aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* kube play: support auto updates and rollbacksValentin Rothberg2022-09-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add auto-update support to `podman kube play`. Auto-update policies can be configured for: * the entire pod via the `io.containers.autoupdate` annotation * a specific container via the `io.containers.autoupdate/$name` annotation To make use of rollbacks, the `io.containers.sdnotify` policy should be set to `container` such that the workload running _inside_ the container can send the READY message via the NOTIFY_SOCKET once ready. For further details on auto updates and rollbacks, please refer to the specific article [1]. Since auto updates and rollbacks bases on Podman's systemd integration, the k8s YAML must be executed in the `podman-kube@` systemd template. For further details on how to run k8s YAML in systemd via Podman, please refer to the specific article [2]. An examplary k8s YAML may look as follows: ```YAML apiVersion: v1 kind: Pod metadata: annotations: io.containers.autoupdate: "local" io.containers.autoupdate/b: "registry" labels: app: test name: test_pod spec: containers: - command: - top image: alpine name: a - command: - top image: alpine name: b ``` [1] https://www.redhat.com/sysadmin/podman-auto-updates-rollbacks [2] https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* pkg/autoupdate: allow updating multiple tasks per unitValentin Rothberg2022-09-05
| | | | | | | | | | | Refactor the auto-update backend to allow for updating multiple tasks/containers per unit. This commit is merely doing the plumbing. The actual integration comes in a following commit. [NO NEW TESTS NEEDED] as behavior should not change and existing tests are expected to continue to pass. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #15630 from rhatdan/capabilitiesOpenShift Merge Robot2022-09-05
|\ | | | | [CI:DOCS] Fix list of default capabilities
| * Fix list of default capabilitiesDaniel J Walsh2022-09-05
|/ | | | | | Fixes: https://github.com/containers/podman/issues/15626 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #15619 from lsm5/fix-copr-rhel-buildsOpenShift Merge Robot2022-09-05
|\ | | | | [CI:BUILD] Copr: Define _user_tmpfilesdir for rhel
| * [CI:BUILD] Copr: Define _user_tmpfilesdir for rhelLokesh Mandvekar2022-09-02
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #15618 from mheon/add_group_to_addtlgroupsOpenShift Merge Robot2022-09-05
|\ \ | | | | | | Add container GID to additional groups
| * | Add container GID to additional groupsMatthew Heon2022-09-02
| |/ | | | | | | | | | | | | Mitigates a potential permissions issue. Mirrors Buildah PR #4200 and CRI-O PR #6159. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #15625 from edsantiago/docs_dedup_labelOpenShift Merge Robot2022-09-05
|\ \ | | | | | | [CI:DOCS] Man pages: refactor common options: --label
| * | Man pages: refactor common options: --labelEd Santiago2022-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Went with the podman-run version, where the "example" is in the option template as per our guidelines. I could not include the network- or volume-create man pages, nor podman build. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #15605 from TomSweeneyRedHat/dev/tsweeney/adjusttestOpenShift Merge Robot2022-09-04
|\ \ \ | | | | | | | | Update test per comment in #15555
| * | | Update test per comment in #15555tomsweeneyredhat2022-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While backporting a test from main, @edsantiago asked that the test be adjusted as noted here: https://github.com/containers/podman/pull/15555#issuecomment-1232791752. This PR brings those same changes to main for posterity sake. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
* | | | Merge pull request #15582 from dfr/freebsd-bindOpenShift Merge Robot2022-09-04
|\ \ \ \ | |_|/ / |/| | | Add support for FreeBSD volume mounts in specgen
| * | | specgen: Use platform-specific mount type for volume mountsDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod/define: Make TypeBind a platform-specific constantDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to redefine to the equivalent nullfs on FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | Merge pull request #15606 from edsantiago/docs_dedup_digestfileOpenShift Merge Robot2022-09-03
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Man pages: refactor common options: --digestfile
| * | | | Man pages: refactor common options: --digestfileEd Santiago2022-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only used in two pages. I took the liberty of adding the "N/A on remote" text to manifest-push. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15581 from dfr/random-namesOpenShift Merge Robot2022-09-02
|\ \ \ \ \ | | | | | | | | | | | | libpod: Ensure that generated container names are random
| * | | | | libpod: Ensure that generated container names are randomDoug Rabson2022-09-01
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | Fixes #15569. Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | Merge pull request #15614 from sstosh/fix-swaggerOpenShift Merge Robot2022-09-02
|\ \ \ \ \ | | | | | | | | | | | | Fix swagger documentation
| * | | | | Fix swagger documentationToshiki Sonoda2022-09-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ContainerKillLibpod "signal" query default is SIGKILL. * ContainerListLibpod "namespace" query is failed to show. * SecretListLibpod parameters is duplicated. * SecretList parameters is duplicated. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | | Merge pull request #15599 from umohnani8/gen-kubeOpenShift Merge Robot2022-09-02
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Fix bind-mount-option annotation in gen/play kube
| * | | | | Fix bind-mount-option annotation in gen/play kubeUrvashi Mohnani2022-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The format used for setting the bind-mount-options annotations in the kube yaml was incorrect and caused k8s to throw an error when trying to play the generated kube yaml. Fix the annotation format to match the rules of k8s. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | | Merge pull request #15604 from edsantiago/docs_dedup_deviceXYOpenShift Merge Robot2022-09-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Man pages: refactor common options: --device-X-Y
| * | | | | | Man pages: refactor common options: --device-X-YEd Santiago2022-09-01
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup from #15276: add the FAQ-26 link, and fix one broken replacement. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #15404 from arixmkii/win_compat2OpenShift Merge Robot2022-09-02
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Improved Windows compatibility for machine command
| * | | | | Improved Windows compatibility for machine commandArthur Sengileyev2022-08-29
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
* | | | | | Merge pull request #15587 from edsantiago/skip_ubuntu_flakeOpenShift Merge Robot2022-09-02
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | CI: disable flaking test on ubuntu
| * | | | | CI: disable flaking test on ubuntuEd Santiago2022-09-01
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See https://github.com/containers/conmon/pull/352 As of a few days ago, Ubuntu still hadn't built a fixed conmon. Just skip the test until we get a fixed Ubuntu or until we figure out a better solution to the test-something-RHEL8ish problem. UPDATE: WEIRD: this 'skip' triggered a baffling failure on Ubuntu: the "Kubernetes only allows 63 characters" warning message stopped appearing, on Ubuntu only, which then caused the kube-generate tests to fail because they actually checked for that. The message doesn't appear because generate-kube is no longer spitting out a line for org.opencontainers.image.base.digest/CONTAINER. (Why this line is gone, I don't know, and choose not to investigate). Solution: stop checking for the kube-63 warning. It's just not that important. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15601 from edsantiago/docs_dedup_nameOpenShift Merge Robot2022-09-01
|\ \ \ \ \ | |_|_|/ / |/| | | | [CI:DOCS] Man pages: refactor common options: --name
| * | | | Man pages: refactor common options: --nameEd Santiago2022-09-01
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only for podman-create and -run, unfortunately: all the others are too different, and can't easily be combined. I went with the podman-run version because it was most recently updated in #5192. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15276 from cdoern/updateOpenShift Merge Robot2022-09-01
|\ \ \ \ | |/ / / |/| | | implement podman update
| * | | implement podman updateCharlie Doern2022-09-01
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags from podman create/run. The supported flags in crun are: this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where the resource limits are passed inthe request body and follow the OCI resource spec format –memory –cpus –cpuset-cpus –cpuset-mems –memory-swap –memory-reservation –cpu-shares –cpu-quota –cpu-period –blkio-weight –cpu-rt-period –cpu-rt-runtime -device-read-bps -device-write-bps -device-read-iops -device-write-iops -memory-swappiness -blkio-weight-device resolves #15067 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #15571 from umohnani8/gen-kubeOpenShift Merge Robot2022-09-01
|\ \ \ | | | | | | | | Set enableServiceLinks to false in generated yaml
| * | | Set enableServiceLinks to false in generated yamlUrvashi Mohnani2022-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since podman doesn't set/use the needed service env variable, always set enableServiceLinks to false in the generated kube yaml. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #15574 from edsantiago/fix_useradd_flakeOpenShift Merge Robot2022-09-01
|\ \ \ \ | |_|_|/ |/| | | Cirrus: pick UIDs/GIDs starting at 1500, not 1000
| * | | Cirrus: pick UIDs/GIDs starting at 1500, not 1000Ed Santiago2022-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reason: looks like UIDs 1001, 1003, 1006 are already taken in the CI VMs. Fixes: #15573 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15360 from m0duspwnens/api_compat_containersOpenShift Merge Robot2022-09-01
|\ \ \ \ | | | | | | | | | | api: return imageID instead of imageName, for "Image" when Podman api is queried
| * \ \ \ Merge branch 'containers:main' into api_compat_containersJason Ertel2022-08-30
| |\ \ \ \
| * \ \ \ \ Merge remote-tracking branch 'upstream/main' into api_compat_containersJosh Patterson2022-08-29
| |\ \ \ \ \
| * | | | | | updated apiv2 tests to reflect hash compat fixJason Ertel2022-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jason Ertel <jason.ertel@securityonionsolutions.com>
| * | | | | | api: return imageID instead of imageName, for "Image" when Podman API is queriedJosh Patterson2022-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
* | | | | | | Merge pull request #15560 from dfr/freebsd-specgenOpenShift Merge Robot2022-09-01
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add FreeBSD support for pkg/specgen/generate
| * | | | | | | specgen/generate: Add support for FreeBSDDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | | | specgen/generate: Move specConfigNamespaces to namespace_linux.go and add stubsDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Everthing except for hostname management is linux-specific. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | | | specgen/generate: Move SpecGenToOCI, WeightDevices to oci_linux.go and add ↵Doug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | stubs. Almost all of SpecGenToOCI deals with linux-specific aspects of the runtime spec. Rather than try to factor this out piecemeal, I think it is cleaner to move the whole function along with its implementation helper functions. This also meams we don't need non-linux stubs for functions called from oci_linux.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | | | specgen/generate: Move security.go to security_linux.go and add stubsDoug Rabson2022-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The security features (selinux, apparmor, capabilities) are linux specific. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | | | | Merge pull request #15572 from lsm5/disable-packitOpenShift Merge Robot2022-09-01
|\ \ \ \ \ \ \ \ | |_|_|_|_|/ / / |/| | | | | | | [CI:BUILD] Packit: Disable until proved in other repos
| * | | | | | | [CI:BUILD] Packit: Disable until proved in other reposLokesh Mandvekar2022-08-31
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are concerns with Packit causing flakes and delays on Podman so let's have Packit prove itself in other repos and only then make its way into Podman. See: https://github.com/containers/podman/pull/15549#issuecomment-1233230573 [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | | | Merge pull request #15566 from mheon/fix_15557OpenShift Merge Robot2022-08-31
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Inhibit SIGTERM during Conmon startup
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-28 21:39:28 +0000