podman events --format {{.ID}} was not working since the template was
converted to a range but we only render each event individually.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add auto-update support to `podman kube play`. Auto-update policies can
be configured for:
* the entire pod via the `io.containers.autoupdate` annotation
* a specific container via the `io.containers.autoupdate/$name` annotation
To make use of rollbacks, the `io.containers.sdnotify` policy should be
set to `container` such that the workload running _inside_ the container
can send the READY message via the NOTIFY_SOCKET once ready. For
further details on auto updates and rollbacks, please refer to the
specific article [1].
Since auto updates and rollbacks bases on Podman's systemd integration,
the k8s YAML must be executed in the `podman-kube@` systemd template.
For further details on how to run k8s YAML in systemd via Podman, please
refer to the specific article [2].
An examplary k8s YAML may look as follows:
```YAML
apiVersion: v1
kind: Pod
metadata:
annotations:
io.containers.autoupdate: "local"
io.containers.autoupdate/b: "registry"
labels:
app: test
name: test_pod
spec:
containers:
- command:
- top
image: alpine
name: a
- command:
- top
image: alpine
name: b
```
[1] https://www.redhat.com/sysadmin/podman-auto-updates-rollbacks
[2] https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Some system tests in `255-auto-update.bats` and `500-networking.bats`
fail under proxy environment.
This PR fixes this problem.
Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
We're seeing a huge number of "unknown failure" flakes,
and all seem to be in the 'clone' step, failing with:
echo "$ARTCURL..."
curl ... https://api.cirrus-ci.com/.../repo.tbz
(lots of pretty curl output lines)
curl: (22) The requested URL returned error: 502
Solution: use --retry, which will backoff-retry transient
failures. Start with a backoff of 8s, not the default 1.
Signed-off-by: Ed Santiago <santiago@redhat.com>
(memory-star, i.e., several memory options) that didn't get
included in #15276. Most of them are shoo-ins; the two in
container-clone and pod-clone deserve special attention
because of the "If unspecified" wording.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Refactor the auto-update backend to allow for updating multiple
tasks/containers per unit. This commit is merely doing the plumbing.
The actual integration comes in a following commit.
[NO NEW TESTS NEEDED] as behavior should not change and existing
tests are expected to continue to pass.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
It turns out that field names in syscall.Stat_t are platform-specific.
An alternative to this could change fixVolumePermissions to use
unix.Lstat since unix.Stat_t uses the same mmember name for Atim on both
Linux and FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This mount has never been standard on FreeBSD, preferring to use /tmp or
/var/tmp optionally with tmpfs to ensure data is lost on a reboot.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This contains a lot of code in common with container_internal_linux.go.
Subsequent commits will move the shared code to
container_internal_common.go to reduce the duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This moves platform-specific details of the network implementation out
of the generic file so that we can add the FreeBSD equivalent.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
podman does not use any service account token, so we set the automount flag
to false in podman generate kube.
Signed-off-by: François Poirotte <clicky@erebot.net>
Went with the podman-run version, where the "example" is
in the option template as per our guidelines.
I could not include the network- or volume-create
man pages, nor podman build.
Signed-off-by: Ed Santiago <santiago@redhat.com>
