cri-api: add mappings for volumes

add the definitions for the ID mappings to use at runtime for the volume mount. This is supported only on Linux where idmapped mounts are used to perform the runtime mapping. The new fields are mapped directly to the field in the OCI runtime specs: https://github.com/opencontainers/runtime-spec/blob/main/config.md#posix-platform-mounts The CRI runtime will pass the mappings to the OCI runtime as-is. Related to KEP-127. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-07-31 07:20:13 +00:00 · 2023-02-15 15:03:07 +01:00 · 2023-02-15 15:03:07 +01:00 · 79a34cf6a4
commit 79a34cf6a4
parent de9ce03f19
2 changed files with 554 additions and 410 deletions
--- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
+++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
--- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
+++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
@ -222,6 +222,10 @@ message Mount {
    bool selinux_relabel = 4;
    // Requested propagation mode.
    MountPropagation propagation = 5;
+    // UidMappings specifies the runtime UID mappings for the mount.
+    repeated IDMapping uidMappings = 6;
+    // GidMappings specifies the runtime GID mappings for the mount.
+    repeated IDMapping gidMappings = 7;
 }

 // IDMapping describes host to container ID mappings for a pod sandbox.