github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

pkg/kubelet: Explain why a user is required to get userns kubelet mappings

Browse Source 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos 2025-03-11 15:33:22 +01:00
parent c984f0f08a
commit 69e270f509
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/kubelet_pods.go
View File

@ -131,6 +131,12 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) {
return defaultFirstID, defaultLen, nil return defaultFirstID, defaultLen, nil
} }
// We NEED to check for the user because getsubids can be configured to gather the response
// with a remote call and we can't distinguish between the remote endpoint not being reachable
// and the remote endpoint is reachable but no entry is present for the user.
// So we check for the kubelet user first, if it exist and getsubids is present, we expect
// to get _some_ configuration. If the user exist and getsubids doesn't give us any
// configuration, then we consider the remote down and fail to start the kubelet.
_, err := user.Lookup(kubeletUser) _, err := user.Lookup(kubeletUser)
if err != nil { if err != nil {
var unknownUserErr user.UnknownUserError var unknownUserErr user.UnknownUserError