Skip to content

Commit

Permalink
Kube Play: use passthrough as the default log-driver if service-conta…
Browse files Browse the repository at this point in the history
…iner is set

Reasoning
---------
When the log-driver is passthrough, the journal socket is passed to the containers as-is which has two advantages:
1. journald can see who the actual sender of the log event is,
    rather than thinking everything comes from the conmon process
2. conmon will not have to copy all the log data

Code Changes
------------
If log-driver was not set by the user and service-container is set use
passthrough as the default log-driver

Update the system tests
- explicitly set logdriver in sdnotify and play tests
- podman-kube template test:  Verify the default log driver for service-container

Signed-off-by: Ygal Blum <[email protected]>
  • Loading branch information
ygalblum committed Jan 3, 2023
1 parent ecbb52c commit 68fbebf
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 4 deletions.
11 changes: 10 additions & 1 deletion cmd/podman/kube/play.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ var (
podman play kube --creds user:password --seccomp-profile-root /custom/path apache.yml
podman play kube https://example.com/nginx.yml`,
}
logDriverFlagName = "log-driver"
)

func init() {
Expand Down Expand Up @@ -116,7 +117,6 @@ func playFlags(cmd *cobra.Command) {
flags.IPSliceVar(&playOptions.StaticIPs, staticIPFlagName, nil, "Static IP addresses to assign to the pods")
_ = cmd.RegisterFlagCompletionFunc(staticIPFlagName, completion.AutocompleteNone)

logDriverFlagName := "log-driver"
flags.StringVar(&playOptions.LogDriver, logDriverFlagName, common.LogDriver(), "Logging driver for the container")
_ = cmd.RegisterFlagCompletionFunc(logDriverFlagName, common.AutocompleteLogDriver)

Expand Down Expand Up @@ -247,6 +247,15 @@ func play(cmd *cobra.Command, args []string) error {
return errors.New("--force may be specified only with --down")
}

// When running under Systemd use passthrough as the default log-driver.
// When doing so, the journal socket is passed to the containers as-is which has two advantages:
// 1. journald can see who the actual sender of the log event is,
// rather than thinking everything comes from the conmon process
// 2. conmon will not have to copy all the log data
if !cmd.Flags().Changed(logDriverFlagName) && playOptions.ServiceContainer {
playOptions.LogDriver = define.PassthroughLogging
}

reader, err := readerFromArg(args[0])
if err != nil {
return err
Expand Down
6 changes: 6 additions & 0 deletions test/system/250-systemd.bats
Original file line number Diff line number Diff line change
Expand Up @@ -414,6 +414,12 @@ EOF
run_podman 125 container rm $service_container
is "$output" "Error: container .* is the service container of pod(s) .* and cannot be removed without removing the pod(s)"

# Verify that the log-driver for the Pod's containers is passthrough
for name in "a" "b"; do
run_podman container inspect test_pod-${name} --format "{{.HostConfig.LogConfig.Type}}"
is $output "passthrough"
done

# Add a simple `auto-update --dry-run` test here to avoid too much redundancy
# with 255-auto-update.bats
run_podman auto-update --dry-run --format "{{.Unit}},{{.Container}},{{.Image}},{{.Updated}},{{.Policy}}"
Expand Down
4 changes: 2 additions & 2 deletions test/system/260-sdnotify.bats
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ EOF
wait_for_file $_SOCAT_LOG

# Will run until all containers have stopped.
run_podman play kube --service-container=true $yaml_source
run_podman play kube --service-container=true --log-driver journald $yaml_source
run_podman container wait $service_container test_pod-test

# Make sure the containers have the correct policy.
Expand Down Expand Up @@ -302,7 +302,7 @@ EOF
# Run `play kube` in the background as it will wait for all containers to
# send the READY=1 message.
timeout --foreground -v --kill=10 60 \
$PODMAN play kube --service-container=true $yaml_source &>/dev/null &
$PODMAN play kube --service-container=true --log-driver journald $yaml_source &>/dev/null &

# Wait for both containers to be running
for i in $(seq 1 20); do
Expand Down
2 changes: 1 addition & 1 deletion test/system/700-play.bats
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ EOF
# Run `play kube` in the background as it will wait for the service
# container to exit.
timeout --foreground -v --kill=10 60 \
$PODMAN play kube --service-container=true $yaml_source &>/dev/null &
$PODMAN play kube --service-container=true --log-driver journald $yaml_source &>/dev/null &

# Wait for the container to be running
container_a=test_pod-test
Expand Down

0 comments on commit 68fbebf

Please sign in to comment.