Skip to content

Commit

Permalink
kube-play: add support for HostPID in podSpec
Browse files Browse the repository at this point in the history
* test/play_kube: add tests for hostPID

Signed-off-by: danishprakash <[email protected]>
  • Loading branch information
danishprakash committed Jan 20, 2023
1 parent 17f89c9 commit 3ae84fe
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 1 deletion.
2 changes: 1 addition & 1 deletion docs/kubernetes_support.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ Note: **N/A** means that the option cannot be supported in a single-node Podman
| dnsConfig.searches ||
| dnsPolicy | |
| hostNetwork ||
| hostPID | |
| hostPID | |
| hostIPC | |
| shareProcessNamespace ||
| serviceAccountName | |
Expand Down
1 change: 1 addition & 0 deletions pkg/domain/infra/abi/play.go
Original file line number Diff line number Diff line change
Expand Up @@ -722,6 +722,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
RestartPolicy: ctrRestartPolicy,
SeccompPaths: seccompPaths,
SecretsManager: secretsManager,
PidNSIsHost: p.Pid.IsHost(),
UserNSIsHost: p.Userns.IsHost(),
Volumes: volumes,
}
Expand Down
8 changes: 8 additions & 0 deletions pkg/specgen/generate/kube/kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions,
if podYAML.Spec.ShareProcessNamespace != nil && *podYAML.Spec.ShareProcessNamespace {
p.Share = append(p.Share, "pid")
}
if podYAML.Spec.HostPID {
p.Pid = "host"
}
p.Hostname = podYAML.Spec.Hostname
if p.Hostname == "" {
p.Hostname = podName
Expand Down Expand Up @@ -131,6 +134,8 @@ type CtrSpecGenOptions struct {
NetNSIsHost bool
// UserNSIsHost tells the container to use the host userns
UserNSIsHost bool
// PidNSIsHost tells the container to use the host pidns
PidNSIsHost bool
// SecretManager to access the secrets
SecretsManager *secrets.SecretsManager
// LogDriver which should be used for the container
Expand Down Expand Up @@ -462,6 +467,9 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
if opts.UserNSIsHost {
s.UserNS.NSMode = specgen.Host
}
if opts.PidNSIsHost {
s.PidNS.NSMode = specgen.Host
}

// Add labels that come from kube
if len(s.Labels) == 0 {
Expand Down
33 changes: 33 additions & 0 deletions test/e2e/play_kube_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -940,6 +940,19 @@ spec:
protocol: tcp
`

var podWithHostPIDDefined = `
apiVersion: v1
kind: Pod
metadata:
name: test-hostpid
spec:
hostPID: true
containers:
- name: alpine
image: quay.io/libpod/alpine:latest
command: ['sh', '-c', 'echo $$']
`

var (
defaultCtrName = "testCtr"
defaultCtrCmd = []string{"top"}
Expand Down Expand Up @@ -4931,4 +4944,24 @@ spec:
Expect(strings.Count(kube.OutputToString(), "Pod:")).To(Equal(1))
Expect(strings.Count(kube.OutputToString(), "Container:")).To(Equal(1))
})

It("podman play kube test with hostPID", func() {
err := writeYaml(podWithHostPIDDefined, kubeYaml)
Expect(err).ToNot(HaveOccurred())

kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
kube.WaitWithDefaultTimeout()
Expect(kube).Should(Exit(0))

logs := podmanTest.Podman([]string{"pod", "logs", "-c", "test-hostpid-alpine", "test-hostpid"})
logs.WaitWithDefaultTimeout()
Expect(logs).Should(Exit(0))
Expect(logs.OutputToString()).To(Not(Equal("1")), "PID should never be 1 because of host pidns")

inspect := podmanTest.Podman([]string{"inspect", "test-hostpid-alpine", "--format", "{{ .HostConfig.PidMode }}"})
inspect.WaitWithDefaultTimeout()
Expect(inspect).Should(Exit(0))
Expect(inspect.OutputToString()).To(Equal("host"))
})

})

0 comments on commit 3ae84fe

Please sign in to comment.