From 0797a850da1e3da4ab960e8c3012b5d5bdd1c811 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 6 Jul 2023 11:43:35 +0200 Subject: [PATCH 1/3] content: Fix typos in versions requirements for userns The variable expansion is wrong: it currently expands to 1.27.3 on the rendered website, so it says it is supported in 1.27 and that it is not. Let's just re-work this paragraph so it is cleaerer and the variable expansion is what we want (1.27 and not 1.27.3)- Signed-off-by: Rodrigo Campos --- .../en/docs/concepts/workloads/pods/user-namespaces.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/content/en/docs/concepts/workloads/pods/user-namespaces.md b/content/en/docs/concepts/workloads/pods/user-namespaces.md index 623337dbd3..cb0452d474 100644 --- a/content/en/docs/concepts/workloads/pods/user-namespaces.md +++ b/content/en/docs/concepts/workloads/pods/user-namespaces.md @@ -54,9 +54,13 @@ to use this feature with Kubernetes stateless pods: * CRI-O: version 1.25 (and later) supports user namespaces for containers. -Please note that containerd v1.7 supports user namespaces for containers, -compatible with Kubernetes {{< skew currentPatchVersion >}}. It should not be used -with Kubernetes 1.27 (and later). +containerd v1.7 is not compatible with the userns support in Kubernetes v{{< skew currentVersion >}}. +Kubernetes v1.25 and v1.26 used an earlier implementation that **is** compatible with containerd v1.7, +in terms of userns support. +If you are using a version of Kubernetes other than {{< skew currentVersion >}}, +check the documentation for that version of Kubernetes for the most relevant information. +If there is a newer release of containerd than v1.7 available for use, also check the containerd +documentation for compatibility information. Support for this in [cri-dockerd is not planned][CRI-dockerd-issue] yet. From aa5975d39d42b558ded7238f8eeaf21fe7fce2c8 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 7 Jul 2023 12:17:10 +0200 Subject: [PATCH 2/3] content: Remove old not about userns The note is no longer valid (the branch was already merged and the merged was done correctly). Signed-off-by: Rodrigo Campos --- content/en/docs/concepts/workloads/pods/user-namespaces.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/content/en/docs/concepts/workloads/pods/user-namespaces.md b/content/en/docs/concepts/workloads/pods/user-namespaces.md index cb0452d474..f2d81f3ed5 100644 --- a/content/en/docs/concepts/workloads/pods/user-namespaces.md +++ b/content/en/docs/concepts/workloads/pods/user-namespaces.md @@ -46,8 +46,6 @@ tmpfs, Secrets use a tmpfs, etc.) Some popular filesystems that support idmap mounts in Linux 6.3 are: btrfs, ext4, xfs, fat, tmpfs, overlayfs. - In addition, support is needed in the {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}} to use this feature with Kubernetes stateless pods: From cc2ca7a644a21fbc3e089a4a9dbced07460e77b1 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 7 Jul 2023 12:37:46 +0200 Subject: [PATCH 3/3] content: Make userns statement about dockerd timeless Signed-off-by: Rodrigo Campos --- content/en/docs/concepts/workloads/pods/user-namespaces.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/concepts/workloads/pods/user-namespaces.md b/content/en/docs/concepts/workloads/pods/user-namespaces.md index f2d81f3ed5..408abb6d16 100644 --- a/content/en/docs/concepts/workloads/pods/user-namespaces.md +++ b/content/en/docs/concepts/workloads/pods/user-namespaces.md @@ -60,7 +60,8 @@ check the documentation for that version of Kubernetes for the most relevant inf If there is a newer release of containerd than v1.7 available for use, also check the containerd documentation for compatibility information. -Support for this in [cri-dockerd is not planned][CRI-dockerd-issue] yet. +You can see the status of user namespaces support in cri-dockerd tracked in an [issue][CRI-dockerd-issue] +on GitHub. [CRI-dockerd-issue]: https://github.com/Mirantis/cri-dockerd/issues/74