Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

imagePullPolicy should be set to Always when both imagePullPolicy and tag are missing #21211

Closed
eriksjolund opened this issue Jan 9, 2024 · 3 comments · Fixed by #21493
Closed
Labels
kind/bug Categorizes issue or PR as related to a bug. kube locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue

Comments

@eriksjolund
Copy link
Contributor

eriksjolund commented Jan 9, 2024

Issue Description

The behaviour of podman kube play file.yaml does not match the Kubernetes docs:

  • if you omit the imagePullPolicy field, and you don't specify the tag for the
    container image, imagePullPolicy is automatically set to Always;

Reference:
https://github.com/kubernetes/website/blob/589540642638c035d824162ef9f57ba4234cb1e6/content/en/docs/concepts/containers/images.md?plain=1#L120-L121

Steps to reproduce the issue

On a Fedora CoreOS 40.20231209.91.0 machine with Podman 4.8.1 do these steps

  1. Create the file /tmp/reproduce.bash with the contents
    #!/bin/bash
    
    set -o nounset
    set -o errexit
    
    ending=$1
    
    cat << EOF > alp.yaml
    
    apiVersion: v1
    kind: Pod
    metadata:
      name: test
      namespace: default
    spec:
      containers:
      - name: test
        image: docker.io/library/alpine
        command:
        - /bin/true
      restartPolicy: Never
    EOF
    
    sed -i "s/alpine/alpine${ending}/" alp.yaml
    
    podman pull -q docker.io/library/alpine:latest
    podman kube play --log-level=debug alp.yaml > log.txt 2>&1
    grep "GET https://" log.txt
    
  2. Create the file /tmp/test.bash with the contents
    #!/bin/bash
    
    set -o errexit
    set -o nounset
    
    user=$1
    append=$2
    
    sudo useradd $user
    sudo systemd-run \
      --collect \
      --machine=${user}@ \
      --pipe \
      --quiet \
      --user \
      --wait \
      bash /tmp/reproduce.bash "$append"
    
  3. bash /tmp/test.bash test1 ""
  4. bash /tmp/test.bash test2 ":latest"

Describe the results you received

Step 3 prints the output

1dc785547989b0db1c3cd9949c57574393e69bea98bfe044b0588e24721aa402

Step 4 prints the output

1dc785547989b0db1c3cd9949c57574393e69bea98bfe044b0588e24721aa402
time="2024-01-09T19:37:31+01:00" level=debug msg="GET https://registry-1.docker.io/v2/"
time="2024-01-09T19:37:32+01:00" level=debug msg="GET https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.io"
time="2024-01-09T19:37:32+01:00" level=debug msg="GET https://registry-1.docker.io/v2/library/alpine/manifests/latest"
time="2024-01-09T19:37:33+01:00" level=debug msg="GET https://registry-1.docker.io/v2/library/alpine/manifests/sha256:a70bcfbd89c9620d4085f6bc2a3e2eef32e8f3cdf5a90e35a1f95dcbd7f71548"

Describe the results you expected

I would have expected step 3 and step 4 to show similar output (something like what step 4 produces).

podman info output

host:
  arch: arm64
  buildahVersion: 1.33.2
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.8-2.fc40.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.8, commit: '
  cpuUtilization:
    idlePercent: 99.65
    systemPercent: 0.14
    userPercent: 0.21
  cpus: 1
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "40"
  eventLogger: journald
  freeLocks: 2045
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1015
      size: 1
    - container_id: 1
      host_id: 3393216
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1015
      size: 1
    - container_id: 1
      host_id: 3393216
      size: 65536
  kernel: 6.7.0-0.rc4.20231208git5e3f5b81de80.38.fc40.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 184836096
  memTotal: 2045280256
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.9.0-1.fc40.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.9.0
    package: netavark-1.9.0-1.fc40.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.9.0
  ociRuntime:
    name: crun
    package: crun-1.12-1.fc40.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.12
      commit: ce429cb2e277d001c2179df1ac66a470f00802ae
      rundir: /run/user/1015/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20231204.gb86afe3-1.fc40.aarch64
    version: |
      pasta 0^20231204.gb86afe3-1.fc40.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1015/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc40.aarch64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 178h 58m 46.00s (Approximately 7.42 days)
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /var/home/test13/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/test13/.local/share/containers/storage
  graphRootAllocated: 10132369408
  graphRootUsed: 7994347520
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/user/1015/containers
  transientStore: false
  volumePath: /var/home/test13/.local/share/containers/storage/volumes
version:
  APIVersion: 4.8.1
  Built: 1701777641
  BuiltTime: Tue Dec  5 13:00:41 2023
  GitCommit: ""
  GoVersion: go1.21.4
  Os: linux
  OsArch: linux/arm64
  Version: 4.8.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

(I also tried Podman 4.8.3)

Additional environment details

No response

Additional information

No response

@eriksjolund eriksjolund added the kind/bug Categorizes issue or PR as related to a bug. label Jan 9, 2024
@Luap99 Luap99 added the kube label Jan 10, 2024
@rhatdan
Copy link
Member

rhatdan commented Jan 15, 2024

Interested in opening a PR to fix?

@eriksjolund
Copy link
Contributor Author

No, not this one.

Copy link

A friendly reminder that this issue had no activity for 30 days.

@stale-locking-app stale-locking-app bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Jun 26, 2024
@stale-locking-app stale-locking-app bot locked as resolved and limited conversation to collaborators Jun 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. kube locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants