summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-05-06 20:35:17 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2022-05-10 16:51:01 +0200
commit0774a4ce131754b282443e85cc77c308123ef9c0 (patch)
treef5c93b3cc9ce18bb91c1cdc90e223973ba4f5d7c /pkg/specgen/generate
parent18713f589c1ed9144d873f2656f2067ebf6f3ba2 (diff)
downloadpodman-0774a4ce131754b282443e85cc77c308123ef9c0.tar.gz
podman-0774a4ce131754b282443e85cc77c308123ef9c0.tar.bz2
podman-0774a4ce131754b282443e85cc77c308123ef9c0.zip
kube: add support for --userns=
add support to override the user namespace to use for the pod. Closes: https://github.com/containers/podman/issues/7504 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r--pkg/specgen/generate/kube/kube.go7
1 files changed, 5 insertions, 2 deletions
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 04195d15a..e4c149abf 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -120,6 +120,8 @@ type CtrSpecGenOptions struct {
RestartPolicy string
// NetNSIsHost tells the container to use the host netns
NetNSIsHost bool
+ // UserNSIsHost tells the container to use the host userns
+ UserNSIsHost bool
// SecretManager to access the secrets
SecretsManager *secrets.SecretsManager
// LogDriver which should be used for the container
@@ -389,8 +391,9 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
if opts.NetNSIsHost {
s.NetNS.NSMode = specgen.Host
}
- // Always set the userns to host since k8s doesn't have support for userns yet
- s.UserNS.NSMode = specgen.Host
+ if opts.UserNSIsHost {
+ s.UserNS.NSMode = specgen.Host
+ }
// Add labels that come from kube
if len(s.Labels) == 0 {