summaryrefslogtreecommitdiff
path: root/pkg/adapter/pods.go
Commit message (Collapse)AuthorAge
* Sanitize port parsing for pods in play kubeTyler Ramer2020-03-27
| | | | | | | | | | | | | | | | | | | | | The logic used in parsing the ports to be utilized in a kubenetes api defined pod did not fully adhere to the kubenetes spec, nor did it map well to a podman context. This fix sanitizes the input of container ports to meet the following rules: - A defined containerPort with no defined hostPort does nothing in a podman context, or is informational. This is line with [usage in Kubernetes.](https://github.com/kubernetes/kubernetes/issues/4332) - A defined hostPort with no defined containerPort acts like a publish [hostPort]:[hostPort] - A defined containerPort and defined hostPort works like it does in kubernetes, as in a publish [hostPort]:[containerPort] Addresses https://github.com/containers/libpod/issues/5610 Signed-off-by: Tyler Ramer <tyaramer@gmail.com>
* Filter pods through pod list apiSujil022020-03-17
| | | | | | | Refactored current filter pods flow through the shared pod functions so filter pod functionalities can be shared between api and cmd. Signed-off-by: Sujil02 <sushah@redhat.com>
* consolidate env handling into pkg/envValentin Rothberg2020-03-03
| | | | | | | | | Env-variable related code is scattered across several packages making it hard to maintain and extend. Consolidate the code into a new pkg/env package. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add network options to podman pod createMatthew Heon2020-02-19
| | | | | | | | | | | | | | | | | Enables most of the network-related functionality from `podman run` in `podman pod create`. Custom CNI networks can be specified, host networking is supported, DNS options can be configured. Also enables host networking in `podman play kube`. Fixes #2808 Fixes #3837 Fixes #4432 Fixes #4718 Fixes #4770 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix SELinux labels of volumesDaniel J Walsh2020-02-13
| | | | | | | | | | | | | | | If we attempt to label a volume and the file system does not support labeling, then just warn. SELinux may or may not work, on the volume. There is no way to setup a private label on a newly created volume without using the container mountlabel. If we don't have a mount label at the time of creation of the volume, the only option we have is to create a shared label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix up play kube to use image dataDaniel J Walsh2020-02-13
| | | | | | | | | | | podman play kube was ignoring the imageData.Config Volumes WorkingDir Labels StopSignal Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* honor pull policy in play kubeBrent Baude2020-01-28
| | | | | | | | When a container specification has a pull policy, we should honor it when recreating the pods/containers from yaml. furthermore, ini kube, if a tag is :latest, then the always pull policy is automatically instituted. Fixes: #4880 Signed-off-by: Brent Baude <bbaude@redhat.com>
* APIv2 review corrections #3Brent Baude2020-01-25
| | | | | | The third pass of corrections for the APIv2. Signed-off-by: Brent Baude <bbaude@redhat.com>
* play kube: make seccomp handling better conform to k8sPeter Hunt2020-01-03
| | | | | | | Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles update tests Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Remove containers when pruning a stopped pod.Qi Wang2019-11-26
| | | | | | | This path allows pod prune & pod rm to remove stopped containers in the pod before deleting the pod. PrunePods and RemovePod should be able to remove containers without force removal of stopped pods. Signed-off-by: Qi Wang <qiwan@redhat.com>
* podman {pod,} rm/stop: add --ignore flagValentin Rothberg2019-11-25
| | | | | | | | | | | | Add an --ignore flag to podman rm and stop. When specified, Podman will ignore "no such {container,pod}" errors that occur when a specified container/pod is not present in the store (anymore). The motivation behind adding this flag is to write more robust systemd services using Podman. A user might have manually decided to remove a container/pod which would lead to a failure during the `ExecStop` directive of a systemd service referencing that container/pod. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* play kube: handle seccomp labelsPeter Hunt2019-11-18
| | | | | | | Add handling of seccomp annotations to play kube at both container and pod levels. also add a test Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #4368 from haircommander/pod-annotationsOpenShift Merge Robot2019-11-15
|\ | | | | Add pod annotations to container
| * Add annotations in play kubePeter Hunt2019-11-08
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | codespell: spelling correctionsDmitry Smirnov2019-11-13
|/ | | | Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
* Split up create config handling of namespaces and securityPeter Hunt2019-11-07
| | | | | | | | As it stands, createconfig is a huge struct. This works fine when the only caller is when we create a container with a fully created config. However, if we wish to share code for security and namespace configuration, a single large struct becomes unweildy, as well as difficult to configure with the single createConfigToOCISpec function. This PR breaks up namespace and security configuration into their own structs, with the eventual goal of allowing the namespace/security fields to be configured by the pod create cli, and allow the infra container to share this with the pod's containers. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Add support for RunAsUser and RunAsGroupDaniel J Walsh2019-11-06
| | | | | | | | | | Currently podman generate kube does not generate the correct RunAsUser and RunAsGroup options in the yaml file. This patch fixes this. This patch also make `podman play kube` use the RunAdUser and RunAsGroup options if they are specified in the yaml file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Set SELinux labels based on the security context in the kube.yamlDaniel J Walsh2019-11-05
| | | | | | | If the kube.yaml specifieds the SELinux type or Level, we need the container to be launched with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Set default seccomp.json file for podman play kubeDaniel J Walsh2019-10-29
| | | | | | | Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
| | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
| | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #4117 from mheon/pod_no_nameOpenShift Merge Robot2019-09-26
|\ | | | | Add an error for pods without a name
| * Add an error for pods without a nameMatthew Heon2019-09-26
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | play kube: Only support pod kind in k8s yamlPeter Hunt2019-09-24
|/ | | | | | Since we only really support playing pods, and no other kubernetes types Signed-off-by: Peter Hunt <pehunt@redhat.com>
* play kube: fix segfaultPeter Hunt2019-09-06
| | | | | | | when securityContext wasn't specified in yaml. add a test as well Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #3836 from chenzhiwei/hostnameOpenShift Merge Robot2019-08-19
|\ | | | | Allow customizing pod hostname
| * Allow customizing pod hostnameChen Zhiwei2019-08-18
| | | | | | | | | | | | | | * set hostname in pod yaml file * set --hostname in pod create command Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* | Merge pull request #3617 from QiWang19/create_pullOpenShift Merge Robot2019-08-17
|\ \ | |/ |/| add --pull flag for podman create&run
| * add --pull flag for podman create&runQi Wang2019-08-09
| | | | | | | | | | | | | | | | | | | | | | Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393 Added --pull for podman create and pull to match the newly added flag in docker CLI. `missing`: default value, podman will pull the image if it does not exist in the local. `always`: podman will always pull the image. `never`: podman will never pull the image. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Fix play kube command in pod yamlChen Zhiwei2019-08-14
|/ | | | Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* Merge pull request #3692 from haircommander/play-capsOpenShift Merge Robot2019-08-02
|\ | | | | Add Capability support to play kube
| * Add capability functionality to play kubePeter Hunt2019-08-01
| | | | | | | | | | | | | | Take capabilities written in a kube and add to a container adapt test suite and write cap-add/drop tests Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Use buildah/pkg/parse volume parsing rather then internal versionDaniel J Walsh2019-08-01
|/ | | | | | | We share this code with buildah, so we should eliminate the podman version. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pods: do not to join a userns if there is not anyGiuseppe Scrivano2019-07-25
| | | | | | | do not attempt to join the user namespace if the pod is running in the host user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* golangci-lint round #3baude2019-07-21
| | | | | | | this is the third round of preparing to use the golangci-lint on our code base. Signed-off-by: baude <bbaude@redhat.com>
* Fix play kube commandPeter Hunt2019-07-17
| | | | | | | Before, play kube wasn't properly setting the command. Fix this Also, begin a dedicated test suite for play kube to catch regressions like this in the future Signed-off-by: Peter Hunt <pehunt@redhat.com>
* golangci-lint pass number 2baude2019-07-11
| | | | | | clean up and prepare to migrate to the golangci-linter Signed-off-by: baude <bbaude@redhat.com>
* libpod removal from main (phase 2)baude2019-06-27
| | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* Refactor of 'podman prune' to better support remoteJhon Honce2019-04-18
| | | | | | | | * Push iterations into the service not the client * Add e2e tests * Refactor to use new frameworks Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Added remote pod prunePeter Hunt2019-04-16
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* podman-remote pod top|statsbaude2019-03-06
| | | | | | | this is the final enablement for the pod subcommand. it includes the ability to run podman-remote pod top and stats. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote pod pause|unpause|restartbaude2019-02-25
| | | | | | | enable the ability for the remote client to pause, unpause, and restart pods. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote create|psbaude2019-02-25
| | | | | | | enable the podman-remote client to be able to create and list pods on a remote system. Signed-off-by: baude <bbaude@redhat.com>
* Enable more podman-remote pod commandsbaude2019-02-22
enable pod start, stop, and kill subcommands for the remote-client. Signed-off-by: baude <bbaude@redhat.com>