e14d1ed79..67584ffcc 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -58,6 +58,10 @@ Suppress output information when pulling images
Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (Not available for remote commands)
+#### **--start**=*true|false*
+
+Start the pod after creating it, set to false to only create it.
+
#### **--tls-verify**=*true|false*
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
diff --git a/docs/tutorials/image_signing.md b/docs/tutorials/image_signing.md
index f0adca9af..0d1d63de2 100644
--- a/docs/tutorials/image_signing.md
+++ b/docs/tutorials/image_signing.md
@@ -34,7 +34,7 @@ Now let’s assume that we run a container registry. For example we could simply
start one on our local machine:
```bash
-> sudo podman run -d -p 5000:5000 docker.io/registry
+sudo podman run -d -p 5000:5000 docker.io/registry
```
The registry does not know anything about image signing, it just provides the remote
@@ -44,11 +44,11 @@ have to take care of how to distribute the signatures.
Let’s choose a standard `alpine` image for our signing experiment:
```bash
-> sudo podman pull docker://docker.io/alpine:latest
+sudo podman pull docker://docker.io/alpine:latest
```
```bash
-> sudo podman images alpine
+sudo podman images alpine
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB
```
@@ -56,11 +56,11 @@ docker.io/library/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB
Now we can re-tag the image to point it to our local registry:
```bash
-> sudo podman tag alpine localhost:5000/alpine
+sudo podman tag alpine localhost:5000/alpine
```
```bash
-> sudo podman images alpine
+sudo podman images alpine
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost:5000/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB
docker.io/library/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB
@@ -84,7 +84,7 @@ We can see that we have two signature stores configured:
Now, let’s push and sign the image:
```bash
-> sudo -E GNUPGHOME=$HOME/.gnupg \
+sudo -E GNUPGHOME=$HOME/.gnupg \
podman push \
--tls-verify=false \
--sign-by sgrunert@suse.com \
@@ -97,7 +97,7 @@ If we now take a look at the systems signature storage, then we see that there
is a new signature available, which was caused by the image push:
```bash
-> sudo ls /var/lib/containers/sigstore
+sudo ls /var/lib/containers/sigstore
'alpine@sha256=e9b65ef660a3ff91d28cc50eba84f21798a6c5c39b4dd165047db49e84ae1fb9'
```
@@ -107,14 +107,14 @@ The default signature store in our edited version of
the local staging signature store:
```bash
-> sudo bash -c 'cd /var/lib/containers/sigstore && python3 -m http.server'
+sudo bash -c 'cd /var/lib/containers/sigstore && python3 -m http.server'
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
```
Let’s remove the local images for our verification test:
```
-> sudo podman rmi docker.io/alpine localhost:5000/alpine
+sudo podman rmi docker.io/alpine localhost:5000/alpine
```
We have to write a policy to enforce that the signature has to be valid. This
@@ -142,13 +142,13 @@ below example, copy the `"docker"` entry into the `"transports"` section of your
The `keyPath` does not exist yet, so we have to put the GPG key there:
```bash
-> gpg --output /tmp/key.gpg --armor --export sgrunert@suse.com
+gpg --output /tmp/key.gpg --armor --export sgrunert@suse.com
```
If we now pull the image:
```bash
-> sudo podman pull --tls-verify=false localhost:5000/alpine
+sudo podman pull --tls-verify=false localhost:5000/alpine
Storing signatures
e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a
@@ -164,14 +164,14 @@ accessed:
As an counterpart example, if we specify the wrong key at `/tmp/key.gpg`:
```bash
-> gpg --output /tmp/key.gpg --armor --export mail@saschagrunert.de
+gpg --output /tmp/key.gpg --armor --export mail@saschagrunert.de
File '/tmp/key.gpg' exists. Overwrite? (y/N) y
```
Then a pull is not possible any more:
```bash
-> sudo podman pull --tls-verify=false localhost:5000/alpine
+sudo podman pull --tls-verify=false localhost:5000/alpine
Trying to pull localhost:5000/alpine...
Error: error pulling image "localhost:5000/alpine": unable to pull localhost:5000/alpine: unable to pull image: Source image rejected: Invalid GPG signature: …
```
diff --git a/docs/tutorials/mac_win_client.md b/docs/tutorials/mac_win_client.md
index 9e0798bbf..af2668e10 100644
--- a/docs/tutorials/mac_win_client.md
+++ b/docs/tutorials/mac_win_client.md
@@ -36,7 +36,7 @@ $ systemctl --user enable --now podman.socket
You will need to enable linger for this user in order for the socket to work when the user is not logged in.
```
-$ sudo loginctl enable-linger $USER
+sudo loginctl enable-linger $USER
```
You can verify that the socket is listening with a simple Podman command.
@@ -55,7 +55,7 @@ host:
In order for the client to communicate with the server you need to enable and start the SSH daemon on your Linux machine, if it is not currently enabled.
```
-$ sudo systemctl enable -s sshd
+sudo systemctl enable --now -s sshd
```
#### Setting up SSH
diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md
index 85b95af04..c15de67a6 100644
--- a/docs/tutorials/podman_tutorial.md
+++ b/docs/tutorials/podman_tutorial.md
@@ -41,7 +41,7 @@ Note: If you add *-a* to the *ps* command, Podman will show all containers.
You can "inspect" a running container for metadata and details about itself. We can even use
the inspect subcommand to see what IP address was assigned to the container. As the container is running in rootless mode, an IP address is not assigned and the value will be listed as "none" in the output from inspect.
```console
-$ podman inspect -l | grep IPAddress\":
+podman inspect -l | grep IPAddress\":
"SecondaryIPAddresses": null,
"IPAddress": "",
```
@@ -60,7 +60,7 @@ curl http://<IP_address>:8080
### Viewing the container's logs
You can view the container's logs with Podman as well:
```console
-$ sudo podman logs --latest
+podman logs --latest
10.88.0.1 - - [07/Feb/2018:15:22:11 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
10.88.0.1 - - [07/Feb/2018:15:22:30 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
10.88.0.1 - - [07/Feb/2018:15:22:30 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
@@ -71,7 +71,7 @@ $ sudo podman logs --latest
### Viewing the container's pids
And you can observe the httpd pid in the container with *top*.
```console
-$ sudo podman top <container_id>
+podman top <container_id>
UID PID PPID C STIME TTY TIME CMD
0 31873 31863 0 09:21 ? 00:00:00 nginx: master process nginx -g daemon off;
101 31889 31873 0 09:21 ? 00:00:00 nginx: worker process
@@ -81,6 +81,8 @@ $ sudo podman top <container_id>
Checkpointing a container stops the container while writing the state of all processes in the container to disk.
With this a container can later be restored and continue running at exactly the same point in time as the
checkpoint. This capability requires CRIU 3.11 or later installed on the system.
+This feature is not supported as rootless; as such, if you wish to try it, you'll need to re-create your container as root, using the same command but with sudo.
+
To checkpoint the container use:
```console
sudo podman container checkpoint <container_id>
@@ -124,18 +126,18 @@ curl http://<IP_address>:8080
### Stopping the container
To stop the httpd container:
```console
-sudo podman stop --latest
+podman stop --latest
```
You can also check the status of one or more containers using the *ps* subcommand. In this case, we should
use the *-a* argument to list all containers.
```console
-sudo podman ps -a
+podman ps -a
```
### Removing the container
To remove the httpd container:
```console
-sudo podman rm --latest
+podman rm --latest
```
You can verify the deletion of the container by running *podman ps -a*.
diff --git a/docs/tutorials/remote_client.md b/docs/tutorials/remote_client.md
index ad506d19a..e39d804a6 100644
--- a/docs/tutorials/remote_client.md
+++ b/docs/tutorials/remote_client.md
@@ -29,19 +29,19 @@ You will need to [install Podman](https://podman.io/getting-started/installation
Before performing any Podman client commands, you must enable the podman.sock SystemD service on the Linux server. In these examples, we are running Podman as a normal, unprivileged user, also known as a rootless user. By default, the rootless socket listens at `/run/user/${UID}/podman/podman.sock`. You can enable this socket permanently using the following command:
```
-$ systemctl --user enable podman.socket
+systemctl --user enable --now podman.socket
```
You will need to enable linger for this user in order for the socket to work when the user is not logged in:
```
-$ sudo loginctl enable-linger $USER
+sudo loginctl enable-linger $USER
```
This is only required if you are not running Podman as root.
You can verify that the socket is listening with a simple Podman command.
```
-$ podman --remote info
+podman --remote info
host:
arch: amd64
buildahVersion: 1.16.0-dev
@@ -54,13 +54,13 @@ host:
In order for the Podman client to communicate with the server you need to enable and start the SSH daemon on your Linux machine, if it is not currently enabled.
```
-$ sudo systemctl enable -s sshd
+sudo systemctl enable --now -s sshd
```
#### Setting up SSH
Remote Podman uses SSH to communicate between the client and server. The remote client works considerably smoother using SSH keys. To set up your ssh connection, you need to generate an ssh key pair from your client machine.
```
-$ ssh-keygen
+ssh-keygen
```
Your public key by default should be in your home directory under ~/.ssh/id_rsa.pub. You then need to copy the contents of id_rsa.pub and append it into ~/.ssh/authorized_keys on the Linux server. You can automate this using ssh-copy-id.
@@ -75,13 +75,13 @@ The first step in using the Podman remote client is to configure a connection.
You can add a connection by using the `podman-remote system connection add` command.
```
-$ podman-remote system connection add myuser --identity ~/.ssh/id_rsa ssh://192.168.122.1/run/user/1000/podman/podman.sock
+podman-remote system connection add myuser --identity ~/.ssh/id_rsa ssh://192.168.122.1/run/user/1000/podman/podman.sock
```
This will add a remote connection to Podman and if it is the first connection added, it will mark the connection as the default. You can observe your connections with `podman-remote system connection list`:
```
-$ podman-remote system connection list
+podman-remote system connection list
Name Identity URI
myuser* id_rsa ssh://myuser@192.168.122.1/run/user/1000/podman/podman.sock
```
@@ -89,7 +89,7 @@ myuser* id_rsa ssh://myuser@192.168.122.1/run/user/1000/podman/podman.s
Now we can test the connection with `podman info`:
```
-$ podman-remote info
+podman-remote info
host:
arch: amd64
buildahVersion: 1.16.0-dev
@@ -101,7 +101,7 @@ host:
Podman-remote has also introduced a “--connection” flag where you can use other connections you have defined. If no connection is provided, the default connection will be used.
```
-$ podman-remote system connection --help
+podman-remote system connection --help
```
## Wrap up
diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md
index 3b9cbd2d0..9d8851bc8 100644
--- a/docs/tutorials/rootless_tutorial.md
+++ b/docs/tutorials/rootless_tutorial.md
@@ -6,14 +6,14 @@ Prior to allowing users without root privileges to run Podman, the administrator
## cgroup V2 support
-The cgroup V2 Linux kernel feature allows the user to limit the amount of resources a rootless container can use. If the Linux distribution that you are running Podman on is enabled with cgroup V2 then you might need to change the default OCI Runtime. The default runtime `runc` does not currently work with cgroup V2 enabled systems, so you have to switch to the alternative OCI runtime `crun`.
+The cgroup V2 Linux kernel feature allows the user to limit the amount of resources a rootless container can use. If the Linux distribution that you are running Podman on is enabled with cgroup V2 then you might need to change the default OCI Runtime. Some older versions of `runc` do not work with cgroup V2, you might have to switch to the alternative OCI runtime `crun`.
-The alternative OCI runtime support for cgroup V2 can be turned on at the command line by using the `--runtime` option:
+The alternative OCI runtime support for cgroup V2 can also be turned on at the command line by using the `--runtime` option:
```
-sudo podman --runtime /usr/bin/crun
+podman --runtime crun
```
-or by changing the value for the "Default OCI runtime" in the containers.conf file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`.
+or for all commands by changing the value for the "Default OCI runtime" in the containers.conf file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`.
## Administrator Actions
diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go
index 0c7a6e19d..42ff26a57 100644
--- a/pkg/api/handlers/libpod/play.go
+++ b/pkg/api/handlers/libpod/play.go
@@ -23,8 +23,10 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
Network string `schema:"reference"`
TLSVerify bool `schema:"tlsVerify"`
LogDriver string `schema:"logDriver"`
+ Start bool `schema:"start"`
}{
TLSVerify: true,
+ Start: true,
}
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
@@ -73,6 +75,9 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
if _, found := r.URL.Query()["tlsVerify"]; found {
options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
}
+ if _, found := r.URL.Query()["start"]; found {
+ options.Start = types.NewOptionalBool(query.Start)
+ }
report, err := containerEngine.PlayKube(r.Context(), tmpfile.Name(), options)
if err != nil {
diff --git a/pkg/api/server/register_play.go b/pkg/api/server/register_play.go
index e41f8311d..6aa349a3b 100644
--- a/pkg/api/server/register_play.go
+++ b/pkg/api/server/register_play.go
@@ -29,6 +29,11 @@ func (s *APIServer) registerPlayHandlers(r *mux.Router) error {
// name: logDriver
// type: string
// description: Logging driver for the containers in the pod.
+ // - in: query
+ // name: start
+ // type: boolean
+ // default: true
+ // description: Start the pod after creating it.
// - in: body
// name: request
// description: Kubernetes YAML file.
diff --git a/pkg/bindings/play/play.go b/pkg/bindings/play/play.go
index 8af3b8fb1..cfb40d74b 100644
--- a/pkg/bindings/play/play.go
+++ b/pkg/bindings/play/play.go
@@ -30,7 +30,10 @@ func Kube(ctx context.Context, path string, options entities.PlayKubeOptions) (*
params.Set("network", options.Network)
params.Set("logDriver", options.LogDriver)
if options.SkipTLSVerify != types.OptionalBoolUndefined {
- params.Set("tlsVerify", strconv.FormatBool(options.SkipTLSVerify == types.OptionalBoolTrue))
+ params.Set("tlsVerify", strconv.FormatBool(options.SkipTLSVerify != types.OptionalBoolTrue))
+ }
+ if options.Start != types.OptionalBoolUndefined {
+ params.Set("start", strconv.FormatBool(options.Start == types.OptionalBoolTrue))
}
// TODO: have a global system context we can pass around (1st argument)
diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
index 7e4afcc28..0b42e1a3f 100644
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@@ -28,6 +28,8 @@ type PlayKubeOptions struct {
ConfigMaps []string
// LogDriver for the container. For example: journald
LogDriver string
+ // Start - don't start the pod if false
+ Start types.OptionalBool
}
// PlayKubePod represents a single pod and associated containers created by play kube
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index c0948e099..4bcc6469c 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -297,20 +297,22 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
containers = append(containers, ctr)
}
- //start the containers
- podStartErrors, err := pod.Start(ctx)
- if err != nil {
- return nil, err
- }
+ if options.Start != types.OptionalBoolFalse {
+ //start the containers
+ podStartErrors, err := pod.Start(ctx)
+ if err != nil {
+ return nil, err
+ }
- // Previous versions of playkube started containers individually and then
- // looked for errors. Because we now use the uber-Pod start call, we should
- // iterate the map of possible errors and return one if there is a problem. This
- // keeps the behavior the same
+ // Previous versions of playkube started containers individually and then
+ // looked for errors. Because we now use the uber-Pod start call, we should
+ // iterate the map of possible errors and return one if there is a problem. This
+ // keeps the behavior the same
- for _, e := range podStartErrors {
- if e != nil {
- return nil, e
+ for _, e := range podStartErrors {
+ if e != nil {
+ return nil, e
+ }
}
}
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 7ae474c76..92e4544f9 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -1482,4 +1482,19 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`})
Expect(inspect.ExitCode()).To(Equal(0))
Expect(inspect.OutputToString()).To(ContainSubstring("journald"))
})
+
+ It("podman play kube test only creating the containers", func() {
+ pod := getPod()
+ err := generateKubeYaml("pod", pod, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube := podmanTest.Podman([]string{"play", "kube", "--start=false", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "{{ .State.Running }}"})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.OutputToString()).To(Equal("false"))
+ })
})
diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces_test.go
index 20b8bdb39..20b8bdb39 100644
--- a/test/e2e/pod_pod_namespaces.go
+++ b/test/e2e/pod_pod_namespaces_test.go
diff --git a/test/e2e/run_seccomp.go b/test/e2e/run_seccomp_test.go
index 7d04cc60a..7d04cc60a 100644
--- a/test/e2e/run_seccomp.go
+++ b/test/e2e/run_seccomp_test.go
diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels_test.go
index 0c5621e3f..0c5621e3f 100644
--- a/test/e2e/run_security_labels.go
+++ b/test/e2e/run_security_labels_test.go
diff --git a/test/e2e/run_working_dir.go b/test/e2e/run_working_dir_test.go
index 7d8db361c..7d8db361c 100644
--- a/test/e2e/run_working_dir.go
+++ b/test/e2e/run_working_dir_test.go
diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go
index 7747cdd0e..5c3c69fd4 100644
--- a/test/e2e/search_test.go
+++ b/test/e2e/search_test.go
@@ -93,10 +93,10 @@ registries = ['{{.Host}}:{{.Port}}']`
})
It("podman search single registry flag", func() {
- search := podmanTest.Podman([]string{"search", "quay.io/libpod/gate:latest"})
+ search := podmanTest.Podman([]string{"search", "quay.io/skopeo/stable:latest"})
search.WaitWithDefaultTimeout()
Expect(search.ExitCode()).To(Equal(0))
- Expect(search.LineInOutputContains("quay.io/libpod/gate")).To(BeTrue())
+ Expect(search.LineInOutputContains("quay.io/skopeo/stable")).To(BeTrue())
})
It("podman search image with description", func() {