| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
map HostUsers=false to userns=auto.
One difference with the current implementation in the Kubelet is that
the podman default size is 1024 while the Kubelet uses 65536.
This is done on purpose, because 65536 is a problem for rootless as
the entire IDs space would be allocated to a single pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When a kube yaml has a volume set as empty dir, podman
will create an anonymous volume with the empty dir name and
attach it to the containers running in the pod. When the pod
is removed, the empy dir volume created is also removed.
Add tests and docs for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
| |
We keep getting flakes in tests that use port 5000. Try to
find and fix, by switching ports where possible, and locking
5000 when not possible (or not easy) to switch.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
Implement kubernetes secret handling for podman play kube
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file.
Kubernetes secrets have a different structure than podman and therefore have to be handeled differently.
In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets
to come!
resolves #12396
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
Update the init container type default to once instead
of always to match k8s behavior.
Add a new annotation that can be used to change the init
ctr type in the kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A number of standard image names were lower-case, leading to
confusion in code such as:
registry := podman(... , "-n", "registry", registry, ...)
^--- variable ^---- constant
Fix a number of those to be capitalized and with _IMAGE suffix:
registry := podman(..., REGISTRY_IMAGE
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
| |
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |
|
|
| |
Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
|
| |
|
|
|
|
|
| |
e2e tests tends to fail when running with multiple nodes because
the same device folder name is used accross all nodes
Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- add test
- fix bug when a character device set in a volume as a block device
is seen as block device in _pkg/specgen/generate/kube/volume.go_.
At this stage the type does not matter much because the devices are
recreated at lower layer but the bug allowed a CharDevice volume to be
passed to lower layer as a BlockDevice.
Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
|
| |
|
|
|
|
|
|
| |
add support to override the user namespace to use for the pod.
Closes: https://github.com/containers/podman/issues/7504
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
| |
If the RunAsUser, RunAsGroup, SupplementalGroups settings are not
overriden in the container security context, then take the value from
the pod security context.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Commit b58e7e7f11 was not fully rebased before merging and is now
breaking CI because commit 69c479b16e19 made the underlying error
visible. Using journald inside the container tests is not supported.
Fixes #14162
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
play kube log tag handling
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
currently tags cause a panic due to an uninitialized map. Initialize the map
and add parsing to make sure we are only tagging with journald
resolves #13356
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rather than assuming a filesystem path, the API service URI is recorded
in the libpod runtime configuration and then reported as requested.
Note: All schemes other than "unix" are hard-coded to report URI exists.
Fixes #12023
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
| |
The errcheck linter makes sure that errors are always check and not
ignored by accident. It spotted a lot of unchecked errors, mostly in the
tests but also some real problem in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is a very late followup to my ginkgo-improving work of 2021.
It has been stuck since December because it requires gomega 1.17,
which we've just enabled.
This commit is simply a copy-paste of a command I saved in
my TODO list many months ago:
sed -i -e 's/Expect(\([^ ]\+\)\.\([a-zA-Z0-9]\+\))\.To(Equal(/Expect(\1).To(HaveField(\"\2\", /' test/e2e/*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to use the host network when it is set in the config and
--network was not used.
This regression was added in 3e9af2029f1f.
Fixes #14015
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
| |
We should not exclude contianers by name. If a users has a container
with the name "inf" it is currently skipped. This is wrong. The k8s yaml
does not contain infra containers so we do not have to skip them.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
The unparam linter is useful to detect unused function parameters and
return values.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
| |
`podman play kube` creates a new volume for configmap, if same configmap
is applied again volume can be re-used, there is no need to remove and
re-create the volume again
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
|
|
|
| |
Error out if the kube yaml passed to play kube has more
than one container or init container with the same name.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While resolving `workdir` we mostly create a `workdir` when `stat`
fails with `ENOENT` or `ErrNotExist` however following cases are not
true when user explicitly specifies a `workdir` while `running` using
`--workdir` which tells `podman` to only use workdir if its exists on
the container. Following configuration is implicity set with other
`run` mechanism like `podman play kube`
Problem with explicit `--workdir` or similar implicit config in `podman play
kube` is that currently podman ignores the fact that workdir can also be
a `symlink` and actual `link` could be valid.
Hence following commit ensures that in such scenarios when a `workdir`
is not found and we cannot create a `workdir` podman must perform a
check to ensure that if `workdir` is a `symlink` and `link` is resolved
successfully and resolved link is present on the container then we
return as it is.
Docker performs a similar behviour.
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
|
|
| |
enabled e2e tests for netavark
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
add support for env vars values from pod spec fields
see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
relates to issue https://github.com/containers/podman/issues/12756
Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
|
| |
|
|
|
|
|
|
| |
This PR fixes nil pointer dereference for configmap optional parameter.
When optional parameter is not passed, the code tried to acces the
parameter which caused nil pointer dereference.
Signed-off-by: Ondra Machacek <omachace@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Automated for .go files via gomove [1]:
`gomove github.com/containers/podman/v3 github.com/containers/podman/v4`
Remaining files via vgrep [2]:
`vgrep github.com/containers/podman/v3`
[1] https://github.com/KSubedi/gomove
[2] https://github.com/vrothberg/vgrep
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
| |
If the pod yaml has env from secret and condifg map but they are optional
and the secret cannot be found, don't add the env key as well
as the env value will not be found. Matches behavior with k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We enforce the naming scheme "<podname>-<containername>" here [1].
Therefore we must not rename the pod in case of a naming conflict
between pod name and container name. Not renaming the pod increases the
usability for the user and easies scripting based on the name. Otherwise
a user must set some label to reliable find a pod after creation. Or
have to implement the renaming logic in the script.
[1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140
Fixes #12722
Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
|
| |
|
|
|
|
| |
Allow the same --network options for play kube as for podman run/create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| |
| |
| | |
dispensable/respect_pod_yaml_spec_hostname_when_play
Hostname in `spec.hostname` should be passed to infra ctr init opt
|
| | |
| |
| |
| |
| |
| | |
Fixes https://github.com/containers/podman/issues/12393
Signed-off-by: Qiang Wang <sunsetmask@gmail.com>
|
| |\ \
| | |
| | | |
Add support for configmap volumes to play kube
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the k8s yaml has volumes from a configmap, play kube
will now create a volume based on the data from the
configmap and volume source and set it to the right path
in the container accordingly.
Add tests for this and update some test for ENV from configmap.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
sed -i -e 's/Expect(len(\(.*\)))\.To(Equal(\(.*\)))/Expect(\1).To(HaveLen(\2))/' test/e2e/*.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
sed -i -e 's/Expect(len(\(.*\)))\.To(Equal(0))/Expect(\1).To(BeEmpty())/' test/e2e/*.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |/
|/|
| |
| |
| |
| | |
sed -i -e 's/Expect(\(.*\)\[\(\".*\"\)\])\.To(\(.*\)/Expect(\1).To(HaveKeyWithValue(\2, \3)/' test/e2e/*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
| |
...and fix problems found therewith.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
| |
Fixes #12363
Signed-off-by: Jakub Dzon <jdzon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
We need to use the config network mode when no network mode was set. To
do so we have to keep the nsmode empty, MakeContainer() will use the
correct network mode from the config when needed.
Fixes #12248
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
So far, the infra containers of pods required pulling down an image
rendering pods not usable in disconnected environments. Instead, build
an image locally which uses local pause binary.
Fixes: #10354
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/11727
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Environment variables whose value contained an equal sign where
truncated
Fixes #11891
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
| |
With this flag, users can easily sync up the yaml content with the existing pods.
Fixes #11481
Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This option will setup the containers to not modify their /etc/hosts
file and just use the one from the image.
Fixes: https://github.com/containers/podman/issues/9500
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Closes: https://github.com/containers/podman/issues/11803
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
| |
Currently we add the default PATH, TERM and container from Podman
to every kubernetes.yaml file. These values should not be recorded
in the yaml files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Stop outputting 'healthy' on healthcheck
|
