summaryrefslogtreecommitdiff
path: root/cmd/podman/play_kube.go
Commit message (Collapse)AuthorAge
* play kube: make seccomp handling better conform to k8sPeter Hunt2020-01-03
| | | | | | | Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles update tests Signed-off-by: Peter Hunt <pehunt@redhat.com>
* fix bug check nonexist authfileQi Wang2019-11-05
| | | | | | | | | Use GetDefaultAuthFile() from buildah. For podman command(except login), if authfile does not exist returns error. close #4328 Signed-off-by: Qi Wang <qiwan@redhat.com>
* first pass of corrections for golangci-lintbaude2019-07-10
| | | | Signed-off-by: baude <bbaude@redhat.com>
* podman: create and run honors auth file locationGiuseppe Scrivano2019-07-09
| | | | | | | | if the auth file was overriden, be sure create and run honors it. Closes: https://github.com/containers/libpod/issues/3524 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* libpod removal from main (phase 2)baude2019-06-27
| | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3108 from rhatdan/flagsOpenShift Merge Robot2019-05-22
|\ | | | | Fixup Flags
| * Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | | | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix play kube when a pod is specifiedMatthew Heon2019-05-21
|/ | | | | | We need to pass the Pod ID in as part of the CreateConfig. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Migrate to unified volume handling codeMatthew Heon2019-05-01
| | | | | | | | | | | | | Unify handling for the --volume, --mount, --volumes-from, --tmpfs and --init flags into a single file and set of functions. This will greatly improve readability and maintainability. Further, properly handle superceding and conflicting mounts. Our current patchwork has serious issues when mounts conflict, or when a mount from --volumes-from or an image volume should be overwritten by a user volume or named volume. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove non-config fields from CreateConfigMatthew Heon2019-05-01
| | | | | | | | | The goal here is to keep only the configuration directly used to build the container in CreateConfig, and scrub temporary state and helpers that we need to generate. We'll keep those internally in MakeContainerConfig. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add header to play kube outputPeter Hunt2019-04-18
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Clean up after play kube failurePeter Hunt2019-04-18
| | | | | | | Before, we would half create a pod in play kube and error out if we fail. Rather, let's clean up after our failure so the user doesn't have to delete the pod themselves. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #2934 from haircommander/kube-fileOpenShift Merge Robot2019-04-16
|\ | | | | Add File mounts to play kube
| * Add File mounts to play kubePeter Hunt2019-04-15
| | | | | | | | | | | | Both File and FileOrCreate options are supported. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Fix segfaults attribute to missing optionsbaude2019-04-15
| | | | | | | | | | | | | | | | | | In cases where the remote client culls options to a command, we need to be sure that the lookup for that flag does not result in a nil pointer. To do so, we add a Remote attribute to the podman struct and then cli helper funcs are now aware they are remote. Signed-off-by: baude <bbaude@redhat.com>
* | Incorporate image and default environment variables in play kubePeter Hunt2019-04-14
|/ | | | | | Also put Environment variable parsing from image data into a helper function Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #2856 from haircommander/kube-entrypointOpenShift Merge Robot2019-04-05
|\ | | | | Respect image entrypoint in play kube
| * Respect image entrypoint in play kubePeter Hunt2019-04-04
| | | | | | | | | | | | Before we ignored an entrypoint specified in an image, which lead to crashes when a user assumed the entrypoint would be used Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | podman: enable kube for rootlessGiuseppe Scrivano2019-04-05
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2852 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | kube: correctly set the default for MemorySwappinessGiuseppe Scrivano2019-04-05
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2635 from rhatdan/cacheOpenShift Merge Robot2019-03-29
|\ | | | | Set blob cache directory based on GraphDriver
| * Cleanup image2 -> image for importsDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | Remove references to image2 in source code. Makes the code slightly more readable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Default to SELinux private label for play kube mountsPeter Hunt2019-03-28
|/ | | | | | | | | | Before, there were SELinux denials when a volume was bind-mounted by podman play kube. Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate) For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point also remove left over debugging print statement Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Incorporate user from image inspect data in play kubePeter Hunt2019-03-18
| | | | | | before, when an image signified a user, play kube ignored it. Incorporate that information. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Usage messages: deduplicate '(default true)' et alEd Santiago2019-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove hardcoded '(default: true)' strings from bool flags, and '(default this-or-that)' from string flags. First because it's unmaintainable duplication that would cause confusion should someone ever change the default and not notice the message. Second, because cobra[1] already prints '(default XXXX)' for all options with non-false non-nil default. So in each of these cases, current podman help behavior is: $ podman login --help ... --tls-verify Require HTTPS ... (default: true) (default true) This PR eliminates that duplication. [1] actually spf13/pflag/flag.go The only nontrivial one of these is start.go, where the default for sigProxy depends on the --attach flag. Solution: change the command-line default to false, and implement the new conditional default in logic. Bonus: removed unnecessary check, because now if sigProxy is set without --attach, we can guarantee that it was done by the user. But please pay close scrutiny to this particular section in case there's something I missed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* preparation for remote-client create containerbaude2019-03-11
| | | | | | | | | to prepare for being able to remotely run a container, we need to perform a refactor to get code out of main because it is not reusable. the shared location is a good starting spot though eventually some will likely end up in pkg/spec/ at some point. Signed-off-by: baude <bbaude@redhat.com>
* podman play kube defaultsbaude2019-03-08
| | | | | | | | | | if an input YAML file lacks securitycontext and working dir for a container, we need to be able to handle that. if no default for working dir is provided, we use a default of "/". fixes issue #2209 Signed-off-by: baude <bbaude@redhat.com>
* Fix help commands to show short and long description.Daniel J Walsh2019-03-07
| | | | | | Cleanup lots of help information to look good when displayed. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add volume mounting to podman play kubePeter Hunt2019-03-05
| | | | | | Before, podman play kube ignored HostPath and VolumeMounts fields in a k8s yaml file. Add this functionality, allowing for a user to create a volume mount from a .yaml file Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #2451 from baude/playrenamepodoncollisionOpenShift Merge Robot2019-03-01
|\ | | | | rename pod when we have a name collision with a container
| * rename pod when we have a name collision with a containerbaude2019-02-26
| | | | | | | | | | | | | | | | | | | | when podman generate kube runs, it names the pod based on the first container it finds. the resulting yaml file is perfectly acceptable in a kubernetes environment. But when replaying the YAML file with podman, we cannot have a container and pod with the same name. therefore, we rename the pod if find a collision to name_pod. Signed-off-by: baude <bbaude@redhat.com>
* | Better usage synopses for subcommandsEd Santiago2019-02-26
|/ | | | | | | Conceptually simple: include, where applicable, a brief description of command-line options for each subcommand. Signed-off-by: Ed Santiago <santiago@redhat.com>
* start pod containers recursivelybaude2019-02-26
| | | | | | | | when using the play kube command, we need to make sure that containers with dependancies are started in proper order. in this case, the infra container must be started first. Signed-off-by: baude <bbaude@redhat.com>
* remove duplicate commands in mainbaude2019-02-25
| | | | | | | | | | | kube was erronously being added as main subcommand multiple times. it should not be a subcommand as it should live under either play or generate. also removing the addition of the volume command from the commands.go to eliminate a duplicate. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2357 from TomSweeneyRedHat/dev/tsweeney/cobrahelp3OpenShift Merge Robot2019-02-17
|\ | | | | Add 3rd chunk of Cobra examples
| * Add 3rd chunk of Cobra examplesTomSweeneyRedHat2019-02-17
| | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Adds the third chunk of Cobra examples to the cli help. As were putting together a release tomorrow, tried to hit the heavy commands with this PR. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | pod infra container is started before a container in a pod is run, started, ↵Peter Hunt2019-02-15
|/ | | | | | | | | | or attached. Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod. Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Don't show global flags except for podman commandDaniel J Walsh2019-02-12
| | | | | | | | | Subcommands should not be showing the global flags. This causes the important information to scroll off the screen. Also fixed a typo on runCommmand (Too many 'm's) Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Migrate to cobra CLIbaude2019-02-08
| | | | | | | | We intend to migrate to the cobra cli from urfave/cli because the project is more well maintained. There are also some technical reasons as well which extend into our remote client work. Signed-off-by: baude <bbaude@redhat.com>
* Capatilize all usage and descriptionsDaniel J Walsh2019-02-05
| | | | | | | | | We have no consistancy in out option usages and descritions on whether or not the first letter should be capatalized. This patch forces them all to be capatilized. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Changes to container runlabel for toolbox projectbaude2019-01-30
| | | | | | | | | | The toolbox project would benefit from a few changes to more closely resembe the original atomic cli project. Changes made are: * only pull image for container runlabel if the label exists in the image * if a container image does not have the desired label, exit with non-zero Signed-off-by: baude <bbaude@redhat.com>
* podman play kube: add containers to podbaude2019-01-11
| | | | | | | | | when defining containers, we missed the conditional logic to allow the container to be defined with "WithPod" and so forth. I had to slightly modify the createcontainer process to pass a libpod.Pod that could override things; use nil as no pod. Signed-off-by: baude <bbaude@redhat.com>
* Add Playbaude2018-12-19
podman play kube adds the ability for the user to recreate pods and containers from a Kubernetes YAML file in libpod. Signed-off-by: baude <bbaude@redhat.com>