search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.83k stars 2.42k forks source link

podman kube play unhealthy does not restart container #22864

Open prauscher opened 5 months ago

prauscher commented 5 months ago

Issue Description

While containers configured with healthcheck or livenessCheck with podman play kube, the container is not restarted. This looks like a followup to #14505 where a "healthcheck restart capability" is mentioned. I only could find --health-on-failure, which is probably what I am looking for, but I cannot find this option in podman play kube or what option in the kubernetes-file should be set to achieve this.

Steps to reproduce the issue

Steps to reproduce the issue

  1. create exec-liveness.yaml from https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/pods/probe/exec-liveness.yaml
  2. run podman play kube exec-liveness.yaml
  3. monitor the pod using watch podman ps
  4. note that the container is shown as unhealthy after ~45 (30 seconds + 3 attempts)
  5. verify the result by running podman healthcheck run followed by the container id observed from podman ps

Describe the results you received

The container continued running. After 10 minutes the container is restarted, as the container command is terminated after 600 seconds.

Describe the results you expected

The container should have been restarted after it went unhealthy

podman info output

host:
  arch: amd64
  buildahVersion: 1.33.7
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.7-1.el9_2.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.7, commit: 606c693de21bcbab87e31002e46663c5f2dc8a9b'
  cpuUtilization:
    idlePercent: 99.5
    systemPercent: 0.03
    userPercent: 0.47
  cpus: 64
  databaseBackend: boltdb
  distribution:
    distribution: rhel
    version: "9.1"
  eventLogger: file
  freeLocks: 2017
  hostname: staging-analyse1
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.14.0-162.6.1.el9_1.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 16290762752
  memTotal: 33054060544
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.1.0-4.el9.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.1.0
    package: netavark-1.1.0-6.el9.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.1.0
  ociRuntime:
    name: crun
    package: crun-1.5-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.5
      commit: 54ebb8ca8bf7e6ddae2eb919f5b82d1d96863dea
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-2.el9.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 16656363520
  swapTotal: 16731074560
  uptime: 10154h 33m 11.00s (Approximately 423.08 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /home/lomon/.config/containers/storage.conf
  containerStore:
    number: 30
    paused: 0
    running: 2
    stopped: 28
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/lomon/.local/share/containers/storage
  graphRootAllocated: 385771397120
  graphRootUsed: 6687997952
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 3
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/lomon/.local/share/containers/storage/volumes
version:
  APIVersion: 4.9.4-rhel
  Built: 1713184388
  BuiltTime: Mon Apr 15 14:33:08 2024
  GitCommit: ""
  GoVersion: go1.21.7 (Red Hat 1.21.7-1.el9)
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4-rhel

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

No

Additional environment details

Running as unprivileged user on a VM (proxmox) with RHEL 9.1

Additional information

No response

github-actions[bot] commented 4 months ago

A friendly reminder that this issue had no activity for 30 days.