Only for podman-create and -run, unfortunately: all the
others are too different, and can't easily be combined.
I went with the podman-run version because it was most
recently updated in #5192.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The format used for setting the bind-mount-options annotations
in the kube yaml was incorrect and caused k8s to throw an error
when trying to play the generated kube yaml.
Fix the annotation format to match the rules of k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
See https://github.com/containers/conmon/pull/352
As of a few days ago, Ubuntu still hadn't built a fixed conmon.
Just skip the test until we get a fixed Ubuntu or until we
figure out a better solution to the test-something-RHEL8ish
problem.
UPDATE: WEIRD: this 'skip' triggered a baffling failure
on Ubuntu: the "Kubernetes only allows 63 characters"
warning message stopped appearing, on Ubuntu only, which
then caused the kube-generate tests to fail because they
actually checked for that. The message doesn't appear
because generate-kube is no longer spitting out a line
for org.opencontainers.image.base.digest/CONTAINER.
(Why this line is gone, I don't know, and choose not
to investigate). Solution: stop checking for the kube-63
warning. It's just not that important.
Signed-off-by: Ed Santiago <santiago@redhat.com>
There are concerns with Packit causing flakes and delays on Podman so
let's have Packit prove itself in other repos and only then make its way
into Podman.
See: https://github.com/containers/podman/pull/15549#issuecomment-1233230573
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Since podman doesn't set/use the needed service env
variable, always set enableServiceLinks to false in
the generated kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
If we get a SIGTERM immediately after Conmon starts but before we
record its PID in the database, we end up leaking a Conmon and
associated OCI runtime process. Inhibit shutdown using the logic
we originally wrote to prevent similar issues during container
creation to prevent this problem.
[NO NEW TESTS NEEDED] No real way to test this I can think of.
Fixes#15557
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Would've been an easy one, except I decided to fix the text
to conform to our guidelines. I haven't been doing this,
but in this case it's only two man pages and the text is
short enough to make for easy review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only applicable to podman-create and -run. I went with the -run
version because it is cleaner and more recently updated.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When a kube yaml has a volume set as empty dir, podman
will create an anonymous volume with the empty dir name and
attach it to the containers running in the pod. When the pod
is removed, the empy dir volume created is also removed.
Add tests and docs for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
add two new options to the keep-id user namespace option:
- uid: allow to override the UID used inside the container.
- gid: allow to override the GID used inside the container.
For example, the following command will map the rootless user (that
has UID=0 inside the rootless user namespace) to the UID=11 inside the
container user namespace:
$ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map
0 1 11
11 0 1
12 12 65525
Closes: https://github.com/containers/podman/issues/15294
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Whew! This one started off identical everywhere, but the version
in podman-run got fixed in #1380, then again in #5192, with no
corresponding fixes to any of the other man pages.
I went with the podman-run version, with a small change in wording.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Almost all of SpecGenToOCI deals with linux-specific aspects of the
runtime spec. Rather than try to factor this out piecemeal, I think it
is cleaner to move the whole function along with its implementation
helper functions. This also meams we don't need non-linux stubs for
functions called from oci_linux.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
We keep getting flakes in tests that use port 5000. Try to
find and fix, by switching ports where possible, and locking
5000 when not possible (or not easy) to switch.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-create and -run. (podman-build is too
different). I went with the podman-run version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
I managed to miss this while factoring out moveConmonToCgroupAndSignal.
Perhaps the signalling part should move to the caller instead?
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
