diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index ea2fde1502..1cb3731859 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -614,8 +614,13 @@ func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtim return nil, nil, nil, err } + // podman pod container can override pod ipc NS + if !s.IpcNS.IsDefault() { + inheritSpec.IpcNS = s.IpcNS + } + // this causes errors when shmSize is the default value, it will still get passed down unless we manually override. - if s.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) { + if inheritSpec.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) { s.ShmSize = nil } return options, infraSpec, compatibleOptions, nil diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 5186a2f722..8564cb01f3 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -16,6 +16,7 @@ import ( "github.com/containers/common/libimage" "github.com/containers/common/libnetwork/types" + "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/parse" "github.com/containers/common/pkg/secrets" cutil "github.com/containers/common/pkg/util" @@ -145,6 +146,21 @@ type CtrSpecGenOptions struct { func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGenerator, error) { s := specgen.NewSpecGenerator(opts.Container.Image, false) + rtc, err := config.Default() + if err != nil { + return nil, err + } + + if s.CgroupsMode == "" { + s.CgroupsMode = rtc.Cgroups() + } + if len(s.ImageVolumeMode) == 0 { + s.ImageVolumeMode = rtc.Engine.ImageVolumeMode + } + if s.ImageVolumeMode == "bind" { + s.ImageVolumeMode = "anonymous" + } + // pod name should be non-empty for Deployment objects to be able to create // multiple pods having containers with unique names if len(opts.PodName) < 1 { @@ -196,7 +212,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener s.InitContainerType = opts.InitContainerType setupSecurityContext(s, opts.Container.SecurityContext, opts.PodSecurityContext) - err := setupLivenessProbe(s, opts.Container, opts.RestartPolicy) + err = setupLivenessProbe(s, opts.Container, opts.RestartPolicy) if err != nil { return nil, fmt.Errorf("failed to configure livenessProbe: %w", err) } diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index c85f4813c0..7aa3122a5c 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -175,8 +175,19 @@ spec: volumes: - name: foo secret: - secretName: oldsecret -` + secretName: oldsecret` + +var simplePodYaml = ` +apiVersion: v1 +kind: Pod +metadata: + name: libpod-test +spec: + containers: + - image: quay.io/libpod/alpine_nginx:latest + command: + - sleep + - "3600"` var unknownKindYaml = ` apiVersion: v1 @@ -4376,4 +4387,23 @@ ENV OPENJ9_JAVA_OPTIONS=%q deleteAndTestSecret(podmanTest, "newsecret") }) + It("podman play kube with disabled cgroup", func() { + conffile := filepath.Join(podmanTest.TempDir, "container.conf") + // Disabled ipcns and cgroupfs in the config file + // Since shmsize (Inherit from infra container) cannot be set if ipcns is "host", we should remove the default value. + // Also, cgroupfs config should be loaded into SpecGenerator when playing kube. + err := os.WriteFile(conffile, []byte(` +[containers] +ipcns="host" +cgroups="disabled"`), 0644) + Expect(err).ToNot(HaveOccurred()) + defer os.Unsetenv("CONTAINERS_CONF") + os.Setenv("CONTAINERS_CONF", conffile) + err = writeYaml(simplePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + }) })