Set NetNS mode instead of value #8792
Conversation
|
LGTM, good catch |
openshift-ci-robot
added
the
approved
|
need add a test for it |
Will look into testing, but go and this project is all new to me so I wont promise anything. |
| @@ -226,7 +226,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY | |||
| return nil, err | |||
| } | |||
|
|
|||
| specGen, err := kube.ToSpecGen(ctx, container, container.Image, newImage, volumes, pod.ID(), podName, podInfraID, configMaps, seccompPaths, ctrRestartPolicy) | |||
| specGen, err := kube.ToSpecGen(ctx, container, container.Image, newImage, volumes, pod.ID(), podName, podInfraID, configMaps, seccompPaths, ctrRestartPolicy, p.NetNS.IsHost()) | |||
There was a problem hiding this comment.
I think it is time that this function take a struct, instead of constantly adding params. Not for this PR, But this function is too big.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bziemons, mheon, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
bziemons
force-pushed
the
patch-host-network-spec-8790
branch
from
bbcd48b to
63de07e
Compare
|
/lgtm |
openshift-ci-robot
added
the
do-not-merge/hold
|
This PR is failing tests. |
|
True, the test needs to be skipped when running rootless. Will push a fix tomorrow. |
|
On second thought that is not true. PS: For reference, this is the kube.yaml I used for testing: # Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-2.2.1
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-12-22T00:08:39Z"
labels:
app: distractedjemison
name: distracted_jemison
spec:
restartPolicy: Never
hostNetwork: true
containers:
- command:
- ip
- a
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: container
value: podman
- name: HOSTNAME
value: xeto
image: quay.io/libpod/alpine
name: distractedjemison
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- CAP_MKNOD
- CAP_NET_RAW
- CAP_AUDIT_WRITE
privileged: false
readOnlyRootFilesystem: false
seLinuxOptions: {}
workingDir: /
status: {}
---
metadata:
creationTimestamp: null
spec: {}
status:
loadBalancer: {} |
|
need rebase the commits to one commit |
bziemons
force-pushed
the
patch-host-network-spec-8790
branch
from
63de07e to
ed59e83
Compare
|
need rebase all the commits to one commit😁 |
|
you mean squash them together? Doesn't make sense to me, but fine. |
|
They are related, so they need to be in the same commit |
bziemons
force-pushed
the
patch-host-network-spec-8790
branch
2 times, most recently
from
8e05ab8 to
70c3552
Compare
|
So I have found the problem.. It seems to be a limitation on runc, since I cannot run It results in the same error (but also results in an error when run as root). This works fine on crun though, which was the default for me on Fedora 32. I will therefor exclude everything except crun for the |
when HostNetwork is true in the pod spec. Also propagate whether host network namespace should be used for containers. Add test for HostNetwork setting in kubeYaml. The infra configuration should reflect the setting. Signed-off-by: Benedikt Ziemons <[email protected]>
bziemons
force-pushed
the
patch-host-network-spec-8790
branch
from
70c3552 to
14439b9
Compare
|
/lgtm |
rhatdan
removed
the
do-not-merge/hold
|
/hold cancel |
Create kube.CtrSpecGenOptions and document parameters. Follow-up on containers#8792 (comment) Signed-off-by: Benedikt Ziemons <[email protected]>
github-actions
bot
added
the
locked - please file new issue/PR
Set NetNS mode instead of value when HostNetwork is true in the pod spec.
Also propagate whether host network namespace should be used for containers.
Closes #8790