From 641f0ccc4eb999af3c2a01d709769287ba45451c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 22 Sep 2021 17:08:21 -0400 Subject: [PATCH] Add podman play kube --no-hosts options This option will setup the containers to not modify their /etc/hosts file and just use the one from the image. Fixes: https://github.com/containers/podman/issues/9500 Signed-off-by: Daniel J Walsh --- cmd/podman/play/kube.go | 1 + docs/source/markdown/podman-play-kube.1.md | 4 ++ pkg/api/handlers/libpod/play.go | 2 + pkg/bindings/play/play.go | 3 +- pkg/bindings/play/types.go | 2 + pkg/bindings/play/types_kube_options.go | 15 ++++++++ pkg/domain/entities/play.go | 3 ++ pkg/domain/infra/abi/play.go | 2 +- pkg/domain/infra/tunnel/play.go | 2 +- pkg/specgen/generate/kube/kube.go | 7 +++- test/e2e/play_kube_test.go | 43 ++++++++++++++++++++++ 11 files changed, 78 insertions(+), 6 deletions(-) diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go index 9308371d25..85e0c279c4 100644 --- a/cmd/podman/play/kube.go +++ b/cmd/podman/play/kube.go @@ -78,6 +78,7 @@ func init() { flags.StringVar(&kubeOptions.LogDriver, logDriverFlagName, "", "Logging driver for the container") _ = kubeCmd.RegisterFlagCompletionFunc(logDriverFlagName, common.AutocompleteLogDriver) + flags.BoolVar(&kubeOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the pod's containers, instead use the version from the image") flags.BoolVarP(&kubeOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images") flags.BoolVar(&kubeOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") flags.BoolVar(&kubeOptions.StartCLI, "start", true, "Start the pod after creating it") diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index 7e3e0f431b..a4b9722b86 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -138,6 +138,10 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks. - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks. +#### **--no-hosts** + +Do not create /etc/hosts within the pod's containers, instead use the version from the image + #### **--quiet**, **-q** Suppress output information when pulling images diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go index 0def328217..851e0f6c89 100644 --- a/pkg/api/handlers/libpod/play.go +++ b/pkg/api/handlers/libpod/play.go @@ -29,6 +29,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) { Start bool `schema:"start"` StaticIPs []string `schema:"staticIPs"` StaticMACs []string `schema:"staticMACs"` + NoHosts bool `schema:"noHosts"` }{ TLSVerify: true, Start: true, @@ -102,6 +103,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) { Username: username, Password: password, Network: query.Network, + NoHosts: query.NoHosts, Quiet: true, LogDriver: query.LogDriver, StaticIPs: staticIPs, diff --git a/pkg/bindings/play/play.go b/pkg/bindings/play/play.go index 89a6f9b65e..bdd13d03d0 100644 --- a/pkg/bindings/play/play.go +++ b/pkg/bindings/play/play.go @@ -6,11 +6,10 @@ import ( "os" "strconv" - "github.com/sirupsen/logrus" - "github.com/containers/podman/v3/pkg/auth" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/domain/entities" + "github.com/sirupsen/logrus" ) func Kube(ctx context.Context, path string, options *KubeOptions) (*entities.PlayKubeReport, error) { diff --git a/pkg/bindings/play/types.go b/pkg/bindings/play/types.go index 7870691699..fdfc4a6fa5 100644 --- a/pkg/bindings/play/types.go +++ b/pkg/bindings/play/types.go @@ -17,6 +17,8 @@ type KubeOptions struct { Password *string // Network - name of the CNI network to connect to. Network *string + // NoHosts - do not generate /etc/hosts file in pod's containers + NoHosts *bool // Quiet - suppress output when pulling images. Quiet *bool // SignaturePolicy - path to a signature-policy file. diff --git a/pkg/bindings/play/types_kube_options.go b/pkg/bindings/play/types_kube_options.go index 65757cc5e8..1a63243028 100644 --- a/pkg/bindings/play/types_kube_options.go +++ b/pkg/bindings/play/types_kube_options.go @@ -93,6 +93,21 @@ func (o *KubeOptions) GetNetwork() string { return *o.Network } +// WithNoHosts set field NoHosts to given value +func (o *KubeOptions) WithNoHosts(value bool) *KubeOptions { + o.NoHosts = &value + return o +} + +// GetNoHosts returns value of field NoHosts +func (o *KubeOptions) GetNoHosts() bool { + if o.NoHosts == nil { + var z bool + return z + } + return *o.NoHosts +} + // WithQuiet set field Quiet to given value func (o *KubeOptions) WithQuiet(value bool) *KubeOptions { o.Quiet = &value diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go index f630b3f248..af4b0fc350 100644 --- a/pkg/domain/entities/play.go +++ b/pkg/domain/entities/play.go @@ -17,6 +17,9 @@ type PlayKubeOptions struct { // Down indicates whether to bring contents of a yaml file "down" // as in stop Down bool + // Do not create /etc/hosts within the pod's containers, + // instead use the version from the image + NoHosts bool // Username for authenticating against the registry. Username string // Password for authenticating against the registry. diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index cf72a6253a..751d6cc05f 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -181,7 +181,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } } - podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}}} + podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}, NoHosts: options.NoHosts}} podOpt, err = kube.ToPodOpt(ctx, podName, podOpt, podYAML) if err != nil { return nil, err diff --git a/pkg/domain/infra/tunnel/play.go b/pkg/domain/infra/tunnel/play.go index e39751a188..0b1c3d2ca5 100644 --- a/pkg/domain/infra/tunnel/play.go +++ b/pkg/domain/infra/tunnel/play.go @@ -13,7 +13,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, opts entit options.WithCertDir(opts.CertDir).WithQuiet(opts.Quiet).WithSignaturePolicy(opts.SignaturePolicy).WithConfigMaps(opts.ConfigMaps) options.WithLogDriver(opts.LogDriver).WithNetwork(opts.Network).WithSeccompProfileRoot(opts.SeccompProfileRoot) options.WithStaticIPs(opts.StaticIPs).WithStaticMACs(opts.StaticMACs) - + options.WithNoHosts(opts.NoHosts) if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined { options.WithSkipTLSVerify(s == types.OptionalBoolTrue) } diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 9389b1a205..194c8dce50 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -26,8 +26,8 @@ import ( ) func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, podYAML *v1.PodTemplateSpec) (entities.PodCreateOptions, error) { - // p := specgen.NewPodSpecGenerator() - p.Net = &entities.NetOptions{} + p.Net = &entities.NetOptions{NoHosts: p.Net.NoHosts} + p.Name = podName p.Labels = podYAML.ObjectMeta.Labels // Kube pods must share {ipc, net, uts} by default @@ -47,6 +47,9 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, p.Net.Network = specgen.Namespace{NSMode: "host"} } if podYAML.Spec.HostAliases != nil { + if p.Net.NoHosts { + return p, errors.New("HostAliases in yaml file will not work with --no-hosts") + } hosts := make([]string, 0, len(podYAML.Spec.HostAliases)) for _, hostAlias := range podYAML.Spec.HostAliases { for _, host := range hostAlias.Hostnames { diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 83ce751e6d..a29d0ad460 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -1137,6 +1137,49 @@ var _ = Describe("Podman play kube", func() { Expect(infraContainerImage).To(Equal(config.DefaultInfraImage)) }) + It("podman play kube --no-host", func() { + err := writeYaml(checkInfraImagePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", "--no-hosts", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + podInspect := podmanTest.Podman([]string{"pod", "inspect", "check-infra-image"}) + podInspect.WaitWithDefaultTimeout() + Expect(podInspect).Should(Exit(0)) + + data := podInspect.InspectPodToJSON() + for _, ctr := range data.Containers { + if strings.HasSuffix(ctr.Name, "-infra") { + continue + } + exec := podmanTest.Podman([]string{"exec", ctr.ID, "cat", "/etc/hosts"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).To(Not(ContainSubstring("check-infra-image"))) + } + }) + + It("podman play kube test HostAliases with --no-hosts", func() { + pod := getPod(withHostAliases("192.168.1.2", []string{ + "test1.podman.io", + "test2.podman.io", + }), + withHostAliases("192.168.1.3", []string{ + "test3.podman.io", + "test4.podman.io", + }), + ) + err := generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", "--no-hosts", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(125)) + Expect(kube.ErrorToString()).To(ContainSubstring("HostAliases in yaml file will not work with --no-hosts")) + }) + It("podman play kube should use customized infra_image", func() { conffile := filepath.Join(podmanTest.TempDir, "container.conf")