Add the command along with the abi and tunnel support
Add e2e tests
Add man page
Add apiv2 test to ensure return codes
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Fix the example for RemapGid from keep-id to keep-groups
Reflect the chnages to the support for keep-id in Containers as well
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
If the volume source starts with . resolve the path relative to the
location of the unit file
Update the test code to allow verification of regex for the value in key
value arguments
Add the usage of relative paths to the volume and mount test cases
Update the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
When we searching any image at a container registry,
--cert-dir and --creds could be required
as well as push, pull, etc.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
The --stream flag is being used extensively in the tests and some blog
posts refer to it which has been causing some confusion on why the flag
was hidden. I do not see a good reason to hide it anymore, so unhide it
and add some docs.
[NO NEW TESTS NEEDED] as it's already being tested.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Currently Podman prevents SELinux container separation,
when running within a container. This PR adds a new
--security-opt label=nested
When setting this option, Podman unmasks and mountsi
/sys/fs/selinux into the containers making /sys/fs/selinux
fully exposed. Secondly Podman sets the attribute
run.oci.mount_context_type=rootcontext
This attribute tells crun to mount volumes with rootcontext=MOUNTLABEL
as opposed to context=MOUNTLABEL.
With these two settings Podman inside the container is allowed to set
its own SELinux labels on tmpfs file systems mounted into its parents
container, while still being confined by SELinux. Thus you can have
nested SELinux labeling inside of a container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a way to keep play kube running in the foreground and terminating all pods
after receiving a a SIGINT or SIGTERM signal. The pods will also be
cleaned up after the containers in it have exited.
If an error occurrs during kube play, any resources created till the
error point will be cleane up also.
Add tests for the various scenarios.
Fixes#14522
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Handle the Mount key
Reuse code from the handling of the Volume key
Add E2E Test
E2E Test - Add checker for KeyValue string
Update man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Change podman to Podman
Add a period at the end of all sentences
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Add a note about the restriction of the use of
thre back-ticks in the md files in the options directory.
If this is not done properly, it can quietly corrupt
the compliled man pages.
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Support auto updating containers running inside pods. Similar to
containers, the systemd units need to be generated via
`podman-generate-systemd --new $POD` to generate the pod's units.
Note that auto updating a container inside a pod will restart the entire
pod. Updates of multiple containers inside a pod are batched, such that
a pod is restarted at most once. That is effectively the same mechanism
for auto updating containers in a K8s YAML via the `podman-kube@`
template or via Quadlet.
Updating a single container unit without restarting the entire pod is
not possible. The reasoning behind is that pods are created with
--exit-policy=stop which will render the pod to be stopped when auto
updating the only container inside the pod. The (reverse) dependencies
between the pod and its containers unit have been carefully selected for
robustness. Changes may entail undesired side effects or backward
incompatibilities that I am not comfortable with.
Fixes: #17181
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Ygal Blum
OpenShift Merge Robot
Valentin Rothberg
Daniel J Walsh
tomsweeneyredhat
Alex Willmer
Marek Czernek
Toshiki Sonoda
restitux
Urvashi Mohnani
vyasgun
Matt Heon
T K Chandra Hasan
Rahil Bhimjiani