Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generate kube: do not print privileged: false #11995

Closed
dilyanpalauzov opened this issue Oct 15, 2021 · 3 comments · Fixed by #12021
Closed

generate kube: do not print privileged: false #11995

dilyanpalauzov opened this issue Oct 15, 2021 · 3 comments · Fixed by #12021
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@dilyanpalauzov
Copy link
Contributor 

$ podman generate kube <id>
apiVersion: v1
kind: Pod    
spec:
  containers:
    securityContext:
      privileged: false

According to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 the default value for privileged is false, so emitting privileged: false is redundant.
@rhatdan
Copy link
Member

rhatdan commented Oct 15, 2021

What podman command did you use to generate the pod or container?

@rhatdan
Copy link
Member

rhatdan commented Oct 15, 2021

@dilyanpalauzov It is great that you are doing these tests, but please include the steps on how to create the containers that you are generating the kube yaml from.

@dilyanpalauzov
Copy link
Contributor Author

I run a container as described at https://mail.aegee.org/cgit/aegee-ldap/tree/readme.md#n13.

podman run --read-only=true --mount type=bind,src=data,dst=/data,relabel=private --security-opt=no-new-privileges --read-only-tmpfs=false -d -p=3890:3890 localhost/openldap:2021-09-21

@rhatdan rhatdan mentioned this issue Oct 18, 2021
Merged
rhatdan added a commit to rhatdan/podman that referenced this issue Oct 19, 2021
@rhatdan
Generate Kube should not print default structs
517b56b 
If podman uses Workdir="/" or the workdir specified in the image, it
should not add it to the yaml.
If Podman find environment variables in the image, they should not
get added to the yaml.

If the container or pod do not have changes to SELinux we should not
print seLinuxOpt{}

If the container or pod do not change any dns options the yaml should
not have a dnsOption={}

If the container is not privileged it should not have privileged=false
in the yaml.

Fixes: containers#11995

Signed-off-by: Daniel J Walsh <[email protected]>
mheon pushed a commit to mheon/libpod that referenced this issue Nov 12, 2021
@rhatdan @mheon
Generate Kube should not print default structs
b3eaa08 
If podman uses Workdir="/" or the workdir specified in the image, it
should not add it to the yaml.
If Podman find environment variables in the image, they should not
get added to the yaml.

If the container or pod do not have changes to SELinux we should not
print seLinuxOpt{}

If the container or pod do not change any dns options the yaml should
not have a dnsOption={}

If the container is not privileged it should not have privileged=false
in the yaml.

Fixes: containers#11995

Signed-off-by: Daniel J Walsh <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Generate Kube should not print default structs rhatdan/podman
2 participants
@rhatdan @dilyanpalauzov