13 files changed, 115 insertions, 34 deletions
diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go
index 0def32821..851e0f6c8 100644
--- a/pkg/api/handlers/libpod/play.go
+++ b/pkg/api/handlers/libpod/play.go
@@ -29,6 +29,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 		Start      bool     `schema:"start"`
 		StaticIPs  []string `schema:"staticIPs"`
 		StaticMACs []string `schema:"staticMACs"`
+		NoHosts    bool     `schema:"noHosts"`
 	}{
 		TLSVerify: true,
 		Start:     true,
@@ -102,6 +103,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
 		Username:   username,
 		Password:   password,
 		Network:    query.Network,
+		NoHosts:    query.NoHosts,
 		Quiet:      true,
 		LogDriver:  query.LogDriver,
 		StaticIPs:  staticIPs,
diff --git a/pkg/bindings/play/play.go b/pkg/bindings/play/play.go
index 89a6f9b65..bdd13d03d 100644
--- a/pkg/bindings/play/play.go
+++ b/pkg/bindings/play/play.go
@@ -6,11 +6,10 @@ import (
 	"os"
 	"strconv"
 
-	"github.com/sirupsen/logrus"
-
 	"github.com/containers/podman/v3/pkg/auth"
 	"github.com/containers/podman/v3/pkg/bindings"
 	"github.com/containers/podman/v3/pkg/domain/entities"
+	"github.com/sirupsen/logrus"
 )
 
 func Kube(ctx context.Context, path string, options *KubeOptions) (*entities.PlayKubeReport, error) {
diff --git a/pkg/bindings/play/types.go b/pkg/bindings/play/types.go
index 787069169..fdfc4a6fa 100644
--- a/pkg/bindings/play/types.go
+++ b/pkg/bindings/play/types.go
@@ -17,6 +17,8 @@ type KubeOptions struct {
 	Password *string
 	// Network - name of the CNI network to connect to.
 	Network *string
+	// NoHosts - do not generate /etc/hosts file in pod's containers
+	NoHosts *bool
 	// Quiet - suppress output when pulling images.
 	Quiet *bool
 	// SignaturePolicy - path to a signature-policy file.
diff --git a/pkg/bindings/play/types_kube_options.go b/pkg/bindings/play/types_kube_options.go
index 65757cc5e..1a6324302 100644
--- a/pkg/bindings/play/types_kube_options.go
+++ b/pkg/bindings/play/types_kube_options.go
@@ -93,6 +93,21 @@ func (o *KubeOptions) GetNetwork() string {
 	return *o.Network
 }
 
+// WithNoHosts set field NoHosts to given value
+func (o *KubeOptions) WithNoHosts(value bool) *KubeOptions {
+	o.NoHosts = &value
+	return o
+}
+
+// GetNoHosts returns value of field NoHosts
+func (o *KubeOptions) GetNoHosts() bool {
+	if o.NoHosts == nil {
+		var z bool
+		return z
+	}
+	return *o.NoHosts
+}
+
 // WithQuiet set field Quiet to given value
 func (o *KubeOptions) WithQuiet(value bool) *KubeOptions {
 	o.Quiet = &value
diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
index f630b3f24..af4b0fc35 100644
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@@ -17,6 +17,9 @@ type PlayKubeOptions struct {
 	// Down indicates whether to bring contents of a yaml file "down"
 	// as in stop
 	Down bool
+	// Do not create /etc/hosts within the pod's containers,
+	// instead use the version from the image
+	NoHosts bool
 	// Username for authenticating against the registry.
 	Username string
 	// Password for authenticating against the registry.
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index f0c88d77e..0356383ec 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -119,6 +119,7 @@ type PodCreateOptions struct {
 	CGroupParent       string            `json:"cgroup_parent,omitempty"`
 	CreateCommand      []string          `json:"create_command,omitempty"`
 	Devices            []string          `json:"devices,omitempty"`
+	DeviceReadBPs      []string          `json:"device_read_bps,omitempty"`
 	Hostname           string            `json:"hostname,omitempty"`
 	Infra              bool              `json:"infra,omitempty"`
 	InfraImage         string            `json:"infra_image,omitempty"`
@@ -167,7 +168,7 @@ type ContainerCreateOptions struct {
 	CPUSetMems        string
 	Devices           []string `json:"devices,omitempty"`
 	DeviceCGroupRule  []string
-	DeviceReadBPs     []string
+	DeviceReadBPs     []string `json:"device_read_bps,omitempty"`
 	DeviceReadIOPs    []string
 	DeviceWriteBPs    []string
 	DeviceWriteIOPs   []string
@@ -200,7 +201,7 @@ type ContainerCreateOptions struct {
 	MemoryReservation string
 	MemorySwap        string
 	MemorySwappiness  int64
-	Name              string `json:"container_name,omitempty"`
+	Name              string `json:"container_name"`
 	NoHealthCheck     bool
 	OOMKillDisable    bool
 	OOMScoreAdj       int
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index cf72a6253..751d6cc05 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -181,7 +181,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		}
 	}
 
-	podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}}}
+	podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}, NoHosts: options.NoHosts}}
 	podOpt, err = kube.ToPodOpt(ctx, podName, podOpt, podYAML)
 	if err != nil {
 		return nil, err
diff --git a/pkg/domain/infra/tunnel/play.go b/pkg/domain/infra/tunnel/play.go
index e39751a18..0b1c3d2ca 100644
--- a/pkg/domain/infra/tunnel/play.go
+++ b/pkg/domain/infra/tunnel/play.go
@@ -13,7 +13,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, opts entit
 	options.WithCertDir(opts.CertDir).WithQuiet(opts.Quiet).WithSignaturePolicy(opts.SignaturePolicy).WithConfigMaps(opts.ConfigMaps)
 	options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Network).WithSeccompProfileRoot(opts.SeccompProfileRoot)
 	options.WithStaticIPs(opts.StaticIPs).WithStaticMACs(opts.StaticMACs)
-
+	options.WithNoHosts(opts.NoHosts)
 	if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
 		options.WithSkipTLSVerify(s == types.OptionalBoolTrue)
 	}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 71b882510..f126aa018 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -18,19 +18,43 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+func getImageFromSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) (*libimage.Image, string, *libimage.ImageData, error) {
+	if s.Image == "" || s.Rootfs != "" {
+		return nil, "", nil, nil
+	}
+
+	// Image may already have been set in the generator.
+	image, resolvedName := s.GetImage()
+	if image != nil {
+		inspectData, err := image.Inspect(ctx, false)
+		if err != nil {
+			return nil, "", nil, err
+		}
+		return image, resolvedName, inspectData, nil
+	}
+
+	// Need to look up image.
+	image, resolvedName, err := r.LibimageRuntime().LookupImage(s.Image, nil)
+	if err != nil {
+		return nil, "", nil, err
+	}
+	s.SetImage(image, resolvedName)
+	inspectData, err := image.Inspect(ctx, false)
+	if err != nil {
+		return nil, "", nil, err
+	}
+	return image, resolvedName, inspectData, err
+}
+
 // Fill any missing parts of the spec generator (e.g. from the image).
 // Returns a set of warnings or any fatal error that occurred.
 func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) ([]string, error) {
 	// Only add image configuration if we have an image
-	var newImage *libimage.Image
-	var inspectData *libimage.ImageData
-	var err error
-	if s.Image != "" {
-		newImage, _, err = r.LibimageRuntime().LookupImage(s.Image, nil)
-		if err != nil {
-			return nil, err
-		}
-
+	newImage, _, inspectData, err := getImageFromSpec(ctx, r, s)
+	if err != nil {
+		return nil, err
+	}
+	if inspectData != nil {
 		inspectData, err = newImage.Inspect(ctx, false)
 		if err != nil {
 			return nil, err
@@ -191,9 +215,6 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	if len(s.User) == 0 && inspectData != nil {
 		s.User = inspectData.Config.User
 	}
-	if err := finishThrottleDevices(s); err != nil {
-		return nil, err
-	}
 	// Unless already set via the CLI, check if we need to disable process
 	// labels or set the defaults.
 	if len(s.SelinuxOpts) == 0 {
@@ -251,10 +272,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	return warnings, nil
 }
 
-// finishThrottleDevices takes the temporary representation of the throttle
+// FinishThrottleDevices takes the temporary representation of the throttle
 // devices in the specgen and looks up the major and major minors. it then
 // sets the throttle devices proper in the specgen
-func finishThrottleDevices(s *specgen.SpecGenerator) error {
+func FinishThrottleDevices(s *specgen.SpecGenerator) error {
 	if bps := s.ThrottleReadBpsDevice; len(bps) > 0 {
 		for k, v := range bps {
 			statT := unix.Stat_t{}
@@ -263,6 +284,9 @@ func finishThrottleDevices(s *specgen.SpecGenerator) error {
 			}
 			v.Major = (int64(unix.Major(uint64(statT.Rdev))))
 			v.Minor = (int64(unix.Minor(uint64(statT.Rdev))))
+			if s.ResourceLimits.BlockIO == nil {
+				s.ResourceLimits.BlockIO = new(spec.LinuxBlockIO)
+			}
 			s.ResourceLimits.BlockIO.ThrottleReadBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleReadBpsDevice, v)
 		}
 	}
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 6100e7a5b..92c0f22d9 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -2,6 +2,7 @@ package generate
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -52,6 +53,24 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 	if infraConfig != nil && len(infraConfig.Spec.Linux.Devices) > 0 {
 		s.DevicesFrom = append(s.DevicesFrom, infraConfig.ID)
 	}
+	if infraConfig != nil && infraConfig.Spec.Linux.Resources != nil && infraConfig.Spec.Linux.Resources.BlockIO != nil && len(infraConfig.Spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice) > 0 {
+		tempDev := make(map[string]spec.LinuxThrottleDevice)
+		for _, val := range infraConfig.Spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice {
+			nodes, err := util.FindDeviceNodes()
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			key := fmt.Sprintf("%d:%d", val.Major, val.Minor)
+			tempDev[nodes[key]] = spec.LinuxThrottleDevice{Rate: uint64(val.Rate)}
+		}
+		for i, dev := range s.ThrottleReadBpsDevice {
+			tempDev[i] = dev
+		}
+		s.ThrottleReadBpsDevice = tempDev
+	}
+	if err := FinishThrottleDevices(s); err != nil {
+		return nil, nil, nil, err
+	}
 	// Set defaults for unset namespaces
 	if s.PidNS.IsDefault() {
 		defaultNS, err := GetDefaultNamespaceMode("pid", rtc, pod)
@@ -102,20 +121,15 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		options = append(options, libpod.WithCreateCommand(s.ContainerCreateCommand))
 	}
 
-	var newImage *libimage.Image
-	var imageData *libimage.ImageData
 	if s.Rootfs != "" {
 		options = append(options, libpod.WithRootFS(s.Rootfs, s.RootfsOverlay))
-	} else {
-		var resolvedImageName string
-		newImage, resolvedImageName, err = rt.LibimageRuntime().LookupImage(s.Image, nil)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		imageData, err = newImage.Inspect(ctx, false)
-		if err != nil {
-			return nil, nil, nil, err
-		}
+	}
+
+	newImage, resolvedImageName, imageData, err := getImageFromSpec(ctx, rt, s)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	if newImage != nil {
 		// If the input name changed, we could properly resolve the
 		// image. Otherwise, it must have been an ID where we're
 		// defaulting to the first name or an empty one if no names are
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 9389b1a20..194c8dce5 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -26,8 +26,8 @@ import (
 )
 
 func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, podYAML *v1.PodTemplateSpec) (entities.PodCreateOptions, error) {
-	//	p := specgen.NewPodSpecGenerator()
-	p.Net = &entities.NetOptions{}
+	p.Net = &entities.NetOptions{NoHosts: p.Net.NoHosts}
+
 	p.Name = podName
 	p.Labels = podYAML.ObjectMeta.Labels
 	// Kube pods must share {ipc, net, uts} by default
@@ -47,6 +47,9 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions,
 		p.Net.Network = specgen.Namespace{NSMode: "host"}
 	}
 	if podYAML.Spec.HostAliases != nil {
+		if p.Net.NoHosts {
+			return p, errors.New("HostAliases in yaml file will not work with --no-hosts")
+		}
 		hosts := make([]string, 0, len(podYAML.Spec.HostAliases))
 		for _, hostAlias := range podYAML.Spec.HostAliases {
 			for _, host := range hostAlias.Hostnames {
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index 83fa9426c..ee4fbc13a 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -201,6 +201,8 @@ type PodResourceConfig struct {
 	CPUPeriod uint64 `json:"cpu_period,omitempty"`
 	// CPU quota of the cpuset, determined by --cpus
 	CPUQuota int64 `json:"cpu_quota,omitempty"`
+	// ThrottleReadBpsDevice contains the rate at which the devices in the pod can be read from/accessed
+	ThrottleReadBpsDevice map[string]spec.LinuxThrottleDevice `json:"throttleReadBpsDevice,omitempty"`
 }
 
 // NewPodSpecGenerator creates a new pod spec
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 70b2aa1ef..dbb669291 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/containers/common/libimage"
 	"github.com/containers/image/v5/manifest"
 	nettypes "github.com/containers/podman/v3/libpod/network/types"
 	"github.com/containers/storage/types"
@@ -512,6 +513,21 @@ type SpecGenerator struct {
 	ContainerNetworkConfig
 	ContainerResourceConfig
 	ContainerHealthCheckConfig
+
+	image             *libimage.Image `json:"-"`
+	resolvedImageName string          `json:"-"`
+}
+
+// SetImage sets the associated for the generator.
+func (s *SpecGenerator) SetImage(image *libimage.Image, resolvedImageName string) {
+	s.image = image
+	s.resolvedImageName = resolvedImageName
+}
+
+// Image returns the associated image for the generator.
+// May be nil if no image has been set yet.
+func (s *SpecGenerator) GetImage() (*libimage.Image, string) {
+	return s.image, s.resolvedImageName
 }
 
 type Secret struct {