From b5d6f06fe6e6acc148013a94cbdb8e7c2f611d03 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 19:32:31 +0100 Subject: [PATCH 1/4] pkg/kubelet: Fix userns tests on Windows Signed-off-by: Rodrigo Campos --- pkg/kubelet/kubelet_pods.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/kubelet/kubelet_pods.go b/pkg/kubelet/kubelet_pods.go index 8bc0b56044c..6e83eb7969b 100644 --- a/pkg/kubelet/kubelet_pods.go +++ b/pkg/kubelet/kubelet_pods.go @@ -143,6 +143,11 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) { } } + // Windows doesn't support user namespaces, let's return the default mappings. + if runtime.GOOS == "windows" { + return defaultFirstID, defaultLen, nil + } + _, err := user.Lookup(kubeletUser) if err != nil { var unknownUserErr user.UnknownUserError From 3755f8e2f28df95a940be91a12c04e1285d80935 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 19:50:24 +0100 Subject: [PATCH 2/4] pkg/kubelet/userns: Provide stub implementation for windows Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/types.go | 29 +++++++++++ pkg/kubelet/userns/userns_manager.go | 11 ++-- .../userns/userns_manager_disabled_test.go | 3 ++ .../userns/userns_manager_switch_test.go | 3 ++ pkg/kubelet/userns/userns_manager_test.go | 3 ++ pkg/kubelet/userns/userns_manager_windows.go | 50 +++++++++++++++++++ 6 files changed, 91 insertions(+), 8 deletions(-) create mode 100644 pkg/kubelet/userns/types.go create mode 100644 pkg/kubelet/userns/userns_manager_windows.go diff --git a/pkg/kubelet/userns/types.go b/pkg/kubelet/userns/types.go new file mode 100644 index 00000000000..a0422d0042c --- /dev/null +++ b/pkg/kubelet/userns/types.go @@ -0,0 +1,29 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package userns + +import "k8s.io/apimachinery/pkg/types" + +// Here go types that are common for all supported OS (windows, linux). + +type userNsPodsManager interface { + HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) + GetPodDir(podUID types.UID) string + ListPodsFromDisk() ([]types.UID, error) + GetKubeletMappings() (uint32, uint32, error) + GetMaxPods() int +} diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index 73167783297..fa528b3f8fb 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2022 The Kubernetes Authors. @@ -43,14 +46,6 @@ const userNsLength = (1 << 16) // since Go maps never free memory. const mapReInitializeThreshold = 1000 -type userNsPodsManager interface { - HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) - GetPodDir(podUID types.UID) string - ListPodsFromDisk() ([]types.UID, error) - GetKubeletMappings() (uint32, uint32, error) - GetMaxPods() int -} - type UsernsManager struct { used *allocator.AllocationBitmap usedBy map[types.UID]uint32 // Map pod.UID to range used diff --git a/pkg/kubelet/userns/userns_manager_disabled_test.go b/pkg/kubelet/userns/userns_manager_disabled_test.go index 5d97233e3d1..a4099d0a79d 100644 --- a/pkg/kubelet/userns/userns_manager_disabled_test.go +++ b/pkg/kubelet/userns/userns_manager_disabled_test.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2022 The Kubernetes Authors. diff --git a/pkg/kubelet/userns/userns_manager_switch_test.go b/pkg/kubelet/userns/userns_manager_switch_test.go index 9ce59971fb4..233b5c7fab3 100644 --- a/pkg/kubelet/userns/userns_manager_switch_test.go +++ b/pkg/kubelet/userns/userns_manager_switch_test.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2024 The Kubernetes Authors. diff --git a/pkg/kubelet/userns/userns_manager_test.go b/pkg/kubelet/userns/userns_manager_test.go index fd20a2d28ee..a5aba0811c8 100644 --- a/pkg/kubelet/userns/userns_manager_test.go +++ b/pkg/kubelet/userns/userns_manager_test.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2022 The Kubernetes Authors. diff --git a/pkg/kubelet/userns/userns_manager_windows.go b/pkg/kubelet/userns/userns_manager_windows.go new file mode 100644 index 00000000000..bc40b718798 --- /dev/null +++ b/pkg/kubelet/userns/userns_manager_windows.go @@ -0,0 +1,50 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package userns + +import ( + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" + kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" +) + +type UsernsManager struct{} + +func MakeUserNsManager(kl userNsPodsManager) (*UsernsManager, error) { + return nil, nil +} + +// Release releases the user namespace allocated to the specified pod. +func (m *UsernsManager) Release(podUID types.UID) { + return +} + +func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod, runtimeHandler string) (*runtimeapi.UserNamespace, error) { + return nil, nil +} + +// CleanupOrphanedPodUsernsAllocations reconciliates the state of user namespace +// allocations with the pods actually running. It frees any user namespace +// allocation for orphaned pods. +func (m *UsernsManager) CleanupOrphanedPodUsernsAllocations(pods []*v1.Pod, runningPods []*kubecontainer.Pod) error { + return nil +} + +func EnabledUserNamespacesSupport() bool { + return false +} From 1d923fbc7813707a0f7cbec919b3d529faedfb8a Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 19:51:14 +0100 Subject: [PATCH 3/4] pkg/kubelet/userns: Wrap error to get mappings I needed to wrap the error for debugging, let's just keep this as it is useful. Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/userns_manager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index fa528b3f8fb..37528b94003 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -127,7 +127,7 @@ func (m *UsernsManager) readMappingsFromFile(pod types.UID) ([]byte, error) { func MakeUserNsManager(kl userNsPodsManager) (*UsernsManager, error) { kubeletMappingID, kubeletMappingLen, err := kl.GetKubeletMappings() if err != nil { - return nil, err + return nil, fmt.Errorf("kubelet mappings: %w", err) } if kubeletMappingID%userNsLength != 0 { From 07011c05b71863b00335912c2d2e312bc8626627 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 21:22:42 +0100 Subject: [PATCH 4/4] pkg/kubelet/userns: Remove skip on windows We don't build these tests for Windows, let's remove this skip. We should have never added that skip, we should have skipped the entire suite on Windows. Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/userns_manager_test.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkg/kubelet/userns/userns_manager_test.go b/pkg/kubelet/userns/userns_manager_test.go index a5aba0811c8..b2d0cc85f64 100644 --- a/pkg/kubelet/userns/userns_manager_test.go +++ b/pkg/kubelet/userns/userns_manager_test.go @@ -23,7 +23,6 @@ import ( "errors" "fmt" "os" - goruntime "runtime" "testing" "github.com/stretchr/testify/assert" @@ -292,7 +291,6 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) { runtimeUserns bool runtimeHandler string success bool - skipOnWindows bool }{ { name: "no user namespace", @@ -326,7 +324,6 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) { expMode: runtimeapi.NamespaceMode_POD, runtimeUserns: true, success: true, - skipOnWindows: true, }, { name: "user namespace, but no runtime support", @@ -351,10 +348,6 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - if tc.skipOnWindows && goruntime.GOOS == "windows" { - // TODO: remove skip once the failing test has been fixed. - t.Skip("Skip failing test on Windows.") - } // These tests will create the userns file, so use an existing podDir. testUserNsPodsManager := &testUserNsPodsManager{ podDir: t.TempDir(),