search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
24k stars 2.43k forks source link

Podman play|generate kube isn't creating a pod with the equivalent of the -p option #5964

Closed rsletten closed 4 years ago

rsletten commented 4 years ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

podman generate kube doesn't seem to create any kube yaml which would run the equivalent of podman pod create -p 192.168.1.239:5000:5000/tcp

Or podman play kube doesn't create the pod with the hostIP assigned to the container.

[root@fedora31 ~]# podman pod create --name test -p 192.168.1.239:5000:5000/tcp
e3964a45d3c98a05e40c7e665f4c8b17aae7d948028995163a84cec1dd395491

[root@fedora31 ~]# podman run -dt -i --pod test alpine top
bc54853cf573bdd8e2930fd7014d0b1cde85f8d1abdb80628bfaf8ab31ab552f

[root@fedora31 ~]# podman ps -a
CONTAINER ID  IMAGE                            COMMAND  CREATED         STATUS            PORTS                         NAMES
bc54853cf573  docker.io/library/alpine:latest  top      6 seconds ago   Up 5 seconds ago  192.168.1.239:5000->5000/tcp  thirsty_moore
ed77b6ae8591  k8s.gcr.io/pause:3.2                      11 seconds ago  Up 5 seconds ago  192.168.1.239:5000->5000/tcp  e3964a45d3c9-infra

[root@fedora31 ~]# podman pod ps
POD ID         NAME   STATUS    CREATED          # OF CONTAINERS   INFRA ID
e3964a45d3c9   test   Running   18 seconds ago   2                 ed77b6ae8591

[root@fedora31 ~]# podman generate kube test > play.yaml

[root@fedora31 ~]# cat play.yaml
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-1.9.0
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2020-04-23T21:50:13Z"
  labels:
    app: test
  name: test
spec:
  containers:
  - command:
    - top
    env:
    - name: PATH
      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - name: TERM
      value: xterm
    - name: container
      value: podman
    - name: HOSTNAME
      value: test
    image: docker.io/library/alpine:latest
    name: thirstymoore
    ports:
    - containerPort: 5000
      hostIP: 192.168.1.239
      hostPort: 5000
      protocol: TCP
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    stdin: true
    tty: true
    workingDir: /
status: {}

[root@fedora31 ~]# podman pod rm -f test
e3964a45d3c98a05e40c7e665f4c8b17aae7d948028995163a84cec1dd395491

[root@fedora31 ~]# podman play kube play.yaml
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob aad63a933944 [--------------------------------------] 0.0b / 0.0b
Copying config a187dde48c done
Writing manifest to image destination
Storing signatures
Pod:
c8a16308d400e7918ee4d5d3201f69f951057d89980480de037809d13bf1aa45
Container:
aeae6717809db4d23d55e7ee803450005a0c069972cb4da140709f597b11b669

[root@fedora31 ~]# podman ps -a
CONTAINER ID  IMAGE                            COMMAND  CREATED        STATUS            PORTS                   NAMES
aeae6717809d  docker.io/library/alpine:latest  top      5 seconds ago  Up 4 seconds ago  0.0.0.0:5000->5000/tcp  thirstymoore
cceba00f69de  k8s.gcr.io/pause:3.2                      7 seconds ago  Up 5 seconds ago  0.0.0.0:5000->5000/tcp  c8a16308d400-infra

[root@fedora31 ~]# podman pod ps
POD ID         NAME   STATUS    CREATED          # OF CONTAINERS   INFRA ID
c8a16308d400   test   Running   38 seconds ago   2                 cceba00f69de

[root@fedora31 ~]# podman version
Version:            1.9.0
RemoteAPI Version:  1
Go Version:         go1.13.9
OS/Arch:            linux/amd64

Describe the results you received:

[root@fedora31 ~]# podman play kube play.yaml
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob aad63a933944 [--------------------------------------] 0.0b / 0.0b
Copying config a187dde48c done
Writing manifest to image destination
Storing signatures
Pod:
c8a16308d400e7918ee4d5d3201f69f951057d89980480de037809d13bf1aa45
Container:
aeae6717809db4d23d55e7ee803450005a0c069972cb4da140709f597b11b669

[root@fedora31 ~]# podman ps -a
CONTAINER ID  IMAGE                            COMMAND  CREATED        STATUS            PORTS                   NAMES
aeae6717809d  docker.io/library/alpine:latest  top      5 seconds ago  Up 4 seconds ago  0.0.0.0:5000->5000/tcp  thirstymoore
cceba00f69de  k8s.gcr.io/pause:3.2                      7 seconds ago  Up 5 seconds ago  0.0.0.0:5000->5000/tcp  c8a16308d400-infra

Describe the results you expected:

[root@fedora31 ~]# podman play kube play.yaml
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob aad63a933944 [--------------------------------------] 0.0b / 0.0b
Copying config a187dde48c done
Writing manifest to image destination
Storing signatures
Pod:
c8a16308d400e7918ee4d5d3201f69f951057d89980480de037809d13bf1aa45
Container:
aeae6717809db4d23d55e7ee803450005a0c069972cb4da140709f597b11b669

CONTAINER ID  IMAGE                            COMMAND  CREATED         STATUS            PORTS                         NAMES
bc54853cf573  docker.io/library/alpine:latest  top      6 seconds ago   Up 5 seconds ago  192.168.1.239:5000->5000/tcp  thirsty_moore
ed77b6ae8591  k8s.gcr.io/pause:3.2                      11 seconds ago  Up 5 seconds ago  192.168.1.239:5000->5000/tcp  e3964a45d3c9-infra

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:            1.9.0
RemoteAPI Version:  1
Go Version:         go1.13.9
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  gitCommit: ""
  goVersion: go1.13.9
  podmanVersion: 1.9.0
host:
  arch: amd64
  buildahVersion: 1.14.8
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.15-1.fc31.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.15, commit: 4152e6044da92e0c5f246e5adf14c85f41443759'
  cpus: 4
  distribution:
    distribution: fedora
    version: "31"
  eventLogger: journald
  hostname: fedora31.rsletten.com
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.5.17-200.fc31.x86_64
  memFree: 2741886976
  memTotal: 4120424448
  ociRuntime:
    name: crun
    package: crun-0.13-2.fc31.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.13
      commit: e79e4de4ac16da0ce48777afb72c6241de870525
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  rootless: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 4261408768
  swapTotal: 4261408768
  uptime: 1h 15m 37.83s (Approximately 0.04 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageStore:
    number: 2
  runRoot: /var/run/containers/storage
  volumePath: /var/lib/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

podman-1.9.0-1.fc31.x86_64

Additional environment details (AWS, VirtualBox, physical, etc.):

VM on Proxmox

rhatdan commented 4 years ago

@haircommander WDYT?

haircommander commented 4 years ago

We have the hostPort options wired up, but it's possible there's somewhere it's dropped. I'll try to look at this later today

tylarb commented 4 years ago

I remember from working on https://github.com/containers/libpod/pull/5642/, port parsing should be fine, but there's no bind to individual IP supported.

As of 1.9 it's not supported https://github.com/containers/libpod/blob/d985723506a29766ed21585ba8541033db6bd572/pkg/adapter/pods.go#L798

Where did pkg/adapter go in v2?

x70b1 commented 4 years ago

I can confirm this.

    ports:
    - containerPort: 9095
      hostIP: 10.4.0.61
      hostPort: 9095
      protocol: TCP

This yaml create a container like:

PORTS
0.0.0.0:9095->9095/tcp
mheon commented 4 years ago

We should fix this for v2.0

mheon commented 4 years ago

@ashley-cui PTAL

x70b1 commented 4 years ago

@mheon Unfortunately it is not fixed in v2.0.

This is a real problem. It is currently not possible to use a port twice if you have multiple IPs on the host.

github-actions[bot] commented 4 years ago

A friendly reminder that this issue had no activity for 30 days.

rhatdan commented 4 years ago

@ashley-cui Did you ever get a chance to look at this? @ryanchpowell Any chance you could look at this?

ashley-cui commented 4 years ago

@rhatdan Didn't get a chance to look at it, but should be free to take it today, unless @ryanchpowell wants it

rhatdan commented 4 years ago

@ashley-cui you take it.

ashley-cui commented 4 years ago

@rhatdan How do I write tests for this? Since IP's change from machine to machine

x70b1 commented 4 years ago

This issue seems to be fixed with the PR. In which version will this be shipped? I installed 2.0.4 and the issue is still there.

zhangguanzhang commented 4 years ago

I test it , it's ok in 2.0.4 @x70b1 

root@develop:~# podman pod create --name test -p 127.0.0.1:5000:5000/tcp
ab80c59f25f86548e4a650844ea4e7eaa7af003299e7096675b003553271f88d
root@develop:~# podman run -dt -i --pod test alpine top -d 10
8839a33de99021534a3876e9b7cda8a7d5caa054022c3bea07a5112e604b5295
root@develop:~# podman generate kube test
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-2.0.2
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2020-08-04T13:06:22Z"
  labels:
    app: test
  name: test
spec:
  containers:
  - command:
    - top
    - -d
    - "10"
    env:
    - name: PATH
      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - name: TERM
      value: xterm
    - name: container
      value: podman
    - name: HOSTNAME
      value: test
    image: docker.io/library/alpine:3.12
    name: kindmeitner
    ports:
    - containerPort: 5000
      hostIP: 127.0.0.1
      hostPort: 5000
      protocol: TCP
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    stdin: true
    tty: true
    workingDir: /
status: {}
---
metadata:
  creationTimestamp: null
spec: {}
status:
  loadBalancer: {}

root@develop:~# podman --version
podman version 2.0.4
x70b1 commented 4 years ago

@zhangguanzhang What did you exactly test?

The problem here is that podman listen on all adresses instead of the defined one.

#  netstat -tulpen | grep conmon
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          23029      1096/conmon
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      0          23030      1096/conmon
# podman --version
podman version 2.0.4

That is my kubernetes.yaml:

spec:

...

    - image: localhost/nginx
      name: nginx
      ports:
       - containerPort: 80
         hostIP: 192.168.100.1
         hostPort: 80
         protocol: tcp
       - containerPort: 443
         hostIP: 192.168.100.1
         hostPort: 443
         protocol: tcp
ashley-cui commented 4 years ago

Looks like it didn't get into 2.0.4 but is in master

x70b1 commented 4 years ago

Well, then lets hope for 2.0.5 :crossed_fingers: