2183975 – [RFE] Add option to "podman kube generate" to print podman annotations

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2183975 - [RFE] Add option to "podman kube generate" to print podman annotations

Summary: [RFE] Add option to "podman kube generate" to print podman annotations

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	podman
Sub Component:
Version:	9.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jindrich Novy
QA Contact:	Alex Jia
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-04-03 10:08 UTC by Suhaas Bhat
Modified:	2024-03-07 04:25 UTC (History)
CC List:	12 users (show)
Fixed In Version:	podman-4.6.1-2.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-11-07 08:33:59 UTC
Type:	Story
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	containers podman pull 19208	None	Merged	Add missing reserved annotation support to play	2023-07-19 01:50:41 UTC
Github	containers podman pull 19211	None	Merged	Add `--podman-only` flag to `podman generate kube`	2023-07-19 01:50:41 UTC
Red Hat Issue Tracker	RHELPLAN-153917	None	None	None	2023-04-03 17:55:51 UTC
Red Hat Product Errata	RHSA-2023:6474	None	None	None	2023-11-07 08:35:28 UTC

Comment 9 Daniel Walsh 2023-06-30 11:24:55 UTC

Should we just add annotations as long as they are < 63 chars?  Would that fix the problem.

Comment 10 Jake Correnti 2023-07-03 18:48:47 UTC

An initial pull request can be found here to add a flag to maintain the original annotation length for those longer than 63 characters: https://github.com/containers/podman/pull/19102
I am just starting the work to add an additional flag and the wiring to allow for reserved annotations in the generated YAML.

Comment 11 Jake Correnti 2023-07-18 15:23:42 UTC

The final PRs for this feature were merged upstream and will be included in RHEL 9.4: 
https://github.com/containers/podman/pull/19211
https://github.com/containers/podman/pull/19208

Comment 12 Tom Sweeney 2023-07-18 22:13:06 UTC

Assigning to @jnovy for any further packaging or BZ needs.

Comment 14 Alex Jia 2023-07-20 10:26:00 UTC

Sanity tests are passed on upstream podman.

7974eb181b09b2fe5d53a8988ff4413788543264
[root@kvm-01-guest18 podman]# git branch
* main
[root@kvm-01-guest18 podman]# git rev-parse HEAD
7974eb181b09b2fe5d53a8988ff4413788543264

[root@kvm-01-guest18 podman]# ./test/tools/build/ginkgo -focus "podman kube generate --podman-only" test/e2e/
...ignore...
[SynchronizedAfterSuite]
/root/podman/test/e2e/common_test.go:196
  integration timing results
  Podman kube generate podman kube generate --podman-only on container with --rm                0.155923
  Podman kube generate podman kube generate --podman-only on container with --cidfile           0.156007
  Podman kube generate podman kube generate --podman-only on container with --init              0.156307
  Podman kube generate podman kube generate --podman-only on container with --privileged                0.165792
  Podman kube generate podman kube generate --podman-only on container with --security-opt apparmor=unconfined         0.166067
  Podman kube generate podman kube generate --podman-only on container with --security-opt seccomp=unconfined          0.169739
  Podman kube generate podman kube generate --podman-only on container with --security-opt label=level:s0              0.268152
  Podman kube generate podman kube generate --podman-only on container with --volumes-from              0.447737
  Podman kube generate podman kube generate --podman-only on container with --publish-all               2.249498
[SynchronizedAfterSuite] PASSED [1.743 seconds]
------------------------------
[DeferCleanup (Suite)]
/root/podman/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go:153
[DeferCleanup (Suite)] PASSED [0.000 seconds]
------------------------------
[DeferCleanup (Suite)]
/root/podman/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go:153
[DeferCleanup (Suite)] PASSED [0.000 seconds]
------------------------------

Ran 9 of 2056 Specs in 91.936 seconds
SUCCESS! -- 9 Passed | 0 Failed | 0 Pending | 2047 Skipped
PASS

Ginkgo ran 1 suite in 1m54.557250578s
Test Suite Passed

Comment 19 Alex Jia 2023-08-22 02:56:38 UTC

Hi Jindrich, please help confirm if the targeting this still at 9.3.0 not 9.4.0,
it seems the https://github.com/containers/podman/pull/19211/,
https://github.com/containers/podman/pull/19208, and
https://github.com/containers/podman/pull/19102 are not merged into v4.6.1-rhel branch.


Test failure reason:
  Error: unknown flag: --podman-only
  See 'podman kube generate --help'

[root@kvm-02-guest03 podman]# export PODMAN_BINARY=/usr/bin/podman 
[root@kvm-02-guest03 podman]# rpm -q podman crun systemd kernel
podman-4.6.1-1.el9.x86_64
crun-1.8.6-1.el9.x86_64
systemd-252-17.el9.x86_64
kernel-5.14.0-356.el9.x86_64

[root@kvm-02-guest03 podman]# git branch
  main
* v4.6.1-rhel

[root@kvm-02-guest03 podman]# ./test/tools/build/ginkgo -v -focus "podman play kube test" test/e2e/
...ignore...
  integration timing results
  Podman play kube podman play kube test with nonexistent File HostPath type volume		0.058944
  Podman play kube podman play kube test HostAliases with --no-hosts		0.063447
  Podman play kube podman play kube test with nonexistent empty HostPath type volume		0.063752
  Podman play kube podman play kube test with Socket HostPath type volume should fail if not socket		0.067052
  Podman play kube podman play kube test with reserved volumes-from annotation in yaml		0.259721
  Podman play kube podman play kube test with sysctl & host network defined		0.307212
  Podman play kube podman play kube test get all key-value pairs from required secret as envs		1.023370
  Podman play kube podman play kube test required env value from missing configmap		1.030803
  Podman play kube podman play kube test required env value from missing secret		1.031871
  Podman play kube podman play kube test required env value from secret with missing key		1.054104
  Podman play kube podman play kube test get all key-value pairs from required configmap as envs		1.058180
  Podman play kube podman play kube test only creating the containers		1.166215
  Podman play kube podman play kube test duplicate container name		1.257857
  Podman play kube podman play kube test required env value from configmap with missing key		1.267414
  Podman play kube podman play kube test with DirectoryOrCreate HostPath type volume and existent directory path		1.282495
  Podman play kube podman play kube test with FileOrCreate HostPath type volume		1.284110
  Podman play kube podman play kube test with DirectoryOrCreate HostPath type volume		1.285445
  Podman play kube podman play kube test with File HostPath type volume		1.304012
  Podman play kube podman play kube test with DirectoryOrCreate HostPath type volume and non-existent directory path		1.306458
  Podman play kube podman play kube test get all key-value pairs from optional secret as envs		1.322189
  Podman play kube podman play kube test with empty HostPath type volume		1.323002
  Podman play kube podman play kube test get all key-value pairs from optional configmap as envs		1.336963
  Podman play kube podman play kube test env value from secret		1.343933
  Podman play kube podman play kube test with PersistentVolumeClaim volume		1.353470
  Podman play kube podman play kube test hostname		1.355835
  Podman play kube podman play kube test HostAliases		1.356333
  Podman play kube podman play kube test with read-only HostPath volume		1.358602
  Podman play kube podman play kube test optional env value from missing configmap		1.370057
  Podman play kube podman play kube test with kube default network		1.373825
  Podman play kube podman play kube test optional env value from missing secret		1.386430
  Podman play kube podman play kube test optional env value from configmap with missing key		1.396715
  Podman play kube podman play kube test get all key-value pairs from secret as envs		1.405024
  Podman play kube podman play kube test get all key-value pairs from configmap as envs		1.405275
  Podman play kube podman play kube test optional env value from secret with missing key		1.453094
  Podman play kube podman play kube test env value from configmap		1.466006
  Podman play kube podman play kube test with HostNetwork		1.486492
  Podman play kube podman play kube test with network portbindings		1.619035
  Podman play kube podman play kube test with hostPID		1.627379
  Podman play kube podman play kube test with customized hostname		1.636727
  Podman play kube podman play kube test correct command with only set args in yaml file		1.646443
  Podman play kube podman play kube test duplicate volume destination between host path and image volumes		1.651207
  Podman play kube podman play kube test correct args and cmd when not specified		1.674492
  Podman play kube podman play kube test correct command with both set args and cmd in yaml file		1.712546
  Podman play kube podman play kube test with hostIPC		1.730126
  Podman play kube podman play kube test with sysctl defined		1.810670
  Podman play kube podman play kube test correct command with only set command in yaml file		1.824911
  Podman play kube podman play kube test with init container type set to default value		1.991642
  Podman play kube podman play kube test with init containers and annotation set		2.239342
  Podman play kube podman play kube test env value from configmap and --replace should reuse the configmap volume		2.471274
  Podman play kube podman play kube test correct output		2.678778
  Podman play kube podman play kube test correct command		2.862108
  Podman play kube podman play kube test restartPolicy		3.896780
[SynchronizedAfterSuite] PASSED [1.533 seconds]
------------------------------
[DeferCleanup (Suite)] 
/root/podman/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go:153
[DeferCleanup (Suite)] PASSED [0.000 seconds]
------------------------------
[DeferCleanup (Suite)] 
/root/podman/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go:153
[DeferCleanup (Suite)] PASSED [0.000 seconds]
------------------------------

Summarizing 1 Failure:
  [FAIL] Podman play kube [It] podman play kube test with reserved volumes-from annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5632

Ran 52 of 2072 Specs in 116.125 seconds
FAIL! -- 51 Passed | 1 Failed | 0 Pending | 2020 Skipped

[root@kvm-02-guest03 podman]# ./test/tools/build/ginkgo -v -focus "podman kube play test" test/e2e/
...ignore...
Summarizing 10 Failures:
  [FAIL] Podman play kube [It] podman kube play test with --no-trunc
  /root/podman/test/e2e/play_kube_test.go:5585
  [FAIL] Podman play kube [It] podman kube play test with long annotation
  /root/podman/test/e2e/play_kube_test.go:5605
  [FAIL] Podman play kube [It] podman kube play test with reserved autoremove annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5661
  [FAIL] Podman play kube [It] podman kube play test with reserved privileged annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5684
  [FAIL] Podman play kube [It] podman kube play test with reserved init annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5707
  [FAIL] Podman play kube [It] podman kube play test with reserved CIDFile annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5731
  [FAIL] Podman play kube [It] podman kube play test with reserved Seccomp annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5755
  [FAIL] Podman play kube [It] podman kube play test with reserved Apparmor annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5778
  [FAIL] Podman play kube [It] podman kube play test with reserved Label annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5801
  [FAIL] Podman play kube [It] podman kube play test with reserved PublishAll annotation in yaml
  /root/podman/test/e2e/play_kube_test.go:5842

Ran 10 of 2072 Specs in 32.603 seconds
FAIL! -- 0 Passed | 10 Failed | 0 Pending | 2062 Skipped


[root@kvm-02-guest03 podman]# ./test/tools/build/ginkgo -v -focus "podman kube generate" test/e2e/
...ignore...
Summarizing 11 Failures:
  [FAIL] Podman kube generate [It] podman kube generate --no-trunc on container with long annotation
  /root/podman/test/e2e/generate_kube_test.go:1576
  [FAIL] Podman kube generate [It] podman kube generate --no-trunc on pod with long annotation
  /root/podman/test/e2e/generate_kube_test.go:1625
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --volumes-from
  /root/podman/test/e2e/generate_kube_test.go:1680
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --rm
  /root/podman/test/e2e/generate_kube_test.go:1697
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --privileged
  /root/podman/test/e2e/generate_kube_test.go:1714
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --init
  /root/podman/test/e2e/generate_kube_test.go:1731
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --cidfile
  /root/podman/test/e2e/generate_kube_test.go:1749
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --security-opt seccomp=unconfined
  /root/podman/test/e2e/generate_kube_test.go:1766
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --security-opt apparmor=unconfined
  /root/podman/test/e2e/generate_kube_test.go:1783
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --security-opt label=level:s0
  /root/podman/test/e2e/generate_kube_test.go:1800
  [FAIL] Podman kube generate [It] podman kube generate --podman-only on container with --publish-all
  /root/podman/test/e2e/generate_kube_test.go:1834

Ran 18 of 2072 Specs in 35.524 seconds
FAIL! -- 7 Passed | 11 Failed | 0 Pending | 2054 Skipped

Comment 20 Alex Jia 2023-08-22 04:12:45 UTC

The --podman-only option doesn't support by podman kube generate comand for podman-4.6.1-2.el9 on 9.3.0,
just a confirmation, is it an expected result? if so, this bug has been verified on podman-4.6.1-2.el9.

[root@kvm-02-guest03 podman]# podman kube generate --podman-only
Error: unknown flag: --podman-only
See 'podman kube generate --help'

[root@kvm-02-guest03 podman]# export PODMAN_BINARY=/usr/bin/podman 
[root@kvm-02-guest03 podman]# $PODMAN_BINARY --version
podman version 4.6.1
[root@kvm-02-guest03 podman]# rpm -q podman crun systemd kernel
podman-4.6.1-2.el9.x86_64
crun-1.8.6-1.el9.x86_64
systemd-252-17.el9.x86_64
kernel-5.14.0-356.el9.x86_64

[root@kvm-02-guest03 podman]# ./test/tools/build/ginkgo -v -focus "podman kube generate" test/e2e/
Running Suite: Libpod Suite - /root/podman/test/e2e
===================================================
Random Seed: 1692676051

Will run 5 of 2024 specs
------------------------------
[SynchronizedBeforeSuite]
...ignore...
------------------------------
[SynchronizedAfterSuite] 
/root/podman/test/e2e/common_test.go:197
  integration timing results
  Podman kube generate podman kube generate service on bogus object		0.072865
  Podman kube generate podman kube generate pod on bogus object		0.095112
  Podman kube generate podman kube generate service on container with --security-opt level		0.307430
  Podman kube generate podman kube generate with default ulimits		0.342125
  Podman kube generate podman kube generate on container		0.601780
[SynchronizedAfterSuite] PASSED [2.285 seconds]
------------------------------

Ran 5 of 2024 Specs in 32.598 seconds
SUCCESS! -- 5 Passed | 0 Failed | 0 Pending | 2019 Skipped
PASS

Ginkgo ran 1 suite in 48.909386862s
Test Suite Passed

[root@kvm-02-guest03 podman]# ./test/tools/build/ginkgo -v -focus "podman play kube test" test/e2e/
Running Suite: Libpod Suite - /root/podman/test/e2e
===================================================
Random Seed: 1692676128

Will run 51 of 2024 specs
------------------------------
[SynchronizedBeforeSuite] 
...ignore...
[SynchronizedAfterSuite] 
/root/podman/test/e2e/common_test.go:197
  integration timing results
  Podman play kube podman play kube test with nonexistent File HostPath type volume		0.064588
  Podman play kube podman play kube test with nonexistent empty HostPath type volume		0.065264
  Podman play kube podman play kube test with Socket HostPath type volume should fail if not socket		0.074299
  Podman play kube podman play kube test with sysctl & host network defined		0.298519
  Podman play kube podman play kube test HostAliases with --no-hosts		0.409627
  Podman play kube podman play kube test required env value from configmap with missing key		1.016010
  Podman play kube podman play kube test get all key-value pairs from required configmap as envs		1.075148
  Podman play kube podman play kube test get all key-value pairs from required secret as envs		1.082073
  Podman play kube podman play kube test required env value from missing configmap		1.082635
  Podman play kube podman play kube test required env value from missing secret		1.082665
  Podman play kube podman play kube test only creating the containers		1.148529
  Podman play kube podman play kube test required env value from secret with missing key		1.154707
  Podman play kube podman play kube test get all key-value pairs from optional configmap as envs		1.289838
  Podman play kube podman play kube test with DirectoryOrCreate HostPath type volume and non-existent directory path		1.300146
  Podman play kube podman play kube test env value from configmap		1.344583
  Podman play kube podman play kube test with DirectoryOrCreate HostPath type volume and existent directory path		1.344583
  Podman play kube podman play kube test hostname		1.349813
  Podman play kube podman play kube test with DirectoryOrCreate HostPath type volume		1.350639
  Podman play kube podman play kube test with PersistentVolumeClaim volume		1.371190
  Podman play kube podman play kube test duplicate container name		1.379535
  Podman play kube podman play kube test optional env value from missing configmap		1.380904
  Podman play kube podman play kube test with FileOrCreate HostPath type volume		1.388830
  Podman play kube podman play kube test with empty HostPath type volume		1.406403
  Podman play kube podman play kube test optional env value from configmap with missing key		1.407917
  Podman play kube podman play kube test get all key-value pairs from optional secret as envs		1.412840
  Podman play kube podman play kube test optional env value from missing secret		1.442316
  Podman play kube podman play kube test duplicate volume destination between host path and image volumes		1.446015
  Podman play kube podman play kube test with read-only HostPath volume		1.451385
  Podman play kube podman play kube test get all key-value pairs from secret as envs		1.482393
  Podman play kube podman play kube test correct args and cmd when not specified		1.501459
  Podman play kube podman play kube test with customized hostname		1.503088
  Podman play kube podman play kube test with network portbindings		1.507646
  Podman play kube podman play kube test with HostNetwork		1.510387
  Podman play kube podman play kube test with kube default network		1.520906
  Podman play kube podman play kube test with File HostPath type volume		1.522724
  Podman play kube podman play kube test env value from secret		1.539674
  Podman play kube podman play kube test correct command with only set args in yaml file		1.542436
  Podman play kube podman play kube test HostAliases		1.566560
  Podman play kube podman play kube test get all key-value pairs from configmap as envs		1.585673
  Podman play kube podman play kube test optional env value from secret with missing key		1.591307
  Podman play kube podman play kube test with hostPID		1.622100
  Podman play kube podman play kube test with sysctl defined		1.683543
  Podman play kube podman play kube test correct command with both set args and cmd in yaml file		1.691576
  Podman play kube podman play kube test correct output		1.782649
  Podman play kube podman play kube test correct command with only set command in yaml file		1.786496
  Podman play kube podman play kube test with hostIPC		1.795949
  Podman play kube podman play kube test correct command		2.088189
  Podman play kube podman play kube test with init container type set to default value		2.094834
  Podman play kube podman play kube test with init containers and annotation set		2.385683
  Podman play kube podman play kube test env value from configmap and --replace should reuse the configmap volume		2.389818
  Podman play kube podman play kube test restartPolicy		3.854392
[SynchronizedAfterSuite] PASSED [1.565 seconds]
------------------------------

Ran 51 of 2024 Specs in 124.516 seconds
SUCCESS! -- 51 Passed | 0 Failed | 0 Pending | 1973 Skipped
PASS

Ginkgo ran 1 suite in 2m18.161353593s
Test Suite Passed

Comment 24 Alex Jia 2023-08-23 01:47:35 UTC

This bug has been verified per Comment 20.

Comment 26 errata-xmlrpc 2023-11-07 08:33:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: podman security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6474

Comment 27 Red Hat Bugzilla 2024-03-07 04:25:32 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.