| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Change the dependencies from a pod unit to its associated container
units from `Requires` to `Wants` to prevent the entire pod from
transitioning to a failed state. Restart policies for individual
containers can be configured separately.
Also make sure that the pod's RunRoot is always set.
Fixes: #14546
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Refactored secrets API in common for stability purposes. Move podman to
said API.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\
| |
| | |
Fix stutters
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir`.
Reference: https://pkg.go.dev/io/ioutil#ReadDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
| |
This logic has been broken by commit 9c6c981928c3e020ff6eef9454c7ee86aa8c83d1
(kube: fix conversion from milliCPU to period/quota).
[NO NEW TESTS NEEDED]
Fixes: #15726
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
|
| |\
| |
| | |
health check: add on-failure actions
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
kube: plug HostUsers in the pod spec
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
map HostUsers=false to userns=auto.
One difference with the current implementation in the Kubelet is that
the podman default size is 1024 while the Kubelet uses 65536.
This is done on purpose, because 65536 is a problem for rootless as
the entire IDs space would be allocated to a single pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Fix swagger documentation
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
* ContainerKillLibpod "signal" query default is SIGKILL.
* ContainerStopLibpod "all" query doesn't exist.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \
| | |
| | | |
Add --config for Docker compatibility
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/14767
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`--cpu-rt-period` and `--cpu-rt-runtime` options are only
supported on cgroups V1 rootful systems.
Therefore, podman prints an warning message and ignores these
options when we use cgroups V2 systems.
Related to: #15666
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \
| |/
|/| |
fix podman pod inspect to support multiple pods
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Just like the other inspect commands `podman pod inspect p1 p2` should
return the json for both.
To correctly implement this we follow the container inspect logic, this
allows use to reuse the global inspect command.
Note: To not break the existing single pod output format for podman pod
inspect I added a pod-legacy inspect type. This is only used to make
sure we will print the pod as single json and not an array like for the
other commands. We cannot use the pod type since podman inspect --type
pod did return an array and we should not break that as well.
Fixes #15674
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| | |
| | | |
specgen/generate: Factor out setting resource limits from CompleteSpec
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This avoids setting values in the spec which are not supported on
FreeBSD - including these values causes warning messages for the
unsupported features.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \
| | |
| | | |
fixes data race in system.Events and nil error logging
|
| | |/
| |
| |
| | |
Signed-off-by: Harald Albrecht <harald.albrecht@gmx.net>
|
| |\ \
| |/
|/| |
Introduce a new signed Windows installer with automated build process
|
| | |
| |
| |
| | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| | |
| | | |
Fix intermittent issue with Compat API proxy startup on Windows
|
| | |/
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| |/
|/| |
Support auto updates for Kubernetes workloads
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add auto-update support to `podman kube play`. Auto-update policies can
be configured for:
* the entire pod via the `io.containers.autoupdate` annotation
* a specific container via the `io.containers.autoupdate/$name` annotation
To make use of rollbacks, the `io.containers.sdnotify` policy should be
set to `container` such that the workload running _inside_ the container
can send the READY message via the NOTIFY_SOCKET once ready. For
further details on auto updates and rollbacks, please refer to the
specific article [1].
Since auto updates and rollbacks bases on Podman's systemd integration,
the k8s YAML must be executed in the `podman-kube@` systemd template.
For further details on how to run k8s YAML in systemd via Podman, please
refer to the specific article [2].
An examplary k8s YAML may look as follows:
```YAML
apiVersion: v1
kind: Pod
metadata:
annotations:
io.containers.autoupdate: "local"
io.containers.autoupdate/b: "registry"
labels:
app: test
name: test_pod
spec:
containers:
- command:
- top
image: alpine
name: a
- command:
- top
image: alpine
name: b
```
[1] https://www.redhat.com/sysadmin/podman-auto-updates-rollbacks
[2] https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactor the auto-update backend to allow for updating multiple
tasks/containers per unit. This commit is merely doing the plumbing.
The actual integration comes in a following commit.
[NO NEW TESTS NEEDED] as behavior should not change and existing
tests are expected to continue to pass.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
Add generate systemd -e/--env option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
-e/--env option sets environment variables to the systemd unit files.
Fixes: #15523
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \
| | | |
| | | | |
(Windows) Drop stale config value resulting in asymmetric config
|
| | | |/
| |/|
| | |
| | |
| | |
| | | |
Fixes log follow operations since corresponding k8s-file backend was previously dropped
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \
| | |
| | | |
Add container GID to additional groups
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add support for FreeBSD volume mounts in specgen
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix swagger documentation
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* ContainerKillLibpod "signal" query default is SIGKILL.
* ContainerListLibpod "namespace" query is failed to show.
* SecretListLibpod parameters is duplicated.
* SecretList parameters is duplicated.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Fix bind-mount-option annotation in gen/play kube
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The format used for setting the bind-mount-options annotations
in the kube yaml was incorrect and caused k8s to throw an error
when trying to play the generated kube yaml.
Fix the annotation format to match the rules of k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Improved Windows compatibility for machine command
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves #15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \
| | |
| | | |
api: return imageID instead of imageName, for "Image" when Podman api is queried
|
| | |\ \ |
|
| | |\ \ \
| | | |/
| | |/| |
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add FreeBSD support for pkg/specgen/generate
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
