From 1d84f0adb9513b2cb7fa66ab8d033ee30f3f5f32 Mon Sep 17 00:00:00 2001 From: karta0807913 Date: Wed, 30 Nov 2022 23:31:26 +0000 Subject: [PATCH 1/3] fix an overriding logic and load config problem Fix an overriding logic in Inhearit function. Alos, ToSpecGen function doesn't load the cgroup/image volume config from containers.conf. Signed-off-by: karta0807913 --- pkg/specgen/generate/container_create.go | 2 +- pkg/specgen/generate/kube/kube.go | 18 +++++++++++++++++- test/e2e/config/containers-cgroup.conf | 12 ++++++++++++ test/e2e/play_kube_test.go | 24 ++++++++++++++++++++++-- 4 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 test/e2e/config/containers-cgroup.conf diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index ea2fde1502..f1bcabf40f 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -615,7 +615,7 @@ func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtim } // this causes errors when shmSize is the default value, it will still get passed down unless we manually override. - if s.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) { + if inheritSpec.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) { s.ShmSize = nil } return options, infraSpec, compatibleOptions, nil diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 5186a2f722..8564cb01f3 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -16,6 +16,7 @@ import ( "github.com/containers/common/libimage" "github.com/containers/common/libnetwork/types" + "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/parse" "github.com/containers/common/pkg/secrets" cutil "github.com/containers/common/pkg/util" @@ -145,6 +146,21 @@ type CtrSpecGenOptions struct { func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGenerator, error) { s := specgen.NewSpecGenerator(opts.Container.Image, false) + rtc, err := config.Default() + if err != nil { + return nil, err + } + + if s.CgroupsMode == "" { + s.CgroupsMode = rtc.Cgroups() + } + if len(s.ImageVolumeMode) == 0 { + s.ImageVolumeMode = rtc.Engine.ImageVolumeMode + } + if s.ImageVolumeMode == "bind" { + s.ImageVolumeMode = "anonymous" + } + // pod name should be non-empty for Deployment objects to be able to create // multiple pods having containers with unique names if len(opts.PodName) < 1 { @@ -196,7 +212,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener s.InitContainerType = opts.InitContainerType setupSecurityContext(s, opts.Container.SecurityContext, opts.PodSecurityContext) - err := setupLivenessProbe(s, opts.Container, opts.RestartPolicy) + err = setupLivenessProbe(s, opts.Container, opts.RestartPolicy) if err != nil { return nil, fmt.Errorf("failed to configure livenessProbe: %w", err) } diff --git a/test/e2e/config/containers-cgroup.conf b/test/e2e/config/containers-cgroup.conf new file mode 100644 index 0000000000..220c1f850c --- /dev/null +++ b/test/e2e/config/containers-cgroup.conf @@ -0,0 +1,12 @@ +[containers] +netns="host" +userns="host" +ipcns="host" +utsns="host" +cgroupns="host" +cgroups="disabled" +log_driver = "k8s-file" +[engine] +cgroup_manager = "cgroupfs" +events_logger="file" +runtime="crun" diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index c85f4813c0..9f74ecc681 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -175,8 +175,19 @@ spec: volumes: - name: foo secret: - secretName: oldsecret -` + secretName: oldsecret` + +var simplePodYaml = ` +apiVersion: v1 +kind: Pod +metadata: + name: libpod-test +spec: + containers: + - image: quay.io/libpod/alpine_nginx:latest + command: + - sleep + - "3600"` var unknownKindYaml = ` apiVersion: v1 @@ -4376,4 +4387,13 @@ ENV OPENJ9_JAVA_OPTIONS=%q deleteAndTestSecret(podmanTest, "newsecret") }) + It("podman play kube with disabled cgroup", func() { + os.Setenv("CONTAINERS_CONF", "config/containers-cgroup.conf") + err := writeYaml(simplePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + }) }) From d19e1526d3c5185b3fd4e3a456d5903c476e5ba3 Mon Sep 17 00:00:00 2001 From: karta0807913 Date: Thu, 1 Dec 2022 02:33:39 +0000 Subject: [PATCH 2/3] add friendly comment Signed-off-by: karta0807913 --- test/e2e/config/containers-cgroup.conf | 12 ------------ test/e2e/play_kube_test.go | 14 ++++++++++++-- 2 files changed, 12 insertions(+), 14 deletions(-) delete mode 100644 test/e2e/config/containers-cgroup.conf diff --git a/test/e2e/config/containers-cgroup.conf b/test/e2e/config/containers-cgroup.conf deleted file mode 100644 index 220c1f850c..0000000000 --- a/test/e2e/config/containers-cgroup.conf +++ /dev/null @@ -1,12 +0,0 @@ -[containers] -netns="host" -userns="host" -ipcns="host" -utsns="host" -cgroupns="host" -cgroups="disabled" -log_driver = "k8s-file" -[engine] -cgroup_manager = "cgroupfs" -events_logger="file" -runtime="crun" diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 9f74ecc681..7aa3122a5c 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -4388,8 +4388,18 @@ ENV OPENJ9_JAVA_OPTIONS=%q }) It("podman play kube with disabled cgroup", func() { - os.Setenv("CONTAINERS_CONF", "config/containers-cgroup.conf") - err := writeYaml(simplePodYaml, kubeYaml) + conffile := filepath.Join(podmanTest.TempDir, "container.conf") + // Disabled ipcns and cgroupfs in the config file + // Since shmsize (Inherit from infra container) cannot be set if ipcns is "host", we should remove the default value. + // Also, cgroupfs config should be loaded into SpecGenerator when playing kube. + err := os.WriteFile(conffile, []byte(` +[containers] +ipcns="host" +cgroups="disabled"`), 0644) + Expect(err).ToNot(HaveOccurred()) + defer os.Unsetenv("CONTAINERS_CONF") + os.Setenv("CONTAINERS_CONF", conffile) + err = writeYaml(simplePodYaml, kubeYaml) Expect(err).To(BeNil()) kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) From 4134a372335d02eb7adb9a8b07a835fec36d077f Mon Sep 17 00:00:00 2001 From: karta0807913 Date: Tue, 6 Dec 2022 01:25:54 +0000 Subject: [PATCH 3/3] Fix test Signed-off-by: karta0807913 --- pkg/specgen/generate/container_create.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index f1bcabf40f..1cb3731859 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -614,6 +614,11 @@ func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtim return nil, nil, nil, err } + // podman pod container can override pod ipc NS + if !s.IpcNS.IsDefault() { + inheritSpec.IpcNS = s.IpcNS + } + // this causes errors when shmSize is the default value, it will still get passed down unless we manually override. if inheritSpec.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) { s.ShmSize = nil