| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Since podman doesn't set/use the needed service env
variable, always set enableServiceLinks to false in
the generated kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\
| |
| | |
Add emptyDir volume support to kube play
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a kube yaml has a volume set as empty dir, podman
will create an anonymous volume with the empty dir name and
attach it to the containers running in the pod. When the pod
is removed, the empy dir volume created is also removed.
Add tests and docs for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add two new options to the keep-id user namespace option:
- uid: allow to override the UID used inside the container.
- gid: allow to override the GID used inside the container.
For example, the following command will map the rootless user (that
has UID=0 inside the rootless user namespace) to the UID=11 inside the
container user namespace:
$ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map
0 1 11
11 0 1
12 12 65525
Closes: https://github.com/containers/podman/issues/15294
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
| |
We keep getting flakes in tests that use port 5000. Try to
find and fix, by switching ports where possible, and locking
5000 when not possible (or not easy) to switch.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
Handle an already connected network in libpod API
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Compat: Treat already attached networks as a no-op
Applies only to containers in created state. Maintain error in running state.
Co-authored-by: Alessandro Rossi <al.rossi87@gmail.com>
Co-authored-by: Brent Baude <bbaude@redhat.com>
Co-authored-by: Jason T. Greene <jason.greene@redhat.com>
Signed-off-by: Alessandro Rossi <al.rossi87@gmail.com>
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
| |
`podman-remote` and Libpod API does not supports build with
`--userns=auto` since `IDMappingOptions` were not implemented for API
and bindings, following PR implements passing `IDMappingOptions` via
bindings to API.
Closes: https://github.com/containers/podman/issues/15476
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
using "slave" means that every mount operation on the host that
happens between the mount creation for `/host` and running `findmnt`
will be propagated to the container mount. To prevent new mounts on
the host to appear in the container thus invalidating the test we
have, just create the mount as private and use `/sys` as source as it
has multiple mounts on the top but less likely to get new mounts once
it is configured.
Closes: https://github.com/containers/podman/issues/15241
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
vendor containers/psgo@v1.7.3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add three new capabilities that would otherwise be reported as unknown.
Also add an e2e test making sure that `podman top` knows all
capabilities of the current kernel. I refrained from adding a system
test since this may blow up in gating tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
Allow podman to run in an environment with keys containing spaces
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/15251
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
it is not a kernel bug.
Rootless users are not allowed to use non recursive bind mounts,
otherwise they would be able to uncover mounts that were not visible
before to them.
[CI:DOCS] it is just a comment fix.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Add support for containers.conf volume timeouts
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
run,create: add support for `--env-merge` for preprocessing default environment variables
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`
Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```
Closes: https://github.com/containers/podman/issues/15288
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \
| | |
| | | |
e2e: Add run --memory-swap test
|
| | |/
| |
| |
| |
| |
| | |
There is not e2e/system test of --memory-swap option.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \
| |/
|/| |
Simplify ImagesPull for when Quiet flag is on
|
| | |
| |
| |
| | |
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| |\ \
| | |
| | | |
pass environment variables to container clone
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the env vars are held in the spec rather than the config, so they need to be mapped manually. They are also of a different format so special handling needed to be added. All env from the parent container will now be passed to the clone.
resolves #15242
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Warning messages are printed and ignored if we use an unsupported option on cgroups V1 rootless systems
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When an unsupported limit on cgroups V1 rootless systems
is requested, podman prints an warning message and
ignores the option/flag.
```
Target options/flags:
--cpu-period, --cpu-quota, --cpu-rt-period, --cpu-rt-runtime,
--cpus, --cpu-shares, --cpuset-cpus, --cpuset-mems, --memory,
--memory-reservation, --memory-swap, --memory-swappiness,
--blkio-weight, --device-read-bps, --device-write-bps,
--device-read-iops, --device-write-iops, --blkio-weight-device
```
Related to https://github.com/containers/podman/discussions/10152
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support inspecting image healthcheck using docker supported
`.Config.HealthCheck` by aliasing field to `.HealthCheck`
Now supports
```Console
podman image inspect -f "{{.Config.Healthcheck}}" imagename
```
Closes: https://github.com/containers/podman/issues/14661
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Add quiet/q flag to podman secret ls
|
| | |/
| |
| |
| |
| |
| |
| | |
Add quiet/q flag to podman secret ls, which will print only the secret
ID.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| |/
|/| |
podman secret create -d alias --driver, inspect -f alias --format: Docker compatibity
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Add podman stats --no-trunc option
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
This is for compatibility with Docker.
Partial fix for https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Add restart --cidfile, --filter
|
| | |
| |
| |
| |
| |
| |
| | |
--cidfile : Read container ID from the specified file and restart the container.
--filter : restart the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Accept a --amend flag in `podman manifest create`, and treat
`--insecure` as we would `--tls-verify=false` in `podman manifest`'s
"add", "create", and "push" subcommands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\ \
| |/
|/| |
Add "podman kube generate" command
|
| | |
| |
| |
| |
| |
| |
| |
| | |
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
`podman-remote manifest push` has shown absolutely no progress at all.
Fix that by doing the same as the remote-push code does.
Like remote-push, `quiet` parameter is true by default for backwards
compatibility.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
|
| |\
| |
| | |
I believe that these tests will now run with crun.
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
podman generate spec
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod
and container creation API.
supported flags are
--verbose (default true) print output to the terminal
--compact print the json output in a single line format to be piped to the API
--filename put the output in a file
--clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \
| | |
| | | |
Output messages display rawInput
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`init`, `checkpint/restore` and `cleanup` command now display
output messages which is rawInput instead of a container ID.
Example:
```
$ podman init <container name>
<container name>
$ podman init <short container ID>
<short container ID>
```
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
if an explicit mapping is specified, do not accept `--userns` since it
overriden to "private".
Closes: https://github.com/containers/podman/issues/15233
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
