Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Podman generate kube produces incorrect configuration when bind-mounting "/" and "/root" simultaneously #9764

Closed
jwillikers opened this issue Mar 19, 2021 · 2 comments · Fixed by #10136
Closed

Podman generate kube produces incorrect configuration when bind-mounting "/" and "/root" simultaneously #9764

jwillikers opened this issue Mar 19, 2021 · 2 comments · Fixed by #10136
Labels
Good First Issue This issue would be a good issue for a first time contributor to undertake. kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@jwillikers
Copy link
Contributor

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When generating Kubernetes YAML from a Podman container which bind-mounts both / and /root only one volume is created.
I noticed that this would be an issue when I saw how the hostPath / is renamed to root, which conflicts with the name of the volume for /root, i.e. root.
There's a reason systemd uses - to represent the filesystem's root /.

Steps to reproduce the issue:

  1. Create a Podman container which bind-mounts / and /root.
$ sudo podman run -d --pod "new:mount-root-conflict" -v /:/volume1/ -v /root:/volume2/  --name mount-root-ctr alpine
  1. Generate the Kubernetes YAML from the configuration with generate kube.
$ sudo podman generate kube mount-root-conflict
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-3.1.0-dev
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2021-03-19T12:35:38Z"
  labels:
    app: mount-root-conflict
  name: mount-root-conflict
spec:
  containers:
  - command:
    - /bin/sh
    env:
    - name: PATH
      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - name: TERM
      value: xterm
    - name: container
      value: podman
    image: docker.io/library/alpine:latest
    name: mount-root-ctr
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    volumeMounts:
    - mountPath: /volume1
      name: root
    - mountPath: /volume2
      name: root
    workingDir: /
  dnsConfig: {}
  restartPolicy: Never
  volumes:
  - hostPath:
      path: /root
      type: Directory
    name: root
status: {}
  1. Notice that there is only one hostPath section in the volumes section instead of two.

Describe the results you received:

Only one volume is generated instead of two.
This leads to /root being mounted in both locations instead of / being mounted at one and /root at the other.

Describe the results you expected:

Two volumes should have been generated, one for / and another for /root.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      3.1.0-dev
API Version:  3.1.0-dev
Go Version:   go1.15.8
Git Commit:   c4a551373004219fd2d50e5b055dbc5e233e4e32
Built:        Fri Mar 19 06:31:42 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.19.8
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.26-1.fc33.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.26, commit: 777074ecdb5e883b9bec233f3630c5e7fa37d521'
  cpus: 8
  distribution:
    distribution: fedora
    version: "33"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.10.23-200.fc33.x86_64
  linkmode: dynamic
  memFree: 817324032
  memTotal: 4284538880
  ociRuntime:
    name: crun
    package: crun-0.18-1.fc33.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.18
      commit: 808420efe3dc2b44d6db9f1a3fac8361dde42a95
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.9-1.fc33.x86_64
    version: |-
      slirp4netns version 1.1.9
      commit: 4e37ea557562e0d7a64dc636eff156f64927335e
      libslirp: 4.3.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.0
  swapFree: 2128343040
  swapTotal: 2142236672
  uptime: 1h 24m 0.35s (Approximately 0.04 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
store:
  configFile: /home/jordan/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 1
    stopped: 1
  graphDriverName: btrfs
  graphOptions: {}
  graphRoot: /home/jordan/.local/share/containers/storage
  graphStatus:
    Build Version: 'Btrfs v5.10 '
    Library Version: "102"
  imageStore:
    number: 2
  runRoot: /run/user/1000/containers
  volumePath: /home/jordan/.local/share/containers/storage/volumes
version:
  APIVersion: 3.1.0-dev
  Built: 1616153502
  BuiltTime: Fri Mar 19 06:31:42 2021
  GitCommit: c4a551373004219fd2d50e5b055dbc5e233e4e32
  GoVersion: go1.15.8
  OsArch: linux/amd64
  Version: 3.1.0-dev

Package info (e.g. output of rpm -q podman or apt list podman):

Built from source.

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Run from within a GNOME Boxes virtual machine.
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 19, 2021
@github-actions
Copy link

A friendly reminder that this issue had no activity for 30 days.

@rhatdan rhatdan added Good First Issue This issue would be a good issue for a first time contributor to undertake. and removed stale-issue labels Apr 19, 2021
@rhatdan
Copy link
Member

rhatdan commented Apr 19, 2021

Interested in opening a PR to fix?

@zhangguanzhang zhangguanzhang mentioned this issue Apr 26, 2021
Merged
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Good First Issue This issue would be a good issue for a first time contributor to undertake. kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes generate kube incorrect when bind-mounting "/" and "/root" zhangguanzhang/podman
3 participants
@rhatdan @jwillikers @openshift-ci-robot