Add support for user namespaces phase 1 (KEP 127) #111090
Conversation
k8s-ci-robot
added
release-note
|
cc @giuseppe |
k8s-ci-robot
added
the
needs-priority
|
/sig node |
k8s-ci-robot
added
sig/node
k8s-ci-robot
added
sig/api-machinery
|
Hmm, it seems the CI is failing to chown: I'll remove the patch adding tests to atomic_writer, to see if that helps to make the CI happy, and then open a different PR with them and see how to fix it there |
rata
force-pushed
the
rata/userns-support-2022
branch
from
6d1d848
to
9130dc1
Compare
|
Hmm, no, that didn't make the CI happier. I still see: which shouldn't happen, the chown should work. Is it possible that the CI is broken? I'll push again the atomir_writer tests that I added, then. (there are other things we need to fix in the unit tests, we will work on those. But that specific error seems like a problem in the CI) |
giuseppe
force-pushed
the
rata/userns-support-2022
branch
from
6cd106d
to
745afdc
Compare
|
This PR may require API review. If so, when the changes are ready, complete the pre-review checklist and request an API review. Status of requested reviews is tracked in the API Review project. |
|
/remove-sig api-machinery |
k8s-ci-robot
removed
the
sig/api-machinery
|
For this PR title, I suggest making it clear in the PR title and changelog that these are Linux namespaces or node-level namespaces. Kubernetes' API also has namespaces and some readers might not know about the other kind. To help with localization, write “phase 1” not “phase I”. |
|
/approve, but I think you need a final LGTM from storage? |
|
/test pull-kubernetes-unit It seems completely unrelated to this PR |
|
/approve |
|
/approve end-of-line remarks are not supported, sigh |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mrunalp, rata, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
Hello 👋, 1.25 Release Lead here. The exception request is approved and your updated deadline to make any changes to your PR is 10:00 AM PST Monday 8th August 2022. Thank you! /milestone v1.25 |
After the userns PR got merged: kubernetes#111090 gnufied decided it might be safer if we feature gate this part of the code, due to the kubelet volume host type assertion. That is a great catch and this patch just moves the code inside the feature gate if. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
What type of PR is this?
/kind feature
What this PR does / why we need it:
Implements KEP 127 phase I: Support for user namespaces.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Please note we added several unit tests but integration and e2e tests need support from the container runtime to make meaningful tests. One option is to make this feature alpha longer, until a container runtime with support is released and we can include those versions on the CI. We will investigate if other options are desirable. Any feedback on that is super welcome :)
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: