| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 2.2.x, we moved `play kube` to use the Start() API for pods,
which reported errors in a different way (all containers are
started in parallel, and then results reported as a block). The
migration attempted to preserve compatibility by returning only
one error, but that's not really a viable option as it can
obscure the real reason that a pod is failing. Further, the code
was not correctly handling the API's errors - Pod Start() will,
on any container error, return a map of container ID to error
populated for all container errors *and* return ErrPodPartialFail
for overall error - the existing code did not handle the partial
failure error and thus would never return container errors.
Refactor the `play kube` API to include a set of errors for
containers in each pod, so we can return all errors that occurred
to the frontend and print them for the user, and correct the
backend code so container errors are actually forwarded.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
| |
Having play kube start the pod is not always appropriate, one might
for example like to have the pod running as a set of systemd services.
Add a `start` option to the command line and API to control if the pod
should be started or not; it defaults to true for backward
compatibility.
Signed-off-by: Alban Bedel <albeu@free.fr>
|
|
|
|
|
|
| |
addresses #6604
Signed-off-by: Andy Librian <andylibrian@gmail.com>
|
|
|
|
| |
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
|
|
|
|
| |
Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
|
|
|
|
| |
Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support the `X-Registry-Auth` http-request header.
* The content of the header is a base64 encoded JSON payload which can
either be a single auth config or a map of auth configs (user+pw or
token) with the corresponding registries being the keys. Vanilla
Docker, projectatomic Docker and the bindings are transparantly
supported.
* Add a hidden `--registries-conf` flag. Buildah exposes the same
flag, mostly for testing purposes.
* Do all credential parsing in the client (i.e., `cmd/podman`) pass
the username and password in the backend instead of unparsed
credentials.
* Add a `pkg/auth` which handles most of the heavy lifting.
* Go through the authentication-handling code of most commands, bindings
and endpoints. Migrate them to the new code and fix issues as seen.
A final evaluation and more tests is still required *after* this
change.
* The manifest-push endpoint is missing certain parameters and should
use the ABI function instead. Adding auth-support isn't really
possible without these parts working.
* The container commands and endpoints (i.e., create and run) have not
been changed yet. The APIs don't yet account for the authfile.
* Add authentication tests to `pkg/bindings`.
Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
Add the `podman generate kube` and `podman play kube` command. The code
has largely been copied from Podman v1 but restructured to not leak the
K8s core API into the (remote) client.
Both commands are added in the same commit to allow for enabling the
tests at the same time.
Move some exports from `cmd/podman/common` to the appropriate places in
the backend to avoid circular dependencies.
Move definitions of label annotations to `libpod/define` and set the
security-opt labels in the frontend to make kube tests pass.
Implement rest endpoints, bindings and the tunnel interface.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|