Kubernetes v1.33 will support setting `userNamespaces.idsPerPod`
in `KubeletConfiguration`.
Depends on k/k PR 130028
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The number of subuids and subgids for each of pods is hard-coded to 65536,
regardless to the total ID count specified in `/etc/subuid` and `/etc/subgid`:
https://github.com/kubernetes/kubernetes/blob/v1.32.0/pkg/kubelet/userns/userns_manager.go#L211-L228
This fact was not clarified in the documentation.
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The variable expansion is wrong: it currently expands to 1.27.3 on the
rendered website, so it says it is supported in 1.27 and that it is not.
Let's just re-work this paragraph so it is cleaerer and the variable
expansion is what we want (1.27 and not 1.27.3)-
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
* content: Update user namespaces version requirements
Also, with the new implementation, the fsGroup was dropped. So removed
the mention to those limitations.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
* content: Add reference to the userns task in the concepts page
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
---------
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
containerd 1.7 was just released with user namespaces support. Let's
mention which kubernetes versions should work with container 1.7.
While we are there, let's clarify the CRI-O version and not duplicate
the requirements in the concept and task pages and just add a link
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Rey Lejano
Rodrigo Campos
Akihiro Suda
Kubernetes Prow Robot
Sascha Grunert
Michael
Mickey Boxell
Rodrigo Campos
David Xia
Giuseppe Scrivano