diff --git a/pkg/api/pod/util.go b/pkg/api/pod/util.go index b063a21e1357d..1ca2645bf1e17 100644 --- a/pkg/api/pod/util.go +++ b/pkg/api/pod/util.go @@ -477,7 +477,7 @@ func dropDisabledFields( } // If the feature is disabled and not in use, drop the hostUsers field. - if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) && !hostUsersInUse(oldPodSpec) { + if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) && !hostUsersInUse(oldPodSpec) { // Drop the field in podSpec only if SecurityContext is not nil. // If it is nil, there is no need to set hostUsers=nil (it will be nil too). if podSpec.SecurityContext != nil { diff --git a/pkg/api/pod/util_test.go b/pkg/api/pod/util_test.go index f399eab4285d6..18dfe1f794263 100644 --- a/pkg/api/pod/util_test.go +++ b/pkg/api/pod/util_test.go @@ -1700,7 +1700,7 @@ func TestDropHostUsers(t *testing.T) { } t.Run(fmt.Sprintf("feature enabled=%v, old pod %v, new pod %v", enabled, oldPodInfo.description, newPodInfo.description), func(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.UserNamespacesStatelessPodsSupport, enabled)() + defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.UserNamespacesSupport, enabled)() DropDisabledPodFields(newPod, oldPod) diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index 3827a55e3887b..547b49c7dd631 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -793,7 +793,7 @@ const ( // alpha: v1.25 // // Enables user namespace support for stateless pods. - UserNamespacesStatelessPodsSupport featuregate.Feature = "UserNamespacesStatelessPodsSupport" + UserNamespacesSupport featuregate.Feature = "UserNamespacesSupport" // owner: @cofyc // alpha: v1.21 @@ -1058,7 +1058,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS VolumeCapacityPriority: {Default: false, PreRelease: featuregate.Alpha}, - UserNamespacesStatelessPodsSupport: {Default: false, PreRelease: featuregate.Alpha}, + UserNamespacesSupport: {Default: false, PreRelease: featuregate.Alpha}, WinDSR: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go index 6db16bd03d163..466378deda318 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go @@ -55,7 +55,7 @@ func (m *kubeGenericRuntimeManager) applyPlatformSpecificContainerConfig(config } config.Linux = cl - if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.UserNamespacesStatelessPodsSupport) { + if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.UserNamespacesSupport) { if cl.SecurityContext.NamespaceOptions.UsernsOptions != nil { for _, mount := range config.Mounts { mount.UidMappings = cl.SecurityContext.NamespaceOptions.UsernsOptions.Uids diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index 7d23f215adcab..ffd23630f13eb 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -142,7 +142,7 @@ func MakeUserNsManager(kl userNsPodsManager) (*UsernsManager, error) { } // do not bother reading the list of pods if user namespaces are not enabled. - if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { + if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) { return &m, nil } @@ -258,7 +258,7 @@ func (m *UsernsManager) record(pod types.UID, from, length uint32) (err error) { // Release releases the user namespace allocated to the specified pod. func (m *UsernsManager) Release(podUID types.UID) { - if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { + if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) { return } @@ -367,7 +367,7 @@ func (m *UsernsManager) createUserNs(pod *v1.Pod) (userNs userNamespace, err err // GetOrCreateUserNamespaceMappings returns the configuration for the sandbox user namespace func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod) (*runtimeapi.UserNamespace, error) { - if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { + if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) { return nil, nil } @@ -427,7 +427,7 @@ func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod) (*runtimea // allocations with the pods actually running. It frees any user namespace // allocation for orphaned pods. func (m *UsernsManager) CleanupOrphanedPodUsernsAllocations(pods []*v1.Pod, runningPods []*kubecontainer.Pod) error { - if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) { + if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) { return nil } diff --git a/pkg/kubelet/userns/userns_manager_test.go b/pkg/kubelet/userns/userns_manager_test.go index 5555296f58d5d..fc74025d75d0e 100644 --- a/pkg/kubelet/userns/userns_manager_test.go +++ b/pkg/kubelet/userns/userns_manager_test.go @@ -40,7 +40,7 @@ func (m *testUserNsPodsManager) ListPodsFromDisk() ([]types.UID, error) { } func TestUserNsManagerAllocate(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesStatelessPodsSupport, true)() + defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)() testUserNsPodsManager := &testUserNsPodsManager{} m, err := MakeUserNsManager(testUserNsPodsManager) @@ -90,7 +90,7 @@ func TestUserNsManagerAllocate(t *testing.T) { } func TestUserNsManagerParseUserNsFile(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesStatelessPodsSupport, true)() + defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)() cases := []struct { name string diff --git a/test/e2e/common/node/security_context.go b/test/e2e/common/node/security_context.go index 4997a96b53461..0f014cf0c0714 100644 --- a/test/e2e/common/node/security_context.go +++ b/test/e2e/common/node/security_context.go @@ -72,7 +72,7 @@ var _ = SIGDescribe("Security Context", func() { } } - ginkgo.It("must create the user namespace if set to false [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { + ginkgo.It("must create the user namespace if set to false [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) { // with hostUsers=false the pod must use a new user namespace podClient := e2epod.PodClientNS(f, f.Namespace.Name) @@ -110,7 +110,7 @@ var _ = SIGDescribe("Security Context", func() { } }) - ginkgo.It("must not create the user namespace if set to true [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { + ginkgo.It("must not create the user namespace if set to true [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) { // with hostUsers=true the pod must use the host user namespace pod := makePod(true) // When running in the host's user namespace, the /proc/self/uid_map file content looks like: @@ -121,7 +121,7 @@ var _ = SIGDescribe("Security Context", func() { }) }) - ginkgo.It("should mount all volumes with proper permissions with hostUsers=false [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { + ginkgo.It("should mount all volumes with proper permissions with hostUsers=false [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) { // Create all volume types supported: configmap, secret, downwardAPI, projected. // Create configmap. @@ -245,7 +245,7 @@ var _ = SIGDescribe("Security Context", func() { }) }) - ginkgo.It("should set FSGroup to user inside the container with hostUsers=false [LinuxOnly] [Feature:UserNamespacesStatelessPodsSupport]", func(ctx context.Context) { + ginkgo.It("should set FSGroup to user inside the container with hostUsers=false [LinuxOnly] [Feature:UserNamespacesSupport]", func(ctx context.Context) { // Create configmap. name := "userns-volumes-test-" + string(uuid.NewUUID()) configMap := newConfigMap(f, name)