| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles
update tests
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Use GetDefaultAuthFile() from buildah.
For podman command(except login), if authfile does not exist returns error.
close #4328
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
| |
if the auth file was overriden, be sure create and run honors it.
Closes: https://github.com/containers/libpod/issues/3524
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
| |
this is phase 2 for the removal of libpod from main.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
Fixup Flags
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
| |
We need to pass the Pod ID in as part of the CreateConfig.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unify handling for the --volume, --mount, --volumes-from, --tmpfs
and --init flags into a single file and set of functions. This
will greatly improve readability and maintainability.
Further, properly handle superceding and conflicting mounts. Our
current patchwork has serious issues when mounts conflict, or
when a mount from --volumes-from or an image volume should be
overwritten by a user volume or named volume.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
| |
The goal here is to keep only the configuration directly used to
build the container in CreateConfig, and scrub temporary state
and helpers that we need to generate. We'll keep those internally
in MakeContainerConfig.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |
|
|
|
|
|
| |
Before, we would half create a pod in play kube and error out if we fail.
Rather, let's clean up after our failure so the user doesn't have to delete the pod themselves.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\
| |
| | |
Add File mounts to play kube
|
| | |
| |
| |
| |
| |
| | |
Both File and FileOrCreate options are supported.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In cases where the remote client culls options to a command, we need to
be sure that the lookup for that flag does not result in a nil pointer.
To do so, we add a Remote attribute to the podman struct and then cli
helper funcs are now aware they are remote.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|
|
|
|
| |
Also put Environment variable parsing from image data into a helper function
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\
| |
| | |
Respect image entrypoint in play kube
|
| | |
| |
| |
| |
| |
| | |
Before we ignored an entrypoint specified in an image, which lead to crashes when a user assumed the entrypoint would be used
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Closes: https://github.com/containers/libpod/issues/2852
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
Set blob cache directory based on GraphDriver
|
| | |
| |
| |
| |
| |
| |
| | |
Remove references to image2 in source code. Makes the code
slightly more readable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Before, there were SELinux denials when a volume was bind-mounted by podman play kube.
Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate)
For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point
also remove left over debugging print statement
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |
|
|
|
|
| |
before, when an image signified a user, play kube ignored it. Incorporate that information.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove hardcoded '(default: true)' strings from bool flags,
and '(default this-or-that)' from string flags.
First because it's unmaintainable duplication that would cause
confusion should someone ever change the default and not notice
the message.
Second, because cobra[1] already prints '(default XXXX)' for
all options with non-false non-nil default. So in each of
these cases, current podman help behavior is:
$ podman login --help
...
--tls-verify Require HTTPS ... (default: true) (default true)
This PR eliminates that duplication.
[1] actually spf13/pflag/flag.go
The only nontrivial one of these is start.go, where the default
for sigProxy depends on the --attach flag. Solution: change
the command-line default to false, and implement the new
conditional default in logic. Bonus: removed unnecessary
check, because now if sigProxy is set without --attach,
we can guarantee that it was done by the user. But please
pay close scrutiny to this particular section in case
there's something I missed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
to prepare for being able to remotely run a container, we need to
perform a refactor to get code out of main because it is not
reusable. the shared location is a good starting spot though
eventually some will likely end up in pkg/spec/ at some point.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
if an input YAML file lacks securitycontext and working dir for
a container, we need to be able to handle that. if no default for
working dir is provided, we use a default of "/".
fixes issue #2209
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
| |
Cleanup lots of help information to look good when displayed.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Before, podman play kube ignored HostPath and VolumeMounts fields in a k8s yaml file. Add this functionality, allowing for a user to create a volume mount from a .yaml file
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\
| |
| | |
rename pod when we have a name collision with a container
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when podman generate kube runs, it names the pod based on the first
container it finds. the resulting yaml file is perfectly acceptable
in a kubernetes environment. But when replaying the YAML file
with podman, we cannot have a container and pod with the same name.
therefore, we rename the pod if find a collision to name_pod.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|
|
|
|
|
| |
Conceptually simple: include, where applicable, a brief
description of command-line options for each subcommand.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
| |
when using the play kube command, we need to make sure that containers
with dependancies are started in proper order. in this case, the infra
container must be started first.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
kube was erronously being added as main subcommand multiple
times. it should not be a subcommand as it should live under
either play or generate.
also removing the addition of the volume command from the commands.go
to eliminate a duplicate.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
Add 3rd chunk of Cobra examples
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adds the third chunk of Cobra examples to the cli help.
As were putting together a release tomorrow, tried to
hit the heavy commands with this PR.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
or attached.
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Subcommands should not be showing the global flags. This causes the important
information to scroll off the screen.
Also fixed a typo on runCommmand (Too many 'm's)
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
We intend to migrate to the cobra cli from urfave/cli because the
project is more well maintained. There are also some technical reasons
as well which extend into our remote client work.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We have no consistancy in out option usages and descritions
on whether or not the first letter should be capatalized.
This patch forces them all to be capatilized.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The toolbox project would benefit from a few changes to more closely
resembe the original atomic cli project. Changes made are:
* only pull image for container runlabel if the label exists in the image
* if a container image does not have the desired label, exit with non-zero
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
when defining containers, we missed the conditional logic to allow
the container to be defined with "WithPod" and so forth. I had to
slightly modify the createcontainer process to pass a libpod.Pod
that could override things; use nil as no pod.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
podman play kube adds the ability for the user to recreate pods and containers
from a Kubernetes YAML file in libpod.
Signed-off-by: baude <bbaude@redhat.com>
|
