diff --git a/pkg/features/versioned_kube_features.go b/pkg/features/versioned_kube_features.go index fddf302a275..f77e1194f3c 100644 --- a/pkg/features/versioned_kube_features.go +++ b/pkg/features/versioned_kube_features.go @@ -808,6 +808,7 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate UserNamespacesSupport: { {Version: version.MustParse("1.25"), Default: false, PreRelease: featuregate.Alpha}, {Version: version.MustParse("1.30"), Default: false, PreRelease: featuregate.Beta}, + {Version: version.MustParse("1.33"), Default: true, PreRelease: featuregate.Beta}, }, VolumeAttributesClass: { diff --git a/pkg/kubelet/kubelet_test.go b/pkg/kubelet/kubelet_test.go index d8c59dd3a6d..bbd7e9bbdcb 100644 --- a/pkg/kubelet/kubelet_test.go +++ b/pkg/kubelet/kubelet_test.go @@ -97,6 +97,7 @@ import ( "k8s.io/kubernetes/pkg/kubelet/sysctl" "k8s.io/kubernetes/pkg/kubelet/token" kubetypes "k8s.io/kubernetes/pkg/kubelet/types" + "k8s.io/kubernetes/pkg/kubelet/userns" kubeletutil "k8s.io/kubernetes/pkg/kubelet/util" "k8s.io/kubernetes/pkg/kubelet/util/queue" kubeletvolume "k8s.io/kubernetes/pkg/kubelet/volumemanager" @@ -371,6 +372,10 @@ func newTestKubeletWithImageList( ShutdownGracePeriodCriticalPods: 0, }) kubelet.shutdownManager = shutdownManager + kubelet.usernsManager, err = userns.MakeUserNsManager(kubelet) + if err != nil { + t.Fatalf("Failed to create UserNsManager: %v", err) + } kubelet.admitHandlers.AddPodAdmitHandler(shutdownManager) // Add this as cleanup predicate pod admitter diff --git a/test/e2e_node/proc_mount_test.go b/test/e2e_node/proc_mount_test.go index 109fdb849f2..e0023ba8d73 100644 --- a/test/e2e_node/proc_mount_test.go +++ b/test/e2e_node/proc_mount_test.go @@ -41,7 +41,7 @@ var _ = SIGDescribe("DefaultProcMount [LinuxOnly]", framework.WithNodeConformanc f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("will mask proc mounts by default", func(ctx context.Context) { - testProcMount(ctx, f, v1.DefaultProcMount, gomega.BeNumerically(">", 1), gomega.BeNumerically(">", 0)) + testProcMount(ctx, f, v1.DefaultProcMount, true, gomega.BeNumerically(">", 1), gomega.BeNumerically(">", 0)) }) }) @@ -85,11 +85,11 @@ var _ = SIGDescribe("ProcMount [LinuxOnly]", feature.ProcMountType, feature.User if !supportsUserNS(ctx, f) { e2eskipper.Skipf("runtime does not support user namespaces") } - testProcMount(ctx, f, v1.UnmaskedProcMount, gomega.Equal(1), gomega.BeZero()) + testProcMount(ctx, f, v1.UnmaskedProcMount, false, gomega.Equal(1), gomega.BeZero()) }) }) -func testProcMount(ctx context.Context, f *framework.Framework, pmt v1.ProcMountType, expectedLines gomegatypes.GomegaMatcher, expectedReadOnly gomegatypes.GomegaMatcher) { +func testProcMount(ctx context.Context, f *framework.Framework, pmt v1.ProcMountType, hostUsers bool, expectedLines gomegatypes.GomegaMatcher, expectedReadOnly gomegatypes.GomegaMatcher) { ginkgo.By("creating a target pod") podClient := e2epod.NewPodClient(f) pod := podClient.CreateSync(ctx, &v1.Pod{ @@ -106,7 +106,7 @@ func testProcMount(ctx context.Context, f *framework.Framework, pmt v1.ProcMount }, }, }, - HostUsers: &falseVar, + HostUsers: &hostUsers, }, }) diff --git a/test/featuregates_linter/test_data/versioned_feature_list.yaml b/test/featuregates_linter/test_data/versioned_feature_list.yaml index 1ec6fd8b51f..4393d2950a2 100644 --- a/test/featuregates_linter/test_data/versioned_feature_list.yaml +++ b/test/featuregates_linter/test_data/versioned_feature_list.yaml @@ -1520,6 +1520,10 @@ lockToDefault: false preRelease: Beta version: "1.30" + - default: true + lockToDefault: false + preRelease: Beta + version: "1.33" - name: VolumeAttributesClass versionedSpecs: - default: false