From 641f0ccc4eb999af3c2a01d709769287ba45451c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 22 Sep 2021 17:08:21 -0400 Subject: Add podman play kube --no-hosts options This option will setup the containers to not modify their /etc/hosts file and just use the one from the image. Fixes: https://github.com/containers/podman/issues/9500 Signed-off-by: Daniel J Walsh --- cmd/podman/play/kube.go | 1 + docs/source/markdown/podman-play-kube.1.md | 4 +++ pkg/api/handlers/libpod/play.go | 2 ++ pkg/bindings/play/play.go | 3 +-- pkg/bindings/play/types.go | 2 ++ pkg/bindings/play/types_kube_options.go | 15 +++++++++++ pkg/domain/entities/play.go | 3 +++ pkg/domain/infra/abi/play.go | 2 +- pkg/domain/infra/tunnel/play.go | 2 +- pkg/specgen/generate/kube/kube.go | 7 +++-- test/e2e/play_kube_test.go | 43 ++++++++++++++++++++++++++++++ 11 files changed, 78 insertions(+), 6 deletions(-) diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go index 9308371d2..85e0c279c 100644 --- a/cmd/podman/play/kube.go +++ b/cmd/podman/play/kube.go @@ -78,6 +78,7 @@ func init() { flags.StringVar(&kubeOptions.LogDriver, logDriverFlagName, "", "Logging driver for the container") _ = kubeCmd.RegisterFlagCompletionFunc(logDriverFlagName, common.AutocompleteLogDriver) + flags.BoolVar(&kubeOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the pod's containers, instead use the version from the image") flags.BoolVarP(&kubeOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images") flags.BoolVar(&kubeOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") flags.BoolVar(&kubeOptions.StartCLI, "start", true, "Start the pod after creating it") diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index 7e3e0f431..a4b9722b8 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -138,6 +138,10 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks. - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks. +#### **--no-hosts** + +Do not create /etc/hosts within the pod's containers, instead use the version from the image + #### **--quiet**, **-q** Suppress output information when pulling images diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go index 0def32821..851e0f6c8 100644 --- a/pkg/api/handlers/libpod/play.go +++ b/pkg/api/handlers/libpod/play.go @@ -29,6 +29,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) { Start bool `schema:"start"` StaticIPs []string `schema:"staticIPs"` StaticMACs []string `schema:"staticMACs"` + NoHosts bool `schema:"noHosts"` }{ TLSVerify: true, Start: true, @@ -102,6 +103,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) { Username: username, Password: password, Network: query.Network, + NoHosts: query.NoHosts, Quiet: true, LogDriver: query.LogDriver, StaticIPs: staticIPs, diff --git a/pkg/bindings/play/play.go b/pkg/bindings/play/play.go index 89a6f9b65..bdd13d03d 100644 --- a/pkg/bindings/play/play.go +++ b/pkg/bindings/play/play.go @@ -6,11 +6,10 @@ import ( "os" "strconv" - "github.com/sirupsen/logrus" - "github.com/containers/podman/v3/pkg/auth" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/domain/entities" + "github.com/sirupsen/logrus" ) func Kube(ctx context.Context, path string, options *KubeOptions) (*entities.PlayKubeReport, error) { diff --git a/pkg/bindings/play/types.go b/pkg/bindings/play/types.go index 787069169..fdfc4a6fa 100644 --- a/pkg/bindings/play/types.go +++ b/pkg/bindings/play/types.go @@ -17,6 +17,8 @@ type KubeOptions struct { Password *string // Network - name of the CNI network to connect to. Network *string + // NoHosts - do not generate /etc/hosts file in pod's containers + NoHosts *bool // Quiet - suppress output when pulling images. Quiet *bool // SignaturePolicy - path to a signature-policy file. diff --git a/pkg/bindings/play/types_kube_options.go b/pkg/bindings/play/types_kube_options.go index 65757cc5e..1a6324302 100644 --- a/pkg/bindings/play/types_kube_options.go +++ b/pkg/bindings/play/types_kube_options.go @@ -93,6 +93,21 @@ func (o *KubeOptions) GetNetwork() string { return *o.Network } +// WithNoHosts set field NoHosts to given value +func (o *KubeOptions) WithNoHosts(value bool) *KubeOptions { + o.NoHosts = &value + return o +} + +// GetNoHosts returns value of field NoHosts +func (o *KubeOptions) GetNoHosts() bool { + if o.NoHosts == nil { + var z bool + return z + } + return *o.NoHosts +} + // WithQuiet set field Quiet to given value func (o *KubeOptions) WithQuiet(value bool) *KubeOptions { o.Quiet = &value diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go index f630b3f24..af4b0fc35 100644 --- a/pkg/domain/entities/play.go +++ b/pkg/domain/entities/play.go @@ -17,6 +17,9 @@ type PlayKubeOptions struct { // Down indicates whether to bring contents of a yaml file "down" // as in stop Down bool + // Do not create /etc/hosts within the pod's containers, + // instead use the version from the image + NoHosts bool // Username for authenticating against the registry. Username string // Password for authenticating against the registry. diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index cf72a6253..751d6cc05 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -181,7 +181,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } } - podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}}} + podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}, NoHosts: options.NoHosts}} podOpt, err = kube.ToPodOpt(ctx, podName, podOpt, podYAML) if err != nil { return nil, err diff --git a/pkg/domain/infra/tunnel/play.go b/pkg/domain/infra/tunnel/play.go index e39751a18..0b1c3d2ca 100644 --- a/pkg/domain/infra/tunnel/play.go +++ b/pkg/domain/infra/tunnel/play.go @@ -13,7 +13,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, opts entit options.WithCertDir(opts.CertDir).WithQuiet(opts.Quiet).WithSignaturePolicy(opts.SignaturePolicy).WithConfigMaps(opts.ConfigMaps) options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Network).WithSeccompProfileRoot(opts.SeccompProfileRoot) options.WithStaticIPs(opts.StaticIPs).WithStaticMACs(opts.StaticMACs) - + options.WithNoHosts(opts.NoHosts) if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined { options.WithSkipTLSVerify(s == types.OptionalBoolTrue) } diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 9389b1a20..194c8dce5 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -26,8 +26,8 @@ import ( ) func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, podYAML *v1.PodTemplateSpec) (entities.PodCreateOptions, error) { - // p := specgen.NewPodSpecGenerator() - p.Net = &entities.NetOptions{} + p.Net = &entities.NetOptions{NoHosts: p.Net.NoHosts} + p.Name = podName p.Labels = podYAML.ObjectMeta.Labels // Kube pods must share {ipc, net, uts} by default @@ -47,6 +47,9 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, p.Net.Network = specgen.Namespace{NSMode: "host"} } if podYAML.Spec.HostAliases != nil { + if p.Net.NoHosts { + return p, errors.New("HostAliases in yaml file will not work with --no-hosts") + } hosts := make([]string, 0, len(podYAML.Spec.HostAliases)) for _, hostAlias := range podYAML.Spec.HostAliases { for _, host := range hostAlias.Hostnames { diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 83ce751e6..a29d0ad46 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -1137,6 +1137,49 @@ var _ = Describe("Podman play kube", func() { Expect(infraContainerImage).To(Equal(config.DefaultInfraImage)) }) + It("podman play kube --no-host", func() { + err := writeYaml(checkInfraImagePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", "--no-hosts", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + podInspect := podmanTest.Podman([]string{"pod", "inspect", "check-infra-image"}) + podInspect.WaitWithDefaultTimeout() + Expect(podInspect).Should(Exit(0)) + + data := podInspect.InspectPodToJSON() + for _, ctr := range data.Containers { + if strings.HasSuffix(ctr.Name, "-infra") { + continue + } + exec := podmanTest.Podman([]string{"exec", ctr.ID, "cat", "/etc/hosts"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).To(Not(ContainSubstring("check-infra-image"))) + } + }) + + It("podman play kube test HostAliases with --no-hosts", func() { + pod := getPod(withHostAliases("192.168.1.2", []string{ + "test1.podman.io", + "test2.podman.io", + }), + withHostAliases("192.168.1.3", []string{ + "test3.podman.io", + "test4.podman.io", + }), + ) + err := generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", "--no-hosts", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(125)) + Expect(kube.ErrorToString()).To(ContainSubstring("HostAliases in yaml file will not work with --no-hosts")) + }) + It("podman play kube should use customized infra_image", func() { conffile := filepath.Join(podmanTest.TempDir, "container.conf") -- cgit v1.2.3-54-g00ecf