From eb9fe52a555361f49f7b015163ecfcd91f1d6091 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 23 Feb 2022 12:56:10 +0100 Subject: kube: honor mount propagation mode convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano --- pkg/specgen/generate/kube/kube.go | 16 +++++++++++-- pkg/specgen/generate/kube/kube_test.go | 42 ++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 pkg/specgen/generate/kube/kube_test.go (limited to 'pkg') diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 2fd149b49..9872a7f40 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -319,7 +319,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener continue } - dest, options, err := parseMountPath(volume.MountPath, volume.ReadOnly) + dest, options, err := parseMountPath(volume.MountPath, volume.ReadOnly, volume.MountPropagation) if err != nil { return nil, err } @@ -385,7 +385,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener return s, nil } -func parseMountPath(mountPath string, readOnly bool) (string, []string, error) { +func parseMountPath(mountPath string, readOnly bool, propagationMode *v1.MountPropagationMode) (string, []string, error) { options := []string{} splitVol := strings.Split(mountPath, ":") if len(splitVol) > 2 { @@ -405,6 +405,18 @@ func parseMountPath(mountPath string, readOnly bool) (string, []string, error) { if err != nil { return "", opts, errors.Wrapf(err, "parsing MountOptions") } + if propagationMode != nil { + switch *propagationMode { + case v1.MountPropagationNone: + opts = append(opts, "private") + case v1.MountPropagationHostToContainer: + opts = append(opts, "rslave") + case v1.MountPropagationBidirectional: + opts = append(opts, "rshared") + default: + return "", opts, errors.Errorf("unknown propagation mode %q", *propagationMode) + } + } return dest, opts, nil } diff --git a/pkg/specgen/generate/kube/kube_test.go b/pkg/specgen/generate/kube/kube_test.go new file mode 100644 index 000000000..62793ebb6 --- /dev/null +++ b/pkg/specgen/generate/kube/kube_test.go @@ -0,0 +1,42 @@ +package kube + +import ( + "testing" + + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + //"github.com/stretchr/testify/require" +) + +func testPropagation(t *testing.T, propagation v1.MountPropagationMode, expected string) { + dest, options, err := parseMountPath("/to", false, &propagation) + assert.NoError(t, err) + assert.Equal(t, dest, "/to") + assert.Contains(t, options, expected) +} + +func TestParseMountPathPropagation(t *testing.T) { + testPropagation(t, v1.MountPropagationNone, "private") + testPropagation(t, v1.MountPropagationHostToContainer, "rslave") + testPropagation(t, v1.MountPropagationBidirectional, "rshared") + + prop := v1.MountPropagationMode("SpaceWave") + _, _, err := parseMountPath("/to", false, &prop) + assert.Error(t, err) + + _, options, err := parseMountPath("/to", false, nil) + assert.NoError(t, err) + assert.NotContains(t, options, "private") + assert.NotContains(t, options, "rslave") + assert.NotContains(t, options, "rshared") +} + +func TestParseMountPathRO(t *testing.T) { + _, options, err := parseMountPath("/to", true, nil) + assert.NoError(t, err) + assert.Contains(t, options, "ro") + + _, options, err = parseMountPath("/to", false, nil) + assert.NoError(t, err) + assert.NotContains(t, options, "ro") +} -- cgit v1.2.3-54-g00ecf From 82f4760deaf57d54ec8476c1d4f5749c1ec3f82b Mon Sep 17 00:00:00 2001 From: Aditya R Date: Fri, 18 Feb 2022 16:54:18 +0530 Subject: kube: honor --build=false and make --build=true by default `podman play kube` tries to build images even if `--build` is set to false so lets honor that and make `--build` , `true` by default so it matches the original behviour. Signed-off-by: Aditya R --- cmd/podman/play/kube.go | 6 +++- docs/source/markdown/podman-play-kube.1.md | 5 ++-- pkg/domain/entities/play.go | 2 +- pkg/domain/infra/abi/play.go | 2 +- test/e2e/play_build_test.go | 47 ++++++++++++++++++++++++++++++ 5 files changed, 57 insertions(+), 5 deletions(-) (limited to 'pkg') diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go index ccf6ea861..1a430f2dc 100644 --- a/cmd/podman/play/kube.go +++ b/cmd/podman/play/kube.go @@ -27,6 +27,7 @@ type playKubeOptionsWrapper struct { TLSVerifyCLI bool CredentialsCLI string StartCLI bool + BuildCLI bool } var ( @@ -117,7 +118,7 @@ func init() { _ = kubeCmd.RegisterFlagCompletionFunc(configmapFlagName, completion.AutocompleteDefault) buildFlagName := "build" - flags.BoolVar(&kubeOptions.Build, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)") + flags.BoolVar(&kubeOptions.BuildCLI, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)") } if !registry.IsRemote() { @@ -138,6 +139,9 @@ func kube(cmd *cobra.Command, args []string) error { if cmd.Flags().Changed("start") { kubeOptions.Start = types.NewOptionalBool(kubeOptions.StartCLI) } + if cmd.Flags().Changed("build") { + kubeOptions.Build = types.NewOptionalBool(kubeOptions.BuildCLI) + } if kubeOptions.Authfile != "" { if _, err := os.Stat(kubeOptions.Authfile); err != nil { return err diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index 6d02af80d..f85ea9046 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -67,7 +67,8 @@ like: ``` The build will consider `foobar` to be the context directory for the build. If there is an image in local storage -called `foobar`, the image will not be built unless the `--build` flag is used. +called `foobar`, the image will not be built unless the `--build` flag is used. Use `--build=false` to completely +disable builds. `Kubernetes ConfigMap` @@ -115,7 +116,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path` #### **--build** -Build images even if they are found in the local storage. +Build images even if they are found in the local storage. Use `--build=false` to completely disable builds. #### **--cert-dir**=*path* diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go index 39234caf8..43fa3a712 100644 --- a/pkg/domain/entities/play.go +++ b/pkg/domain/entities/play.go @@ -11,7 +11,7 @@ type PlayKubeOptions struct { // Authfile - path to an authentication file. Authfile string // Indicator to build all images with Containerfile or Dockerfile - Build bool + Build types.OptionalBool // CertDir - to a directory containing TLS certifications and keys. CertDir string // Down indicates whether to bring contents of a yaml file "down" diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 86a60e92d..308a1d0ee 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -476,7 +476,7 @@ func (ic *ContainerEngine) getImageAndLabelInfo(ctx context.Context, cwd string, if err != nil { return nil, nil, err } - if (len(buildFile) > 0 && !existsLocally) || (len(buildFile) > 0 && options.Build) { + if (len(buildFile) > 0) && ((!existsLocally && options.Build != types.OptionalBoolFalse) || (options.Build == types.OptionalBoolTrue)) { buildOpts := new(buildahDefine.BuildOptions) commonOpts := new(buildahDefine.CommonBuildOptions) buildOpts.ConfigureNetwork = buildahDefine.NetworkDefault diff --git a/test/e2e/play_build_test.go b/test/e2e/play_build_test.go index 70e042b4d..849ba7162 100644 --- a/test/e2e/play_build_test.go +++ b/test/e2e/play_build_test.go @@ -212,6 +212,53 @@ LABEL marge=mom Expect(inspectData[0].Config.Labels).To(HaveKeyWithValue("marge", "mom")) }) + It("Do not build image at all if --build=false", func() { + // Setup + yamlDir := filepath.Join(tempdir, RandomString(12)) + err := os.Mkdir(yamlDir, 0755) + Expect(err).To(BeNil(), "mkdir "+yamlDir) + err = writeYaml(testYAML, filepath.Join(yamlDir, "top.yaml")) + Expect(err).To(BeNil()) + + // build an image called foobar but make sure it doesn't have + // the same label as the yaml buildfile, so we can check that + // the image is NOT rebuilt. + err = writeYaml(prebuiltImage, filepath.Join(yamlDir, "Containerfile")) + Expect(err).To(BeNil()) + + app1Dir := filepath.Join(yamlDir, "foobar") + err = os.Mkdir(app1Dir, 0755) + Expect(err).To(BeNil()) + err = writeYaml(playBuildFile, filepath.Join(app1Dir, "Containerfile")) + Expect(err).To(BeNil()) + // Write a file to be copied + err = writeYaml(copyFile, filepath.Join(app1Dir, "copyfile")) + Expect(err).To(BeNil()) + + // Switch to temp dir and restore it afterwards + cwd, err := os.Getwd() + Expect(err).To(BeNil()) + Expect(os.Chdir(yamlDir)).To(BeNil()) + defer func() { (Expect(os.Chdir(cwd)).To(BeNil())) }() + + // Build the image into the local store + build := podmanTest.Podman([]string{"build", "-t", "foobar", "-f", "Containerfile"}) + build.WaitWithDefaultTimeout() + Expect(build).Should(Exit(0)) + + session := podmanTest.Podman([]string{"play", "kube", "--build=false", "top.yaml"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + inspect := podmanTest.Podman([]string{"container", "inspect", "top_pod-foobar"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectData := inspect.InspectContainerToJSON() + Expect(len(inspectData)).To(BeNumerically(">", 0)) + Expect(inspectData[0].Config.Labels).To(Not(HaveKey("homer"))) + Expect(inspectData[0].Config.Labels).To(HaveKeyWithValue("marge", "mom")) + }) + It("--build should override image in store", func() { // Setup yamlDir := filepath.Join(tempdir, RandomString(12)) -- cgit v1.2.3-54-g00ecf From 2b85f62a23e592a115fe8cab0c1b1f4b2dda36da Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 21 Feb 2022 15:05:42 +0100 Subject: use GetRuntimeDir() from c/common To prevent duplication and potential bugs we should use the same GetRuntimeDir function that is used in c/common. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger --- pkg/util/utils.go | 2 -- pkg/util/utils_supported.go | 50 ++------------------------------------------- 2 files changed, 2 insertions(+), 50 deletions(-) (limited to 'pkg') diff --git a/pkg/util/utils.go b/pkg/util/utils.go index 925ff9830..bdd1e1383 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -463,8 +463,6 @@ func ParseIDMapping(mode namespaces.UsernsMode, uidMapSlice, gidMapSlice []strin var ( rootlessConfigHomeDirOnce sync.Once rootlessConfigHomeDir string - rootlessRuntimeDirOnce sync.Once - rootlessRuntimeDir string ) type tomlOptionsConfig struct { diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go index 848b35a45..e9d6bfa31 100644 --- a/pkg/util/utils_supported.go +++ b/pkg/util/utils_supported.go @@ -6,67 +6,21 @@ package util // should work to take darwin from this import ( - "fmt" "os" "path/filepath" "syscall" + cutil "github.com/containers/common/pkg/util" "github.com/containers/podman/v4/pkg/rootless" "github.com/pkg/errors" - "github.com/sirupsen/logrus" ) // GetRuntimeDir returns the runtime directory func GetRuntimeDir() (string, error) { - var rootlessRuntimeDirError error - if !rootless.IsRootless() { return "", nil } - - rootlessRuntimeDirOnce.Do(func() { - runtimeDir := os.Getenv("XDG_RUNTIME_DIR") - uid := fmt.Sprintf("%d", rootless.GetRootlessUID()) - if runtimeDir == "" { - tmpDir := filepath.Join("/run", "user", uid) - if err := os.MkdirAll(tmpDir, 0700); err != nil { - logrus.Debug(err) - } - st, err := os.Stat(tmpDir) - if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && (st.Mode().Perm()&0700 == 0700) { - runtimeDir = tmpDir - } - } - if runtimeDir == "" { - tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("podman-run-%s", uid)) - if err := os.MkdirAll(tmpDir, 0700); err != nil { - logrus.Debug(err) - } - st, err := os.Stat(tmpDir) - if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && (st.Mode().Perm()&0700 == 0700) { - runtimeDir = tmpDir - } - } - if runtimeDir == "" { - home := os.Getenv("HOME") - if home == "" { - rootlessRuntimeDirError = fmt.Errorf("neither XDG_RUNTIME_DIR nor HOME was set non-empty") - return - } - resolvedHome, err := filepath.EvalSymlinks(home) - if err != nil { - rootlessRuntimeDirError = errors.Wrapf(err, "cannot resolve %s", home) - return - } - runtimeDir = filepath.Join(resolvedHome, "rundir") - } - rootlessRuntimeDir = runtimeDir - }) - - if rootlessRuntimeDirError != nil { - return "", rootlessRuntimeDirError - } - return rootlessRuntimeDir, nil + return cutil.GetRuntimeDir() } // GetRootlessConfigHomeDir returns the config home directory when running as non root -- cgit v1.2.3-54-g00ecf