containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14772 from nicrowe00/12475 

Add "podman kube play" cmd
This commit is contained in:
openshift-ci[bot] 2022-07-13 19:29:16 +00:00 committed by GitHub
parent 5f8d08d593 e08a77ce64
commit 5c3eec5589
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 538 additions and 426 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
cmd/podman/kube/kube.go Normal file
View File

@ -0,0 +1,35 @@
package pods
import (
"github.com/containers/podman/v4/cmd/podman/registry"
"github.com/containers/podman/v4/cmd/podman/validate"
"github.com/spf13/cobra"
)
var (
// Command: podman _kube_
kubeCmd = &cobra.Command{
Use: "kube",
Short: "Play containers, pods or volumes from a structured file",
Long: "Play structured data (e.g., Kubernetes YAML) based on containers, pods or volumes.",
RunE: validate.SubCommandExists,
}
playKubeParentCmd = &cobra.Command{
Use: "play",
Short: "Play containers, pods or volumes from a structured file",
Long: "Play structured data (e.g., Kubernetes YAML) based on containers, pods or volumes.",
Hidden: true,
RunE: validate.SubCommandExists,
}
)
func init() {
registry.Commands = append(registry.Commands, registry.CliCommand{
Command: kubeCmd,
})
registry.Commands = append(registry.Commands, registry.CliCommand{
Command: playKubeParentCmd,
})
}

164
cmd/podman/play/kube.go → cmd/podman/kube/play.go
View File

@ -29,23 +29,38 @@ type playKubeOptionsWrapper struct {
CredentialsCLI string
StartCLI bool
BuildCLI bool
annotations []string
macs []string
}
var (
annotations []string
macs []string
// https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
defaultSeccompRoot = "/var/lib/kubelet/seccomp"
kubeOptions = playKubeOptionsWrapper{}
kubeDescription = `Command reads in a structured file of Kubernetes YAML.
playOptions = playKubeOptionsWrapper{}
playDescription = `Command reads in a structured file of Kubernetes YAML.
It creates pods or volumes based on the Kubernetes kind described in the YAML. Supported kinds are Pods, Deployments and PersistentVolumeClaims.`
kubeCmd = &cobra.Command{
playCmd = &cobra.Command{
Use: "play [options] KUBEFILE|-",
Short: "Play a pod or volume based on Kubernetes YAML.",
Long: playDescription,
RunE: Play,
Args: cobra.ExactArgs(1),
ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman kube play nginx.yml
cat nginx.yml | podman kube play -
podman kube play --creds user:password --seccomp-profile-root /custom/path apache.yml`,
}
)
var (
playKubeCmd = &cobra.Command{
Use: "kube [options] KUBEFILE|-",
Short: "Play a pod or volume based on Kubernetes YAML.",
Long: kubeDescription,
RunE: kube,
Long: playDescription,
Hidden: true,
RunE: playKube,
Args: cobra.ExactArgs(1),
ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman play kube nginx.yml
@ -56,170 +71,183 @@ var (
func init() {
registry.Commands = append(registry.Commands, registry.CliCommand{
Command: kubeCmd,
Parent: playCmd,
Command: playCmd,
Parent: kubeCmd,
})
playFlags(playCmd)
flags := kubeCmd.Flags()
registry.Commands = append(registry.Commands, registry.CliCommand{
Command: playKubeCmd,
Parent: playKubeParentCmd,
})
playFlags(playKubeCmd)
}
func playFlags(cmd *cobra.Command) {
flags := cmd.Flags()
flags.SetNormalizeFunc(utils.AliasFlags)
annotationFlagName := "annotation"
flags.StringSliceVar(
&annotations,
&playOptions.annotations,
annotationFlagName, []string{},
"Add annotations to pods (key=value)",
)
_ = kubeCmd.RegisterFlagCompletionFunc(annotationFlagName, completion.AutocompleteNone)
_ = cmd.RegisterFlagCompletionFunc(annotationFlagName, completion.AutocompleteNone)
credsFlagName := "creds"
flags.StringVar(&kubeOptions.CredentialsCLI, credsFlagName, "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
_ = kubeCmd.RegisterFlagCompletionFunc(credsFlagName, completion.AutocompleteNone)
flags.StringVar(&playOptions.CredentialsCLI, credsFlagName, "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
_ = cmd.RegisterFlagCompletionFunc(credsFlagName, completion.AutocompleteNone)
staticMACFlagName := "mac-address"
flags.StringSliceVar(&macs, staticMACFlagName, nil, "Static MAC addresses to assign to the pods")
_ = kubeCmd.RegisterFlagCompletionFunc(staticMACFlagName, completion.AutocompleteNone)
flags.StringSliceVar(&playOptions.macs, staticMACFlagName, nil, "Static MAC addresses to assign to the pods")
_ = cmd.RegisterFlagCompletionFunc(staticMACFlagName, completion.AutocompleteNone)
networkFlagName := "network"
flags.StringArrayVar(&kubeOptions.Networks, networkFlagName, nil, "Connect pod to network(s) or network mode")
_ = kubeCmd.RegisterFlagCompletionFunc(networkFlagName, common.AutocompleteNetworkFlag)
flags.StringArrayVar(&playOptions.Networks, networkFlagName, nil, "Connect pod to network(s) or network mode")
_ = cmd.RegisterFlagCompletionFunc(networkFlagName, common.AutocompleteNetworkFlag)
staticIPFlagName := "ip"
flags.IPSliceVar(&kubeOptions.StaticIPs, staticIPFlagName, nil, "Static IP addresses to assign to the pods")
_ = kubeCmd.RegisterFlagCompletionFunc(staticIPFlagName, completion.AutocompleteNone)
flags.IPSliceVar(&playOptions.StaticIPs, staticIPFlagName, nil, "Static IP addresses to assign to the pods")
_ = cmd.RegisterFlagCompletionFunc(staticIPFlagName, completion.AutocompleteNone)
logDriverFlagName := "log-driver"
flags.StringVar(&kubeOptions.LogDriver, logDriverFlagName, common.LogDriver(), "Logging driver for the container")
_ = kubeCmd.RegisterFlagCompletionFunc(logDriverFlagName, common.AutocompleteLogDriver)
flags.StringVar(&playOptions.LogDriver, logDriverFlagName, common.LogDriver(), "Logging driver for the container")
_ = cmd.RegisterFlagCompletionFunc(logDriverFlagName, common.AutocompleteLogDriver)
logOptFlagName := "log-opt"
flags.StringSliceVar(
&kubeOptions.LogOptions,
&playOptions.LogOptions,
logOptFlagName, []string{},
"Logging driver options",
)
_ = kubeCmd.RegisterFlagCompletionFunc(logOptFlagName, common.AutocompleteLogOpt)
_ = cmd.RegisterFlagCompletionFunc(logOptFlagName, common.AutocompleteLogOpt)
usernsFlagName := "userns"
flags.StringVar(&kubeOptions.Userns, usernsFlagName, os.Getenv("PODMAN_USERNS"),
flags.StringVar(&playOptions.Userns, usernsFlagName, os.Getenv("PODMAN_USERNS"),
"User namespace to use",
)
_ = kubeCmd.RegisterFlagCompletionFunc(usernsFlagName, common.AutocompleteUserNamespace)
_ = cmd.RegisterFlagCompletionFunc(usernsFlagName, common.AutocompleteUserNamespace)
flags.BoolVar(&kubeOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the pod's containers, instead use the version from the image")
flags.BoolVarP(&kubeOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
flags.BoolVar(&kubeOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
flags.BoolVar(&kubeOptions.StartCLI, "start", true, "Start the pod after creating it")
flags.BoolVar(&playOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the pod's containers, instead use the version from the image")
flags.BoolVarP(&playOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
flags.BoolVar(&playOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
flags.BoolVar(&playOptions.StartCLI, "start", true, "Start the pod after creating it")
authfileFlagName := "authfile"
flags.StringVar(&kubeOptions.Authfile, authfileFlagName, auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
_ = kubeCmd.RegisterFlagCompletionFunc(authfileFlagName, completion.AutocompleteDefault)
flags.StringVar(&playOptions.Authfile, authfileFlagName, auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
_ = cmd.RegisterFlagCompletionFunc(authfileFlagName, completion.AutocompleteDefault)
downFlagName := "down"
flags.BoolVar(&kubeOptions.Down, downFlagName, false, "Stop pods defined in the YAML file")
flags.BoolVar(&playOptions.Down, downFlagName, false, "Stop pods defined in the YAML file")
replaceFlagName := "replace"
flags.BoolVar(&kubeOptions.Replace, replaceFlagName, false, "Delete and recreate pods defined in the YAML file")
flags.BoolVar(&playOptions.Replace, replaceFlagName, false, "Delete and recreate pods defined in the YAML file")
if !registry.IsRemote() {
certDirFlagName := "cert-dir"
flags.StringVar(&kubeOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys")
_ = kubeCmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault)
flags.StringVar(&playOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys")
_ = cmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault)
seccompProfileRootFlagName := "seccomp-profile-root"
flags.StringVar(&kubeOptions.SeccompProfileRoot, seccompProfileRootFlagName, defaultSeccompRoot, "Directory path for seccomp profiles")
_ = kubeCmd.RegisterFlagCompletionFunc(seccompProfileRootFlagName, completion.AutocompleteDefault)
flags.StringVar(&playOptions.SeccompProfileRoot, seccompProfileRootFlagName, defaultSeccompRoot, "Directory path for seccomp profiles")
_ = cmd.RegisterFlagCompletionFunc(seccompProfileRootFlagName, completion.AutocompleteDefault)
configmapFlagName := "configmap"
flags.StringSliceVar(&kubeOptions.ConfigMaps, configmapFlagName, []string{}, "`Pathname` of a YAML file containing a kubernetes configmap")
_ = kubeCmd.RegisterFlagCompletionFunc(configmapFlagName, completion.AutocompleteDefault)
flags.StringSliceVar(&playOptions.ConfigMaps, configmapFlagName, []string{}, "`Pathname` of a YAML file containing a kubernetes configmap")
_ = cmd.RegisterFlagCompletionFunc(configmapFlagName, completion.AutocompleteDefault)
buildFlagName := "build"
flags.BoolVar(&kubeOptions.BuildCLI, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)")
flags.BoolVar(&playOptions.BuildCLI, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)")
contextDirFlagName := "context-dir"
flags.StringVar(&kubeOptions.ContextDir, contextDirFlagName, "", "Path to top level of context directory")
_ = kubeCmd.RegisterFlagCompletionFunc(contextDirFlagName, completion.AutocompleteDefault)
flags.StringVar(&playOptions.ContextDir, contextDirFlagName, "", "Path to top level of context directory")
_ = cmd.RegisterFlagCompletionFunc(contextDirFlagName, completion.AutocompleteDefault)
// NOTE: The service-container flag is marked as hidden as it
// is purely designed for running play-kube in systemd units.
// is purely designed for running kube-play in systemd units.
// It is not something users should need to know or care about.
//
// Having a flag rather than an env variable is cleaner.
serviceFlagName := "service-container"
flags.BoolVar(&kubeOptions.ServiceContainer, serviceFlagName, false, "Starts a service container before all pods")
flags.BoolVar(&playOptions.ServiceContainer, serviceFlagName, false, "Starts a service container before all pods")
_ = flags.MarkHidden("service-container")
flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
flags.StringVar(&playOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
_ = flags.MarkHidden("signature-policy")
}
}
func kube(cmd *cobra.Command, args []string) error {
func Play(cmd *cobra.Command, args []string) error {
// TLS verification in c/image is controlled via a `types.OptionalBool`
// which allows for distinguishing among set-true, set-false, unspecified
// which is important to implement a sane way of dealing with defaults of
// boolean CLI flags.
if cmd.Flags().Changed("tls-verify") {
kubeOptions.SkipTLSVerify = types.NewOptionalBool(!kubeOptions.TLSVerifyCLI)
playOptions.SkipTLSVerify = types.NewOptionalBool(!playOptions.TLSVerifyCLI)
}
if cmd.Flags().Changed("start") {
kubeOptions.Start = types.NewOptionalBool(kubeOptions.StartCLI)
playOptions.Start = types.NewOptionalBool(playOptions.StartCLI)
}
if cmd.Flags().Changed("build") {
kubeOptions.Build = types.NewOptionalBool(kubeOptions.BuildCLI)
playOptions.Build = types.NewOptionalBool(playOptions.BuildCLI)
}
if kubeOptions.Authfile != "" {
if _, err := os.Stat(kubeOptions.Authfile); err != nil {
if playOptions.Authfile != "" {
if _, err := os.Stat(playOptions.Authfile); err != nil {
return err
}
}
if kubeOptions.ContextDir != "" && kubeOptions.Build != types.OptionalBoolTrue {
if playOptions.ContextDir != "" && playOptions.Build != types.OptionalBoolTrue {
return errors.New("--build must be specified when using --context-dir option")
}
if kubeOptions.CredentialsCLI != "" {
creds, err := util.ParseRegistryCreds(kubeOptions.CredentialsCLI)
if playOptions.CredentialsCLI != "" {
creds, err := util.ParseRegistryCreds(playOptions.CredentialsCLI)
if err != nil {
return err
}
kubeOptions.Username = creds.Username
kubeOptions.Password = creds.Password
playOptions.Username = creds.Username
playOptions.Password = creds.Password
}
for _, annotation := range annotations {
for _, annotation := range playOptions.annotations {
splitN := strings.SplitN(annotation, "=", 2)
if len(splitN) > 2 {
return fmt.Errorf("annotation %q must include an '=' sign", annotation)
}
if kubeOptions.Annotations == nil {
kubeOptions.Annotations = make(map[string]string)
if playOptions.Annotations == nil {
playOptions.Annotations = make(map[string]string)
}
annotation := splitN[1]
if len(annotation) > define.MaxKubeAnnotation {
return fmt.Errorf("annotation exceeds maximum size, %d, of kubernetes annotation: %s", define.MaxKubeAnnotation, annotation)
}
kubeOptions.Annotations[splitN[0]] = annotation
playOptions.Annotations[splitN[0]] = annotation
}
yamlfile := args[0]
if yamlfile == "-" {
yamlfile = "/dev/stdin"
}
for _, mac := range macs {
for _, mac := range playOptions.macs {
m, err := net.ParseMAC(mac)
if err != nil {
return err
}
kubeOptions.StaticMACs = append(kubeOptions.StaticMACs, m)
playOptions.StaticMACs = append(playOptions.StaticMACs, m)
}
if kubeOptions.Down {
if playOptions.Down {
return teardown(yamlfile)
}
if kubeOptions.Replace {
if playOptions.Replace {
if err := teardown(yamlfile); err != nil && !errorhandling.Contains(err, define.ErrNoSuchPod) {
return err
}
}
return playkube(yamlfile)
return kubeplay(yamlfile)
}
func playKube(cmd *cobra.Command, args []string) error {
return Play(cmd, args)
}
func teardown(yamlfile string) error {
@ -265,13 +293,13 @@ func teardown(yamlfile string) error {
return podRmErrors.PrintErrors()
}
func playkube(yamlfile string) error {
func kubeplay(yamlfile string) error {
f, err := os.Open(yamlfile)
if err != nil {
return err
}
defer f.Close()
report, err := registry.ContainerEngine().PlayKube(registry.GetContext(), f, kubeOptions.PlayKubeOptions)
report, err := registry.ContainerEngine().PlayKube(registry.GetContext(), f, playOptions.PlayKubeOptions)
if err != nil {
return fmt.Errorf("%s: %w", yamlfile, err)
}

2
cmd/podman/main.go
View File

@ -9,10 +9,10 @@ import (
_ "github.com/containers/podman/v4/cmd/podman/generate"
_ "github.com/containers/podman/v4/cmd/podman/healthcheck"
_ "github.com/containers/podman/v4/cmd/podman/images"
_ "github.com/containers/podman/v4/cmd/podman/kube"
_ "github.com/containers/podman/v4/cmd/podman/machine"
_ "github.com/containers/podman/v4/cmd/podman/manifest"
_ "github.com/containers/podman/v4/cmd/podman/networks"
_ "github.com/containers/podman/v4/cmd/podman/play"
_ "github.com/containers/podman/v4/cmd/podman/pods"
"github.com/containers/podman/v4/cmd/podman/registry"
_ "github.com/containers/podman/v4/cmd/podman/secrets"

23
cmd/podman/play/play.go
View File

@ -1,23 +0,0 @@
package pods
import (
"github.com/containers/podman/v4/cmd/podman/registry"
"github.com/containers/podman/v4/cmd/podman/validate"
"github.com/spf13/cobra"
)
var (
// Command: podman _play_
playCmd = &cobra.Command{
Use: "play",
Short: "Play containers, pods or volumes from a structured file",
Long: "Play structured data (e.g., Kubernetes YAML) based on containers, pods or volumes.",
RunE: validate.SubCommandExists,
}
)
func init() {
registry.Commands = append(registry.Commands, registry.CliCommand{
Command: playCmd,
})
}

4
docs/play_kube_support.md → docs/kubernetes_support.md
View File

@ -1,6 +1,6 @@
# Podman Play Kube Support
# Podman Kube Play Support
This document outlines the kube yaml fields that are currently supported by the **podman play kube** command.
This document outlines the kube yaml fields that are currently supported by the **podman kube play** command.
Note: **N/A** means that the option cannot be supported in a single-node Podman environment.

4
docs/source/Commands.rst
View File

@ -47,6 +47,8 @@ Commands
:doc:`kill <markdown/podman-kill.1>` Kill one or more running containers with a specific signal
:doc:`kube <markdown/podman-kube.1>` Play a pod
:doc:`load <markdown/podman-load.1>` Load an image from container archive
:doc:`login <markdown/podman-login.1>` Login to a container registry
@ -65,8 +67,6 @@ Commands
:doc:`pause <markdown/podman-pause.1>` Pause all the processes in one or more containers
:doc:`play <markdown/podman-play.1>` Play a pod
:doc:`pod <markdown/podman-pod.1>` Manage pods
:doc:`port <markdown/podman-port.1>` List port mappings or a specific mapping for the container

1
docs/source/markdown/links/podman-play-kube.1 Normal file
View File

@ -0,0 +1 @@
.so man1/podman-kube-play.1

2
docs/source/markdown/podman-generate-kube.1.md
View File

@ -213,7 +213,7 @@ status:
```
## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-play-kube(1)](podman-play-kube.1.md)**
**[podman(1)](podman.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**
## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)

2
docs/source/markdown/podman-generate-systemd.1.md
View File

@ -55,7 +55,7 @@ Use the name of the container for the start, stop, and description in the unit f
Using this flag will yield unit files that do not expect containers and pods to exist. Instead, new containers and pods are created based on their configuration files. The unit files are created best effort and may need to be further edited; please review the generated files carefully before using them in production.
Note that `--new` only works on containers and pods created directly via Podman (i.e., `podman [container] {create,run}` or `podman pod create`). It does not work on containers or pods created via the REST API or via `podman play kube`.
Note that `--new` only works on containers and pods created directly via Podman (i.e., `podman [container] {create,run}` or `podman pod create`). It does not work on containers or pods created via the REST API or via `podman kube play`.
#### **--no-header**

57
docs/source/markdown/podman-play-kube.1.md → docs/source/markdown/podman-kube-play.1.md
View File

@ -1,15 +1,15 @@
% podman-play-kube(1)
% podman-kube-play(1)
## NAME
podman-play-kube - Create containers, pods or volumes based on Kubernetes YAML
podman-kube-play - Create containers, pods or volumes based on Kubernetes YAML
## SYNOPSIS
**podman play kube** [*options*] *file.yml|-*
**podman kube play** [*options*] *file.yml|-*
## DESCRIPTION
**podman play kube** will read in a structured file of Kubernetes YAML. It will then recreate the containers, pods or volumes described in the YAML. Containers within a pod are then started and the ID of the new Pod or the name of the new Volume is output. If the yaml file is specified as "-" then `podman play kube` will read the YAML file from stdin.
Using the `--down` command line option, it is also capable of tearing down the pods created by a previous run of `podman play kube`.
Using the `--replace` command line option, it will tear down the pods(if any) created by a previous run of `podman play kube` and recreate the pods with the Kubernetes YAML file.
**podman kube play** will read in a structured file of Kubernetes YAML. It will then recreate the containers, pods or volumes described in the YAML. Containers within a pod are then started and the ID of the new Pod or the name of the new Volume is output. If the yaml file is specified as "-" then `podman kube play` will read the YAML file from stdin.
Using the `--down` command line option, it is also capable of tearing down the pods created by a previous run of `podman kube play`.
Using the `--replace` command line option, it will tear down the pods(if any) created by a previous run of `podman kube play` and recreate the pods with the Kubernetes YAML file.
Ideally the input file would be one created by Podman (see podman-generate-kube(1)). This would guarantee a smooth import and expected results.
Currently, the supported Kubernetes kinds are:
@ -20,14 +20,16 @@ Currently, the supported Kubernetes kinds are:
`Kubernetes Pods or Deployments`
Only two volume types are supported by play kube, the *hostPath* and *persistentVolumeClaim* volume types. For the *hostPath* volume type, only the *default (empty)*, *DirectoryOrCreate*, *Directory*, *FileOrCreate*, *File*, *Socket*, *CharDevice* and *BlockDevice* subtypes are supported. Podman interprets the value of *hostPath* *path* as a file path when it contains at least one forward slash, otherwise Podman treats the value as the name of a named volume. When using a *persistentVolumeClaim*, the value for *claimName* is the name for the Podman named volume.
Only two volume types are supported by kube play, the *hostPath* and *persistentVolumeClaim* volume types. For the *hostPath* volume type, only the *default (empty)*, *DirectoryOrCreate*, *Directory*, *FileOrCreate*, *File*, *Socket*, *CharDevice* and *BlockDevice* subtypes are supported. Podman interprets the value of *hostPath* *path* as a file path when it contains at least one forward slash, otherwise Podman treats the value as the name of a named volume. When using a *persistentVolumeClaim*, the value for *claimName* is the name for the Podman named volume.
Note: When playing a kube YAML with init containers, the init container will be created with init type value `always`.
Note: *hostPath* volume types created by play kube will be given an SELinux shared label (z), bind mounts are not relabeled (use `chcon -t container_file_t -R <directory>`).
Note: *hostPath* volume types created by kube play will be given an SELinux shared label (z), bind mounts are not relabeled (use `chcon -t container_file_t -R <directory>`).
Note: If the `:latest` tag is used, Podman will attempt to pull the image from a registry. If the image was built locally with Podman or Buildah, it will have `localhost` as the domain, in that case, Podman will use the image from the local store even if it has the `:latest` tag.
Note: The command `podman play kube` is an alias of `podman kube play`, and will perform the same function.
`Kubernetes PersistentVolumeClaims`
A Kubernetes PersistentVolumeClaim represents a Podman named volume. Only the PersistentVolumeClaim name is required by Podman to create a volume. Kubernetes annotations can be used to make use of the available options for Podman volumes.
@ -39,7 +41,7 @@ A Kubernetes PersistentVolumeClaim represents a Podman named volume. Only the Pe
- volume.podman.io/gid
- volume.podman.io/mount-options
Play kube is capable of building images on the fly given the correct directory layout and Containerfiles. This
Kube play is capable of building images on the fly given the correct directory layout and Containerfiles. This
option is not available for remote clients, including Mac and Windows (excluding WSL2) machines, yet. Consider the following excerpt from a YAML file:
```
apiVersion: v1
@ -57,7 +59,7 @@ spec:
```
If there is a directory named `foobar` in the current working directory with a file named `Containerfile` or `Dockerfile`,
Podman play kube will build that image and name it `foobar`. An example directory structure for this example would look
Podman kube play will build that image and name it `foobar`. An example directory structure for this example would look
like:
```
|- mykubefiles
@ -103,19 +105,6 @@ spec:
and as a result environment variable `FOO` will be set to `bar` for container `container-1`.
### Systemd Integration
A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template. The template's argument is the path to the YAML file. Given a `workload.yaml` file in the home directory, it can be executed as follows:
```
$ escaped=$(systemd-escape ~/sysadmin.yaml)
$ systemctl --user start podman-kube@$escaped.service
$ systemctl --user is-active podman-kube@$escaped.service
active
```
Note that the path to the YAML file must be escaped via `systemd-escape`.
## OPTIONS
#### **--annotation**=*key=value*
@ -158,7 +147,7 @@ value can be entered. The password is entered without echo.
#### **--down**
Tears down the pods that were created by a previous run of `play kube`. The pods are stopped and then
Tears down the pods that were created by a previous run of `kube play`. The pods are stopped and then
removed. Any volumes created are left intact.
#### **--help**, **-h**
@ -167,7 +156,7 @@ Print usage statement
#### **--ip**=*IP address*
Assign a static ip address to the pod. This option can be specified several times when play kube creates more than one pod.
Assign a static ip address to the pod. This option can be specified several times when kube play creates more than one pod.
Note: When joining multiple networks you should use the **--network name:ip=\<ip\>** syntax.
#### **--log-driver**=driver
@ -193,7 +182,7 @@ This option is currently supported only by the **journald** log driver.
#### **--mac-address**=*MAC address*
Assign a static mac address to the pod. This option can be specified several times when play kube creates more than one pod.
Assign a static mac address to the pod. This option can be specified several times when kube play creates more than one pod.
Note: When joining multiple networks you should use the **--network name:mac=\<mac\>** syntax.
#### **--network**=*mode*, **--net**
@ -240,7 +229,7 @@ Suppress output information when pulling images
#### **--replace**
Tears down the pods created by a previous run of `play kube` and recreates the pods. This option is used to keep the existing pods up to date based upon the Kubernetes YAML.
Tears down the pods created by a previous run of `kube play` and recreates the pods. This option is used to keep the existing pods up to date based upon the Kubernetes YAML.
#### **--seccomp-profile-root**=*path*
@ -299,19 +288,19 @@ Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinat
Recreate the pod and containers as described in a file called `demo.yml`
```
$ podman play kube demo.yml
$ podman kube play demo.yml
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
```
Recreate the pod and containers as described in a file `demo.yml` sent to stdin
```
$ cat demo.yml | podman play kube -
$ cat demo.yml | podman kube play -
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
```
Teardown the pod and containers as described in a file `demo.yml`
```
$ podman play kube --down demo.yml
$ podman kube play --down demo.yml
Pods stopped:
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
Pods removed:
@ -320,23 +309,23 @@ Pods removed:
Provide `configmap-foo.yml` and `configmap-bar.yml` as sources for environment variables within the containers.
```
$ podman play kube demo.yml --configmap configmap-foo.yml,configmap-bar.yml
$ podman kube play demo.yml --configmap configmap-foo.yml,configmap-bar.yml
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
$ podman play kube demo.yml --configmap configmap-foo.yml --configmap configmap-bar.yml
$ podman kube play demo.yml --configmap configmap-foo.yml --configmap configmap-bar.yml
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
```
Create a pod connected to two networks (called net1 and net2) with a static ip
```
$ podman play kube demo.yml --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10
$ podman kube play demo.yml --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
```
Please take into account that CNI networks must be created first using podman-network-create(1).
## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-play(1)](podman-play.1.md)**, **[podman-network-create(1)](podman-network-create.1.md)**, **[podman-generate-kube(1)](podman-generate-kube.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**
**[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-network-create(1)](podman-network-create.1.md)**, **[podman-generate-kube(1)](podman-generate-kube.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**
## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)

12
docs/source/markdown/podman-play.1.md → docs/source/markdown/podman-kube.1.md
View File

@ -1,20 +1,20 @@
% podman-play(1)
% podman-kube(1)
## NAME
podman\-play - Play containers, pods or volumes based on a structured input file
podman\-kube - Play containers, pods or volumes based on a structured input file
## SYNOPSIS
**podman play** *subcommand*
**podman kube** *subcommand*
## DESCRIPTION
The play command will recreate containers, pods or volumes based on the input from a structured (like YAML)
The kube command will recreate containers, pods or volumes based on the input from a structured (like YAML)
file input. Containers will be automatically started.
## COMMANDS
| Command | Man Page | Description |
| ------- | --------------------------------------------------- | ---------------------------------------------------------------------------- |
| kube | [podman-play-kube(1)](podman-play-kube.1.md) | Create containers, pods or volumes based on Kubernetes YAML. |
| play | [podman-kube-play(1)](podman-kube-play.1.md) | Create containers, pods or volumes based on Kubernetes YAML. |
## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-generate(1)](podman-generate.1.md)**, **[podman-play-kube(1)](podman-play-kube.1.md)**
**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-generate(1)](podman-generate.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**

4
docs/source/markdown/podman-pod-create.1.md
View File

@ -92,7 +92,7 @@ Set the exit policy of the pod when the last container exits. Supported policie
| Exit Policy | Description |
| ------------------ | --------------------------------------------------------------------------- |
| *continue* | The pod continues running when the last container exits. Used by default. |
| *stop* | The pod is stopped when the last container exits. Used in `play kube`. |
| *stop* | The pod is stopped when the last container exits. Used in `kube play`. |
#### **--gidmap**=*container_gid:host_gid:amount*
@ -603,7 +603,7 @@ $ podman pod create --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10
```
## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-play-kube(1)](podman-play-kube.1.md)**, **containers.conf(1)**
**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **containers.conf(1)**
## HISTORY

2
docs/source/markdown/podman.1.md
View File

@ -325,7 +325,7 @@ the exit codes follow the `chroot` standard, see below:
| [podman-mount(1)](podman-mount.1.md) | Mount a working container's root filesystem. |
| [podman-network(1)](podman-network.1.md) | Manage Podman networks. |
| [podman-pause(1)](podman-pause.1.md) | Pause one or more containers. |
| [podman-play(1)](podman-play.1.md) | Play containers, pods or volumes based on a structured input file. |
| [podman-kube(1)](podman-kube.1.md) | Play containers, pods or volumes based on a structured input file. |
| [podman-pod(1)](podman-pod.1.md) | Management tool for groups of containers, called pods. |
| [podman-port(1)](podman-port.1.md) | List port mappings for a container. |
| [podman-ps(1)](podman-ps.1.md) | Prints out information about containers. |

4
hack/swagger-check
View File

@ -320,8 +320,8 @@ sub operation_name {
if ($action eq 'df') {
$action = 'dataUsage';
}
elsif ($action eq "delete" && $endpoint eq "/libpod/play/kube") {
$action = "KubeDown"
elsif ($action eq "delete" && $endpoint eq "/libpod/kube/play") {
$action = "PlayDown"
}
# Grrrrrr, this one is annoying: some operations get an extra 'All'
elsif ($action =~ /^(delete|get|stats)$/ && $endpoint !~ /\{/) {

123
pkg/api/handlers/libpod/kube.go Normal file
View File

@ -0,0 +1,123 @@
package libpod
import (
"fmt"
"net"
"net/http"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/api/handlers/utils"
api "github.com/containers/podman/v4/pkg/api/types"
"github.com/containers/podman/v4/pkg/auth"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/domain/infra/abi"
"github.com/gorilla/schema"
)
func KubePlay(w http.ResponseWriter, r *http.Request) {
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
query := struct {
Annotations map[string]string `schema:"annotations"`
Network []string `schema:"network"`
TLSVerify bool `schema:"tlsVerify"`
LogDriver string `schema:"logDriver"`
LogOptions []string `schema:"logOptions"`
Start bool `schema:"start"`
StaticIPs []string `schema:"staticIPs"`
StaticMACs []string `schema:"staticMACs"`
NoHosts bool `schema:"noHosts"`
}{
TLSVerify: true,
Start: true,
}
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err))
return
}
staticIPs := make([]net.IP, 0, len(query.StaticIPs))
for _, ipString := range query.StaticIPs {
ip := net.ParseIP(ipString)
if ip == nil {
utils.Error(w, http.StatusBadRequest, fmt.Errorf("invalid IP address %s", ipString))
return
}
staticIPs = append(staticIPs, ip)
}
staticMACs := make([]net.HardwareAddr, 0, len(query.StaticMACs))
for _, macString := range query.StaticMACs {
mac, err := net.ParseMAC(macString)
if err != nil {
utils.Error(w, http.StatusBadRequest, err)
return
}
staticMACs = append(staticMACs, mac)
}
authConf, authfile, err := auth.GetCredentials(r)
if err != nil {
utils.Error(w, http.StatusBadRequest, err)
return
}
defer auth.RemoveAuthfile(authfile)
var username, password string
if authConf != nil {
username = authConf.Username
password = authConf.Password
}
logDriver := query.LogDriver
if logDriver == "" {
config, err := runtime.GetConfig()
if err != nil {
utils.Error(w, http.StatusInternalServerError, err)
return
}
logDriver = config.Containers.LogDriver
}
containerEngine := abi.ContainerEngine{Libpod: runtime}
options := entities.PlayKubeOptions{
Annotations: query.Annotations,
Authfile: authfile,
Username: username,
Password: password,
Networks: query.Network,
NoHosts: query.NoHosts,
Quiet: true,
LogDriver: logDriver,
LogOptions: query.LogOptions,
StaticIPs: staticIPs,
StaticMACs: staticMACs,
}
if _, found := r.URL.Query()["tlsVerify"]; found {
options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
}
if _, found := r.URL.Query()["start"]; found {
options.Start = types.NewOptionalBool(query.Start)
}
report, err := containerEngine.PlayKube(r.Context(), r.Body, options)
_ = r.Body.Close()
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error playing YAML file: %w", err))
return
}
utils.WriteResponse(w, http.StatusOK, report)
}
func KubePlayDown(w http.ResponseWriter, r *http.Request) {
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
containerEngine := abi.ContainerEngine{Libpod: runtime}
options := new(entities.PlayKubeDownOptions)
report, err := containerEngine.PlayKubeDown(r.Context(), r.Body, *options)
_ = r.Body.Close()
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error tearing down YAML file: %w", err))
return
}
utils.WriteResponse(w, http.StatusOK, report)
}

114
pkg/api/handlers/libpod/play.go
View File

@ -1,123 +1,13 @@
package libpod
import (
"fmt"
"net"
"net/http"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/api/handlers/utils"
api "github.com/containers/podman/v4/pkg/api/types"
"github.com/containers/podman/v4/pkg/auth"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/domain/infra/abi"
"github.com/gorilla/schema"
)
func PlayKube(w http.ResponseWriter, r *http.Request) {
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
query := struct {
Annotations map[string]string `schema:"annotations"`
Network []string `schema:"network"`
TLSVerify bool `schema:"tlsVerify"`
LogDriver string `schema:"logDriver"`
LogOptions []string `schema:"logOptions"`
Start bool `schema:"start"`
StaticIPs []string `schema:"staticIPs"`
StaticMACs []string `schema:"staticMACs"`
NoHosts bool `schema:"noHosts"`
}{
TLSVerify: true,
Start: true,
}
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err))
return
}
staticIPs := make([]net.IP, 0, len(query.StaticIPs))
for _, ipString := range query.StaticIPs {
ip := net.ParseIP(ipString)
if ip == nil {
utils.Error(w, http.StatusBadRequest, fmt.Errorf("invalid IP address %s", ipString))
return
}
staticIPs = append(staticIPs, ip)
}
staticMACs := make([]net.HardwareAddr, 0, len(query.StaticMACs))
for _, macString := range query.StaticMACs {
mac, err := net.ParseMAC(macString)
if err != nil {
utils.Error(w, http.StatusBadRequest, err)
return
}
staticMACs = append(staticMACs, mac)
}
authConf, authfile, err := auth.GetCredentials(r)
if err != nil {
utils.Error(w, http.StatusBadRequest, err)
return
}
defer auth.RemoveAuthfile(authfile)
var username, password string
if authConf != nil {
username = authConf.Username
password = authConf.Password
}
logDriver := query.LogDriver
if logDriver == "" {
config, err := runtime.GetConfig()
if err != nil {
utils.Error(w, http.StatusInternalServerError, err)
return
}
logDriver = config.Containers.LogDriver
}
containerEngine := abi.ContainerEngine{Libpod: runtime}
options := entities.PlayKubeOptions{
Annotations: query.Annotations,
Authfile: authfile,
Username: username,
Password: password,
Networks: query.Network,
NoHosts: query.NoHosts,
Quiet: true,
LogDriver: logDriver,
LogOptions: query.LogOptions,
StaticIPs: staticIPs,
StaticMACs: staticMACs,
}
if _, found := r.URL.Query()["tlsVerify"]; found {
options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
}
if _, found := r.URL.Query()["start"]; found {
options.Start = types.NewOptionalBool(query.Start)
}
report, err := containerEngine.PlayKube(r.Context(), r.Body, options)
_ = r.Body.Close()
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error playing YAML file: %w", err))
return
}
utils.WriteResponse(w, http.StatusOK, report)
KubePlay(w, r)
}
func PlayKubeDown(w http.ResponseWriter, r *http.Request) {
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
containerEngine := abi.ContainerEngine{Libpod: runtime}
options := new(entities.PlayKubeDownOptions)
report, err := containerEngine.PlayKubeDown(r.Context(), r.Body, *options)
_ = r.Body.Close()
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error tearing down YAML file: %w", err))
return
}
utils.WriteResponse(w, http.StatusOK, report)
KubePlayDown(w, r)
}

2
pkg/api/handlers/swagger/responses.go
View File

@ -71,7 +71,7 @@ type imagesRemoveResponseLibpod struct {
// PlayKube response
// swagger:response
type playKubeResponseLibpod struct {
type kubePlayResponseLibpod struct {
// in:body
Body entities.PlayKubeReport
}

14
pkg/api/server/register_play.go → pkg/api/server/register_kube.go
View File

@ -7,8 +7,8 @@ import (
"github.com/gorilla/mux"
)
func (s *APIServer) registerPlayHandlers(r *mux.Router) error {
// swagger:operation POST /libpod/play/kube libpod PlayKubeLibpod
func (s *APIServer) registerKubeHandlers(r *mux.Router) error {
// swagger:operation POST /libpod/kube/play libpod KubePlayLibpod
// ---
// tags:
// - containers
@ -57,24 +57,26 @@ func (s *APIServer) registerPlayHandlers(r *mux.Router) error {
// - application/json
// responses:
// 200:
// $ref: "#/responses/playKubeResponseLibpod"
// $ref: "#/responses/kubePlayResponseLibpod"
// 500:
// $ref: "#/responses/internalError"
r.HandleFunc(VersionedPath("/libpod/kube/play"), s.APIHandler(libpod.KubePlay)).Methods(http.MethodPost)
r.HandleFunc(VersionedPath("/libpod/play/kube"), s.APIHandler(libpod.PlayKube)).Methods(http.MethodPost)
// swagger:operation DELETE /libpod/play/kube libpod PlayKubeDownLibpod
// swagger:operation DELETE /libpod/kube/play libpod KubePlayDownLibpod
// ---
// tags:
// - containers
// - pods
// summary: Remove pods from play kube
// summary: Remove pods from kube play
// description: Tears down pods defined in a YAML file
// produces:
// - application/json
// responses:
// 200:
// $ref: "#/responses/playKubeResponseLibpod"
// $ref: "#/responses/kubePlayResponseLibpod"
// 500:
// $ref: "#/responses/internalError"
r.HandleFunc(VersionedPath("/libpod/kube/play"), s.APIHandler(libpod.KubePlayDown)).Methods(http.MethodDelete)
r.HandleFunc(VersionedPath("/libpod/play/kube"), s.APIHandler(libpod.PlayKubeDown)).Methods(http.MethodDelete)
return nil
}

2
pkg/api/server/server.go
View File

@ -126,11 +126,11 @@ func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.Ser
server.registerHealthCheckHandlers,
server.registerImagesHandlers,
server.registerInfoHandlers,
server.registerKubeHandlers,
server.registerManifestHandlers,
server.registerMonitorHandlers,
server.registerNetworkHandlers,
server.registerPingHandlers,
server.registerPlayHandlers,
server.registerPluginsHandlers,
server.registerPodsHandlers,
server.registerSecretHandlers,

96
pkg/bindings/kube/kube.go Normal file
View File

@ -0,0 +1,96 @@
package kube
import (
"context"
"io"
"net/http"
"os"
"strconv"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/pkg/auth"
"github.com/containers/podman/v4/pkg/bindings"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/sirupsen/logrus"
)
func Play(ctx context.Context, path string, options *PlayOptions) (*entities.KubePlayReport, error) {
f, err := os.Open(path)
if err != nil {
return nil, err
}
defer f.Close()
return PlayWithBody(ctx, f, options)
}
func PlayWithBody(ctx context.Context, body io.Reader, options *PlayOptions) (*entities.KubePlayReport, error) {
var report entities.KubePlayReport
if options == nil {
options = new(PlayOptions)
}
conn, err := bindings.GetClient(ctx)
if err != nil {
return nil, err
}
params, err := options.ToParams()
if err != nil {
return nil, err
}
if options.SkipTLSVerify != nil {
params.Set("tlsVerify", strconv.FormatBool(options.GetSkipTLSVerify()))
}
if options.Start != nil {
params.Set("start", strconv.FormatBool(options.GetStart()))
}
header, err := auth.MakeXRegistryAuthHeader(&types.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword())
if err != nil {
return nil, err
}
response, err := conn.DoRequest(ctx, body, http.MethodPost, "/kube/play", params, header)
if err != nil {
return nil, err
}
defer response.Body.Close()
if err := response.Process(&report); err != nil {
return nil, err
}
return &report, nil
}
func Down(ctx context.Context, path string) (*entities.KubePlayReport, error) {
f, err := os.Open(path)
if err != nil {
return nil, err
}
defer func() {
if err := f.Close(); err != nil {
logrus.Warn(err)
}
}()
return DownWithBody(ctx, f)
}
func DownWithBody(ctx context.Context, body io.Reader) (*entities.KubePlayReport, error) {
var report entities.KubePlayReport
conn, err := bindings.GetClient(ctx)
if err != nil {
return nil, err
}
response, err := conn.DoRequest(ctx, body, http.MethodDelete, "/kube/play", nil, nil)
if err != nil {
return nil, err
}
if err := response.Process(&report); err != nil {
return nil, err
}
return &report, nil
}

8
pkg/bindings/play/types.go → pkg/bindings/kube/types.go
View File

@ -1,12 +1,12 @@
package play
package kube
import (
"net"
)
//go:generate go run ../generator/generator.go KubeOptions
// KubeOptions are optional options for replaying kube YAML files
type KubeOptions struct {
//go:generate go run ../generator/generator.go PlayOptions
// PlayOptions are optional options for replaying kube YAML files
type PlayOptions struct {
// Annotations - Annotations to add to Pods
Annotations map[string]string
// Authfile - path to an authentication file.

78
pkg/bindings/play/types_kube_options.go → pkg/bindings/kube/types_play_options.go
View File

@ -1,5 +1,5 @@
// Code generated by go generate; DO NOT EDIT.
package play
package kube
import (
"net"
@ -9,23 +9,23 @@ import (
)
// Changed returns true if named field has been set
func (o *KubeOptions) Changed(fieldName string) bool {
func (o *PlayOptions) Changed(fieldName string) bool {
return util.Changed(o, fieldName)
}
// ToParams formats struct fields to be passed to API service
func (o *KubeOptions) ToParams() (url.Values, error) {
func (o *PlayOptions) ToParams() (url.Values, error) {
return util.ToParams(o)
}
// WithAnnotations set field Annotations to given value
func (o *KubeOptions) WithAnnotations(value map[string]string) *KubeOptions {
func (o *PlayOptions) WithAnnotations(value map[string]string) *PlayOptions {
o.Annotations = value
return o
}
// GetAnnotations returns value of field Annotations
func (o *KubeOptions) GetAnnotations() map[string]string {
func (o *PlayOptions) GetAnnotations() map[string]string {
if o.Annotations == nil {
var z map[string]string
return z
@ -34,13 +34,13 @@ func (o *KubeOptions) GetAnnotations() map[string]string {
}
// WithAuthfile set field Authfile to given value
func (o *KubeOptions) WithAuthfile(value string) *KubeOptions {
func (o *PlayOptions) WithAuthfile(value string) *PlayOptions {
o.Authfile = &value
return o
}
// GetAuthfile returns value of field Authfile
func (o *KubeOptions) GetAuthfile() string {
func (o *PlayOptions) GetAuthfile() string {
if o.Authfile == nil {
var z string
return z
@ -49,13 +49,13 @@ func (o *KubeOptions) GetAuthfile() string {
}
// WithCertDir set field CertDir to given value
func (o *KubeOptions) WithCertDir(value string) *KubeOptions {
func (o *PlayOptions) WithCertDir(value string) *PlayOptions {
o.CertDir = &value
return o
}
// GetCertDir returns value of field CertDir
func (o *KubeOptions) GetCertDir() string {
func (o *PlayOptions) GetCertDir() string {
if o.CertDir == nil {
var z string
return z
@ -64,13 +64,13 @@ func (o *KubeOptions) GetCertDir() string {
}
// WithUsername set field Username to given value
func (o *KubeOptions) WithUsername(value string) *KubeOptions {
func (o *PlayOptions) WithUsername(value string) *PlayOptions {
o.Username = &value
return o
}
// GetUsername returns value of field Username
func (o *KubeOptions) GetUsername() string {
func (o *PlayOptions) GetUsername() string {
if o.Username == nil {
var z string
return z
@ -79,13 +79,13 @@ func (o *KubeOptions) GetUsername() string {
}
// WithPassword set field Password to given value
func (o *KubeOptions) WithPassword(value string) *KubeOptions {
func (o *PlayOptions) WithPassword(value string) *PlayOptions {
o.Password = &value
return o
}
// GetPassword returns value of field Password
func (o *KubeOptions) GetPassword() string {
func (o *PlayOptions) GetPassword() string {
if o.Password == nil {
var z string
return z
@ -94,13 +94,13 @@ func (o *KubeOptions) GetPassword() string {
}
// WithNetwork set field Network to given value
func (o *KubeOptions) WithNetwork(value []string) *KubeOptions {
func (o *PlayOptions) WithNetwork(value []string) *PlayOptions {
o.Network = &value
return o
}
// GetNetwork returns value of field Network
func (o *KubeOptions) GetNetwork() []string {
func (o *PlayOptions) GetNetwork() []string {
if o.Network == nil {
var z []string
return z
@ -109,13 +109,13 @@ func (o *KubeOptions) GetNetwork() []string {
}
// WithNoHosts set field NoHosts to given value
func (o *KubeOptions) WithNoHosts(value bool) *KubeOptions {
func (o *PlayOptions) WithNoHosts(value bool) *PlayOptions {
o.NoHosts = &value
return o
}
// GetNoHosts returns value of field NoHosts
func (o *KubeOptions) GetNoHosts() bool {
func (o *PlayOptions) GetNoHosts() bool {
if o.NoHosts == nil {
var z bool
return z
@ -124,13 +124,13 @@ func (o *KubeOptions) GetNoHosts() bool {
}
// WithQuiet set field Quiet to given value
func (o *KubeOptions) WithQuiet(value bool) *KubeOptions {
func (o *PlayOptions) WithQuiet(value bool) *PlayOptions {
o.Quiet = &value
return o
}
// GetQuiet returns value of field Quiet
func (o *KubeOptions) GetQuiet() bool {
func (o *PlayOptions) GetQuiet() bool {
if o.Quiet == nil {
var z bool
return z
@ -139,13 +139,13 @@ func (o *KubeOptions) GetQuiet() bool {
}
// WithSignaturePolicy set field SignaturePolicy to given value
func (o *KubeOptions) WithSignaturePolicy(value string) *KubeOptions {
func (o *PlayOptions) WithSignaturePolicy(value string) *PlayOptions {
o.SignaturePolicy = &value
return o
}
// GetSignaturePolicy returns value of field SignaturePolicy
func (o *KubeOptions) GetSignaturePolicy() string {
func (o *PlayOptions) GetSignaturePolicy() string {
if o.SignaturePolicy == nil {
var z string
return z
@ -154,13 +154,13 @@ func (o *KubeOptions) GetSignaturePolicy() string {
}
// WithSkipTLSVerify set field SkipTLSVerify to given value
func (o *KubeOptions) WithSkipTLSVerify(value bool) *KubeOptions {
func (o *PlayOptions) WithSkipTLSVerify(value bool) *PlayOptions {
o.SkipTLSVerify = &value
return o
}
// GetSkipTLSVerify returns value of field SkipTLSVerify
func (o *KubeOptions) GetSkipTLSVerify() bool {
func (o *PlayOptions) GetSkipTLSVerify() bool {
if o.SkipTLSVerify == nil {
var z bool
return z
@ -169,13 +169,13 @@ func (o *KubeOptions) GetSkipTLSVerify() bool {
}
// WithSeccompProfileRoot set field SeccompProfileRoot to given value
func (o *KubeOptions) WithSeccompProfileRoot(value string) *KubeOptions {
func (o *PlayOptions) WithSeccompProfileRoot(value string) *PlayOptions {
o.SeccompProfileRoot = &value
return o
}
// GetSeccompProfileRoot returns value of field SeccompProfileRoot
func (o *KubeOptions) GetSeccompProfileRoot() string {
func (o *PlayOptions) GetSeccompProfileRoot() string {
if o.SeccompProfileRoot == nil {
var z string
return z
@ -184,13 +184,13 @@ func (o *KubeOptions) GetSeccompProfileRoot() string {
}
// WithStaticIPs set field StaticIPs to given value
func (o *KubeOptions) WithStaticIPs(value []net.IP) *KubeOptions {
func (o *PlayOptions) WithStaticIPs(value []net.IP) *PlayOptions {
o.StaticIPs = &value
return o
}
// GetStaticIPs returns value of field StaticIPs
func (o *KubeOptions) GetStaticIPs() []net.IP {
func (o *PlayOptions) GetStaticIPs() []net.IP {
if o.StaticIPs == nil {
var z []net.IP
return z
@ -199,13 +199,13 @@ func (o *KubeOptions) GetStaticIPs() []net.IP {
}
// WithStaticMACs set field StaticMACs to given value
func (o *KubeOptions) WithStaticMACs(value []net.HardwareAddr) *KubeOptions {
func (o *PlayOptions) WithStaticMACs(value []net.HardwareAddr) *PlayOptions {
o.StaticMACs = &value
return o
}
// GetStaticMACs returns value of field StaticMACs
func (o *KubeOptions) GetStaticMACs() []net.HardwareAddr {
func (o *PlayOptions) GetStaticMACs() []net.HardwareAddr {
if o.StaticMACs == nil {
var z []net.HardwareAddr
return z
@ -214,13 +214,13 @@ func (o *KubeOptions) GetStaticMACs() []net.HardwareAddr {
}
// WithConfigMaps set field ConfigMaps to given value
func (o *KubeOptions) WithConfigMaps(value []string) *KubeOptions {
func (o *PlayOptions) WithConfigMaps(value []string) *PlayOptions {
o.ConfigMaps = &value
return o
}
// GetConfigMaps returns value of field ConfigMaps
func (o *KubeOptions) GetConfigMaps() []string {
func (o *PlayOptions) GetConfigMaps() []string {
if o.ConfigMaps == nil {
var z []string
return z
@ -229,13 +229,13 @@ func (o *KubeOptions) GetConfigMaps() []string {
}
// WithLogDriver set field LogDriver to given value
func (o *KubeOptions) WithLogDriver(value string) *KubeOptions {
func (o *PlayOptions) WithLogDriver(value string) *PlayOptions {
o.LogDriver = &value
return o
}
// GetLogDriver returns value of field LogDriver
func (o *KubeOptions) GetLogDriver() string {
func (o *PlayOptions) GetLogDriver() string {
if o.LogDriver == nil {
var z string
return z
@ -244,13 +244,13 @@ func (o *KubeOptions) GetLogDriver() string {
}
// WithLogOptions set field LogOptions to given value
func (o *KubeOptions) WithLogOptions(value []string) *KubeOptions {
func (o *PlayOptions) WithLogOptions(value []string) *PlayOptions {
o.LogOptions = &value
return o
}
// GetLogOptions returns value of field LogOptions
func (o *KubeOptions) GetLogOptions() []string {
func (o *PlayOptions) GetLogOptions() []string {
if o.LogOptions == nil {
var z []string
return z
@ -259,13 +259,13 @@ func (o *KubeOptions) GetLogOptions() []string {
}
// WithStart set field Start to given value
func (o *KubeOptions) WithStart(value bool) *KubeOptions {
func (o *PlayOptions) WithStart(value bool) *PlayOptions {
o.Start = &value
return o
}
// GetStart returns value of field Start
func (o *KubeOptions) GetStart() bool {
func (o *PlayOptions) GetStart() bool {
if o.Start == nil {
var z bool
return z
@ -274,13 +274,13 @@ func (o *KubeOptions) GetStart() bool {
}
// WithUserns set field Userns to given value
func (o *KubeOptions) WithUserns(value string) *KubeOptions {
func (o *PlayOptions) WithUserns(value string) *PlayOptions {
o.Userns = &value
return o
}
// GetUserns returns value of field Userns
func (o *KubeOptions) GetUserns() string {
func (o *PlayOptions) GetUserns() string {
if o.Userns == nil {
var z string
return z

88
pkg/bindings/play/play.go
View File

@ -3,95 +3,25 @@ package play
import (
"context"
"io"
"net/http"
"os"
"strconv"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/pkg/auth"
"github.com/containers/podman/v4/pkg/bindings"
"github.com/containers/podman/v4/pkg/bindings/kube"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/sirupsen/logrus"
)
func Kube(ctx context.Context, path string, options *KubeOptions) (*entities.PlayKubeReport, error) {
f, err := os.Open(path)
if err != nil {
return nil, err
}
defer f.Close()
type KubeOptions = kube.PlayOptions
return KubeWithBody(ctx, f, options)
func Kube(ctx context.Context, path string, options *KubeOptions) (*entities.PlayKubeReport, error) {
return kube.Play(ctx, path, options)
}
func KubeWithBody(ctx context.Context, body io.Reader, options *KubeOptions) (*entities.PlayKubeReport, error) {
var report entities.PlayKubeReport
if options == nil {
options = new(KubeOptions)
}
conn, err := bindings.GetClient(ctx)
if err != nil {
return nil, err
}
params, err := options.ToParams()
if err != nil {
return nil, err
}
if options.SkipTLSVerify != nil {
params.Set("tlsVerify", strconv.FormatBool(options.GetSkipTLSVerify()))
}
if options.Start != nil {
params.Set("start", strconv.FormatBool(options.GetStart()))
}
header, err := auth.MakeXRegistryAuthHeader(&types.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword())
if err != nil {
return nil, err
}
response, err := conn.DoRequest(ctx, body, http.MethodPost, "/play/kube", params, header)
if err != nil {
return nil, err
}
defer response.Body.Close()
if err := response.Process(&report); err != nil {
return nil, err
}
return &report, nil
return kube.PlayWithBody(ctx, body, options)
}
func KubeDown(ctx context.Context, path string) (*entities.PlayKubeReport, error) {
f, err := os.Open(path)
if err != nil {
return nil, err
}
defer func() {
if err := f.Close(); err != nil {
logrus.Warn(err)
}
}()
return KubeDownWithBody(ctx, f)
func Down(ctx context.Context, path string) (*entities.PlayKubeReport, error) {
return kube.Down(ctx, path)
}
func KubeDownWithBody(ctx context.Context, body io.Reader) (*entities.PlayKubeReport, error) {
var report entities.PlayKubeReport
conn, err := bindings.GetClient(ctx)
if err != nil {
return nil, err
}
response, err := conn.DoRequest(ctx, body, http.MethodDelete, "/play/kube", nil, nil)
if err != nil {
return nil, err
}
if err := response.Process(&report); err != nil {
return nil, err
}
return &report, nil
func DownWithBody(ctx context.Context, body io.Reader) (*entities.PlayKubeReport, error) {
return kube.DownWithBody(ctx, body)
}

2
pkg/domain/entities/play.go
View File

@ -90,6 +90,8 @@ type PlayKubeReport struct {
PlayKubeTeardown
}
type KubePlayReport = PlayKubeReport
// PlayKubeDownOptions are options for tearing down pods
type PlayKubeDownOptions struct{}

5
pkg/domain/infra/tunnel/play.go
View File

@ -5,12 +5,13 @@ import (
"io"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/pkg/bindings/kube"
"github.com/containers/podman/v4/pkg/bindings/play"
"github.com/containers/podman/v4/pkg/domain/entities"
)
func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, opts entities.PlayKubeOptions) (*entities.PlayKubeReport, error) {
options := new(play.KubeOptions).WithAuthfile(opts.Authfile).WithUsername(opts.Username).WithPassword(opts.Password)
options := new(kube.PlayOptions).WithAuthfile(opts.Authfile).WithUsername(opts.Username).WithPassword(opts.Password)
options.WithCertDir(opts.CertDir).WithQuiet(opts.Quiet).WithSignaturePolicy(opts.SignaturePolicy).WithConfigMaps(opts.ConfigMaps)
options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Networks).WithSeccompProfileRoot(opts.SeccompProfileRoot)
options.WithStaticIPs(opts.StaticIPs).WithStaticMACs(opts.StaticMACs)
@ -31,5 +32,5 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, opts en
}
func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, _ entities.PlayKubeDownOptions) (*entities.PlayKubeReport, error) {
return play.KubeDownWithBody(ic.ClientCtx, body)
return play.DownWithBody(ic.ClientCtx, body)
}

28
test/apiv2/25-containersMore.at
View File

@ -53,34 +53,6 @@ t POST libpod/containers/foo/unmount 204
t DELETE libpod/containers/foo?force=true 200
podman run $IMAGE true
t GET libpod/containers/json?last=1 200 \
length=1 \
.[0].Id~[0-9a-f]\\{64\\} \
.[0].Image=$IMAGE \
.[0].Command[0]="true" \
.[0].State~\\\(exited\\\|stopped\\\) \
.[0].ExitCode=0 \
.[0].IsInfra=false
cid=$(jq -r '.[0].Id' <<<"$output")
t GET libpod/generate/kube?names=$cid 200
like "$output" ".*apiVersion:.*" "Check generated kube yaml - apiVersion"
like "$output" ".*kind:\\sPod.*" "Check generated kube yaml - kind: Pod"
like "$output" ".*metadata:.*" "Check generated kube yaml - metadata"
like "$output" ".*spec:.*" "Check generated kube yaml - spec"
t GET "libpod/generate/kube?service=true&names=$cid" 200
like "$output" ".*apiVersion:.*" "Check generated kube yaml(service=true) - apiVersion"
like "$output" ".*kind:\\sPod.*" "Check generated kube yaml(service=true) - kind: Pod"
like "$output" ".*metadata:.*" "Check generated kube yaml(service=true) - metadata"
like "$output" ".*spec:.*" "Check generated kube yaml(service=true) - spec"
like "$output" ".*kind:\\sService.*" "Check generated kube yaml(service=true) - kind: Service"
t DELETE libpod/containers/$cid 200 .[0].Id=$cid
# Create 3 stopped containers to test containers prune
podman run $IMAGE true
podman run $IMAGE true

50
test/apiv2/80-kube.at Normal file
View File

@ -0,0 +1,50 @@
# -*- sh -*-
#
# test more container-related endpoints
#
podman create $IMAGE true
t GET libpod/containers/json?last=1 200 \
length=1 \
.[0].Id~[0-9a-f]\\{64\\} \
.[0].Image=$IMAGE \
.[0].Command[0]="true" \
.[0].IsInfra=false
cid=$(jq -r '.[0].Id' <<<"$output")
# Make sure that generate-kube works
t GET libpod/generate/kube?names=$cid 200
like "$output" ".*apiVersion:.*" "Check generated kube yaml - apiVersion"
like "$output" ".*kind:\\sPod.*" "Check generated kube yaml - kind: Pod"
like "$output" ".*metadata:.*" "Check generated kube yaml - metadata"
like "$output" ".*spec:.*" "Check generated kube yaml - spec"
t GET "libpod/generate/kube?service=true&names=$cid" 200
like "$output" ".*apiVersion:.*" "Check generated kube yaml(service=true) - apiVersion"
like "$output" ".*kind:\\sPod.*" "Check generated kube yaml(service=true) - kind: Pod"
like "$output" ".*metadata:.*" "Check generated kube yaml(service=true) - metadata"
like "$output" ".*spec:.*" "Check generated kube yaml(service=true) - spec"
like "$output" ".*kind:\\sService.*" "Check generated kube yaml(service=true) - kind: Service"
TMPD=$(mktemp -d podman-apiv2-test-kube.XXXXXX)
YAML="${TMPD}/kube.yaml"
echo "$output" > $YAML
t DELETE libpod/containers/$cid 200 .[0].Id=$cid
# Make sure that kube-play works
t POST libpod/kube/play $YAML 200
t DELETE libpod/kube/play $YAML 200
# Make sure that play-kube works
t POST libpod/play/kube $YAML 200
t DELETE libpod/play/kube $YAML 200
rm -rf $TMPD
# vim: filetype=sh

4
test/apiv2/test-apiv2
View File

@ -252,7 +252,7 @@ function t() {
fi
# POST and PUT requests may be followed by one or more key=value pairs.
# Slurp the command line until we see a 3-digit status code.
if [[ $method = "POST" || $method == "PUT" ]]; then
if [[ $method = "POST" || $method == "PUT" || $method = "DELETE" ]]; then
local -a post_args
for arg; do
case "$arg" in
@ -261,6 +261,8 @@ function t() {
*.tar) curl_args+=(--data-binary @$arg);
content_type="application/x-tar";
shift;;
*.yaml) curl_args+=(--data-binary @$arg);
shift;;
application/*) content_type="$arg";
shift;;
[1-9][0-9][0-9]) break;;

34
test/system/700-play.bats
View File

@ -65,12 +65,12 @@ status: {}
RELABEL="system_u:object_r:container_file_t:s0"
@test "podman play with stdin" {
@test "podman kube with stdin" {
TESTDIR=$PODMAN_TMPDIR/testdir
mkdir -p $TESTDIR
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
run_podman play kube - < $PODMAN_TMPDIR/test.yaml
run_podman kube play - < $PODMAN_TMPDIR/test.yaml
if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then
run ls -Zd $TESTDIR
is "$output" "${RELABEL} $TESTDIR" "selinux relabel should have happened"
@ -86,6 +86,20 @@ RELABEL="system_u:object_r:container_file_t:s0"
run_podman pod rm -t 0 -f test_pod
}
@test "podman kube" {
TESTDIR=$PODMAN_TMPDIR/testdir
mkdir -p $TESTDIR
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
run_podman kube play $PODMAN_TMPDIR/test.yaml
if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then
run ls -Zd $TESTDIR
is "$output" "${RELABEL} $TESTDIR" "selinux relabel should have happened"
fi
run_podman stop -a -t 0
run_podman pod rm -t 0 -f test_pod
}
@test "podman play" {
TESTDIR=$PODMAN_TMPDIR/testdir
mkdir -p $TESTDIR
@ -159,13 +173,13 @@ EOF
run_podman 1 container exists $service_container
}
@test "podman play --network" {
@test "podman kube --network" {
TESTDIR=$PODMAN_TMPDIR/testdir
mkdir -p $TESTDIR
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
run_podman 125 play kube --network host $PODMAN_TMPDIR/test.yaml
run_podman 125 kube play --network host $PODMAN_TMPDIR/test.yaml
is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host"
run_podman play kube --network slirp4netns:port_handler=slirp4netns $PODMAN_TMPDIR/test.yaml
run_podman kube play --network slirp4netns:port_handler=slirp4netns $PODMAN_TMPDIR/test.yaml
run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}"
infraID="$output"
run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID
@ -174,7 +188,7 @@ EOF
run_podman stop -a -t 0
run_podman pod rm -t 0 -f test_pod
run_podman play kube --network none $PODMAN_TMPDIR/test.yaml
run_podman kube play --network none $PODMAN_TMPDIR/test.yaml
run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}"
infraID="$output"
run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID
@ -280,12 +294,12 @@ _EOF
run_podman rmi -f userimage:latest
}
@test "podman play --annotation" {
@test "podman kube --annotation" {
TESTDIR=$PODMAN_TMPDIR/testdir
RANDOMSTRING=$(random_string 15)
mkdir -p $TESTDIR
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
run_podman play kube --annotation "name=$RANDOMSTRING" $PODMAN_TMPDIR/test.yaml
run_podman kube play --annotation "name=$RANDOMSTRING" $PODMAN_TMPDIR/test.yaml
run_podman inspect --format "{{ .Config.Annotations }}" test_pod-test
is "$output" ".*name:$RANDOMSTRING" "Annotation should be added to pod"
@ -338,7 +352,7 @@ status: {}
assert "$output" =~ "invalid annotation \"test\"=\"$RANDOMSTRING\"" "Expected to fail with annotation length greater than 63"
}
@test "podman play kube - default log driver" {
@test "podman kube play - default log driver" {
TESTDIR=$PODMAN_TMPDIR/testdir
mkdir -p $TESTDIR
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
@ -347,7 +361,7 @@ status: {}
default_driver=$output
# Make sure that the default log driver is used
run_podman play kube $PODMAN_TMPDIR/test.yaml
run_podman kube play $PODMAN_TMPDIR/test.yaml
run_podman inspect --format "{{.HostConfig.LogConfig.Type}}" test_pod-test
is "$output" "$default_driver" "play kube uses default log driver"