Merge pull request #110535 from giuseppe/add-userns-CRI

kubelet: add CRI definitions for user namespaces
This commit is contained in:
Kubernetes Prow Robot 2022-06-24 09:16:56 -07:00 committed by GitHub
commit 6219eed24f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 2301 additions and 1005 deletions

File diff suppressed because it is too large Load Diff

View File

@ -207,6 +207,16 @@ message Mount {
MountPropagation propagation = 5;
}
// IDMapping describes host to container ID mappings for a pod sandbox.
message IDMapping {
// HostId is the id on the host.
uint32 host_id = 1;
// ContainerId is the id in the container.
uint32 container_id = 2;
// Length is the size of the range to map.
uint32 length = 3;
}
// A NamespaceMode describes the intended namespace configuration for each
// of the namespaces (Network, PID, IPC) in NamespaceOption. Runtimes should
// map these modes as appropriate for the technology underlying the runtime.
@ -232,6 +242,19 @@ enum NamespaceMode {
TARGET = 3;
}
// UserNamespace describes the intended user namespace configuration for a pod sandbox.
message UserNamespace {
// Mode is the NamespaceMode for this UserNamespace.
// Note: NamespaceMode for UserNamespace currently supports only POD and NODE, not CONTAINER OR TARGET.
NamespaceMode mode = 1;
// Uids specifies the UID mappings for the user namespace.
repeated IDMapping uids = 2;
// Gids specifies the GID mappings for the user namespace.
repeated IDMapping gids = 3;
}
// NamespaceOption provides options for Linux namespaces.
message NamespaceOption {
// Network namespace for this container/sandbox.
@ -251,6 +274,12 @@ message NamespaceOption {
// previously created in the same pod. It is not possible to specify different targets
// for each namespace.
string target_id = 4;
// UsernsOptions for this pod sandbox.
// The Kubelet picks the user namespace configuration to use for the pod sandbox. The mappings
// are specified as part of the UserNamespace struct. If the struct is nil, then the POD mode
// must be assumed. This is done for backward compatibility with older Kubelet versions that
// do not set a user namespace.
UserNamespace userns_options = 5;
}
// Int64Value is the wrapper of int64.

File diff suppressed because it is too large Load Diff

View File

@ -207,6 +207,16 @@ message Mount {
MountPropagation propagation = 5;
}
// IDMapping describes host to container ID mappings for a pod sandbox.
message IDMapping {
// HostId is the id on the host.
uint32 host_id = 1;
// ContainerId is the id in the container.
uint32 container_id = 2;
// Length is the size of the range to map.
uint32 length = 3;
}
// A NamespaceMode describes the intended namespace configuration for each
// of the namespaces (Network, PID, IPC) in NamespaceOption. Runtimes should
// map these modes as appropriate for the technology underlying the runtime.
@ -232,6 +242,19 @@ enum NamespaceMode {
TARGET = 3;
}
// UserNamespace describes the intended user namespace configuration for a pod sandbox.
message UserNamespace {
// Mode is the NamespaceMode for this UserNamespace.
// Note: NamespaceMode for UserNamespace currently supports only POD and NODE, not CONTAINER OR TARGET.
NamespaceMode mode = 1;
// Uids specifies the UID mappings for the user namespace.
repeated IDMapping uids = 2;
// Gids specifies the GID mappings for the user namespace.
repeated IDMapping gids = 3;
}
// NamespaceOption provides options for Linux namespaces.
message NamespaceOption {
// Network namespace for this container/sandbox.
@ -251,6 +274,12 @@ message NamespaceOption {
// previously created in the same pod. It is not possible to specify different targets
// for each namespace.
string target_id = 4;
// UsernsOptions for this pod sandbox.
// The Kubelet picks the user namespace configuration to use for the pod sandbox. The mappings
// are specified as part of the UserNamespace struct. If the struct is nil, then the POD mode
// must be assumed. This is done for backward compatibility with older Kubelet versions that
// do not set a user namespace.
UserNamespace userns_options = 5;
}
// Int64Value is the wrapper of int64.