| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
When a container specification has a pull policy, we should honor it when recreating the pods/containers from yaml. furthermore, ini kube, if a tag is :latest, then the always pull policy is automatically instituted.
Fixes: #4880
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
when a docker image has a defined healthcheck, it should be displayed with inspect. this is only valid for docker images as oci images are not aware of healthchecks.
Fixes: #4799
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
APIv2 review corrections #3
|
| |
| |
| |
| |
| |
| | |
The third pass of corrections for the APIv2.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
faith/camelcase has been archived and is no longer maintained.
The package is sufficiently small and self-contained enough to
maintain it in libpod.
Fixes: #4783
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
|
|
| |
* Added helper function to allow parsing from filters
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Add query parameter converters for complex types
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add converter for URL query parameters of type map[string][]string
* Add converter for URL query parameters of type time.Time
* Added function to allocate and configure schema.Decoder for API use
* Updated API handlers to leverage new converters, and correct handler
code for filter type
An encoding example for a client using filters:
v := map[string][]string{
"dangling": {"true"},
}
payload, err := jsoniter.MarshalToString(v)
if err != nil {
panic(err)
}
payload = "?filters=" + url.QueryEscape(payload)
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
| |
Add API review comments to correct documentation and endpoints. Also, add a libpode prune method to reduce code duplication. Only used right now for the API but when the remote client is wired, we will switch over there too.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Enable swagger validation for each PR
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Update swagger:operation's to pass validation
* 'name' path parameter now used throughout API
* Added #/response/ok for 200 returns, TBD values have been replaced
with legal values.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| |/
|/| |
Use cgroupv2 super magic from golang.org/x/sys/unix
|
| |
| |
| |
| |
| |
| |
| | |
We can use this constant from the already existing sys/unix package
instead of defining it by our own.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Update build images
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Add swagger annotations for all the query and response parameters
for buildimages
* Improve populating the BuildOptions struct
* Improve swagger.json generation, removing tags.xml and move tag
definiation into the swagger:meta block
* Update Makefile to be more robust, added target for validation
* TODO once validation passes add that step to the generation step
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
oci_conmon: do not create a cgroup under systemd
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
it allows to disable cgroups creation only for the conmon process.
A new cgroup is created for the container payload.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootless: set C variables also on shortcut
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
make sure the rootless env variables are set also when we are joining
directly the user+mount namespace without creating a new process.
It is required by pkg/unshare in containers/common.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add service endpoint for the new API. Also supports the varlink
implementation.
Signed-off-by: baude <bbaude@redhat.com>
Refactor to allow developer more control of API server
* Add api.NewServerWithSettings() to create an API server with custom
settings
* Add api.ListenUnix() to create a UDS net.Listener and setup UDS
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
More service completion
Add podman service command that allows users to run either a RESTful or
varlink protocol API service.
Addition of docs and RESTful listening.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
Tackling the first comments in the review pass. More to come.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| | |
Add statement to the info section stating this is experimental only for now. Also add the podman logo to the right-hand navigation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/| |
Add an API for Attach over HTTP API
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --ignore flag lets Podman ignore errors when a specified container
does not exist (anymore). That's a nice addition to generic services
generated via the --new flag. Those services create new containers and
can hence allows user to manually remove a container; may it only be by
accident.
The important part of using the --ignore flag is that Podman will exit 0
which plays nicer with most restart policies; a non-zero exit may yield
systemd to restart the entire service which is arguably wrong if the
user manually deletes the container.
If desired, users can still alter the generated files.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
Include the service into make binaries such that we're it's being build
in the CI.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
v2 api: top improvements
|
| |
| |
| |
| | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a hanlder to figure out if the specified http request came through
a libpod endpoint. A first user is the top endpoint which has a
different default value for `ps_args` depending if the request came
through the docker or libpod endpoint.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Move the top logic from pkg/adapter into the (*libpod.Container).Top().
This way, we drop the dependency from pkg/api on pkg/adapters and have
a clearer separation of concerns.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Let's not mix apples and oranges and give stderr a dedicated pipe. This
way, we don't return conmon log messages if run in debug mode.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Use `pkg/adapter` to increase code reuse and reduce code redundancy.
* Extend swagger docs to mention AIX descriptors.
* Document the libpod endpoint which shares the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
add a static tags file so we can dictate the left-hand navigation. in
doing so we now override the tag in the swagger:operation. we now have
images and images (compat) as a way to differentiate.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
[CI:DOCS] Add APIv2 CLI example POC
|
| |
| |
| |
| |
| |
| |
| | |
* Add ReadMe, CLI and unit files to support socket activation, both for
system and rootless
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Also remove the redundant stats handler in libpod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
The docker and libpod endpoints provide the same functionality, so
we can use the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Also expect the container to be running.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Also add some comments.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
We must check all errors and handle them properly. Otherwise, we can run
into nil dereferences ultimately killing the service.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
`NumProcs` and `StorageStats` are windows specific and are not
popoulated on Linux. Hence, we can safely remove them.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
policy for seccomp-profile selection
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement a policy for selecting a seccomp profile. In addition to the
default behaviour (default profile unless --security-opt seccomp is set)
add a second policy doing a lookup in the image annotation.
If the image has the "io.containers.seccomp.profile" set its value will be
interpreted as a seccomp profile. The policy can be selected via the
new --seccomp-policy CLI flag.
Once the containers.conf support is merged into libpod, we can add an
option there as well.
Note that this feature is marked as experimental and may change in the
future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
make lint: extend checks
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Include the unit tests (i.e., _test.go files) for linting to make the
tests more robust and enforce the linters' coding styles etc.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|