Move container to pod #3979

abitrolly · 2019-09-10T12:19:53Z

/kind feature

Is it possible to move container into a pod? I want to expose container ports without killing it (#3949) and I thought that maybe moving it to a pod can accomplish this.

Output of podman version:

➜  ~ podman version
Version:            1.5.1
RemoteAPI Version:  1
Go Version:         go1.12.7
OS/Arch:            linux/amd64

The text was updated successfully, but these errors were encountered:

baude · 2019-09-10T12:42:01Z

you cannot currently do this with podman. we have discussed being able to "add" a container with new ports to a pod but that feature is not implemented yet either.

rhatdan · 2019-09-11T14:39:18Z

You can add a container to an existing container my combining the namespaces.

abitrolly · 2019-09-11T15:32:46Z

@rhatdan you mean to existing pod? What is the command to combine namespaces?

rhatdan · 2019-09-11T18:36:27Z

Well all a pod is, is a bunch of containers sharing namespaces (and cgroups)

If I have an existing container and do

podman run --pid container:containerA --net container:containerA --ipc container:containerA ...

Then the two containers will basically work as a pod.

mheon · 2019-09-11T18:41:54Z

Actually explicitly restricted - you can only share namespaces with a container in a pod if you are part of the pod. Removal ordering issues - need to be able to remove a pod without leaving straggler containers that want to use its resources.

abitrolly · 2019-09-13T10:32:10Z

How does it work in the following user story.

I created container with PostgreSQL named postcon

$ podman run -d --name postcon postgres

I forgot to expose port 5432 to access the db, and instead of restarting container I decide to create a pod name postpod with exposed port, and move container there

$ podman pod create --name postpod -p 5432

Now I need to move the postcon container to postpod pod. Now it gets complicated.

pod is just a namespace and cgroup (that's on kernel level). container is in the pod when its namespace is "combined" with pod namespace. podman doesn't expose interface for combining namespaces.

Is that right?

rhatdan · 2019-09-13T10:51:26Z

Yes, you can not add an existing container to a pod, because of the conflicts in namespaces, and cgroups.

abitrolly · 2019-09-13T12:58:51Z

Is it possible to detect those conflicts and resolve them one by one manually?

mheon · 2019-09-13T13:15:21Z

We've discussed a 'podman clone' command - copy an existing container and make changes (like moving to a pod). That would be the easiest way forward for this that I can see.

…

On Fri, Sep 13, 2019, 08:58 Anatoli Babenia ***@***.***> wrote: Is it possible to detect those conflicts and resolve them one by one manually? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#3979>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB3AOCG2EC7CKQANEPNKLILQJOFA7ANCNFSM4IVG5YIA> .

abitrolly · 2019-09-13T13:39:05Z

@mheon is it possible to make changes to container checkpoints that are used for live migrations https://criu.org/Podman ?

mheon · 2019-09-13T13:54:13Z

Not at present - but we'd probably use a similar mechanism for podman clone

github-actions · 2019-10-31T00:08:22Z

This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days.

vrothberg · 2019-10-31T07:44:13Z

Added the "do-not-close" label as I'm sure this is something worth adding.

abitrolly · 2019-12-14T14:11:33Z

If I make a checkpoint.

podman container checkpoint -l -e /tmp/chkpt.tar.gz

Why it is not possible to restore it inside a pod?

adrianreber · 2019-12-17T07:46:14Z

If I make a checkpoint.
podman container checkpoint -l -e /tmp/chkpt.tar.gz
Why it is not possible to restore it inside a pod?

CRIU cannot handle this currently. If CRIU restores a process running in namespaces, CRIU currently also restores all namespaces. For Podman we introduced the possibility in CRIU to restore a container into an existing network namespace, because Podman uses CNI to create network namespaces and CRIU can now restore a container into an existing network namespace. To restore a process into an existing network namespace is the big difference between Podman's checkpoint/restore support and other container engines.

With this as background it should be possible to extend CRIU to restore a process (container) into an existing set of namespaces (a pod). But this requires work on the CRIU level, runc and Podman level. It is doable, but not something which is being worked on (at least from what I know from the CRIU point of view).

rhatdan · 2020-02-17T20:17:56Z

Is anyone working on this? Planning to work on this?

mheon · 2020-02-17T22:18:56Z

It should be part of podman container clone, which nobody is actively working on. However, the work @baude is doing with create for APIv2 is making clone a lot closer than it once was.

rhatdan · 2020-06-09T16:50:34Z

@mheon Reminder.

mheon · 2020-06-09T16:55:41Z

I have cards for podman container clone, so hopefully this gets done this summer

adrianreber · 2020-06-09T17:05:13Z

Not sure what clone is exactly about, but I started to work on enabling restoring a container into an existing PID namespace: checkpoint-restore/criu#1056

rhatdan · 2020-09-10T18:23:36Z

@mheon Should we merge a bunch of these issues together that requires podman container clone

mheon · 2020-09-10T18:26:56Z

@rhatdan Agree, that sounds like a good idea

github-actions · 2020-10-17T00:20:00Z