| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Clean up when stopping pods
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a test to verify that init containers in pods are
deleted when the `--init-ctr=once` option is specified. The test
creates two containers, one of them an init container, starts the
pod, stops the pod, and restarts the pod, checking for the
presence of a file created by the init container during the
second start. We're seeing a race where the file still exists,
which I'm fairly certain comes down to the SHM mount not being
cleaned up after the pod is stopped.
Fortunately, we already have code to do this - just flip the bool
that controls cleanup from false to true.
[NO NEW TESTS NEEDED] Fixes a difficult to reproduce race
condition.
Fixes #16046
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to allow pods to reach other pods (as in Kubernetes) they all
need to be added to the same network. A network is created (if it
doesn't exist) and pods created by play-kube are added to that network.
When network options are passed to kube command the pods are not
attached to the default kube network.
Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
|
|\ \
| | |
| | | |
`podman pod logs -l` no longer panics
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixed issue where executing the command `podman pod logs -l` would panic
because it was indexing into an empty arguments array.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I see no reason to block --network host with kube play and force users
to have to set it in the yaml file.
This is just confusing when compared to the other podman create/run
--network options, see discussion in #15945.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 32f54a81ed797597827123b671b6e73194354327.
`pkg/bindings` is supported outside of podman and we have to keep it
stable.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* `manifest add --annotation option` adds annotations
field on remote environment.
* `manifest inspect` prints annotations field
on remote environment.
Fixes: #15952
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves #15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \
| | |
| | | |
auto-update: validate container image
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Auto updates using the "registry" policy require container to be created
with a fully-qualified image reference. Short names are not supported
due the ambiguity of their source registry. Initially, container
creation errored out for non FQN images but it seems that Podman has
regressed.
Fixes: #15879
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
kube: notifyproxy: fix lost READY message
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Use a wait group to a) wait for all proxies in parallel
b) avoid the potential for ABBA deadlocks
[NO NEW TESTS NEEDED] as it is not changing functionality
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \
| | |
| | | |
Add support to sig-proxy for podman-remote
|
| |/
| |
| |
| | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|\ \
| | |
| | | |
podman-save: Add signature-policy flag
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Allow overwrite of the signature-policy file
by passing signature-policy flag to podman save command
Closes: https://github.com/containers/podman/issues/15869
Signed-off-by: đMostafa Emami <mustafaemami@gmail.com>
|
|\ \
| | |
| | | |
Replace deprecated ioutil
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| | |
| | | |
Add labels to secrets
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add --label/-l label flag to secret create, and show labels when
inspecting secrets. Also allow labeling secrets via libpod/compat API.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Fix podman-remote run --attach stdin to show container ID
|
| | |
| | |
| | |
| | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This commit fixes `container checkpoint --export`
to print a rawInput or an error.
Fixes: #15743
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Three tests were running 'container rm' on 'start'ed containers
that might not yet have exited. Fix. Also, tighten up the
tests themselves, to make even more sure that they test
what they're supposed to test.
Discovered, in CI, that 'podman-remote logs --timestamps'
was unimplemented. Thanks to @Luap99 for the fix to that.
Fixes: #15783
Fixes: #15795
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| |/
|/| |
Ensure that the DF endpoint updated volume refcount
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The field was already exposed already in the `system df` output
so this just required a bit of plumbing and testing.
As part of this, fix `podman systemd df` volume in-use logic.
Previously, volumes were only considered to be in use if the
container using them was running. This does not match Docker's
behavior, where a volume is considered in use as long as a
container exists that uses the volume, even if said container is
not running.
Fixes #15720
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactored secrets API in common for stability purposes. Move podman to
said API.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| | |
| | | |
Fix stutters
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
| |
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir`.
Reference: https://pkg.go.dev/io/ioutil#ReadDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
map HostUsers=false to userns=auto.
One difference with the current implementation in the Kubelet is that
the podman default size is 1024 while the Kubelet uses 65536.
This is done on purpose, because 65536 is a problem for rootless as
the entire IDs space would be allocated to a single pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just like the other inspect commands `podman pod inspect p1 p2` should
return the json for both.
To correctly implement this we follow the container inspect logic, this
allows use to reuse the global inspect command.
Note: To not break the existing single pod output format for podman pod
inspect I added a pod-legacy inspect type. This is only used to make
sure we will print the pod as single json and not an array like for the
other commands. We cannot use the pod type since podman inspect --type
pod did return an array and we should not break that as well.
Fixes #15674
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
Support auto updates for Kubernetes workloads
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add auto-update support to `podman kube play`. Auto-update policies can
be configured for:
* the entire pod via the `io.containers.autoupdate` annotation
* a specific container via the `io.containers.autoupdate/$name` annotation
To make use of rollbacks, the `io.containers.sdnotify` policy should be
set to `container` such that the workload running _inside_ the container
can send the READY message via the NOTIFY_SOCKET once ready. For
further details on auto updates and rollbacks, please refer to the
specific article [1].
Since auto updates and rollbacks bases on Podman's systemd integration,
the k8s YAML must be executed in the `podman-kube@` systemd template.
For further details on how to run k8s YAML in systemd via Podman, please
refer to the specific article [2].
An examplary k8s YAML may look as follows:
```YAML
apiVersion: v1
kind: Pod
metadata:
annotations:
io.containers.autoupdate: "local"
io.containers.autoupdate/b: "registry"
labels:
app: test
name: test_pod
spec:
containers:
- command:
- top
image: alpine
name: a
- command:
- top
image: alpine
name: b
```
[1] https://www.redhat.com/sysadmin/podman-auto-updates-rollbacks
[2] https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/
|
|
|
|
|
|
| |
-e/--env option sets environment variables to the systemd unit files.
Fixes: #15523
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
âmemory
âcpus
âcpuset-cpus
âcpuset-mems
âmemory-swap
âmemory-reservation
âcpu-shares
âcpu-quota
âcpu-period
âblkio-weight
âcpu-rt-period
âcpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves #15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|\
| |
| | |
Add emptyDir volume support to kube play
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a kube yaml has a volume set as empty dir, podman
will create an anonymous volume with the empty dir name and
attach it to the containers running in the pod. When the pod
is removed, the empy dir volume created is also removed.
Add tests and docs for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
| |
This just moves the code to files which can be shared with freebsd.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
|
|
|
|
|
|
|
|
| |
This will allow us to write unit tests without setting up the complete Podman runtime
(and without the Linux dependency).
Should not change behavior.
Signed-off-by: Miloslav TrmaÄ <mitr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow us to write unit tests without setting up the complete Podman runtime
(and without the Linux dependency).
Also, actually add a basic smoke test of the core functionality.
Should not change behavior.
Signed-off-by: Miloslav TrmaÄ <mitr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Only process the incoming args[] (which is a single-element array
for some reason) once, and use a semantic variable name for the value
we care about.
Should not change behavior, the only caller already supposedly ensures
that len(args) == 1.
Signed-off-by: Miloslav TrmaÄ <mitr@redhat.com>
|
|
|
|
|
|
|
|
|
| |
We can always recover it from git, but it seems to serve
no purpose anyway.
Should not change behavior.
Signed-off-by: Miloslav TrmaÄ <mitr@redhat.com>
|
|\
| |
| | |
Add support for containers.conf volume timeouts
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| |/
|/| |
Simplify ImagesPull for when Quiet flag is on
|
| |
| |
| |
| | |
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
|/
|
|
|
|
|
|
|
|
| |
Refactor the RawInput process of the `rm` and
`start` subcommands, like the other subcommands
such as `restart, stop, etc`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|