Merge pull request #17144 from rhatdan/annotations

Remove ReservedAnnotations from kube generate specification

docs/source/markdown/podman-kube-generate.1.md

@@ -77,9 +77,7 @@ spec:
     ports:
     - containerPort: 3306
       hostPort: 36533
-    resources: {}
     tty: true
-status: {}
 ```
 
 Create Kubernetes Pod YAML for a container with the directory `/home/user/my-data` on the host bind-mounted in the container to `/volume`.
@@ -102,7 +100,6 @@ spec:
     - /bin/sh
     image: docker.io/library/alpine:latest
     name: test-bind-mount
-    resources: {}
     volumeMounts:
     - mountPath: /volume
       name: home-user-my-data-host
@@ -112,7 +109,6 @@ spec:
       path: /home/user/my-data
       type: Directory
     name: home-user-my-data-host
-status: {}
 ```
 
 Create Kubernetes Pod YAML for a container with the named volume `priceless-data` mounted in the container at `/volume`.
@@ -135,7 +131,6 @@ spec:
     - /bin/sh
     image: docker.io/library/alpine:latest
     name: test-bind-mount
-    resources: {}
     volumeMounts:
     - mountPath: /volume
       name: priceless-data-pvc
@@ -144,7 +139,6 @@ spec:
   - name: priceless-data-pvc
     persistentVolumeClaim:
       claimName: priceless-data
-status: {}
 ```
 
 Create Kubernetes Pod YAML for a pod called `demoweb` and include a service.
@@ -168,10 +162,8 @@ spec:
     - /root/code/graph.py
     image: quay.io/baude/demoweb:latest
     name: practicalarchimedes
-    resources: {}
     tty: true
     workingDir: /root/code
-status: {}
 ---
 apiVersion: v1
 kind: Service

libpod/container_internal_common.go

@@ -499,7 +499,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	}
 
 	g.SetRootPath(c.state.Mountpoint)
-	g.AddAnnotation(annotations.Created, c.config.CreatedTime.Format(time.RFC3339Nano))
 	g.AddAnnotation("org.opencontainers.image.stopSignal", fmt.Sprintf("%d", c.config.StopSignal))
 
 	if _, exists := g.Config.Annotations[annotations.ContainerManager]; !exists {

libpod/kube.go

@@ -17,6 +17,7 @@ import (
 	"github.com/containers/common/pkg/config"
 	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/annotations"
 	"github.com/containers/podman/v4/pkg/env"
 	v1 "github.com/containers/podman/v4/pkg/k8s.io/api/core/v1"
 	"github.com/containers/podman/v4/pkg/k8s.io/apimachinery/pkg/api/resource"
@@ -365,6 +366,9 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
 	for _, ctr := range containers {
 		if !ctr.IsInfra() {
 			for k, v := range ctr.config.Spec.Annotations {
+				if define.IsReservedAnnotation(k) || annotations.IsReservedAnnotation(k) {
+					continue
+				}
 				podAnnotations[fmt.Sprintf("%s/%s", k, removeUnderscores(ctr.Name()))] = TruncateKubeAnnotation(v)
 			}
 			// Convert auto-update labels into kube annotations
@@ -506,6 +510,9 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 	for _, ctr := range ctrs {
 		ctrNames = append(ctrNames, removeUnderscores(ctr.Name()))
 		for k, v := range ctr.config.Spec.Annotations {
+			if define.IsReservedAnnotation(k) || annotations.IsReservedAnnotation(k) {
+				continue
+			}
 			kubeAnnotations[fmt.Sprintf("%s/%s", k, removeUnderscores(ctr.Name()))] = TruncateKubeAnnotation(v)
 		}
 

pkg/annotations/annotations.go

@@ -120,3 +120,15 @@ const (
 // ContainerManagerLibpod indicates that libpod created and manages the
 // container.
 const ContainerManagerLibpod = "libpod"
+
+// IsReservedAnnotation returns true if the specified value corresponds to an
+// already reserved annotation that Podman sets during container creation.
+func IsReservedAnnotation(value string) bool {
+	switch value {
+	case Annotations, ContainerID, ContainerName, ContainerType, Created, HostName, CgroupParent, IP, NamespaceOptions, SeccompProfilePath, Image, ImageName, ImageRef, KubeName, PortMappings, Labels, LogPath, Metadata, Name, Namespace, PrivilegedRuntime, ResolvPath, HostnamePath, SandboxID, SandboxName, ShmPath, MountPoint, RuntimeHandler, TTY, Stdin, StdinOnce, Volumes, HostNetwork, CNIResult, ContainerManager:
+		return true
+
+	default:
+		return false
+	}
+}

pkg/specgen/generate/container.go

@@ -213,7 +213,6 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 			sandboxID = infra.ID()
 		}
 		annotations[ann.SandboxID] = sandboxID
-		annotations[ann.ContainerType] = ann.ContainerTypeContainer
 		// Check if this is an init-ctr and if so, check if
 		// the pod is running.  we do not want to add init-ctrs to
 		// a running pod because it creates confusion for us.

pkg/specgen/generate/kube/kube.go

@@ -324,7 +324,6 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 	}
 	if opts.PodInfraID != "" {
 		annotations[ann.SandboxID] = opts.PodInfraID
-		annotations[ann.ContainerType] = ann.ContainerTypeContainer
 	}
 	s.Annotations = annotations
 

pkg/specgenutil/specgen.go

@@ -13,7 +13,6 @@ import (
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/podman/v4/cmd/podman/parse"
 	"github.com/containers/podman/v4/libpod/define"
-	ann "github.com/containers/podman/v4/pkg/annotations"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	envLib "github.com/containers/podman/v4/pkg/env"
 	"github.com/containers/podman/v4/pkg/namespaces"
@@ -433,11 +432,6 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	// ANNOTATIONS
 	annotations := make(map[string]string)
 
-	// First, add our default annotations
-	if c.TTY {
-		annotations[ann.TTY] = "true"
-	}
-
 	// Last, add user annotations
 	for _, annotation := range c.Annotation {
 		splitAnnotation := strings.SplitN(annotation, "=", 2)

test/e2e/generate_kube_test.go

@@ -18,7 +18,7 @@ import (
 	. "github.com/onsi/gomega/gexec"
 )
 
-var _ = Describe("Podman generate kube", func() {
+var _ = Describe("Podman kube generate", func() {
 	var (
 		tempdir    string
 		err        error
@@ -41,19 +41,19 @@ var _ = Describe("Podman generate kube", func() {
 
 	})
 
-	It("podman generate pod kube on bogus object", func() {
+	It("podman kube generate pod on bogus object", func() {
 		session := podmanTest.Podman([]string{"generate", "kube", "foobar"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(ExitWithError())
 	})
 
-	It("podman generate service kube on bogus object", func() {
+	It("podman kube generate service on bogus object", func() {
-		session := podmanTest.Podman([]string{"generate", "kube", "-s", "foobar"})
+		session := podmanTest.Podman([]string{"kube", "generate", "-s", "foobar"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(ExitWithError())
 	})
 
-	It("podman generate kube on container", func() {
+	It("podman kube generate on container", func() {
 		session := podmanTest.RunTopContainer("top")
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -72,6 +72,7 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(pod.Spec.Containers[0].SecurityContext).To(BeNil())
 		Expect(pod.Spec.Containers[0].Env).To(BeNil())
 		Expect(pod).To(HaveField("Name", "top-pod"))
+		Expect(pod.Annotations).To(HaveLen(0))
 
 		numContainers := 0
 		for range pod.Spec.Containers {
@@ -80,7 +81,7 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(numContainers).To(Equal(1))
 	})
 
-	It("podman generate service kube on container with --security-opt level", func() {
+	It("podman kube generate service on container with --security-opt level", func() {
 		session := podmanTest.Podman([]string{"create", "--name", "test", "--security-opt", "label=level:s0:c100,c200", "alpine"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -166,6 +167,7 @@ var _ = Describe("Podman generate kube", func() {
 		err := yaml.Unmarshal(kube.Out.Contents(), pod)
 		Expect(err).ToNot(HaveOccurred())
 		Expect(pod.Spec).To(HaveField("HostNetwork", false))
+		Expect(pod.Annotations).To(HaveLen(0))
 
 		numContainers := 0
 		for range pod.Spec.Containers {

test/system/710-kube.bats

@@ -33,7 +33,7 @@ json.dump(yaml.safe_load(sys.stdin), sys.stdout)'
     cname=c$(random_string 15)
     run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname $IMAGE top
     run_podman kube generate $cname
-
+    assert "$output" !~ "Kubernetes only allows 63 characters"
     # Convert yaml to json, and dump to stdout (to help in case of errors)
     json=$(yaml2json <<<"$output")
     jq . <<<"$json"
@@ -101,11 +101,6 @@ status                           | =  | null
 apiVersion | =  | v1
 kind       | =  | Pod
 
-metadata.annotations.\"io.kubernetes.cri-o.ContainerType/$cname1\" | =  | container
-metadata.annotations.\"io.kubernetes.cri-o.ContainerType/$cname2\" | =  | container
-metadata.annotations.\"io.kubernetes.cri-o.SandboxID/$cname1\"     | =~ | [0-9a-f]\\{56\\}
-metadata.annotations.\"io.kubernetes.cri-o.SandboxID/$cname2\"     | =~ | [0-9a-f]\\{56\\}
-
 metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
 metadata.labels.app        | =  | ${pname}
 metadata.name              | =  | ${pname}