play/generate: support shareProcessNamespace

this is an option that allows a user to specify whether to share PID namespace in the pod for play kube and generate kube associated test added Signed-off-by: Peter Hunt <[email protected]>
vrothberg · Sep 10, 2020 · b80b95e · b80b95e
1 parent 96bc5eb
commit b80b95e
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 1 deletion.
diff --git a/libpod/kube.go b/libpod/kube.go
@@ -69,12 +69,20 @@ func (p *Pod) GenerateForKube() (*v1.Pod, []v1.ServicePort, error) {
 			return nil, servicePorts, err
 		}
 		servicePorts = containerPortsToServicePorts(ports)
+
 	}
 	pod, err := p.podWithContainers(allContainers, ports)
 	if err != nil {
 		return nil, servicePorts, err
 	}
 	pod.Spec.HostAliases = extraHost
+
+	if p.SharesPID() {
+		// unfortunately, go doesn't have a nice way to specify a pointer to a bool
+		b := true
+		pod.Spec.ShareProcessNamespace = &b
+	}
+
 	return pod, servicePorts, nil
 }
 

diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
@@ -132,7 +132,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		libpod.WithInfraContainer(),
 		libpod.WithPodName(podName),
 	}
-	// TODO for now we just used the default kernel namespaces; we need to add/subtract this from yaml
+	// TODO we only configure Process namespace. We also need to account for Host{IPC,Network,PID}
+	// which is not currently possible with pod create
+	if podYAML.Spec.ShareProcessNamespace != nil && *podYAML.Spec.ShareProcessNamespace {
+		podOptions = append(podOptions, libpod.WithPodPID())
+	}
 
 	hostname := podYAML.Spec.Hostname
 	if hostname == "" {

diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
@@ -348,4 +348,33 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(inspect.ExitCode()).To(Equal(0))
 		Expect(inspect.OutputToString()).To(ContainSubstring(vol1))
 	})
+
+	It("podman generate kube sharing pid namespace", func() {
+		podName := "test"
+		podSession := podmanTest.Podman([]string{"pod", "create", "--name", podName, "--share", "pid"})
+		podSession.WaitWithDefaultTimeout()
+		Expect(podSession.ExitCode()).To(Equal(0))
+
+		session := podmanTest.Podman([]string{"create", "--pod", podName, "--name", "test1", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		outputFile := filepath.Join(podmanTest.RunRoot, "pod.yaml")
+		kube := podmanTest.Podman([]string{"generate", "kube", podName, "-f", outputFile})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		rm := podmanTest.Podman([]string{"pod", "rm", "-f", podName})
+		rm.WaitWithDefaultTimeout()
+		Expect(rm.ExitCode()).To(Equal(0))
+
+		play := podmanTest.Podman([]string{"play", "kube", outputFile})
+		play.WaitWithDefaultTimeout()
+		Expect(play.ExitCode()).To(Equal(0))
+
+		inspect := podmanTest.Podman([]string{"pod", "inspect", podName})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+		Expect(inspect.OutputToString()).To(ContainSubstring(`"pid"`))
+	})
 })