Skip to content

Commit

Permalink
Support sysctl configs via podman kube play
Browse files Browse the repository at this point in the history
Support sysctl configuration from Pod spec via podman kube play CLI

Closes #16711

Signed-off-by: T K Chandra Hasan <[email protected]>
  • Loading branch information
hasan4791 committed Feb 16, 2023
1 parent e8a8433 commit 94d4b52
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 0 deletions.
11 changes: 11 additions & 0 deletions pkg/specgen/generate/kube/kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,17 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions,
p.Net.DNSOptions = dnsOptions
}
}

if pscConfig := podYAML.Spec.SecurityContext; pscConfig != nil {
// Extract sysctl list from pod security context
if options := pscConfig.Sysctls; len(options) > 0 {
sysctlOptions := make([]string, 0, len(options))
for _, opts := range options {
sysctlOptions = append(sysctlOptions, opts.Name+"="+opts.Value)
}
p.Sysctl = sysctlOptions
}
}
return p, nil
}

Expand Down
4 changes: 4 additions & 0 deletions pkg/specgen/generate/pod_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,10 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
p.InfraContainerSpec.ConmonPidFile = p.InfraConmonPidFile
}

if p.Sysctl != nil && len(p.Sysctl) > 0 {
p.InfraContainerSpec.Sysctl = p.Sysctl
}

p.InfraContainerSpec.Image = p.InfraImage
return p.InfraContainerSpec, nil
}
Expand Down
68 changes: 68 additions & 0 deletions test/e2e/play_kube_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -967,6 +967,49 @@ spec:
command: ['sh', '-c', 'ls -l /proc/self/ns/ipc']
`

var podWithSysctlDefined = `
apiVersion: v1
kind: Pod
metadata:
name: test-sysctl
spec:
securityContext:
sysctls:
- name: kernel.msgmax
value: "65535"
- name: net.core.somaxconn
value: "65535"
containers:
- name: alpine
image: quay.io/libpod/alpine:latest
command:
- "/bin/sh"
- "-c"
- "sysctl kernel.msgmax;sysctl net.core.somaxconn"
`

var podWithSysctlHostNetDefined = `
apiVersion: v1
kind: Pod
metadata:
name: test-sysctl
spec:
securityContext:
sysctls:
- name: kernel.msgmax
value: "65535"
- name: net.core.somaxconn
value: "65535"
hostNetwork: true
containers:
- name: alpine
image: quay.io/libpod/alpine:latest
command:
- "/bin/sh"
- "-c"
- "sysctl kernel.msgmax"
`

var (
defaultCtrName = "testCtr"
defaultCtrCmd = []string{"top"}
Expand Down Expand Up @@ -5034,4 +5077,29 @@ spec:
Expect(inspect.OutputToString()).To(ContainSubstring("\"Aliases\": [ \"" + ctrName + "\""))
})

It("podman play kube test with sysctl defined", func() {
SkipIfRootless("Network sysctls are not available for rootless")
err := writeYaml(podWithSysctlDefined, kubeYaml)
Expect(err).ToNot(HaveOccurred())

kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
kube.WaitWithDefaultTimeout()
Expect(kube).Should(Exit(0))

logs := podmanTest.Podman([]string{"pod", "logs", "-c", "test-sysctl-alpine", "test-sysctl"})
logs.WaitWithDefaultTimeout()
Expect(logs).Should(Exit(0))
Expect(logs.OutputToString()).To(ContainSubstring("kernel.msgmax = 65535"))
Expect(logs.OutputToString()).To(ContainSubstring("net.core.somaxconn = 65535"))
})

It("podman play kube test with sysctl & host network defined", func() {
SkipIfRootless("Network sysctls are not available for rootless")
err := writeYaml(podWithSysctlHostNetDefined, kubeYaml)
Expect(err).ToNot(HaveOccurred())

kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
kube.WaitWithDefaultTimeout()
Expect(kube).Should(Exit(125))
})
})

0 comments on commit 94d4b52

Please sign in to comment.