mirror of https://github.com/containers/podman.git
				
				
				
			Support sysctl configs via podman kube play
Support sysctl configuration from Pod spec via podman kube play CLI Closes #16711 Signed-off-by: T K Chandra Hasan <t.k.chandra.hasan@ibm.com>
This commit is contained in:
		
							parent
							
								
									e8a8433641
								
							
						
					
					
						commit
						94d4b5278f
					
				|  | @ -107,6 +107,17 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, | ||||||
| 			p.Net.DNSOptions = dnsOptions | 			p.Net.DNSOptions = dnsOptions | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
|  | 
 | ||||||
|  | 	if pscConfig := podYAML.Spec.SecurityContext; pscConfig != nil { | ||||||
|  | 		// Extract sysctl list from pod security context
 | ||||||
|  | 		if options := pscConfig.Sysctls; len(options) > 0 { | ||||||
|  | 			sysctlOptions := make([]string, 0, len(options)) | ||||||
|  | 			for _, opts := range options { | ||||||
|  | 				sysctlOptions = append(sysctlOptions, opts.Name+"="+opts.Value) | ||||||
|  | 			} | ||||||
|  | 			p.Sysctl = sysctlOptions | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
| 	return p, nil | 	return p, nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -264,6 +264,10 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) { | ||||||
| 		p.InfraContainerSpec.ConmonPidFile = p.InfraConmonPidFile | 		p.InfraContainerSpec.ConmonPidFile = p.InfraConmonPidFile | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  | 	if p.Sysctl != nil && len(p.Sysctl) > 0 { | ||||||
|  | 		p.InfraContainerSpec.Sysctl = p.Sysctl | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	p.InfraContainerSpec.Image = p.InfraImage | 	p.InfraContainerSpec.Image = p.InfraImage | ||||||
| 	return p.InfraContainerSpec, nil | 	return p.InfraContainerSpec, nil | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -967,6 +967,49 @@ spec: | ||||||
|     command: ['sh', '-c', 'ls -l /proc/self/ns/ipc'] |     command: ['sh', '-c', 'ls -l /proc/self/ns/ipc'] | ||||||
| ` | ` | ||||||
| 
 | 
 | ||||||
|  | var podWithSysctlDefined = ` | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Pod | ||||||
|  | metadata: | ||||||
|  |   name: test-sysctl | ||||||
|  | spec: | ||||||
|  |   securityContext: | ||||||
|  |     sysctls: | ||||||
|  |     - name: kernel.msgmax | ||||||
|  |       value: "65535" | ||||||
|  |     - name: net.core.somaxconn | ||||||
|  |       value: "65535" | ||||||
|  |   containers: | ||||||
|  |   - name: alpine | ||||||
|  |     image: quay.io/libpod/alpine:latest | ||||||
|  |     command: | ||||||
|  |     - "/bin/sh" | ||||||
|  |     - "-c" | ||||||
|  |     - "sysctl kernel.msgmax;sysctl net.core.somaxconn" | ||||||
|  | ` | ||||||
|  | 
 | ||||||
|  | var podWithSysctlHostNetDefined = ` | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Pod | ||||||
|  | metadata: | ||||||
|  |   name: test-sysctl | ||||||
|  | spec: | ||||||
|  |   securityContext: | ||||||
|  |     sysctls: | ||||||
|  |     - name: kernel.msgmax | ||||||
|  |       value: "65535" | ||||||
|  |     - name: net.core.somaxconn | ||||||
|  |       value: "65535" | ||||||
|  |   hostNetwork: true | ||||||
|  |   containers: | ||||||
|  |   - name: alpine | ||||||
|  |     image: quay.io/libpod/alpine:latest | ||||||
|  |     command: | ||||||
|  |     - "/bin/sh" | ||||||
|  |     - "-c" | ||||||
|  |     - "sysctl kernel.msgmax" | ||||||
|  | ` | ||||||
|  | 
 | ||||||
| var ( | var ( | ||||||
| 	defaultCtrName        = "testCtr" | 	defaultCtrName        = "testCtr" | ||||||
| 	defaultCtrCmd         = []string{"top"} | 	defaultCtrCmd         = []string{"top"} | ||||||
|  | @ -5034,4 +5077,29 @@ spec: | ||||||
| 		Expect(inspect.OutputToString()).To(ContainSubstring("\"Aliases\": [ \"" + ctrName + "\"")) | 		Expect(inspect.OutputToString()).To(ContainSubstring("\"Aliases\": [ \"" + ctrName + "\"")) | ||||||
| 	}) | 	}) | ||||||
| 
 | 
 | ||||||
|  | 	It("podman play kube test with sysctl defined", func() { | ||||||
|  | 		SkipIfRootless("Network sysctls are not available for rootless") | ||||||
|  | 		err := writeYaml(podWithSysctlDefined, kubeYaml) | ||||||
|  | 		Expect(err).ToNot(HaveOccurred()) | ||||||
|  | 
 | ||||||
|  | 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) | ||||||
|  | 		kube.WaitWithDefaultTimeout() | ||||||
|  | 		Expect(kube).Should(Exit(0)) | ||||||
|  | 
 | ||||||
|  | 		logs := podmanTest.Podman([]string{"pod", "logs", "-c", "test-sysctl-alpine", "test-sysctl"}) | ||||||
|  | 		logs.WaitWithDefaultTimeout() | ||||||
|  | 		Expect(logs).Should(Exit(0)) | ||||||
|  | 		Expect(logs.OutputToString()).To(ContainSubstring("kernel.msgmax = 65535")) | ||||||
|  | 		Expect(logs.OutputToString()).To(ContainSubstring("net.core.somaxconn = 65535")) | ||||||
|  | 	}) | ||||||
|  | 
 | ||||||
|  | 	It("podman play kube test with sysctl & host network defined", func() { | ||||||
|  | 		SkipIfRootless("Network sysctls are not available for rootless") | ||||||
|  | 		err := writeYaml(podWithSysctlHostNetDefined, kubeYaml) | ||||||
|  | 		Expect(err).ToNot(HaveOccurred()) | ||||||
|  | 
 | ||||||
|  | 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) | ||||||
|  | 		kube.WaitWithDefaultTimeout() | ||||||
|  | 		Expect(kube).Should(Exit(125)) | ||||||
|  | 	}) | ||||||
| }) | }) | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue