Add the abilitiy to deploy the generated kube yaml to a
kubernetes cluster with the podman kube apply command.
Add support to directly apply containers, pods, or volumes
by passing in their names or ids to the command.
Use the kubernetes API endpoints and http requests to connect
to the cluster and deploy the various kubernetes object kinds.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Basically, acknowledge the need for dependencies and link
to Fedora specfile which is the only sane place to find
such a list.
Closes: #16365
Signed-off-by: Ed Santiago <santiago@redhat.com>
Underscore is special in markdown. We usually escape them
properly, but these are a few that we missed. Found using:
$ ack '[A-Z]\\fI[A-Z]' docs/build/man
(plus one that I found by accident).
If anyone has ideas on how to add a commit check for these,
please speak up. I'm at a complete loss to automate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This pulls in https://github.com/godbus/dbus/pull/332 allowing dbus to
build without cgo on FreeBSD. This will allow freebsd targets in the cross
build.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Only want to report if user created local customized storage in
/etc/containers/storage.conf or in
$HOME/.config/containers/storage.conf, when resetting storage.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a script to measure the execution times of podman, crun, run and
conmon. It's a trimmed down version of the exitsnoop tool and intended
to guide us in future performance optimizations.
The below output was generated when running
`podman run --net=host docker.io/library/alpine:latest true`
```
podman (snoop) $ sudo ./hack/podmansnoop
PCOMM PID PPID TID AGE(ms)
conmon 51580 51569 51580 1.67
conmon 51583 51569 51583 3.53
crun 51591 51590 51591 18.28
crun 51593 51569 51593 2.48
conmon 51606 51594 51606 0.85
crun 51608 51594 51608 2.50
podman 51594 51590 51594 176.27
conmon 51590 1950 51590 214.78
podman 51569 40964 51569 431.36
```
In the future, it would be helpful to add the arguments of the commands.
`execsnoop` can reveal them quite nicely but I did not manage to merge
the two scripts due to time constraints.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
support using keep-id when only one mapping is available to the
rootless user.
When there is only one id available (e.g. there are no additional IDs
set in /etc/subuid and /etc/subgid for the unprivileged user), then
only add the identity mapping $ID -> $ID, leaving unmapped other IDs
in the user namespace.
[NO NEW TESTS NEEDED] it needs a configuration with only one ID
available.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The rest of the code has been using golang.org/x/* for the IsTerminal()
API for a long time, not github.com/mattn/go-isatty. It seems better to
stick to packages from the golang.org domain, whenever possible, and one
less dependency is always a good thing.
The modules were not cleaned up with 'make vendor' because 'go mod tidy'
was running into:
go: error loading go 1.16 module graph:
github.com/containers/image/v5@v5.23.1-0.20221015133641-1921a1993c67
requires
github.com/honeycombio/beeline-go@v1.9.0 requires
github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading
github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown
revision v2.0.3
If reproducibility with go 1.16 is not needed:
go mod tidy -compat=1.17
Since go.mod already requires Go 1.17, the following commands were
manually run:
$ go mod tidy -compat=1.17
$ go mod vendor
$ go mod verify
Further modifications to go.sum were done manually based on the
complaints from postbuild.sh run by the CI.
[NO NEW TESTS NEEDED] as it's not a functional change.
Fixes: 85db895012bead6b ("logging: new mode -l passthrough")
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
The OCI Runtime's KillContainer interface can modify container
state (if the signal fails to send, as it would if the container
failed immediately after starting, we will update state to pick
up the fact that the container exited). As such, it can edit the
DB, and needs to be run locked.
There are fortunately only a few places where this function is
used, and most of them are already safe. The only exception is
StartAndAttach(), which does a SIGWINCH in an unlocked portion of
the function. Fortunately it's a goroutine, so just add a lock
and defer unlock and it should be fixed.
[NO NEW TESTS NEEDED] I have no idea how to induce a scenario
that would cause this consistently.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When there is a podman pause process running the local podman ginkgo
tests will join the usernamespace. This because pkg/rootless will
automatically join the ns on startup when possible. To fix this we
need to use the remote build tag which disables that behavior.
However since the remote tag is also used in the e2e test itself we
would always run remote tests which is wrong, this is fixed by using a
new `remote_testing` tag for the test.
see discussion here: https://github.com/containers/podman/pull/16309#discussion_r1006166930
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We've had some oopsies in system tests:
podman foo bar
run podman foo bar
...all of which should be run_podman with underscore. Those
have been passing because /usr/bin/podman is the fallback
from $PATH. In those (few) cases, we haven't actually been
testing the podman we should be testing.
Solution: nuke /usr/bin/podman and podman-remote before
invoking system and unit tests. As an extra level of
paranoia, check for other podmans in $PATH - if any
exist, bail out with a fatal error.
Also: in a few cases where runner.sh invokes podman for
containerized something-something, run bin/podman instead
of podman from $PATH.
Also: fix existing dependencies on /usr/bin/podman
Signed-off-by: Ed Santiago <santiago@redhat.com>
idmap is documented as supported for volumes, but it was not added to
the getNamedVolume() function.
Fixes: e83d36665 ("volumes: add new option idmap")
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
