Skip to content

Commit

Permalink
remote: fix podman-remote play kube --userns
Browse files Browse the repository at this point in the history
Fix `podman play kube --userns` to work in remote environment.

Related: #17392

Signed-off-by: Toshiki Sonoda <[email protected]>
  • Loading branch information
sstosh committed Jul 12, 2023
1 parent 5444073 commit c6b5b9a
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 0 deletions.
2 changes: 2 additions & 0 deletions pkg/api/handlers/libpod/kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func KubePlay(w http.ResponseWriter, r *http.Request) {
StaticIPs []string `schema:"staticIPs"`
StaticMACs []string `schema:"staticMACs"`
NoHosts bool `schema:"noHosts"`
Userns string `schema:"userns"`
PublishPorts []string `schema:"publishPorts"`
NoTrunc bool `schema:"noTrunc"`
Wait bool `schema:"wait"`
Expand Down Expand Up @@ -98,6 +99,7 @@ func KubePlay(w http.ResponseWriter, r *http.Request) {
StaticIPs: staticIPs,
StaticMACs: staticMACs,
IsRemote: true,
Userns: query.Userns,
PublishPorts: query.PublishPorts,
Wait: query.Wait,
ServiceContainer: query.ServiceContainer,
Expand Down
4 changes: 4 additions & 0 deletions pkg/api/server/register_kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,10 @@ func (s *APIServer) registerKubeHandlers(r *mux.Router) error {
// type: boolean
// default: false
// description: use annotations that are not truncated to the Kubernetes maximum length of 63 characters
// - in: query
// name: userns
// type: string
// description: Set the user namespace mode for the pods.
// - in: body
// name: request
// description: Kubernetes YAML file.
Expand Down
19 changes: 19 additions & 0 deletions test/e2e/play_kube_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4580,6 +4580,25 @@ ENV OPENJ9_JAVA_OPTIONS=%q
Expect(usernsInCtr).Should(Exit(0))
Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig))))

kube = podmanTest.PodmanNoCache([]string{"play", "kube", "--replace", "--userns=keep-id", kubeYaml})
kube.WaitWithDefaultTimeout()
Expect(kube).Should(Exit(0))

usernsInCtr = podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "id", "-u"})
usernsInCtr.WaitWithDefaultTimeout()
Expect(usernsInCtr).Should(Exit(0))
uid := fmt.Sprintf("%d", os.Geteuid())
Expect(string(usernsInCtr.Out.Contents())).To(ContainSubstring(uid))

kube = podmanTest.PodmanNoCache([]string{"play", "kube", "--replace", "--userns=keep-id:uid=10,gid=12", kubeYaml})
kube.WaitWithDefaultTimeout()
Expect(kube).Should(Exit(0))

usernsInCtr = podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "sh", "-c", "echo $(id -u):$(id -g)"})
usernsInCtr.WaitWithDefaultTimeout()
Expect(usernsInCtr).Should(Exit(0))
Expect(string(usernsInCtr.Out.Contents())).To(ContainSubstring("10:12"))

// Now try with hostUsers in the pod spec
for _, hostUsers := range []bool{true, false} {
pod = getPod(withHostUsers(hostUsers))
Expand Down

0 comments on commit c6b5b9a

Please sign in to comment.