aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Improve the error message for usused configMapsJordan Christiansen2022-02-24
| | | | | | | | | | | | | | | | | | | | | If you run `podman play kube` on a yaml file that only contains configMaps, podman will fail with the error: Error: YAML document does not contain any supported kube kind This is not strictly true; configMaps are a supported kube kind. The problem is that configMaps aren't a standalone entity. They have to be used in a container somewhere, otherwise they don't do anything. This change adds a new message in the case when there only configMaps resources. It would be helpful if podman reported which configMaps are unused on every invocation of kube play. However, even if that feedback were added, this new error messages still helpfully explains the reason that podman is not creating any resources. [NO NEW TESTS NEEDED] Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* kube: honor mount propagation modeGiuseppe Scrivano2022-02-23
| | | | | | | convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Cleanup display of trust with transportsDaniel J Walsh2022-02-22
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13059 from cdoern/cloneOpenShift Merge Robot2022-02-22
|\ | | | | Implement Podman Container Clone
| * Implement Podman Container Clonecdoern2022-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone takes the id of an existing continer and creates a specgen from the given container's config recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want into clone over time allowing the user to clone with as much or as little of the original config as they want. container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's the current supported flags are: --destroy (remove the original container) --name (new ctr name) --cpus (sets cpu period and quota) --cpuset-cpus --cpu-period --cpu-rt-period --cpu-rt-runtime --cpu-shares --cpuset-mems --memory --run resolves #10875 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #13286 from flouthoc/kube-build-false-defaultOpenShift Merge Robot2022-02-21
|\ \ | | | | | | kube: honor `--build=false` if specified.
| * | kube: honor --build=false and make --build=true by defaultAditya R2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | `podman play kube` tries to build images even if `--build` is set to false so lets honor that and make `--build` , `true` by default so it matches the original behviour. Signed-off-by: Aditya R <arajan@redhat.com>
* | | use GetRuntimeDir() from c/commonPaul Holzinger2022-02-21
|/ / | | | | | | | | | | | | | | | | To prevent duplication and potential bugs we should use the same GetRuntimeDir function that is used in c/common. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13228 from giuseppe/idmap-optionsOpenShift Merge Robot2022-02-17
|\ \ | | | | | | pkg: support passing down options for idmap
| * | pkg: support passing down options for idmapGiuseppe Scrivano2022-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] the feature is still being worked in crun: https://github.com/containers/crun/pull/874 also needs: https://github.com/containers/common/pull/927 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Calculate device major/minor using bitshiftRobb Manes2022-02-16
| |/ |/| | | | | | | | | | | | | | | | | Previously, devices with a major/minor number >256 would fail to be detected. Switch to using bitwise conversion (similar to sys/sysmacros in C). [NO NEW TESTS NEEDED] Signed-off-by: Robb Manes <robbmanes@protonmail.com>
* | Update to podman4 copr streamJason T. Greene2022-02-16
| | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Introduce podman machine init --root=t|f and podman machine set --root=t|fJason T. Greene2022-02-16
| | | | | | | | | | | | Switch default to rootless for mac and windows Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Initial implementation of mac forwarding using a privileged docker sock ↵Jason T. Greene2022-02-16
|/ | | | | | claim helper Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #13209 from esendjer/mainOpenShift Merge Robot2022-02-14
|\ | | | | ignition: propagate proxy settings from a host into a vm
| * ignition: propagate proxy settings from a host into a vmesendjer2022-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
* | Merge pull request #13220 from baude/podman4fcosOpenShift Merge Robot2022-02-14
|\ \ | | | | | | Temporarily pull machine images from side repo
| * | Temporarily pull machine images from side repoBrent Baude2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Until podman4 is in the fcos trees, we need to pull the machine images from a side repository. There is a hard coded bit that forces the side repo download right now. Simple comment or removal of the bit will revert to normal download behavior. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13214 from adrianreber/2022-02-11-fix-testsOpenShift Merge Robot2022-02-11
|\ \ \ | | | | | | | | Fix checkpoint/restore pod tests
| * | | Fix checkpoint/restore pod testsAdrian Reber2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checkpoint/restore pod tests are not running with an older runc and now that runc 1.1.0 appears in the repositories it was detected that the tests were failing. This was not detected in CI as CI was not using runc 1.1.0 yet. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #13210 from rhatdan/buildOpenShift Merge Robot2022-02-11
|\ \ \ \ | |_|/ / |/| | | Make sure building with relative paths work correctly.
| * | | Make sure building with relative paths work correctly.Daniel J Walsh2022-02-10
| |/ / | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12763 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / Add 409 response to swagger godocJhon Honce2022-02-10
|/ / | | | | | | | | | | | | | | | | When attempting to create a network with a name that already exists, a 409 status code will be returned [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / Add version guard to libpod API endpointsJhon Honce2022-02-09
|/ | | | | | | | | * Ensure meaningful behaviour when called with /v3.x.x semantics * Change return code to 409 from 500 when client attempts to use an existing network name * Update API bats test runner to support /v4.0.0 endpoints by default Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #13142 from tmds/ImageCreate_200_schemaOpenShift Merge Robot2022-02-09
|\ | | | | [CI:DOCS] Add schema for ImageCreate 200 response.
| * [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.Tom Deseyn2022-02-09
| | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | idmap should be able to be specified along with other optionsDaniel J Walsh2022-02-08
| | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] crun is not available everywhere to test idmap. Kernel might not be recent enough and not all file systems support idmap option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | compat: endpoint /build must set header content type as application/json in ↵Aditya R2022-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | reponse Lot of clients are expecting proper `Content-type: application/json` configured in response headers of `/build` compat api. Following commit fixes that. Fixes issues where code is setting header field after writing header which is wrong. We must set `content-type` before we write and flush http header. Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #12930 from cdoern/podCgroupOpenShift Merge Robot2022-02-04
|\ \ | |/ |/| Podman pod create --share-parent vs --share=cgroup
| * Podman pod create --share-parent vs --share=cgroupcdoern2022-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | separated cgroupNS sharing from setting the pod as the cgroup parent, made a new flag --share-parent which sets the pod as the cgroup parent for all containers entering the pod remove cgroup from the default kernel namespaces since we want the same default behavior as before which is just the cgroup parent. resolves #12765 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #13117 from Luap99/resolvOpenShift Merge Robot2022-02-03
|\ \ | | | | | | Revert "Move each search dns to its own line"
| * | Revert "Move each search dns to its own line"Paul Holzinger2022-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit a1bc8cb52cefd49e8cc54ae14d1864b8a1ec216e. Please see resolv.conf(5) search domains must be on the same line. If you use multiple seach key words only the last one is used. I tested this with alpine and it works correctly when they are on the same line so I am not sure what issues Dan had with it but this is not correct. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13121 from ydayagi/resourcefieldrefOpenShift Merge Robot2022-02-03
|\ \ \ | | | | | | | | play kube envVar.valueFrom.resourceFieldRef
| * | | play kube envVar.valueFrom.resourceFieldRefYaron Dayagi2022-02-02
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | add support for env vars values from container resources see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core relates to issue https://github.com/containers/podman/issues/12756 Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* / / pkg/bindings/images.Build(): slashify "dockerfile" values, tooNalin Dahyabhai2022-02-02
|/ / | | | | | | | | | | | | | | | | | | | | When the Dockerfile isn't in the root directory of the build context, the client supplies its pathname to the server, but it needs to do so using "/" as the path separator, not the client OS's path separator. CI can't test Windows clients, so [NO NEW TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Move each search dns to its own lineDaniel J Walsh2022-02-02
| | | | | | | | | | | | | | | | | | | | Alpine does not seem to use search correctly when there are multiple search domains on the same line. It only uses the first with the advent. When podman runs within a separate network we are appending on dns.podman as a search, if you add a search domain, then this causes the local search on network to fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix size to match Docker selectionDaniel J Walsh2022-02-01
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13096 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13085 from ydayagi/mainOpenShift Merge Robot2022-02-01
|\ \ | | | | | | play kube envVar.valueFrom.fieldRef
| * | play kube envVar.valueFrom.fieldRefYaron Dayagi2022-01-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | add support for env vars values from pod spec fields see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core relates to issue https://github.com/containers/podman/issues/12756 Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* | | Fix use of infra image to clarify defaultDaniel J Walsh2022-01-31
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13061 from flouthoc/podman-vm-delegate-subsystemOpenShift Merge Robot2022-01-28
|\ \ \ | | | | | | | | ignition, machine: delegate `cpu,io,memory,pid cgroup controllers` to machine's non-root users.
| * | | ignition, machine: delegate cpu,io cgroup controllers to machine's default usersAditya R2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Makes sure that ignition setups up systemd config so cgroup controllers like `cpu, io` are also delegated to `non-root` along with `memory, pid`. This allows general users of `podman` on `macOS` and `podman-remote` to do operations which are dependent on `cpu, io` cgroup controllers. [NO TESTS NEEDED] [NO NEW TESTS NEEDED] We don't have a CI infra to test this, please pull the tree and run `podman info` inside the machine to confirm. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #12712 from flouthoc/volume_overlay_advancedOpenShift Merge Robot2022-01-28
|\ \ \ \ | |/ / / |/| | | volume: add support for non-volatile `upperdir`,`workdir` for overlay volumes
| * | | volume: add support for non-volatile upperdir,workdir for overlay volumesAditya Rajan2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Often users want their overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be `overlay` so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console $ podman run -it -v myvol:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | network create: allow multiple subnetsPaul Holzinger2022-01-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman network create --subnet, --gateway and --ip-range can now be specified multiple times to join the network to more than one subnet. This is very useful if you want to use a dual stack network and assign a fixed ipv4 and ipv6 subnet. The order of the options is important here, the first --gateway/--ip-range will be assigned to the first subnet and so on. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12867 from cdoern/scpOpenShift Merge Robot2022-01-27
|\ \ \ | | | | | | | | switch podman image scp from depending on machinectl to just os/exec
| * | | switch podman image scp from depending on machinectl to just os/execcdoern2022-01-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | machinectl does not propogate error messages and adds extra lines in the output, exec.Cmd is able to clear the env besides PATH and TERM, and use the given UID and GID to execute the command properly. machinectl is still used to create a user session. Ubuntu support is limited by this. Signed-off-by: cdoern <cdoern@redhat.com>
* | | | rootless: drop permission check for devicesGiuseppe Scrivano2022-01-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 350ede1eeb6ab33bce2918d7768b940c255e63c6 added the feature. Do not check whether the device is usable by the rootless user before adding to the container. Closes: https://github.com/containers/podman/issues/12704 [NO NEW TESTS NEEDED] it requires changes on the host to test it Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Update godoc, swagger using wrong structJhon Honce2022-01-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Documentation for API volume list, pointed to a different struct than the code. [NO NEW TESTS NEEDED] Fixes #12987 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #12974 from kolyshkin/typoOpenShift Merge Robot2022-01-25
|\ \ \ | | | | | | | | pkg/specgen/generate/security: fix error message text