From 74c0795a7c298096d67fdddc75e5f5b1b3c27c48 Mon Sep 17 00:00:00 2001 From: Lewis Denny Date: Wed, 17 Dec 2025 22:17:42 +1000 Subject: [PATCH] [play_kube] Add validation to container image field Fixes: #27784 Signed-off-by: Lewis Denny --- pkg/specgen/generate/kube/kube.go | 8 ++++++++ test/e2e/play_kube_test.go | 23 +++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index d74f4ddd23..a33e298299 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -219,6 +219,14 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener return nil, errors.New("got empty pod name on container creation when playing kube") } + // We do validate against the Container spec however it has Image set as optional to allow + // higher level config management to default or override container images. Image is + // required for pods so we must manually validate here. + // https://github.com/kubernetes/kubernetes/pull/48406 + if opts.Container.Image == "" { + return nil, fmt.Errorf("container %q is missing the required 'image' field", opts.Container.Name) + } + if opts.NoPodPrefix { s.Name = opts.Container.Name } else { diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 49da5b69c0..f4d52f552f 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -283,6 +283,20 @@ spec: - containerPort: 80 ` +var podWithoutAnImage = ` +apiVersion: v1 +kind: Pod +metadata: + labels: + app: podDoesntHaveAnImage + name: podDoesntHaveAnImage +spec: + containers: + - name: podDoesntHaveAnImage + ports: + - containerPort: 80 +` + var subpathTestNamedVolume = ` apiVersion: v1 kind: Pod @@ -2637,6 +2651,15 @@ var _ = Describe("Podman kube play", func() { Expect(kube).Should(ExitWithError(125, "pod does not have a name")) }) + It("should error if pod doesn't have an image", func() { + err := writeYaml(podWithoutAnImage, kubeYaml) + Expect(err).ToNot(HaveOccurred()) + + kube := podmanTest.Podman([]string{"kube", "play", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(ExitWithError(125, `container "podDoesntHaveAnImage" is missing the required 'image' field`)) + }) + It("support container liveness probe", func() { err := writeYaml(livenessProbePodYaml, kubeYaml) Expect(err).ToNot(HaveOccurred())