summaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/generate/kube/kube.go14
-rw-r--r--pkg/specgen/generate/namespaces.go2
-rw-r--r--pkg/specgen/generate/ports.go49
-rw-r--r--pkg/specgen/namespaces.go8
4 files changed, 50 insertions, 23 deletions
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 054388384..fb563f935 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -12,6 +12,7 @@ import (
"github.com/containers/common/pkg/secrets"
ann "github.com/containers/podman/v3/pkg/annotations"
"github.com/containers/podman/v3/pkg/specgen"
+ "github.com/containers/podman/v3/pkg/specgen/generate"
"github.com/containers/podman/v3/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
@@ -182,6 +183,19 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
if imageData.Config.WorkingDir != "" {
s.WorkDir = imageData.Config.WorkingDir
}
+ if s.User == "" {
+ s.User = imageData.Config.User
+ }
+
+ exposed, err := generate.GenExposedPorts(imageData.Config.ExposedPorts)
+ if err != nil {
+ return nil, err
+ }
+
+ for k, v := range s.Expose {
+ exposed[k] = v
+ }
+ s.Expose = exposed
// Pull entrypoint and cmd from image
s.Entrypoint = imageData.Config.Entrypoint
s.Command = imageData.Config.Cmd
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 278f35c22..f41186ae4 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -66,7 +66,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
case "cgroup":
return specgen.ParseCgroupNamespace(cfg.Containers.CgroupNS)
case "net":
- ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS)
+ ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS, cfg.Containers.RootlessNetworking == "cni")
return ns, err
}
diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go
index 6832664a7..8745f0dad 100644
--- a/pkg/specgen/generate/ports.go
+++ b/pkg/specgen/generate/ports.go
@@ -268,31 +268,18 @@ func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, imageData
logrus.Debugf("Adding exposed ports")
- // We need to merge s.Expose into image exposed ports
expose := make(map[uint16]string)
- for k, v := range s.Expose {
- expose[k] = v
- }
if imageData != nil {
- for imgExpose := range imageData.Config.ExposedPorts {
- // Expose format is portNumber[/protocol]
- splitExpose := strings.SplitN(imgExpose, "/", 2)
- num, err := strconv.Atoi(splitExpose[0])
- if err != nil {
- return nil, errors.Wrapf(err, "unable to convert image EXPOSE statement %q to port number", imgExpose)
- }
- if num > 65535 || num < 1 {
- return nil, errors.Errorf("%d from image EXPOSE statement %q is not a valid port number", num, imgExpose)
- }
- // No need to validate protocol, we'll do it below.
- if len(splitExpose) == 1 {
- expose[uint16(num)] = "tcp"
- } else {
- expose[uint16(num)] = splitExpose[1]
- }
+ expose, err = GenExposedPorts(imageData.Config.ExposedPorts)
+ if err != nil {
+ return nil, err
}
}
+ // We need to merge s.Expose into image exposed ports
+ for k, v := range s.Expose {
+ expose[k] = v
+ }
// There's been a request to expose some ports. Let's do that.
// Start by figuring out what needs to be exposed.
// This is a map of container port number to protocols to expose.
@@ -417,3 +404,25 @@ func checkProtocol(protocol string, allowSCTP bool) ([]string, error) {
return finalProto, nil
}
+
+func GenExposedPorts(exposedPorts map[string]struct{}) (map[uint16]string, error) {
+ expose := make(map[uint16]string)
+ for imgExpose := range exposedPorts {
+ // Expose format is portNumber[/protocol]
+ splitExpose := strings.SplitN(imgExpose, "/", 2)
+ num, err := strconv.Atoi(splitExpose[0])
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to convert image EXPOSE statement %q to port number", imgExpose)
+ }
+ if num > 65535 || num < 1 {
+ return nil, errors.Errorf("%d from image EXPOSE statement %q is not a valid port number", num, imgExpose)
+ }
+ // No need to validate protocol, we'll do it below.
+ if len(splitExpose) == 1 {
+ expose[uint16(num)] = "tcp"
+ } else {
+ expose[uint16(num)] = splitExpose[1]
+ }
+ }
+ return expose, nil
+}
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index f665fc0be..80852930a 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -253,7 +253,7 @@ func ParseUserNamespace(ns string) (Namespace, error) {
// ParseNetworkNamespace parses a network namespace specification in string
// form.
// Returns a namespace and (optionally) a list of CNI networks to join.
-func ParseNetworkNamespace(ns string) (Namespace, []string, error) {
+func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, []string, error) {
toReturn := Namespace{}
var cniNetworks []string
// Net defaults to Slirp on rootless
@@ -264,7 +264,11 @@ func ParseNetworkNamespace(ns string) (Namespace, []string, error) {
toReturn.NSMode = FromPod
case ns == "" || ns == string(Default) || ns == string(Private):
if rootless.IsRootless() {
- toReturn.NSMode = Slirp
+ if rootlessDefaultCNI {
+ toReturn.NSMode = Bridge
+ } else {
+ toReturn.NSMode = Slirp
+ }
} else {
toReturn.NSMode = Bridge
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-05 23:57:06 +0000