From ad63aa20db09b3d4b8f9d5312a0022e50c417341 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 8 Sep 2022 16:23:37 +0200
Subject: kube: plug HostUsers in the pod spec

map HostUsers=false to userns=auto.

One difference with the current implementation in the Kubelet is that
the podman default size is 1024 while the Kubelet uses 65536.

This is done on purpose, because 65536 is a problem for rootless as
the entire IDs space would be allocated to a single pod.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/domain/infra/abi/play.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkg/domain')

diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 12786afcd..57d795682 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -355,6 +355,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 
 	if options.Userns == "" {
 		options.Userns = "host"
+		if podYAML.Spec.HostUsers != nil && !*podYAML.Spec.HostUsers {
+			options.Userns = "auto"
+		}
+	} else if podYAML.Spec.HostUsers != nil {
+		logrus.Info("overriding the user namespace mode in the pod spec")
 	}
 
 	// Validate the userns modes supported.
-- 
cgit v1.2.3-54-g00ecf