play kube does not expand env in command

[reavessm]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Variables defined in the env section are not expanded in the command/args section. According to the k8s spec, env vars should be expanded using the $(VAR_NAME) syntax.

Steps to reproduce the issue:

1. Define a file called test.yaml with the following contents:

---
kind: Pod
apiVersion: v1
metadata:
  name: echo
  labels:
    app: echo
spec:
  containers:
    - name: test
      env:
        - key: FOO
          value: BAR
      image: docker.io/library/alpine:latest
      command:
        - /bin/sh
        - -c
        - echo
        - $(FOO)

2. verify result by running podman play kube test.yaml && podman logs -f echo-test

Describe the results you received:

no output

Describe the results you expected:

"BAR" to be printed

Additional information you deem important (e.g. issue happens only occasionally):

I also tried printing $(PATH) instead of $(FOO) and there was still no output.

Output of podman version:

Client:       Podman Engine
Version:      4.2.0
API Version:  4.2.0
Go Version:   go1.18.4
Built:        Thu Aug 11 10:42:17 2022
OS/Arch:      linux/amd64

Output of podman info:

host:
  arch: amd64
  buildahVersion: 1.27.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.4-2.fc36.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.4, commit: '
  cpuUtilization:
    idlePercent: 81.86
    systemPercent: 4.71
    userPercent: 13.43
  cpus: 8
  distribution:
    distribution: fedora
    variant: workstation
    version: "36"
  eventLogger: journald
  hostname: fedora
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.19.11-200.fc36.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 2847203328
  memTotal: 33404751872
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.6-2.fc36.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.6
      commit: 18cf2efbb8feb2b2f20e316520e0fd0b6c41ef4d
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
    version: |-
      slirp4netns version 1.2.0-beta.0
      commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 8548249600
  swapTotal: 8589930496
  uptime: 5h 48m 24.00s (Approximately 0.21 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/sreaves/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 1
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/sreaves/.local/share/containers/storage
  graphRootAllocated: 254339448832
  graphRootUsed: 135085797376
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 45
  runRoot: /run/user/1000/containers
  volumePath: /home/sreaves/.local/share/containers/storage/volumes
version:
  APIVersion: 4.2.0
  Built: 1660228937
  BuiltTime: Thu Aug 11 10:42:17 2022
  GitCommit: ""
  GoVersion: go1.18.4
  Os: linux
  OsArch: linux/amd64
  Version: 4.2.0

Package info (e.g. output of rpm -q podman or apt list podman):

podman-4.2.0-2.fc36.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (/~https://github.com/containers/podman/blob/main/troubleshooting.md)

I have not tested with latest but I have read the troubleshooting guide.

Additional environment details (AWS, VirtualBox, physical, etc.):

Physical F36 Workstation

[rhatdan]

Are you sure your YAML file was correct. I did the following and it worked correctly for me.

---
kind: Pod
apiVersion: v1
metadata:
  name: echo
  labels:
    app: echo
spec:
  containers:
    - name: test
      env:
        - name: FOO
          value: BAR
      image: docker.io/library/alpine:latest
      command: ["/bin/sh"]
      args: ["-c", "echo ${FOO}"]

[vrothberg]

k8s downward API does not support all the word https://kubernetes.io/docs/concepts/workloads/pods/downward-api/#downwardapi-fieldRef

Can you elaborate on that? I am not sure whether you think Podman behaves correctly or not.

[zhangguanzhang]

$ cat pod.yml
kind: Pod
apiVersion: v1
metadata:
  name: echo
  labels:
    app: echo
spec:
  containers:
    - name: test
      env:
        - name: FOO
          value: BAR
      image: docker.io/library/alpine:latest
      command:
        - /bin/sh
        - -c
        - echo $(FOO);
          timeout 200 tail -f /dev/null
$ kubectl apply -f pod.yml
$ kubectl logs -l app=echo
BAR
$ docker inspect 01b --format '{{.Config.Entrypoint}}'
[/bin/sh -c echo BAR; timeout 200 tail -f /dev/null]

codedocs link: https://kubernetes.io/docs/tasks/inject-data-application/define-interdependent-environment-variables/
code ref: /~https://github.com/kubernetes/kubernetes/blob/20b01afecbba85c53b58711b07049e8c1b764b2d/third_party/forked/golang/expansion/expand.go

[reavessm]

I just copied the yaml from @zhangguanzhang 's link and this is what I get:

> cat test.yaml && podman rm -af && podman play kube test.yaml && podman logs env-demo-test
apiVersion: v1
kind: Pod
metadata:
  name: env-demo
spec:
  containers:
    - name: test
      args:
        - while true; do echo -en '\n'; printf UNCHANGED_REFERENCE=$UNCHANGED_REFERENCE'\n'; printf SERVICE_ADDRESS=$SERVICE_ADDRESS'\n';printf ESCAPED_REFERENCE=$ESCAPED_REFERENCE'\n'; sleep 30; done;
      command:
        - sh
        - -c
      image: busybox:1.28
      env:
        - name: SERVICE_PORT
          value: "80"
        - name: SERVICE_IP
          value: "172.17.0.1"
        - name: UNCHANGED_REFERENCE
          value: "$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)"
        - name: PROTOCOL
          value: "https"
        - name: SERVICE_ADDRESS
          value: "$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)"
        - name: ESCAPED_REFERENCE
          value: "$$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)"
WARN[0010] StopSignal SIGTERM failed to stop container env-demo-test in 10 seconds, resorting to SIGKILL
a12d329a3cd5e80d9935479b0ed018a697665980734faf1351207f08f8b0c0f6
c21d115c3b248b49d42eddf53e6ba849f8f23068e476c273f7ca3bd44395de38
Pod:
a316b0dd6ce6815df38cd91c8188a377714454fe01024dda95089c7e4323ab2a
Container:
f4c31e1d9e927693e7f37f662313d4bfb5a22e7833cbc87f370998a3e80fd106


UNCHANGED_REFERENCE=$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)
SERVICE_ADDRESS=$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)
ESCAPED_REFERENCE=$$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)

meanwhile, this is the expected output according to the docs:

UNCHANGED_REFERENCE=$(PROTOCOL)://172.17.0.1:80
SERVICE_ADDRESS=https://172.17.0.1:80
ESCAPED_REFERENCE=$(PROTOCOL)://172.17.0.1:80

(note: PROTOCOL is supposed to be unexpanded due to the ordering of the env, but things like SERVICE_IP should be expanded and are not).

[jakecorrenti]

Can I try this?

[vrothberg]

Sure, thanks @jakecorrenti !

[rhatdan]

I think the issue is the parser we are using to translate kube.yaml is not supporting that mechanism for passing environment variables.

[rhatdan]

We end up with the value but not the name.

[reavessm]

Any update on this @jakecorrenti? I'd be happy to help if needed.

[jakecorrenti]

@reavessm you can snag it. I haven't been making much progress, unfortunately.

[rhatdan]

@reavessm you got it.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@reavessm Any progress?

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@haircommander Can you confirm this?

[rhatdan]

So this is interesting from a Docker/Podman perspective

# cat /tmp/env
FOO=bar
FOO1=${FOO}
sh-5.2# docker run --env-file /tmp/env alpine printenv FOO1
${FOO}
sh-5.2# podman run --env-file /tmp/env alpine printenv FOO1
${FOO}

[hasan4791]

Shall i take a look on this one?

[rhatdan]

@hasan4791 It is yours.

[ch33hau]

Hi @rhatdan , this issue has no recent update. Can I try to work on it?

[rhatdan]

Sure hopefully you can get it done.

[rhatdan]

@ch33hau Any update?

[rhatdan]

@jakecorrenti Is this something you could look at again?

[jakecorrenti]

Sure thing. I won't be able to get around to it until next week if that's ok

[rhatdan]

This issue is almost a year old, a week won't matter. :^)

[jakecorrenti]

/assign