Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

userns=keep-id as an annotation in play kube #20658

Closed
IceWreck opened this issue Nov 10, 2023 · 10 comments · Fixed by #20885
Closed

userns=keep-id as an annotation in play kube #20658

IceWreck opened this issue Nov 10, 2023 · 10 comments · Fixed by #20885
Assignees
Labels
kind/feature Categorizes issue or PR as related to a new feature. kube locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@IceWreck
Copy link
Contributor

IceWreck commented Nov 10, 2023

Feature request description

I can't find a way to specify userns with yaml itself. If I have to specify it as a cli flag, it defeats the point of having a file for your config.

Suggest potential solution

Maybe use annotations to specify userns.

Have you considered any alternatives?

Giving up on using kube yaml with podman and just resorting to building a yaml to quadlet generator.

Additional context

No response

@IceWreck IceWreck added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 10, 2023
@rhatdan
Copy link
Member

rhatdan commented Nov 11, 2023

@giuseppe @ygalblum @umohnani8 WDYT?

@ygalblum
Copy link
Contributor

I'm not against this specific feature request. But, I think it needs to be discussed in a broader perspective.

My understanding is that kube play is meant to allow podman to consume YAML files that were meant to be used on K8S. Therefore, arguments meant only for podman are passed via the command line and not in the YAML file (though AFAIK there are some exceptions). So, the broader question is should podman support every command line argument also as an annotation?

Again I'm not against it altogether, but I think we need a consistent decision.

@IceWreck As for alternatives, you states that your alternative is to generate a .container Quadlet file from the YAML. If the target is to use Quadlet, then you can use a .kube file and set the UserNS key:

[Kube]
Yaml=/path/to/yaml
UserNS=keep-id

Does this solve your requirement?

@IceWreck
Copy link
Contributor Author

IceWreck commented Nov 12, 2023

My understanding is that kube play is meant to allow podman to consume YAML files that were meant to be used on K8s.

Is anyone really sharing the exact yaml files between k8s and podman ? Nobody will blind mount volumes or use hostPort in prod k8s. I thought podman used the same format because thats the standard for containers and makes it easy to transition. And if podman intends to support a format, then podman should support all of it's own features in that format.

So, the broader question is should podman support every command line argument also as an annotation.

Eventually, I think yeah it should, thats the only way you can use k8s yaml as an alternative for compose. (I know podman supports compose via 3rd party programs, but you cant use that with systemd).

If the target is to use Quadlet, then you can use a .kube file and set the UserNS key

Yeah I saw that and thats what I'm gonna use for now, but ideally you want all your config defined in one place. Why is one arbitrary feature defined in a different file from the rest ?

Podman doesn't support compose with systemd - thats file. But you cannot use quadlet for one off things or debugging, K8s yaml is supported by both systemd/quadlet and the cli so its perfect for debugging and prod - but it does not support all the functionality offered by podman. You see where I'm going with this ?

@rhatdan
Copy link
Member

rhatdan commented Nov 12, 2023

I think you are putting us in a slippery slope of requirements. There are always going to be features of Podman that are not supported in k8s and some will be difficult to translate, and used by almost no one, so a huge support burden. I don't mind a request for an attribute here or there, but I don't think we can guarantee all features of containers/pods available within Podman to be defined as attributes in k8s.

@IceWreck
Copy link
Contributor Author

IceWreck commented Nov 12, 2023

Huh, sorry I wasn't aware there were too many others not supported by kube yaml. I thought userns and afew others were outliers.

Okay then, just consider the userns annotation feature request and implement it if you think its appropriate.

@IceWreck
Copy link
Contributor Author

IceWreck commented Nov 12, 2023

And if you think its not too hard for a newbie to the podman codebase, I could take a stab at it if you could point me to the place where it needs to go.

@rhatdan
Copy link
Member

rhatdan commented Nov 12, 2023

Go for it, I think if you look at the existing annotation handling, it should not be so bad.

@rhatdan
Copy link
Member

rhatdan commented Nov 12, 2023

One interesting thing would be to make sure if the user specifies the --userns that it overrides the k8s.yaml file.

@hluengas
Copy link

@IceWreck I also want this feature, hopefully one of us can figure it out!

@IceWreck
Copy link
Contributor Author

Hey @hluengas I'm busy this weekend, but will definitely do it next weekend.

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Mar 5, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/feature Categorizes issue or PR as related to a new feature. kube locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants