Merge pull request #16668 from karta0807913/main

fix an override logic in Inherit function
2025-07-12 16:46:22 +08:00 · 2022-12-06 17:58:31 -05:00
parent 73e6539f97 4134a37233
commit 2e9eb170c6
3 changed files with 55 additions and 4 deletions
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@ -614,8 +614,13 @@ func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtim
 		return nil, nil, nil, err
 	}

+	// podman pod container can override pod ipc NS
+	if !s.IpcNS.IsDefault() {
+		inheritSpec.IpcNS = s.IpcNS
+	}
+
 	// this causes errors when shmSize is the default value, it will still get passed down unless we manually override.
-	if s.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) {
+	if inheritSpec.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) {
 		s.ShmSize = nil
 	}
 	return options, infraSpec, compatibleOptions, nil
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@ -16,6 +16,7 @@ import (

 	"github.com/containers/common/libimage"
 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/parse"
 	"github.com/containers/common/pkg/secrets"
 	cutil "github.com/containers/common/pkg/util"
@ -148,6 +149,21 @@ type CtrSpecGenOptions struct {
 func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGenerator, error) {
 	s := specgen.NewSpecGenerator(opts.Container.Image, false)

+	rtc, err := config.Default()
+	if err != nil {
+		return nil, err
+	}
+
+	if s.CgroupsMode == "" {
+		s.CgroupsMode = rtc.Cgroups()
+	}
+	if len(s.ImageVolumeMode) == 0 {
+		s.ImageVolumeMode = rtc.Engine.ImageVolumeMode
+	}
+	if s.ImageVolumeMode == "bind" {
+		s.ImageVolumeMode = "anonymous"
+	}
+
 	// pod name should be non-empty for Deployment objects to be able to create
 	// multiple pods having containers with unique names
 	if len(opts.PodName) < 1 {
@ -199,7 +215,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 	s.InitContainerType = opts.InitContainerType

 	setupSecurityContext(s, opts.Container.SecurityContext, opts.PodSecurityContext)
-	err := setupLivenessProbe(s, opts.Container, opts.RestartPolicy)
+	err = setupLivenessProbe(s, opts.Container, opts.RestartPolicy)
 	if err != nil {
 		return nil, fmt.Errorf("failed to configure livenessProbe: %w", err)
 	}
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@ -175,8 +175,19 @@ spec:
  volumes:
    - name: foo
      secret:
-        secretName: oldsecret
-`
+        secretName: oldsecret`
+
+var simplePodYaml = `
+apiVersion: v1
+kind: Pod
+metadata:
+  name: libpod-test
+spec:
+  containers:
+  - image: quay.io/libpod/alpine_nginx:latest
+    command:
+      - sleep
+      - "3600"`

 var unknownKindYaml = `
 apiVersion: v1
@ -4376,4 +4387,23 @@ ENV OPENJ9_JAVA_OPTIONS=%q
 		deleteAndTestSecret(podmanTest, "newsecret")
 	})

+	It("podman play kube with disabled cgroup", func() {
+		conffile := filepath.Join(podmanTest.TempDir, "container.conf")
+		// Disabled ipcns and cgroupfs in the config file
+		// Since shmsize (Inherit from infra container) cannot be set if ipcns is "host", we should remove the default value.
+		// Also, cgroupfs config should be loaded into SpecGenerator when playing kube.
+		err := os.WriteFile(conffile, []byte(`
+[containers]
+ipcns="host"
+cgroups="disabled"`), 0644)
+		Expect(err).ToNot(HaveOccurred())
+		defer os.Unsetenv("CONTAINERS_CONF")
+		os.Setenv("CONTAINERS_CONF", conffile)
+		err = writeYaml(simplePodYaml, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+	})
 })