Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add podman play kube --no-hosts options #11707

Merged
merged 1 commit into from
Oct 1, 2021

Conversation

rhatdan
Copy link
Member

@rhatdan rhatdan commented Sep 22, 2021

This option will setup the containers to not modify their /etc/hosts
file and just use the one from the image.

Fixes: #9500

Signed-off-by: Daniel J Walsh [email protected]

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 22, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 22, 2021
@rhatdan rhatdan force-pushed the play branch 2 times, most recently from 3ac7c05 to ec31b01 Compare September 22, 2021 22:41
@@ -78,6 +78,7 @@ func init() {
flags.StringVar(&kubeOptions.LogDriver, logDriverFlagName, "", "Logging driver for the container")
_ = kubeCmd.RegisterFlagCompletionFunc(logDriverFlagName, common.AutocompleteLogDriver)

flags.BoolVar(&kubeOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the containers, instead use the version from the image")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think...

Suggested change
flags.BoolVar(&kubeOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the containers, instead use the version from the image")
flags.BoolVar(&kubeOptions.NoHosts, "no-hosts", false, "Do not create /etc/hosts within the container, instead use the version from the image")

@@ -138,6 +138,10 @@ Valid _mode_ values are:
Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
- **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.

#### **--no-hosts**

Do not create /etc/hosts within the containers, instead use the version from the image
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you go singular above, go singular here too. Also add an ending period (.)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should go to all containers in Pod

@@ -1137,6 +1137,30 @@ var _ = Describe("Podman play kube", func() {
Expect(infraContainerImage).To(Equal(config.DefaultInfraImage))
})

It("podman play kube should use default infra_image", func() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this actually a test of the default infra image? It looks like it's testing no-hosts only

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No cut and paste, fixed.

@rhatdan rhatdan force-pushed the play branch 2 times, most recently from 795e72d to a3bb7b5 Compare September 23, 2021 18:19
@rhatdan
Copy link
Member Author

rhatdan commented Sep 24, 2021

@vrothberg @giuseppe @flouthoc @Luap99 PTAL
@containers/podman-maintainers @TomSweeneyRedHat PTAL

Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@flouthoc
Copy link
Collaborator

@rhatdan If i am correct this will prevent inheriting /etc/hosts from host machine but would also silently ignore hostAliases from pod spec or would spit error. So users will only have a single method to populate /etc/hosts i.e from baked images.

I am not sure but i think use-case should support populating /etc/hosts from hostAliases and --no-hosts should only ignore inheriting from hostmachine.

Just to clarify this i have also commented on the original issue itself.

Apart from this point LGTM

@mheon
Copy link
Member

mheon commented Sep 24, 2021

Ignoring hostAliases would be most correct, but we should print a warning message (or outright error) on the two being set simultaneously (ideally, libpod would be able to detect this, as hosts are being added and noHosts is being set - this may actually be the case already.

@mheon
Copy link
Member

mheon commented Sep 24, 2021

@rhatdan Can we get a test with hostAliases set and --no-hosts

@flouthoc
Copy link
Collaborator

ah if it is expected behavior then i can see error is generated when both are set.

LGTM

@@ -182,6 +182,9 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
}

podOpt := entities.PodCreateOptions{Infra: true, Net: &entities.NetOptions{StaticIP: &net.IP{}, StaticMAC: &net.HardwareAddr{}}}
podOpt.Net = &entities.NetOptions{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move this above into the line with eh already declared net options. If I recall correctly StaticIP and StaticMAC need to be initialized or a nil pointer deref can happen

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch.

@rhatdan
Copy link
Member Author

rhatdan commented Sep 24, 2021

@mheon I added thests.

@mheon
Copy link
Member

mheon commented Sep 24, 2021

LGTM

@rhatdan rhatdan added the lgtm Indicates that a PR is ready to be merged. label Sep 24, 2021
@rhatdan
Copy link
Member Author

rhatdan commented Sep 24, 2021

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 24, 2021
@TomSweeneyRedHat
Copy link
Member

Tests aren't hip @rhatdan

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 27, 2021

New changes are detected. LGTM label has been removed.

@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Sep 27, 2021
This option will setup the containers to not modify their /etc/hosts
file and just use the one from the image.

Fixes: containers#9500

Signed-off-by: Daniel J Walsh <[email protected]>
@rhatdan rhatdan removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 1, 2021
@rhatdan rhatdan added the lgtm Indicates that a PR is ready to be merged. label Oct 1, 2021
@openshift-merge-robot openshift-merge-robot merged commit 1b88b67 into containers:main Oct 1, 2021
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

No way to control /etc/hosts in podman play kube
7 participants