search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.26k stars 2.37k forks source link

`imagePullPolicy` should be set to `Always` when both imagePullPolicy and tag are missing #21211

Closed eriksjolund closed 6 months ago

eriksjolund commented 8 months ago

Issue Description

The behaviour of podman kube play file.yaml does not match the Kubernetes docs:

Reference: https://github.com/kubernetes/website/blob/589540642638c035d824162ef9f57ba4234cb1e6/content/en/docs/concepts/containers/images.md?plain=1#L120-L121

Steps to reproduce the issue

On a Fedora CoreOS 40.20231209.91.0 machine with Podman 4.8.1 do these steps

  1. Create the file /tmp/reproduce.bash with the contents

    #!/bin/bash

set -o nounset
set -o errexit

ending=$1

cat << EOF > alp.yaml

apiVersion: v1
kind: Pod
metadata:
 name: test
 namespace: default
spec:
 containers:
 - name: test
   image: docker.io/library/alpine
   command:
   - /bin/true
 restartPolicy: Never
EOF

sed -i "s/alpine/alpine${ending}/" alp.yaml

podman pull -q docker.io/library/alpine:latest
podman kube play --log-level=debug alp.yaml > log.txt 2>&1
grep "GET https://" log.txt

  2. Create the file /tmp/test.bash with the contents

    #!/bin/bash

set -o errexit
set -o nounset

user=$1
append=$2

sudo useradd $user
sudo systemd-run \
 --collect \
 --machine=${user}@ \
 --pipe \
 --quiet \
 --user \
 --wait \
 bash /tmp/reproduce.bash "$append"
  3. bash /tmp/test.bash test1 ""
  4. bash /tmp/test.bash test2 ":latest"

Describe the results you received

Step 3 prints the output

1dc785547989b0db1c3cd9949c57574393e69bea98bfe044b0588e24721aa402

Step 4 prints the output

1dc785547989b0db1c3cd9949c57574393e69bea98bfe044b0588e24721aa402
time="2024-01-09T19:37:31+01:00" level=debug msg="GET https://registry-1.docker.io/v2/"
time="2024-01-09T19:37:32+01:00" level=debug msg="GET https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.io"
time="2024-01-09T19:37:32+01:00" level=debug msg="GET https://registry-1.docker.io/v2/library/alpine/manifests/latest"
time="2024-01-09T19:37:33+01:00" level=debug msg="GET https://registry-1.docker.io/v2/library/alpine/manifests/sha256:a70bcfbd89c9620d4085f6bc2a3e2eef32e8f3cdf5a90e35a1f95dcbd7f71548"

Describe the results you expected

I would have expected step 3 and step 4 to show similar output (something like what step 4 produces).

podman info output

host:
  arch: arm64
  buildahVersion: 1.33.2
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.8-2.fc40.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.8, commit: '
  cpuUtilization:
    idlePercent: 99.65
    systemPercent: 0.14
    userPercent: 0.21
  cpus: 1
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "40"
  eventLogger: journald
  freeLocks: 2045
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1015
      size: 1
    - container_id: 1
      host_id: 3393216
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1015
      size: 1
    - container_id: 1
      host_id: 3393216
      size: 65536
  kernel: 6.7.0-0.rc4.20231208git5e3f5b81de80.38.fc40.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 184836096
  memTotal: 2045280256
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.9.0-1.fc40.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.9.0
    package: netavark-1.9.0-1.fc40.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.9.0
  ociRuntime:
    name: crun
    package: crun-1.12-1.fc40.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.12
      commit: ce429cb2e277d001c2179df1ac66a470f00802ae
      rundir: /run/user/1015/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20231204.gb86afe3-1.fc40.aarch64
    version: |
      pasta 0^20231204.gb86afe3-1.fc40.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1015/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc40.aarch64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 178h 58m 46.00s (Approximately 7.42 days)
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /var/home/test13/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/test13/.local/share/containers/storage
  graphRootAllocated: 10132369408
  graphRootUsed: 7994347520
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/user/1015/containers
  transientStore: false
  volumePath: /var/home/test13/.local/share/containers/storage/volumes
version:
  APIVersion: 4.8.1
  Built: 1701777641
  BuiltTime: Tue Dec  5 13:00:41 2023
  GitCommit: ""
  GoVersion: go1.21.4
  Os: linux
  OsArch: linux/arm64
  Version: 4.8.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

(I also tried Podman 4.8.3)

Additional environment details

No response

Additional information

No response

rhatdan commented 8 months ago

Interested in opening a PR to fix?

eriksjolund commented 8 months ago

No, not this one.

github-actions[bot] commented 7 months ago

A friendly reminder that this issue had no activity for 30 days.