[play_kube] Add validation to container image field

Fixes: #27784

Signed-off-by: Lewis Denny <lewisdenny@me.com>

pkg/specgen/generate/kube/kube.go

@@ -219,6 +219,14 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 		return nil, errors.New("got empty pod name on container creation when playing kube")
 	}
 
+	// We do validate against the Container spec however it has Image set as optional to allow
+	// higher level config management to default or override container images. Image is
+	// required for pods so we must manually validate here.
+	// https://github.com/kubernetes/kubernetes/pull/48406
+	if opts.Container.Image == "" {
+		return nil, fmt.Errorf("container %q is missing the required 'image' field", opts.Container.Name)
+	}
+
 	if opts.NoPodPrefix {
 		s.Name = opts.Container.Name
 	} else {

test/e2e/play_kube_test.go

@@ -283,6 +283,20 @@ spec:
     - containerPort: 80
 `
 
+var podWithoutAnImage = `
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: podDoesntHaveAnImage
+  name: podDoesntHaveAnImage
+spec:
+  containers:
+  - name: podDoesntHaveAnImage
+    ports:
+    - containerPort: 80
+`
+
 var subpathTestNamedVolume = `
 apiVersion: v1
 kind: Pod
@@ -2637,6 +2651,15 @@ var _ = Describe("Podman kube play", func() {
 		Expect(kube).Should(ExitWithError(125, "pod does not have a name"))
 	})
 
+	It("should error if pod doesn't have an image", func() {
+		err := writeYaml(podWithoutAnImage, kubeYaml)
+		Expect(err).ToNot(HaveOccurred())
+
+		kube := podmanTest.Podman([]string{"kube", "play", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(ExitWithError(125, `container "podDoesntHaveAnImage" is missing the required 'image' field`))
+	})
+
 	It("support container liveness probe", func() {
 		err := writeYaml(livenessProbePodYaml, kubeYaml)
 		Expect(err).ToNot(HaveOccurred())