Closed eriksjolund closed 6 months ago
The behaviour of podman kube play file.yaml does not match the Kubernetes docs:
podman kube play file.yaml
imagePullPolicy
Always
Reference: https://github.com/kubernetes/website/blob/589540642638c035d824162ef9f57ba4234cb1e6/content/en/docs/concepts/containers/images.md?plain=1#L120-L121
On a Fedora CoreOS 40.20231209.91.0 machine with Podman 4.8.1 do these steps
Create the file /tmp/reproduce.bash with the contents
#!/bin/bash set -o nounset set -o errexit ending=$1 cat << EOF > alp.yaml apiVersion: v1 kind: Pod metadata: name: test namespace: default spec: containers: - name: test image: docker.io/library/alpine command: - /bin/true restartPolicy: Never EOF sed -i "s/alpine/alpine${ending}/" alp.yaml podman pull -q docker.io/library/alpine:latest podman kube play --log-level=debug alp.yaml > log.txt 2>&1 grep "GET https://" log.txt
Create the file /tmp/test.bash with the contents
#!/bin/bash set -o errexit set -o nounset user=$1 append=$2 sudo useradd $user sudo systemd-run \ --collect \ --machine=${user}@ \ --pipe \ --quiet \ --user \ --wait \ bash /tmp/reproduce.bash "$append"
bash /tmp/test.bash test1 ""
bash /tmp/test.bash test2 ":latest"
Step 3 prints the output
1dc785547989b0db1c3cd9949c57574393e69bea98bfe044b0588e24721aa402
Step 4 prints the output
1dc785547989b0db1c3cd9949c57574393e69bea98bfe044b0588e24721aa402 time="2024-01-09T19:37:31+01:00" level=debug msg="GET https://registry-1.docker.io/v2/" time="2024-01-09T19:37:32+01:00" level=debug msg="GET https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.io" time="2024-01-09T19:37:32+01:00" level=debug msg="GET https://registry-1.docker.io/v2/library/alpine/manifests/latest" time="2024-01-09T19:37:33+01:00" level=debug msg="GET https://registry-1.docker.io/v2/library/alpine/manifests/sha256:a70bcfbd89c9620d4085f6bc2a3e2eef32e8f3cdf5a90e35a1f95dcbd7f71548"
I would have expected step 3 and step 4 to show similar output (something like what step 4 produces).
host: arch: arm64 buildahVersion: 1.33.2 cgroupControllers: - cpu - memory - pids cgroupManager: systemd cgroupVersion: v2 conmon: package: conmon-2.1.8-2.fc40.aarch64 path: /usr/bin/conmon version: 'conmon version 2.1.8, commit: ' cpuUtilization: idlePercent: 99.65 systemPercent: 0.14 userPercent: 0.21 cpus: 1 databaseBackend: sqlite distribution: distribution: fedora variant: coreos version: "40" eventLogger: journald freeLocks: 2045 hostname: localhost.localdomain idMappings: gidmap: - container_id: 0 host_id: 1015 size: 1 - container_id: 1 host_id: 3393216 size: 65536 uidmap: - container_id: 0 host_id: 1015 size: 1 - container_id: 1 host_id: 3393216 size: 65536 kernel: 6.7.0-0.rc4.20231208git5e3f5b81de80.38.fc40.aarch64 linkmode: dynamic logDriver: journald memFree: 184836096 memTotal: 2045280256 networkBackend: netavark networkBackendInfo: backend: netavark dns: package: aardvark-dns-1.9.0-1.fc40.aarch64 path: /usr/libexec/podman/aardvark-dns version: aardvark-dns 1.9.0 package: netavark-1.9.0-1.fc40.aarch64 path: /usr/libexec/podman/netavark version: netavark 1.9.0 ociRuntime: name: crun package: crun-1.12-1.fc40.aarch64 path: /usr/bin/crun version: |- crun version 1.12 commit: ce429cb2e277d001c2179df1ac66a470f00802ae rundir: /run/user/1015/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL os: linux pasta: executable: /usr/bin/pasta package: passt-0^20231204.gb86afe3-1.fc40.aarch64 version: | pasta 0^20231204.gb86afe3-1.fc40.aarch64-pasta Copyright Red Hat GNU General Public License, version 2 or later <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. remoteSocket: exists: false path: /run/user/1015/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns-1.2.2-1.fc40.aarch64 version: |- slirp4netns version 1.2.2 commit: 0ee2d87523e906518d34a6b423271e4826f71faf libslirp: 4.7.0 SLIRP_CONFIG_VERSION_MAX: 4 libseccomp: 2.5.3 swapFree: 0 swapTotal: 0 uptime: 178h 58m 46.00s (Approximately 7.42 days) variant: v8 plugins: authorization: null log: - k8s-file - none - passthrough - journald network: - bridge - macvlan - ipvlan volume: - local registries: search: - registry.fedoraproject.org - registry.access.redhat.com - docker.io - quay.io store: configFile: /var/home/test13/.config/containers/storage.conf containerStore: number: 2 paused: 0 running: 0 stopped: 2 graphDriverName: overlay graphOptions: {} graphRoot: /var/home/test13/.local/share/containers/storage graphRootAllocated: 10132369408 graphRootUsed: 7994347520 graphStatus: Backing Filesystem: xfs Native Overlay Diff: "true" Supports d_type: "true" Supports shifting: "false" Supports volatile: "true" Using metacopy: "false" imageCopyTmpDir: /var/tmp imageStore: number: 2 runRoot: /run/user/1015/containers transientStore: false volumePath: /var/home/test13/.local/share/containers/storage/volumes version: APIVersion: 4.8.1 Built: 1701777641 BuiltTime: Tue Dec 5 13:00:41 2023 GitCommit: "" GoVersion: go1.21.4 Os: linux OsArch: linux/arm64 Version: 4.8.1
No
Rootless
Yes
(I also tried Podman 4.8.3)
No response
Interested in opening a PR to fix?
No, not this one.
A friendly reminder that this issue had no activity for 30 days.
Issue Description
The behaviour of
podman kube play file.yaml
does not match the Kubernetes docs:imagePullPolicy
field, and you don't specify the tag for the container image,imagePullPolicy
is automatically set toAlways
;Reference: https://github.com/kubernetes/website/blob/589540642638c035d824162ef9f57ba4234cb1e6/content/en/docs/concepts/containers/images.md?plain=1#L120-L121
Steps to reproduce the issue
On a Fedora CoreOS 40.20231209.91.0 machine with Podman 4.8.1 do these steps
Create the file /tmp/reproduce.bash with the contents
Create the file /tmp/test.bash with the contents
bash /tmp/test.bash test1 ""
bash /tmp/test.bash test2 ":latest"
Describe the results you received
Step 3 prints the output
Step 4 prints the output
Describe the results you expected
I would have expected step 3 and step 4 to show similar output (something like what step 4 produces).
podman info output
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
(I also tried Podman 4.8.3)
Additional environment details
No response
Additional information
No response