| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Don't add env if optional and not found
|
| |
| |
| |
| |
| |
| |
| |
| | |
If the pod yaml has env from secret and condifg map but they are optional
and the secret cannot be found, don't add the env key as well
as the env value will not be found. Matches behavior with k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|/
|
|
|
|
|
|
| |
Also update the e2e pull test to account for the changes when pulling
from the dir transport. Images pulled via the dir transport are not
tagged anymore; the path is not a reliable source.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Don't rename pod if container has the same name
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We enforce the naming scheme "<podname>-<containername>" here [1].
Therefore we must not rename the pod in case of a naming conflict
between pod name and container name. Not renaming the pod increases the
usability for the user and easies scripting based on the name. Otherwise
a user must set some label to reliable find a pod after creation. Or
have to implement the renaming logic in the script.
[1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140
Fixes #12722
Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this commit fixes two bugs and adds regression tests.
when getting healthcheck values from an image, if the image does not
have a timeout defined, this resulted in a 0 value for timeout. The
default as described in the man pages is 30s.
when inspecting a container with a healthcheck command, a customer
observed that the &, <, and > characters were being converted into a
unicode escape value. It turns out json marshalling will by default
coerce string values to ut8.
Fixes: bz2028408
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
Pod Security Option support and Infra Inheritance changes
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added support for pod security options. These are applied to infra and passed down to the
containers as added (unless overridden).
Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit`
This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create
code and pod creation.
resolves #12173
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
Avoid RemoteSocket collisions in e2e tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add lock files and re-generate the UUID if we
are not a known-unique user of the socket path.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Separate the code that determines the directory and file prefix
from the code that chooses and applies a UUID; we will make the
second part more complex in a bit.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\ \
| | |
| | | |
podman image scp never enter podman user NS
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.
This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component
Signed-off-by: cdoern <cdoern@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 3c3fa6fac4d0f8e8 added a few test cases for the init containers.
The "podman ensure always init containers always run" implicitly assumes
that restarting a pod will take more than 1 second. When this assumption
is not met (because computers are fast!), we get a flake.
The fix (without using sleep) is to print nanoseconds in date output.
This format option (%N) is not supported by date in Alpine Linux, so
switch to Fedora.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit e1443fe05d146def6 added a test case that ran "date +%N" inside
a Fedora container (without actually using its output).
Commit ccc5bc167fa2c140 changed that test case to use Alpine. Problem
is, %N is not supported by date in Alpine (it only prints a newline).
To eliminate the ambiguity, replace date with touch.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the --ipv6 flag to podman create/run and pod create. We support the
--network name:ip6=<ip> syntax now but for docker compat we should also
support the --ip6 flag.
Note that there is no validation if the ip is actually a v6 or v4 address
because the backend does not care either.
Fixes #7511
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.
Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Error out early if system does not support pre-copy checkpointing
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
CRIU's pre-copy migration support relies on the soft dirty page tracking
in the Linux kernel:
https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt
This functionality is not implemented for all architectures and it can
also be turned off in the kernel.
CRIU can check if the combination of architecture/kernel/CRIU supports
the soft dirty page tracking and exports this feature checking
functionality in go-criu.
This commit adds an early check if the user selects pre-copy
checkpointing to error out if the system does not support it.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Warn on use of --kernel-memory
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It has been deprecated and is no longer supported. Fully remove it and
only print a warning if a user uses it.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
|
|\ \
| | |
| | | |
Podman run --passwd
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
added support for a new flag --passwd which, when false prohibits podman from creating entries in
/etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint
resolves #11805
Signed-off-by: cdoern <cdoern@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
the logic is: if the process env vars key exists in podman default or in image defined, and the value is equal, skip the env var key.
the typo make it compare to itself -_-
so, here comes the simple fixup.
Signed-off-by: 荒野無燈 <ttys3.rust@gmail.com>
|
|\ \
| | |
| | | |
Add more checkpoint/restore information to 'inspect'
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This extends one of the checkpoint/restore tests to see if the
newly introduced checkpoint specific fields in 'inspect' work as
intended.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \
| | | |
| | | | |
build: relay `exitcode` from imagebuildah to registry
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Old build tests were expecting genric error code `125` however another
commit in this PR ensures that we relay exact exit code from build to
registry.
Hence adjusting tests
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman does not relay exit code from buildah instead returns a generic
error code `125`. Following PR allows `podman` to relay exit code from
`imagebuildah` to `registry` as it is.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when a container with healthchecks exits due to stopping or failure, we
need the cleanup process to remove both the timer file and the service
file.
Bz#:2024229
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
always set the default devices to the devices cgroup when not running
in a user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The search endpoint on registry.redhat.io is broken.
Skip one test and update another to avoid hitting it.
Also leave some breadcrumbs to revert once it's back
in a working state.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
network db rewrite
|
| | |
| | |
| | |
| | |
| | |
| | | |
Allow the same --network options for play kube as for podman run/create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Rework the --network parse logic to support multiple networks with
specific network configuration settings.
--network can now be set multiple times. For bridge network mode the
following options have been added:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- **mac=MAC**: Specify a static mac address address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99
for the default bridge network as well as for network names.
This is better than using --ip because we can set the ip per network
without any confusion which network the ip address should be assigned
to.
The --ip, --mac-address and --network-alias options are still supported
but --ip or --mac-address can only be set when only one network is set.
This limitation already existed previously.
The ability to specify a custom network interface name is new
Fixes #11534
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Network connect now supports setting a static ipv4, ipv6 and mac address
for the container network. The options are added to the cli and api.
Fixes #9883
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Add secret list --filter to cli
|
| |/
| |
| |
| |
| |
| |
| | |
This PR is a follow-up of #11431. It adds possibility of filtering
secret list based on id and name.
Signed-off-by: Jakub Guzik <jguzik@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This is the third and hopefully the last attempt to address the flakes
in the pprof tests. We first bumped the timeouts to 2 seconds, then to
5, and since I am running out of ideas let's bump it now to 20 seconds.
Since the timeouts poll, the tests will terminate much earlier but 20
seconds should now really be enough even under highly loaded CI VMs.
Fixes: #12167
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
fix e2e test missing network cleanup
|
| |
| |
| |
| |
| |
| |
| |
| | |
I noticed that this test will fail its flake rerun because the network
was not removed and it tried to create a network with the same name.
Also network disconnect works rootless now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
This gives the service 5 seconds to digest the signal and 5 more seconds
to shutdown. Create a new variable to make bumping the timeout easier
in case we see re-flake in the future.
Fixes: #12167
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
specgen: honor empty args for entrypoint specified as `--entrypoint ""`
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Users should be able to override containers entrypoint using
`--entrypoint ""` following works fine for podman but not for podman
remote.
Specgen ignores empty argument for entrypoint so make specgen honor
empty arguments.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
GLOBAL_OPTS haven't been supported for at least two major versions of
Podman. The runlabel code is extremely fragile and I think it should
be rewritten before adding new features.
Fixes: #12436
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Update vendor or containers/common moving pkg/cgroups there
|
| |
| |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so
existing tests should be fine.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
| |
While trying to match permissions of target directory podman adds
extra `0111` which should not be needed if target path does not have
execute permission.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\
| |
| | |
tests: clean up FIXMEs and noise
|