7 files changed, 47 insertions, 23 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 637f5b686..c6f459fbd 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -184,7 +184,7 @@ func (c *Container) StopWithTimeout(timeout uint) error {
 		return define.ErrCtrStopped
 	}
 
-	if !c.ensureState(define.ContainerStateCreated, define.ContainerStateRunning) {
+	if !c.ensureState(define.ContainerStateCreated, define.ContainerStateRunning, define.ContainerStateStopping) {
 		return errors.Wrapf(define.ErrCtrStateInvalid, "can only stop created or running containers. %s is in state %s", c.ID(), c.state.State.String())
 	}
 
@@ -686,7 +686,7 @@ func (c *Container) Sync() error {
 
 	// If runtime knows about the container, update its status in runtime
 	// And then save back to disk
-	if c.ensureState(define.ContainerStateCreated, define.ContainerStateRunning, define.ContainerStatePaused, define.ContainerStateStopped) {
+	if c.ensureState(define.ContainerStateCreated, define.ContainerStateRunning, define.ContainerStatePaused, define.ContainerStateStopped, define.ContainerStateStopping) {
 		oldState := c.state.State
 		if err := c.ociRuntime.UpdateContainerStatus(c); err != nil {
 			return err
diff --git a/libpod/container_copy_linux.go b/libpod/container_copy_linux.go
index 7d4dd0d46..954d54a1d 100644
--- a/libpod/container_copy_linux.go
+++ b/libpod/container_copy_linux.go
@@ -15,8 +15,8 @@ import (
 	"github.com/containers/buildah/util"
 	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/pkg/rootless"
+	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/idtools"
-	"github.com/docker/docker/pkg/archive"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 89287efc9..310110679 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -974,12 +974,15 @@ func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
 
 	includeFiles := []string{
 		"artifacts",
-		"ctr.log",
 		metadata.ConfigDumpFile,
 		metadata.SpecDumpFile,
 		metadata.NetworkStatusFile,
 	}
 
+	if c.LogDriver() == define.KubernetesLogging ||
+		c.LogDriver() == define.JSONLogging {
+		includeFiles = append(includeFiles, "ctr.log")
+	}
 	if options.PreCheckPoint {
 		includeFiles = append(includeFiles, preCheckpointDir)
 	} else {
diff --git a/libpod/kube.go b/libpod/kube.go
index cb97eb5ab..f5291ce60 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -25,6 +25,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 )
 
 // GenerateForKube takes a slice of libpod containers and generates
@@ -196,10 +197,11 @@ func containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.Servic
 	for _, cp := range containerPorts {
 		nodePort := 30000 + rand.Intn(32767-30000+1)
 		servicePort := v1.ServicePort{
-			Protocol: cp.Protocol,
-			Port:     cp.ContainerPort,
-			NodePort: int32(nodePort),
-			Name:     strconv.Itoa(int(cp.ContainerPort)),
+			Protocol:   cp.Protocol,
+			Port:       cp.ContainerPort,
+			NodePort:   int32(nodePort),
+			Name:       strconv.Itoa(int(cp.ContainerPort)),
+			TargetPort: intstr.Parse(strconv.Itoa(int(cp.ContainerPort))),
 		}
 		sps = append(sps, servicePort)
 	}
@@ -246,7 +248,7 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
 				return nil, err
 			}
 			for k, v := range annotations {
-				podAnnotations[define.BindMountPrefix+k] = v
+				podAnnotations[define.BindMountPrefix+k] = strings.TrimSpace(v)
 			}
 			// Since port bindings for the pod are handled by the
 			// infra container, wipe them here.
@@ -366,7 +368,7 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 			return nil, err
 		}
 		for k, v := range annotations {
-			kubeAnnotations[define.BindMountPrefix+k] = v
+			kubeAnnotations[define.BindMountPrefix+k] = strings.TrimSpace(v)
 		}
 		if isInit {
 			kubeInitCtrs = append(kubeInitCtrs, kubeCtr)
@@ -481,10 +483,16 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
 	if err != nil {
 		return kubeContainer, kubeVolumes, nil, annotations, err
 	}
-	if reflect.DeepEqual(imgData.Config.Cmd, kubeContainer.Command) {
+	// If the user doesn't set a command/entrypoint when creating the container with podman and
+	// is using the image command or entrypoint from the image, don't add it to the generated kube yaml
+	if reflect.DeepEqual(imgData.Config.Cmd, kubeContainer.Command) || reflect.DeepEqual(imgData.Config.Entrypoint, kubeContainer.Command) {
 		kubeContainer.Command = nil
 	}
 
+	if imgData.User == c.User() {
+		kubeSec.RunAsGroup, kubeSec.RunAsUser = nil, nil
+	}
+
 	kubeContainer.WorkingDir = c.WorkingDir()
 	kubeContainer.Ports = ports
 	// This should not be applicable
@@ -572,7 +580,8 @@ func ocicniPortMappingToContainerPort(portMappings []ocicni.PortMapping) ([]v1.C
 		var protocol v1.Protocol
 		switch strings.ToUpper(p.Protocol) {
 		case "TCP":
-			protocol = v1.ProtocolTCP
+			// do nothing as it is the default protocol in k8s, there is no need to explicitly
+			// add it to the generated yaml
 		case "UDP":
 			protocol = v1.ProtocolUDP
 		default:
diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go
index de435b58a..702628aa8 100644
--- a/libpod/oci_attach_linux.go
+++ b/libpod/oci_attach_linux.go
@@ -84,7 +84,7 @@ func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-
 	if attachRdy != nil {
 		attachRdy <- true
 	}
-	return readStdio(streams, receiveStdoutError, stdinDone)
+	return readStdio(conn, streams, receiveStdoutError, stdinDone)
 }
 
 // Attach to the given container's exec session
@@ -165,7 +165,7 @@ func (c *Container) attachToExec(streams *define.AttachStreams, keys *string, se
 		return err
 	}
 
-	return readStdio(streams, receiveStdoutError, stdinDone)
+	return readStdio(conn, streams, receiveStdoutError, stdinDone)
 }
 
 func processDetachKeys(keys string) ([]byte, error) {
@@ -208,11 +208,6 @@ func setupStdioChannels(streams *define.AttachStreams, conn *net.UnixConn, detac
 		var err error
 		if streams.AttachInput {
 			_, err = utils.CopyDetachable(conn, streams.InputStream, detachKeys)
-			if err == nil {
-				if connErr := conn.CloseWrite(); connErr != nil {
-					logrus.Errorf("unable to close conn: %q", connErr)
-				}
-			}
 		}
 		stdinDone <- err
 	}()
@@ -265,7 +260,7 @@ func redirectResponseToOutputStreams(outputStream, errorStream io.Writer, writeO
 	return err
 }
 
-func readStdio(streams *define.AttachStreams, receiveStdoutError, stdinDone chan error) error {
+func readStdio(conn *net.UnixConn, streams *define.AttachStreams, receiveStdoutError, stdinDone chan error) error {
 	var err error
 	select {
 	case err = <-receiveStdoutError:
@@ -274,6 +269,12 @@ func readStdio(streams *define.AttachStreams, receiveStdoutError, stdinDone chan
 		if err == define.ErrDetach {
 			return err
 		}
+		if err == nil {
+			// copy stdin is done, close it
+			if connErr := conn.CloseWrite(); connErr != nil {
+				logrus.Errorf("Unable to close conn: %v", connErr)
+			}
+		}
 		if streams.AttachOutput || streams.AttachError {
 			return <-receiveStdoutError
 		}
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go
index 5a7677b04..553c91833 100644
--- a/libpod/oci_conmon_exec_linux.go
+++ b/libpod/oci_conmon_exec_linux.go
@@ -609,9 +609,6 @@ func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.Resp
 			_, err := utils.CopyDetachable(conn, httpBuf, detachKeys)
 			logrus.Debugf("STDIN copy completed")
 			stdinChan <- err
-			if connErr := conn.CloseWrite(); connErr != nil {
-				logrus.Errorf("Unable to close conn: %v", connErr)
-			}
 		}()
 	}
 
@@ -654,6 +651,10 @@ func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.Resp
 			if err != nil {
 				return err
 			}
+			// copy stdin is done, close it
+			if connErr := conn.CloseWrite(); connErr != nil {
+				logrus.Errorf("Unable to close conn: %v", connErr)
+			}
 		case <-cancel:
 			return nil
 		}
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index c2b472f76..ea0ef842d 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -351,6 +351,12 @@ func (r *ConmonOCIRuntime) UpdateContainerStatus(ctr *Container) error {
 		return ctr.handleExitFile(exitFile, fi)
 	}
 
+	// Handle ContainerStateStopping - keep it unless the container
+	// transitioned to no longer running.
+	if oldState == define.ContainerStateStopping && (ctr.state.State == define.ContainerStatePaused || ctr.state.State == define.ContainerStateRunning) {
+		ctr.state.State = define.ContainerStateStopping
+	}
+
 	return nil
 }
 
@@ -699,6 +705,10 @@ func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.
 			if err != nil {
 				return err
 			}
+			// copy stdin is done, close it
+			if connErr := conn.CloseWrite(); connErr != nil {
+				logrus.Errorf("Unable to close conn: %v", connErr)
+			}
 		case <-cancel:
 			return nil
 		}