summaryrefslogtreecommitdiff
path: root/cmd/podman/play_kube.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/play_kube.go')
-rw-r--r--cmd/podman/play_kube.go80
1 files changed, 66 insertions, 14 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index ac46ad5c6..a9dfee33c 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -25,10 +25,17 @@ import (
"k8s.io/api/core/v1"
)
+const (
+ // https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
+ createDirectoryPermission = 0755
+)
+
var (
playKubeCommand cliconfig.KubePlayValues
- playKubeDescription = "Play a Pod and its containers based on a Kubrernetes YAML"
- _playKubeCommand = &cobra.Command{
+ playKubeDescription = `Command reads in a structured file of Kubernetes YAML.
+
+ It creates the pod and containers described in the YAML. The containers within the pod are then started and the ID of the new Pod is output.`
+ _playKubeCommand = &cobra.Command{
Use: "kube [flags] KUBEFILE",
Short: "Play a pod based on Kubernetes YAML",
Long: playKubeDescription,
@@ -44,6 +51,7 @@ var (
func init() {
playKubeCommand.Command = _playKubeCommand
+ playKubeCommand.SetHelpTemplate(HelpTemplate())
playKubeCommand.SetUsageTemplate(UsageTemplate())
flags := playKubeCommand.Flags()
flags.StringVar(&playKubeCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
@@ -144,12 +152,41 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
}
+ // map from name to mount point
+ volumes := make(map[string]string)
+ for _, volume := range podYAML.Spec.Volumes {
+ hostPath := volume.VolumeSource.HostPath
+ if hostPath == nil {
+ return errors.Errorf("HostPath is currently the only supported VolumeSource")
+ }
+ if hostPath.Type != nil {
+ switch *hostPath.Type {
+ case v1.HostPathDirectoryOrCreate:
+ if _, err := os.Stat(hostPath.Path); os.IsNotExist(err) {
+ if err := os.Mkdir(hostPath.Path, createDirectoryPermission); err != nil {
+ return errors.Errorf("Error creating HostPath %s at %s", volume.Name, hostPath.Path)
+ }
+ }
+ case v1.HostPathDirectory:
+ // do nothing here because we will verify the path exists in validateVolumeHostDir
+ break
+ default:
+ return errors.Errorf("Directories are the only supported HostPath type")
+ }
+ }
+ if err := validateVolumeHostDir(hostPath.Path); err != nil {
+ return errors.Wrapf(err, "Error in parsing HostPath in YAML")
+ }
+ fmt.Println(volume.Name)
+ volumes[volume.Name] = hostPath.Path
+ }
+
for _, container := range podYAML.Spec.Containers {
newImage, err := runtime.ImageRuntime().New(ctx, container.Image, c.SignaturePolicy, c.Authfile, writer, &dockerRegistryOptions, image2.SigningOptions{}, false, nil)
if err != nil {
return err
}
- createConfig := kubeContainerToCreateConfig(container, runtime, newImage, namespaces)
+ createConfig, err := kubeContainerToCreateConfig(container, runtime, newImage, namespaces, volumes)
if err != nil {
return err
}
@@ -194,7 +231,7 @@ func getPodPorts(containers []v1.Container) []ocicni.PortMapping {
}
// kubeContainerToCreateConfig takes a v1.Container and returns a createconfig describing a container
-func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Runtime, newImage *image2.Image, namespaces map[string]string) *createconfig.CreateConfig {
+func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Runtime, newImage *image2.Image, namespaces map[string]string, volumes map[string]string) (*createconfig.CreateConfig, error) {
var (
containerConfig createconfig.CreateConfig
envs map[string]string
@@ -206,15 +243,17 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
containerConfig.Name = containerYAML.Name
containerConfig.Tty = containerYAML.TTY
containerConfig.WorkDir = containerYAML.WorkingDir
- if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
- containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
- }
- if containerYAML.SecurityContext.Privileged != nil {
- containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
- }
+ if containerConfig.SecurityOpts != nil {
+ if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
+ containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
+ }
+ if containerYAML.SecurityContext.Privileged != nil {
+ containerConfig.Privileged = *containerYAML.SecurityContext.Privileged
+ }
- if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
- containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+ if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
+ containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
+ }
}
containerConfig.Command = containerYAML.Command
@@ -231,7 +270,9 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
// disabled in code review per mheon
//containerConfig.PidMode = ns.PidMode(namespaces["pid"])
containerConfig.UsernsMode = ns.UsernsMode(namespaces["user"])
-
+ if len(containerConfig.WorkDir) == 0 {
+ containerConfig.WorkDir = "/"
+ }
if len(containerYAML.Env) > 0 {
envs = make(map[string]string)
}
@@ -239,6 +280,17 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
for _, e := range containerYAML.Env {
envs[e.Name] = e.Value
}
+
+ for _, volume := range containerYAML.VolumeMounts {
+ host_path, exists := volumes[volume.Name]
+ if !exists {
+ return nil, errors.Errorf("Volume mount %s specified for container but not configured in volumes", volume.Name)
+ }
+ if err := validateVolumeCtrDir(volume.MountPath); err != nil {
+ return nil, errors.Wrapf(err, "error in parsing MountPath")
+ }
+ containerConfig.Volumes = append(containerConfig.Volumes, fmt.Sprintf("%s:%s", host_path, volume.MountPath))
+ }
containerConfig.Env = envs
- return &containerConfig
+ return &containerConfig, nil
}