HostPath is currently the only supported VolumeSource

[djnotes]

I am trying to create a pod and start my services on it using Podman play kube deploy.yaml. Since I am using MariaDB database image, I need to pass in a named volume, but Podman does not seem to support it. Here's my deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
spec:
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      volumes:
        - name: webapp_initdb
          hostPath:
              path: /home/johndoe/src/webapp/data
              type: Directory  
        - name: webapp_dbvol
                      
      containers:
      - name: webapp_db
        image: mariadb:10.5
        env:
          - name: MYSQL_ROOT_PASSWORD
            value: password
          - name: MYSQL_DATABASE
            value: webapp
          - name: MYSQL_USER
            value: webapp
          - name: MYSQL_PASSWORD
            value: password
        volumeMounts:
          - name: webapp_dbvol
            mountPath: /var/lib/mysql
          - name: webapp_initdb
            mountPath: /docker-entrypoint-initdb.d

        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 3306
      - name: webapp_app
        image: webapp
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"

The error I get:

Error: Error encountered while bringing up pod myapp-pod-0: HostPath is currently the only supported VolumeSource

[afbjorklund]

Sorry, wrong bug number (ignore "macos: podman 2.0.6 remote support is broken")

[djnotes]

Hi. What does this mean?

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[kwk]

@djnotes I also ran into this issue and found a way to workaround it:

I had this in my YAML at spec.volumes:

  volumes:
    - name: master-secret-volume
      secret:
        secretName: master-secret

In Kubernetes when there's a secret called master-secret, it will automatically be bound to this volume.

Since podman play is not Kubernetes I have no secret, I guess, so I figured to change this to telling which file to mount by using the hostPath:

  volumes:
    - name: master-secret-volume
      hostPath:
            path: master/k8s/secret.yaml

I saw a similar thing in your YAML

      volumes:
        - name: webapp_initdb
          hostPath:
              path: /home/johndoe/src/webapp/data
              type: Directory  
        - name: webapp_dbvol

It's just a guess, but I think the error Error: HostPath is currently the only supported VolumeSource will go away once you either remove the - name: webapp_dbvol line or change it to look similar to the webabb_initdb.

[rhatdan]

@mheon this should be part of the volume plugin work correct?

[mheon]

No, this is not part of the volume plugin work. This is entirely separate and lives exclusively in play kube. Basically we need to figure out the various types of volumes Kubernetes supports and figure out a way of mapping those into Podman volumes.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

We could use some help from community to fix this one.

[djnotes]

Pod:
podman pod create --name test -p 8080:80

Db:
podman run --rm --name mydb --pod test -v webdbvol:/var/lib/mysql -v pwd/data:/docker-entrypoint-initdb.d -e MYSQL_ROOT_PASSWORD=pass -e MYSQL_DATABASE=mydb -e MYSQL_USER=user -e MYSQL_PASSWORD=pass mariadb:10.5

Web:
podman run --rm --name myweb --pod test nginx

Generate:
podman pod generate kube test > test.yaml

Stop and remove pod:
podman pod stop test && podman pod rm test

Play kube file:
podman play kube test.yaml

# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-2.2.1
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2021-01-05T16:57:11Z"
  labels:
    app: test
  name: test
spec:
  containers:
  - command:
    - nginx
    - -g
    - daemon off;
    env:
    - name: PATH
      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - name: TERM
      value: xterm
    - name: container
      value: podman
    - name: PKG_RELEASE
      value: 1~buster
    - name: NGINX_VERSION
      value: 1.19.6
    - name: NJS_VERSION
      value: 0.5.0
    - name: HOSTNAME
      value: test
    image: docker.io/library/nginx:latest
    name: myweb
    ports:
    - containerPort: 80
      hostPort: 8080
      protocol: TCP
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    workingDir: /
  - command:
    - mysqld
    env:
    - name: PATH
      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - name: TERM
      value: xterm
    - name: container
      value: podman
    - name: MYSQL_PASSWORD
      value: pass
    - name: GPG_KEYS
      value: 177F4010FE56CA3336300305F1656F24C74CD1D8
    - name: MYSQL_USER
      value: user
    - name: MYSQL_ROOT_PASSWORD
      value: pass
    - name: MYSQL_DATABASE
      value: mydb
    - name: GOSU_VERSION
      value: "1.12"
    - name: MARIADB_MAJOR
      value: "10.5"
    - name: MARIADB_VERSION
      value: 1:10.5.5+maria~focal
    - name: HOSTNAME
      value: test
    image: docker.io/library/mariadb:10.5
    name: mydb
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    volumeMounts:
    - mountPath: /docker-entrypoint-initdb.d
      name: home-johndoe-src-proj-data
    workingDir: /
  restartPolicy: Never
  volumes:
  - hostPath:
      path: /home/johndoe/src/proj/data
      type: Directory
    name: home-johndoe-src-proj-data
status: {}
---
metadata:
  creationTimestamp: null
spec: {}
status:
  loadBalancer: {}

Seems like the new version has fixed the problem. Hmm, at least we can say it is apparently skipping dealing with named volumes. As you can see, there is no mention of the db named volume in the kube file. So, maybe this can be a close.

[mheon]

This is half-fixed at present. We have added support for additional volume types to podman play kube but not podman generate kube - so named volumes are handled if they are present in the YAML, but we do not presently have support for adding them automatically.

[rhatdan]

This did not make the cut for 3.0 release. Hope to work on it afterwards.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@umohnani8 Any chance you could look at this?

[EduardoVega]

I believe that play kube support for named volumes was added in this PR #8497 and generate kube support for named volumes is being worked here #9749. This information might help.

[mheon]

At this point this is probably a documentation task - we need to document that these additional volume types are supported (I think we also support a few other types in the play kube code at this point, even).

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@EduardoVega Interested in working on this?

[EduardoVega]

@rhatdan let me work on this.

[rhatdan]

While you are in there want to look at #9763

[EduardoVega]

I'll do that

[EduardoVega]

As of Podman version 3.1.2 I can confirm that two volume sources are supported by podman play kube and podman generate kube. These two are HostPath and PersistentVolumeClaim (podman named volumes) types.

Documentation does mention this

• https://github.com/containers/podman/blob/master/docs/source/markdown/podman-generate-kube.1.md
• https://github.com/containers/podman/blob/master/docs/source/markdown/podman-play-kube.1.md

So Podman can

1. Create a pod with named and host path volumes

podman run -d --rm --name mydb --pod new:test -v webdbvol:/var/lib/mysql -v /tmp/data:/docker-entrypoint-initdb.d:Z -p 3306:3306 -e MYSQL_ROOT_PASSWORD=foo -e MYSQL_DATABASE=foo -e MYSQL_USER=foo -e MYSQL_PASSWORD=foo mariadb:10.5

2. Generate a kube pod YAML from the Podman pod

podman generate kube test -f pod.yaml

3. Please notice how both hostpath and named volumes are specified in the kube pod yaml

  volumes:
  - hostPath:
      path: /tmp/data
      type: Directory
    name: tmp-data-host
  - name: webdbvol-pvc
    persistentVolumeClaim:
      claimName: webdbvol

4. Stop and remove current pod and volume

podman pod stop test
podman pod rm test
podman volume rm webdbvol

4. Play generated pod yaml

podman play kube pod.yaml

5. This should create the mariadb container but as of now there is a bug between hostpath volumes and SELinux label in play kube (SELinux volume permission issues when playing kube file (rootless) #9371)

$ podman logs --latest
2021-04-25 15:51:43+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-04-25 15:51:43+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2021-04-25 15:51:43+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
ls: cannot open directory '/docker-entrypoint-initdb.d/': Permission denied

So I believe that this issue could be closed :-)