From 48a02aa1c02ddeffd16b3c19ccf9aa23c482e82a Mon Sep 17 00:00:00 2001
From: Urvashi Mohnani <umohnani@redhat.com>
Date: Thu, 1 Sep 2022 11:50:19 -0400
Subject: [PATCH] Fix bind-mount-option annotation in gen/play kube

The format used for setting the bind-mount-options annotations
in the kube yaml was incorrect and caused k8s to throw an error
when trying to play the generated kube yaml.
Fix the annotation format to match the rules of k8s.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
---
 libpod/define/config.go           | 2 +-
 libpod/kube.go                    | 4 ++--
 pkg/specgen/generate/kube/kube.go | 7 +++++--
 test/e2e/generate_kube_test.go    | 2 +-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/libpod/define/config.go b/libpod/define/config.go
index 0181bd31ce..a4597414a5 100644
--- a/libpod/define/config.go
+++ b/libpod/define/config.go
@@ -92,4 +92,4 @@ const (
 const RLimitDefaultValue = uint64(1048576)
 
 // BindMountPrefix distinguishes its annotations from others
-const BindMountPrefix = "bind-mount-options:"
+const BindMountPrefix = "bind-mount-options"
diff --git a/libpod/kube.go b/libpod/kube.go
index a0fb529732..98d1106b75 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -385,7 +385,7 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
 				return nil, err
 			}
 			for k, v := range annotations {
-				podAnnotations[define.BindMountPrefix+k] = TruncateKubeAnnotation(v)
+				podAnnotations[define.BindMountPrefix] = TruncateKubeAnnotation(k + ":" + v)
 			}
 			// Since port bindings for the pod are handled by the
 			// infra container, wipe them here only if we are sharing the net namespace
@@ -526,7 +526,7 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 			return nil, err
 		}
 		for k, v := range annotations {
-			kubeAnnotations[define.BindMountPrefix+k] = TruncateKubeAnnotation(v)
+			kubeAnnotations[define.BindMountPrefix] = TruncateKubeAnnotation(k + ":" + v)
 		}
 		if isInit {
 			kubeInitCtrs = append(kubeInitCtrs, kubeCtr)
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 454a1e1d09..d055ec9990 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -357,8 +357,11 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 			// a selinux mount option exists for it
 			for k, v := range opts.Annotations {
 				// Make sure the z/Z option is not already there (from editing the YAML)
-				if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !cutil.StringInSlice("z", options) && !cutil.StringInSlice("Z", options) {
-					options = append(options, v)
+				if k == define.BindMountPrefix {
+					lastIndex := strings.LastIndex(v, ":")
+					if v[:lastIndex] == volumeSource.Source && !cutil.StringInSlice("z", options) && !cutil.StringInSlice("Z", options) {
+						options = append(options, v[lastIndex+1:])
+					}
 				}
 			}
 			mount := spec.Mount{
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 845aa60cee..77734dfed7 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -708,7 +708,7 @@ var _ = Describe("Podman generate kube", func() {
 		pod := new(v1.Pod)
 		err = yaml.Unmarshal(b, pod)
 		Expect(err).To(BeNil())
-		Expect(pod.Annotations).To(HaveKeyWithValue(define.BindMountPrefix+vol1, HaveSuffix("z")))
+		Expect(pod.Annotations).To(HaveKeyWithValue(define.BindMountPrefix, vol1+":"+"z"))
 
 		rm := podmanTest.Podman([]string{"pod", "rm", "-t", "0", "-f", "test1"})
 		rm.WaitWithDefaultTimeout()