This commit adds an quadlet option `Tmpfs` which can be used to mount a
tmpfs in the container.
Closes#17907
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
One of our oldest most frustrating flakes is #16091, "Timed
out waiting for BYE".
In #17489 we added some debug output to see if the problem
was a container hang of some sort. It does not seem to be
(see #17675), and the debug output makes it hard to read
failure logs, so let's remove it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the command along with the abi and tunnel support
Add e2e tests
Add man page
Add apiv2 test to ensure return codes
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
MSI Validation will fail if the process env is > 32k chars
Remove CIRRUS_COMMIT_MESSAGE and CIRRUS_PR_BODY which can easily exceed this limit
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
add a function to securely mount a subpath inside a volume. We cannot
trust that the subpath is safe since it is beneath a volume that could
be controlled by a separate container. To avoid TOCTOU races between
when we check the subpath and when the OCI runtime mounts it, we open
the subpath, validate it, bind mount to a temporary directory and use
it instead of the original path.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The podman kube generate command can now generate a
Deployment kind when the --ype flag is set to deployment.
By default, a Pod spec will be generated if --type flag is
not set.
Add --replicas flag to kube generate to allow users to set
the value of replicas in the generated yaml when generating a
Deployment kind.
Add e2e and minikube tests for this feature.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
If the kube yaml volumes has secret.items set, then use
the values from that to set up the paths inside the container
similar to what we do for configMap.
Add tests for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
the exec hooks already print the error message, so there is no need to
print another one.
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fix the example for RemapGid from keep-id to keep-groups
Reflect the chnages to the support for keep-id in Containers as well
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
As found in #17828, image listing does not scale well with a growing
number of local images. Make use of recent improvements in libimage
that allow for computing the dangling and parent data with _one_ layer
tree. Prior, the layer tree had to be recomputed _twice_ for each
image.
[NO NEW TESTS NEEDED] as it's a non-functional performance change.
Fixes: #17828
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
By default go will not keep the stdout/err attach when executing
commands via exec.Command(). It is required to explicitly pass the
current stdout/err fds down to the child so we can see the error output
in the logs to debug #17966.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It turns out the restart is _not_ a stop+start but keeps certain
resources open and is subject to some timeouts that may differ across
distributions' default settings.
[NO NEW TESTS NEEDED] as I have absolutely no idea how to reliably cause
the failure/flake/race.
Also ignore ENOENTS of the CID file when removing a container which has
been identified of actually fixing #17607.
Fixes: #17607
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Finishing up the work started by @biergit in #17021
Updates the tutorial to explain the use of `-l/--latest`
and converts many of the examples to use `<container_id>`
as that works locally and remote while `-l` doesn't always.
Thanks for the start on this @biergit !
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
OpenShift Merge Robot
Cedric Staniewski
Ashley Cui
Ed Santiago
Ygal Blum
Jason T. Greene
Alexis Couvreur
Daniel J Walsh
Giuseppe Scrivano
Urvashi Mohnani
Valentin Rothberg
Michael Milton
Julio C. Galindo
Arthur Sengileyev
Paul Holzinger
tomsweeneyredhat