Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle advanced --network options in podman play kube #10816

Merged
merged 1 commit into from
Jun 30, 2021
Merged

Handle advanced --network options in podman play kube #10816

merged 1 commit into from
Jun 30, 2021
+50 −19

Conversation

rhatdan
Copy link
Member

@rhatdan rhatdan commented Jun 29, 2021

Since Podman create/run can support this, so should play.

Fixes: #10807

Signed-off-by: Daniel J Walsh [email protected]

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 29, 2021
@rhatdan
Copy link
Member Author

rhatdan commented Jun 29, 2021

@e-minguez Could you verify if this fixes your issue?

@rhatdan rhatdan force-pushed the network branch 2 times, most recently from 80564c7 to 778cee4 Compare June 29, 2021 19:15
mheon
mheon reviewed Jun 29, 2021
View reviewed changes
pkg/specgen/namespaces.go
var networkOptions map[string][]string
parts := strings.SplitN(network, ":", 2)

ns, cniNets, err := ParseNetworkNamespace(network, containerConfig.Containers.RootlessNetworking == "cni")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this compile? I don't think we have containerConfig as a variable in pkg/specgen?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I will check that.

./pod_validate.go: containerConfig = util.DefaultContainerConfig()

@rhatdan rhatdan force-pushed the network branch 2 times, most recently from 201f1f0 to 6502239 Compare June 30, 2021 12:22
@e-minguez
Copy link
Contributor

I've downloaded the podman static binary from the ci job (https://cirrus-ci.com/task/5777994007445504) and tested it successfully:

./podman play kube --network=slirp4netns:port_handler=slirp4netns /home/edu/containers/nextcloud/scripts/nextcloud.yaml
Pod:
0f301b2476a25efdbc1f87df38b07495c6f9a24462748b711a7b2b07356818d2
Containers:
8cc72d80f3a885e7631fde0c381da8b44263c4f0a0aa01e577e51c5e058dac1d
ff9b726e6fddad54c06a56badbc1ef5595333e2ba44b7e7fab263087d349890d
c910688cf1706289925cbc12b6a8db01de06d84c4660830e9bcb06495275cfab
19a846f9e4b1c57e084942c19387e56b60e538b30b5dfe66f593b0d8abdeeaea
34482c2741c3b27b5d861d1f34faf495d4e2d901ed9c896e0cff3d3afe4eed50

$ ./podman version
Version:      3.3.0-dev
API Version:  3.3.0-dev
Go Version:   go1.16.4
Git Commit:   6502239a4bc84aa4134a8d4fd6957ed93e52beb3-dirty
Built:        Tue Jan  1 01:00:00 1980
OS/Arch:      linux/amd64
$ ./podman info
host:
  arch: amd64
  buildahVersion: 1.22.0-dev
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.29-1.el8.3.5.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.29, commit: '
  cpus: 8
  distribution:
    distribution: '"centos"'
    version: "8"
  eventLogger: file
  hostname: endurance.minwi.lan
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 4.18.0-310.el8.x86_64
  linkmode: static
  memFree: 29198827520
  memTotal: 33393192960
  ociRuntime:
    name: crun
    package: crun-0.20.1-1.el8.3.2.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.20.1
      commit: 0d42f1109fd73548f44b01b3e84d04a279e99d2e
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.8-4.el8.7.34.x86_64
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.3.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 4290768896
  swapTotal: 4290768896
  uptime: 54h 58m 15.78s (Approximately 2.25 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
store:
  configFile: /home/edu/.config/containers/storage.conf
  containerStore:
    number: 11
    paused: 0
    running: 11
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.5.0-1.el8.5.12.x86_64
      Version: |-
        fusermount3 version: 3.2.1
        fuse-overlayfs: version 1.5
        FUSE library version 3.2.1
        using FUSE kernel interface version 7.26
  graphRoot: /home/edu/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 17
  runRoot: /run/user/1000
  volumePath: /home/edu/.local/share/containers/storage/volumes
version:
  APIVersion: 3.3.0-dev
  Built: 315532800
  BuiltTime: Tue Jan  1 01:00:00 1980
  GitCommit: 6502239a4bc84aa4134a8d4fd6957ed93e52beb3-dirty
  GoVersion: go1.16.4
  OsArch: linux/amd64
  Version: 3.3.0-dev

jwhonce
jwhonce reviewed Jun 30, 2021
View reviewed changes
pkg/domain/infra/abi/play.go Outdated
p.NetNS.NSMode = specgen.Bridge
p.CNINetworks = append(p.CNINetworks, networks...)
}
logrus.Debugf("Pod joining CNI networks: %v", cniNets)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This message should include Pod id if tunneled code comes via this code path.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added podName to output.

ashley-cui
ashley-cui reviewed Jun 30, 2021
View reviewed changes
Copy link
Member

@ashley-cui ashley-cui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 30, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan rhatdan added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged. labels Jun 30, 2021
@rhatdan
Handle advanced --network options in podman play kube
092902b 
Since Podman create/run can support this, so should play.

Fixes: containers#10807

Signed-off-by: Daniel J Walsh <[email protected]>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 30, 2021

New changes are detected. LGTM label has been removed.

@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2021
@rhatdan rhatdan added the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2021
@rhatdan
Copy link
Member Author

rhatdan commented Jun 30, 2021

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 30, 2021
@openshift-merge-robot openshift-merge-robot merged commit fd17155 into containers:main Jun 30, 2021
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ashley-cui ashley-cui ashley-cui left review comments

@mheon mheon mheon left review comments

@jwhonce jwhonce jwhonce left review comments

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

podman play kube --network flag
6 participants
@rhatdan @e-minguez @jwhonce @mheon @ashley-cui @openshift-merge-robot