diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-09-08 16:23:37 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-09-08 22:08:50 +0200 |
commit | ad63aa20db09b3d4b8f9d5312a0022e50c417341 (patch) | |
tree | aa06c5cba5e0293661bbf4f1fa124b20a35ae47f /pkg/domain | |
parent | 6d8bafe57a65970ead17a83cb1983629b3a2aedb (diff) | |
download | podman-ad63aa20db09b3d4b8f9d5312a0022e50c417341.tar.gz podman-ad63aa20db09b3d4b8f9d5312a0022e50c417341.tar.bz2 podman-ad63aa20db09b3d4b8f9d5312a0022e50c417341.zip |
kube: plug HostUsers in the pod spec
map HostUsers=false to userns=auto.
One difference with the current implementation in the Kubelet is that
the podman default size is 1024 while the Kubelet uses 65536.
This is done on purpose, because 65536 is a problem for rootless as
the entire IDs space would be allocated to a single pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/domain')
-rw-r--r-- | pkg/domain/infra/abi/play.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 12786afcd..57d795682 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -355,6 +355,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY if options.Userns == "" { options.Userns = "host" + if podYAML.Spec.HostUsers != nil && !*podYAML.Spec.HostUsers { + options.Userns = "auto" + } + } else if podYAML.Spec.HostUsers != nil { + logrus.Info("overriding the user namespace mode in the pod spec") } // Validate the userns modes supported. |