Skip to content

Commit

Permalink
Merge pull request #20885 from IceWreck/userns-kube
Browse files Browse the repository at this point in the history
Add support for the userns annotation in kube play
  • Loading branch information
openshift-merge-bot[bot] authored Dec 5, 2023
2 parents a37ed2b + 0451923 commit 100089f
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 1 deletion.
2 changes: 2 additions & 0 deletions docs/source/markdown/podman-kube-play.1.md.in
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ Note: When playing a kube YAML with init containers, the init container is creat

Note: *hostPath* volume types created by kube play is given an SELinux shared label (z), bind mounts are not relabeled (use `chcon -t container_file_t -R <directory>`).

Note: To set userns of a pod, use the **io.podman.annotations.userns** annotation in the pod/deployment definition. This can be overridden with the `--userns` flag.

Note: If the `:latest` tag is used, Podman attempts to pull the image from a registry. If the image was built locally with Podman or Buildah, it has `localhost` as the domain, in that case, Podman uses the image from the local store even if it has the `:latest` tag.

Note: The command `podman play kube` is an alias of `podman kube play`, and performs the same function.
Expand Down
4 changes: 4 additions & 0 deletions libpod/define/annotations.go
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,10 @@ const (
// pod creation
InfraNameAnnotation = "io.podman.annotations.infra.name"

// UserNsAnnotation is used by play kube when playing a kube yaml to specify userns
// of the container
UserNsAnnotation = "io.podman.annotations.userns"

// UlimitAnnotation is used by kube play when playing a kube yaml to specify the ulimits
// of the container
UlimitAnnotation = "io.podman.annotations.ulimit"
Expand Down
6 changes: 5 additions & 1 deletion pkg/domain/infra/abi/play.go
Original file line number Diff line number Diff line change
Expand Up @@ -509,7 +509,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
}

if options.Userns == "" {
options.Userns = "host"
if v, ok := annotations[define.UserNsAnnotation]; ok {
options.Userns = v
} else {
options.Userns = "host"
}
if podYAML.Spec.HostUsers != nil && !*podYAML.Spec.HostUsers {
options.Userns = "auto"
}
Expand Down

0 comments on commit 100089f

Please sign in to comment.