summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #16057 from mheon/fix_16046OpenShift Merge Robot2022-10-07
|\ | | | | Clean up when stopping pods
| * Clean up when stopping podsMatthew Heon2022-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a test to verify that init containers in pods are deleted when the `--init-ctr=once` option is specified. The test creates two containers, one of them an init container, starts the pod, stops the pod, and restarts the pod, checking for the presence of a file created by the init container during the second start. We're seeing a race where the file still exists, which I'm fairly certain comes down to the SHM mount not being cleaned up after the pod is stopped. Fortunately, we already have code to do this - just flip the bool that controls cleanup from false to true. [NO NEW TESTS NEEDED] Fixes a difficult to reproduce race condition. Fixes #16046 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Create full path to a directory when DirectoryOrCreate is used with play kubeMikhail Khachayants2022-10-06
| | | | | | | | Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
* | Merge pull request #16029 from andrei-n-cosma/kube-default-networkOpenShift Merge Robot2022-10-05
|\ \ | | | | | | Add pods created by play kube to a default network
| * | Add pods created by kube play to a default networkAndrei Natanael Cosma2022-10-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to allow pods to reach other pods (as in Kubernetes) they all need to be added to the same network. A network is created (if it doesn't exist) and pods created by play-kube are added to that network. When network options are passed to kube command the pods are not attached to the default kube network. Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
* | | Prevent nil pointer deref in GetImageBrent Baude2022-10-04
|/ / | | | | | | | | | | | | | | | | | | | | | | Trying to print the image id on a failed inspect will result in a nil pointer panic because the image will be nil. Replace image.id with the image name which is defined as a string without the use of inspect. Fixes: bz#2131836 [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #15846 from jakecorrenti/pod-logs-latestOpenShift Merge Robot2022-10-03
|\ \ | | | | | | `podman pod logs -l` no longer panics
| * | `podman pod logs -l` no longer panicsJake Correnti2022-09-29
| | | | | | | | | | | | | | | | | | | | | Fixed issue where executing the command `podman pod logs -l` would panic because it was indexing into an empty arguments array. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | Merge pull request #15909 from cdoern/restoreOpenShift Merge Robot2022-09-29
|\ \ \ | | | | | | | | fix restore API endpoint
| * | | fix restore API endpointcdoern2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | restore endpoint was totally ignoring --pod, it was missing from the schema and from query handling on the api handlers side. add support for it here. resolves #15018 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | podman kube play allow --network hostPaul Holzinger2022-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I see no reason to block --network host with kube play and force users to have to set it in the yaml file. This is just confusing when compared to the other podman create/run --network options, see discussion in #15945. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Revert "remote: fix manifest add --annotation"Paul Holzinger2022-09-29
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | This reverts commit 32f54a81ed797597827123b671b6e73194354327. `pkg/bindings` is supported outside of podman and we have to keep it stable. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | remote: fix manifest add --annotationToshiki Sonoda2022-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * `manifest add --annotation option` adds annotations field on remote environment. * `manifest inspect` prints annotations field on remote environment. Fixes: #15952 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | fix: kube play liveness probe http pathPiotr2022-09-28
| | | | | | | | | | | | | | | | | | | | | Use the default / for http probe path. Update to URI schemes ensuring lowercase Signed-off-by: Piotr <piotr.skoczylas@gmail.com>
* | | Merge pull request #15946 from rhatdan/kubeOpenShift Merge Robot2022-09-27
|\ \ \ | | | | | | | | Default missing hostPort to containerPort is defined in kube.yaml
| * | | Default missing hostPort to containerPort is defined in kube.yamlDaniel J Walsh2022-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user does not specify hostPort in a kube.yml file but does specify a containerPort, then the hostPort should default to the containerPort. Fixes: https://github.com/containers/podman/issues/15942 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | fix: liveness check with http probePiotr2022-09-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Ensure kubernetes default parameters are respected. Additional curl parameter enforces returning error for HTTP error codes. Use build-in HealthCheckOnFailureAction instead of killing the container while executing the probe. Signed-off-by: Piotr <piotr.skoczylas@gmail.com>
* | | podman machine ssh handlingCharlie Doern2022-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file. resolves #15347 Signed-off-by: Charlie Doern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #15933 from vrothberg/fix-15879OpenShift Merge Robot2022-09-26
|\ \ \ | | | | | | | | auto-update: validate container image
| * | | auto-update: validate container imageValentin Rothberg2022-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Auto updates using the "registry" policy require container to be created with a fully-qualified image reference. Short names are not supported due the ambiguity of their source registry. Initially, container creation errored out for non FQN images but it seems that Podman has regressed. Fixes: #15879 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #15907 from Luap99/compat-net-optsOpenShift Merge Robot2022-09-26
|\ \ \ \ | | | | | | | | | | compat API: network inspect do not show isolate option
| * | | | compat API: network inspect do not show isolate optionPaul Holzinger2022-09-25
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We force the isolate option on new newtworks because that is the docker behavior. However when we inspect them they should not be displayed to the caller since they have no idea about it and docker-compose throws an error because of that. Fixes #15580 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #15926 from eriksjolund/remove_redundant_log_outputOpenShift Merge Robot2022-09-26
|\ \ \ \ | | | | | | | | | | Remove redundant log message
| * | | | Remove redundant log messageErik Sjölund2022-09-26
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Fixes: https://github.com/containers/podman/issues/15925 Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #15820 from vrothberg/fix-15800OpenShift Merge Robot2022-09-26
|\ \ \ \ | |/ / / |/| | | kube: notifyproxy: fix lost READY message
| * | | notifyproxy: don't set a read deadlineValentin Rothberg2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The read deadline may yield the READY message to be lost in space. Instead, use a more Go-idiomatic alternative by using two goroutines; one reading from the connection, the other watching the container. [NO NEW TESTS NEEDED] since existing tests are exercising this functionality already. Fixes: #15800 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * | | kube play: sdnotify proxy: use a wait groupValentin Rothberg2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a wait group to a) wait for all proxies in parallel b) avoid the potential for ABBA deadlocks [NO NEW TESTS NEEDED] as it is not changing functionality Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #15900 from rhatdan/VENDOROpenShift Merge Robot2022-09-23
|\ \ \ \ | | | | | | | | | | Update vendor of containers(image, common, buildah, storage)
| * | | | Fixup Buildah mergeEd Santiago2022-09-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes since 2022-09-09: - man page: add --skip-unused-stages (buildah 4249) - man page: bring in new Note for --cache-ttl (4248) - system tests: de-stutter (4205) - (internal): in skip() applier: escape asterisk, otherwise the "bud with --dns* flags" sed expression never applies. Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / | | Events for containers in pods now include the pod's IDMatthew Heon2022-09-22
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows tools like Cockpit to know that the pod in question has also been updated, so they can refresh the list of containers in the pod. Fixes #15408 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #15895 from dcermak/don-expose-dev-for-privilegedOpenShift Merge Robot2022-09-22
|\ \ \ | | | | | | | | Don't mount /dev/ inside privileged containers running systemd
| * | | Don't mount /dev/tty* inside privileged containers running systemdDan Čermák2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to https://systemd.io/CONTAINER_INTERFACE/, systemd will try take control over /dev/ttyN if exported, which can cause conflicts with the host's tty in privileged containers. Thus we will not expose these to privileged containers in systemd mode, as this is a bad idea according to systemd's maintainers. Additionally, this commit adds a bats regression test to check that no /dev/ttyN are present in a privileged container in systemd mode This fixes https://github.com/containers/podman/issues/15878 Signed-off-by: Dan Čermák <dcermak@suse.com>
* | | | Merge pull request #15131 from boaz0/closes_14707OpenShift Merge Robot2022-09-22
|\ \ \ \ | |/ / / |/| | | Add support to sig-proxy for podman-remote
| * | | Add support to sig-proxy for podman-remoteBoaz Shuster2022-09-20
| | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | Merge pull request #15870 from idleroamer/podman-saveOpenShift Merge Robot2022-09-22
|\ \ \ \ | | | | | | | | | | podman-save: Add signature-policy flag
| * | | | cli: Add signature-policy flag to podman save😎Mostafa Emami2022-09-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow overwrite of the signature-policy file by passing signature-policy flag to podman save command Closes: https://github.com/containers/podman/issues/15869 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
* | | | Fix a few missed io/ioutil -> os updatesChris Evich2022-09-21
| | | | | | | | | | | | | | | | | | | | | | | | Ref: https://github.com/containers/podman/pull/15871 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #15871 from cevich/replace_ioutilOpenShift Merge Robot2022-09-21
|\ \ \ \ | | | | | | | | | | Replace deprecated ioutil
| * | | | Replace deprecated ioutilChris Evich2022-09-20
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package `io/ioutil` was deprecated in golang 1.16, preventing podman from building under Fedora 37. Fortunately, functionality identical replacements are provided by the packages `io` and `os`. Replace all usage of all `io/ioutil` symbols with appropriate substitutions according to the golang docs. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #15837 from rhatdan/formatOpenShift Merge Robot2022-09-21
|\ \ \ \ | | | | | | | | | | Improve generate systemd format
| * | | | Improve generate systemd formatDaniel J Walsh2022-09-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14897 Followup to #13814 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15842 from ashley-cui/seclabelsOpenShift Merge Robot2022-09-21
|\ \ \ \ | | | | | | | | | | Add labels to secrets
| * | | | Add labels to secretsAshley Cui2022-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add --label/-l label flag to secret create, and show labels when inspecting secrets. Also allow labeling secrets via libpod/compat API. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | Merge pull request #15866 from boaz0/closes_15746OpenShift Merge Robot2022-09-21
|\ \ \ \ \ | |_|/ / / |/| | | | Fix podman-remote run --attach stdin to show container ID
| * | | | Fix podman-remote run --attach stdin to show container IDBoaz Shuster2022-09-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | Merge pull request #15072 from rhatdan/contextOpenShift Merge Robot2022-09-19
|\ \ \ \ \ | |_|_|_|/ |/| | | | Add support for podman context as alias to podman system connection
| * | | | Add support for podman context as alias to podman system connectionDaniel J Walsh2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Alias podman --context -> podman --connection podman context use -> podman system connection default podman context rm -> podman system connection rm podman context create -> podman system connection add podman context ls ->podman system connection ls podman context inspect ->podman system connection ls --json (For specified connections) Podman context is a hidden command, but can be used for existing scripts that assume Docker under the covers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | podman container clone env patchCharlie Doern2022-09-16
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone was failing when env variables had multiple `=` in them. Switch split to splitn resolves #15836 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #15812 from sstosh/checkpoint-export-rawinputOpenShift Merge Robot2022-09-16
|\ \ \ \ | |_|/ / |/| | | remote: checkpoint --export prints a rawInput or an error on remote
| * | | remote: checkpoint --export prints a rawInput or an error on remoteToshiki Sonoda2022-09-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes `container checkpoint --export` to print a rawInput or an error. Fixes: #15743 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>