Add --context-dir option to podman play kube

This option was requested so that users could specify alternate locations to find context directories for each image build. It requites the --build option to be set. Partion Fix: containers#12485 Signed-off-by: Daniel J Walsh <[email protected]>
tricktron · Mar 14, 2022 · a67c169 · a67c169
1 parent 41e2a7b
commit a67c169
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 7 deletions.
diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
@@ -119,9 +119,11 @@ func init() {
 
 		buildFlagName := "build"
 		flags.BoolVar(&kubeOptions.BuildCLI, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)")
-	}
 
-	if !registry.IsRemote() {
+		contextDirFlagName := "context-dir"
+		flags.StringVar(&kubeOptions.ContextDir, contextDirFlagName, "", "Path to top level of context directory")
+		_ = kubeCmd.RegisterFlagCompletionFunc(contextDirFlagName, completion.AutocompleteDefault)
+
 		flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 
 		_ = flags.MarkHidden("signature-policy")
@@ -147,6 +149,9 @@ func kube(cmd *cobra.Command, args []string) error {
 			return err
 		}
 	}
+	if kubeOptions.ContextDir != "" && kubeOptions.Build != types.OptionalBoolTrue {
+		return errors.New("--build must be specified when using --context-dir option")
+	}
 	if kubeOptions.CredentialsCLI != "" {
 		creds, err := util.ParseRegistryCreds(kubeOptions.CredentialsCLI)
 		if err != nil {

diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
@@ -115,7 +115,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
 
 #### **--build**
 
-Build images even if they are found in the local storage. Use `--build=false` to completely disable builds.
+Build images even if they are found in the local storage. Use `--build=false` to completely disable builds. (This option is not available with the remote Podman client)
 
 #### **--cert-dir**=*path*
 
@@ -124,10 +124,14 @@ Please refer to containers-certs.d(5) for details. (This option is not available
 
 #### **--configmap**=*path*
 
-Use Kubernetes configmap YAML at path to provide a source for environment variable values within the containers of the pod.
+Use Kubernetes configmap YAML at path to provide a source for environment variable values within the containers of the pod.  (This option is not available with the remote Podman client)
 
 Note: The *--configmap* option can be used multiple times or a comma-separated list of paths can be used to pass multiple Kubernetes configmap YAMLs.
 
+#### **--context-dir**=*path*
+
+Use *path* as the build context directory for each image. Requires --build option be true. (This option is not available with the remote Podman client)
+
 #### **--creds**
 
 The [username[:password]] to use to authenticate with the registry if required.

diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
@@ -14,6 +14,8 @@ type PlayKubeOptions struct {
 	Build types.OptionalBool
 	// CertDir - to a directory containing TLS certifications and keys.
 	CertDir string
+	// ContextDir - directory containing image contexts used for Build
+	ContextDir string
 	// Down indicates whether to bring contents of a yaml file "down"
 	// as in stop
 	Down bool

diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
@@ -354,9 +354,15 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 
 	containers := make([]*libpod.Container, 0, len(podYAML.Spec.Containers))
 	initContainers := make([]*libpod.Container, 0, len(podYAML.Spec.InitContainers))
-	cwd, err := os.Getwd()
-	if err != nil {
-		return nil, err
+
+	var cwd string
+	if options.ContextDir != "" {
+		cwd = options.ContextDir
+	} else {
+		cwd, err = os.Getwd()
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	ctrNames := make(map[string]string)

diff --git a/test/system/700-play.bats b/test/system/700-play.bats
@@ -168,3 +168,55 @@ _EOF
     run_podman pod rm -t 0 -f test_pod
     run_podman rmi -f userimage:latest
 }
+
+@test "podman play --build --context-dir" {
+   skip_if_remote "--build is not supported in context remote"
+   testUserYaml="
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: test
+  name: test_pod
+spec:
+  containers:
+  - command:
+    - id
+    env:
+    - name: PATH
+      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    - name: TERM
+      value: xterm
+    - name: container
+      value: podman
+    image: quay.io/libpod/userimage
+    name: test
+    resources: {}
+status: {}
+"
+
+mkdir -p $PODMAN_TMPDIR/userimage
+cat > $PODMAN_TMPDIR/userimage/Containerfile << _EOF
+from $IMAGE
+USER bin
+_EOF
+
+    echo "$testUserYaml" > $PODMAN_TMPDIR/test.yaml
+    run_podman 125 play kube --build --start=false $PODMAN_TMPDIR/test.yaml
+    run_podman play kube --replace --context-dir=$PODMAN_TMPDIR --build --start=false $PODMAN_TMPDIR/test.yaml
+    run_podman inspect --format "{{ .Config.User }}" test_pod-test
+    is "$output" bin "expect container within pod to run as the bin user"
+
+    run_podman stop -a -t 0
+    run_podman pod rm -t 0 -f test_pod
+    run_podman rmi -f userimage:latest
+
+    cd $PODMAN_TMPDIR
+    run_podman play kube --replace --build --start=false $PODMAN_TMPDIR/test.yaml
+    run_podman inspect --format "{{ .Config.User }}" test_pod-test
+    is "$output" bin "expect container within pod to run as the bin user"
+
+    run_podman stop -a -t 0
+    run_podman pod rm -t 0 -f test_pod
+    run_podman rmi -f userimage:latest
+}