5 files changed, 125 insertions, 31 deletions
diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go
index 7baa1145a..6f8fb21f0 100644
--- a/pkg/api/handlers/compat/images.go
+++ b/pkg/api/handlers/compat/images.go
@@ -266,41 +266,26 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) {
 	}
 	defer auth.RemoveAuthfile(authfile)
 
-	platformSpecs := strings.Split(query.Platform, "/") // split query into its parts
-
-	addOS := true // default assume true due to structure of if/else below
-	addArch := false
-	addVariant := false
-
-	if len(platformSpecs) > 1 { // if we have two arguments then we have os and arch
-		addArch = true
-		if len(platformSpecs) > 2 { // if we have 3 arguments then we have os arch and variant
-			addVariant = true
-		}
-	} else if len(platformSpecs) == 0 {
-		addOS = false
-	}
-
 	pullOptions := &libimage.PullOptions{}
 	pullOptions.AuthFilePath = authfile
 	if authConf != nil {
 		pullOptions.Username = authConf.Username
 		pullOptions.Password = authConf.Password
 		pullOptions.IdentityToken = authConf.IdentityToken
-		if addOS { // if the len is not 0
-			pullOptions.OS = platformSpecs[0]
-			if addArch {
-				pullOptions.Architecture = platformSpecs[1]
-			}
-			if addVariant {
-				pullOptions.Variant = platformSpecs[2]
-			}
-		}
 	}
 	pullOptions.Writer = os.Stderr // allows for debugging on the server
 
-	progress := make(chan types.ProgressProperties)
+	// Handle the platform.
+	platformSpecs := strings.Split(query.Platform, "/")
+	pullOptions.OS = platformSpecs[0] // may be empty
+	if len(platformSpecs) > 1 {
+		pullOptions.Architecture = platformSpecs[1]
+		if len(platformSpecs) > 2 {
+			pullOptions.Variant = platformSpecs[2]
+		}
+	}
 
+	progress := make(chan types.ProgressProperties)
 	pullOptions.Progress = progress
 
 	pullResChan := make(chan pullResult)
diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go
index b92588346..65951861b 100644
--- a/pkg/api/handlers/libpod/containers_create.go
+++ b/pkg/api/handlers/libpod/containers_create.go
@@ -22,6 +22,7 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 		utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()"))
 		return
 	}
+
 	warn, err := generate.CompleteSpec(r.Context(), runtime, &sg)
 	if err != nil {
 		utils.InternalServerError(w, err)
diff --git a/pkg/api/server/docs.go b/pkg/api/server/docs.go
index e72b78221..bf15afbf9 100644
--- a/pkg/api/server/docs.go
+++ b/pkg/api/server/docs.go
@@ -42,7 +42,7 @@
 //
 //     InfoExtensions:
 //     x-logo:
-//       - url: https://raw.githubusercontent.com/containers/libpod/master/logo/podman-logo.png
+//       - url: https://raw.githubusercontent.com/containers/libpod/main/logo/podman-logo.png
 //       - altText: "Podman logo"
 //
 //     Produces:
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index b569f8390..4e3a86ae4 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -153,7 +153,15 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 	if err != nil {
 		return nil, err
 	}
-	return rt.NewContainer(ctx, runtimeSpec, options...)
+
+	ctr, err := rt.NewContainer(ctx, runtimeSpec, options...)
+	if err != nil {
+		return ctr, err
+	}
+
+	// Copy the content from the underlying image into the newly created
+	// volume if configured to do so.
+	return ctr, rt.PrepareVolumeOnCreateContainer(ctx, ctr)
 }
 
 func extractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption {
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index fb563f935..fb7eb99a2 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -6,10 +6,12 @@ import (
 	"fmt"
 	"net"
 	"strings"
+	"time"
 
 	"github.com/containers/common/libimage"
 	"github.com/containers/common/pkg/parse"
 	"github.com/containers/common/pkg/secrets"
+	"github.com/containers/image/v5/manifest"
 	ann "github.com/containers/podman/v3/pkg/annotations"
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/containers/podman/v3/pkg/specgen/generate"
@@ -129,6 +131,10 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 	}
 
 	setupSecurityContext(s, opts.Container)
+	err := setupLivenessProbe(s, opts.Container, opts.RestartPolicy)
+	if err != nil {
+		return nil, errors.Wrap(err, "Failed to configure livenessProbe")
+	}
 
 	// Since we prefix the container name with pod name to work-around the uniqueness requirement,
 	// the seccomp profile should reference the actual container name from the YAML
@@ -270,10 +276,11 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 			return nil, err
 		}
 
+		volume.MountPath = dest
 		switch volumeSource.Type {
 		case KubeVolumeTypeBindMount:
 			mount := spec.Mount{
-				Destination: dest,
+				Destination: volume.MountPath,
 				Source:      volumeSource.Source,
 				Type:        "bind",
 				Options:     options,
@@ -281,7 +288,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 			s.Mounts = append(s.Mounts, mount)
 		case KubeVolumeTypeNamed:
 			namedVolume := specgen.NamedVolume{
-				Dest:    dest,
+				Dest:    volume.MountPath,
 				Name:    volumeSource.Source,
 				Options: options,
 			}
@@ -324,12 +331,105 @@ func parseMountPath(mountPath string, readOnly bool) (string, []string, error) {
 		options = strings.Split(splitVol[1], ",")
 	}
 	if err := parse.ValidateVolumeCtrDir(dest); err != nil {
-		return "", options, errors.Wrapf(err, "error in parsing MountPath")
+		return "", options, errors.Wrapf(err, "parsing MountPath")
 	}
 	if readOnly {
 		options = append(options, "ro")
 	}
-	return dest, options, nil
+	opts, err := parse.ValidateVolumeOpts(options)
+	if err != nil {
+		return "", opts, errors.Wrapf(err, "parsing MountOptions")
+	}
+	return dest, opts, nil
+}
+
+func setupLivenessProbe(s *specgen.SpecGenerator, containerYAML v1.Container, restartPolicy string) error {
+	var err error
+	if containerYAML.LivenessProbe == nil {
+		return nil
+	}
+	emptyHandler := v1.Handler{}
+	if containerYAML.LivenessProbe.Handler != emptyHandler {
+		var commandString string
+		failureCmd := "exit 1"
+		probe := containerYAML.LivenessProbe
+		probeHandler := probe.Handler
+
+		// append `exit 1` to `cmd` so healthcheck can be marked as `unhealthy`.
+		// append `kill 1` to `cmd` if appropriate restart policy is configured.
+		if restartPolicy == "always" || restartPolicy == "onfailure" {
+			// container will be restarted so we can kill init.
+			failureCmd = "kill 1"
+		}
+
+		// configure healthcheck on the basis of Handler Actions.
+		if probeHandler.Exec != nil {
+			execString := strings.Join(probeHandler.Exec.Command, " ")
+			commandString = fmt.Sprintf("%s || %s", execString, failureCmd)
+		} else if probeHandler.HTTPGet != nil {
+			commandString = fmt.Sprintf("curl %s://%s:%d/%s  || %s", probeHandler.HTTPGet.Scheme, probeHandler.HTTPGet.Host, probeHandler.HTTPGet.Port.IntValue(), probeHandler.HTTPGet.Path, failureCmd)
+		} else if probeHandler.TCPSocket != nil {
+			commandString = fmt.Sprintf("nc -z -v %s %d || %s", probeHandler.TCPSocket.Host, probeHandler.TCPSocket.Port.IntValue(), failureCmd)
+		}
+		s.HealthConfig, err = makeHealthCheck(commandString, probe.PeriodSeconds, probe.FailureThreshold, probe.TimeoutSeconds, probe.InitialDelaySeconds)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+	return nil
+}
+
+func makeHealthCheck(inCmd string, interval int32, retries int32, timeout int32, startPeriod int32) (*manifest.Schema2HealthConfig, error) {
+	// Every healthcheck requires a command
+	if len(inCmd) == 0 {
+		return nil, errors.New("Must define a healthcheck command for all healthchecks")
+	}
+
+	// first try to parse option value as JSON array of strings...
+	cmd := []string{}
+
+	if inCmd == "none" {
+		cmd = []string{"NONE"}
+	} else {
+		err := json.Unmarshal([]byte(inCmd), &cmd)
+		if err != nil {
+			// ...otherwise pass it to "/bin/sh -c" inside the container
+			cmd = []string{"CMD-SHELL"}
+			cmd = append(cmd, strings.Split(inCmd, " ")...)
+		}
+	}
+	hc := manifest.Schema2HealthConfig{
+		Test: cmd,
+	}
+
+	if interval < 1 {
+		//kubernetes interval defaults to 10 sec and cannot be less than 1
+		interval = 10
+	}
+	hc.Interval = (time.Duration(interval) * time.Second)
+	if retries < 1 {
+		//kubernetes retries defaults to 3
+		retries = 3
+	}
+	hc.Retries = int(retries)
+	if timeout < 1 {
+		//kubernetes timeout defaults to 1
+		timeout = 1
+	}
+	timeoutDuration := (time.Duration(timeout) * time.Second)
+	if timeoutDuration < time.Duration(1) {
+		return nil, errors.New("healthcheck-timeout must be at least 1 second")
+	}
+	hc.Timeout = timeoutDuration
+
+	startPeriodDuration := (time.Duration(startPeriod) * time.Second)
+	if startPeriodDuration < time.Duration(0) {
+		return nil, errors.New("healthcheck-start-period must be 0 seconds or greater")
+	}
+	hc.StartPeriod = startPeriodDuration
+
+	return &hc, nil
 }
 
 func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container) {