Merge pull request #126034 from sohankunkerkar/add-usernamespaces

api: add user namespaces field to NodeRuntimeHandlerFeatures

api/openapi-spec/swagger.json

@@ -8280,6 +8280,10 @@
         "recursiveReadOnlyMounts": {
           "description": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.",
           "type": "boolean"
+        },
+        "userNamespaces": {
+          "description": "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.",
+          "type": "boolean"
         }
       },
       "type": "object"

api/openapi-spec/v3/api__v1_openapi.json

@@ -3811,6 +3811,10 @@
           "recursiveReadOnlyMounts": {
             "description": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.",
             "type": "boolean"
+          },
+          "userNamespaces": {
+            "description": "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.",
+            "type": "boolean"
           }
         },
         "type": "object"

pkg/apis/core/types.go

@@ -4898,7 +4898,10 @@ type NodeRuntimeHandlerFeatures struct {
 	// +featureGate=RecursiveReadOnlyMounts
 	// +optional
 	RecursiveReadOnlyMounts *bool
-	// Reserved: UserNamespaces *bool
+	// UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.
+	// +featureGate=UserNamespacesSupport
+	// +optional
+	UserNamespaces *bool
 }
 
 // NodeRuntimeHandler is a set of runtime handler information.
@@ -5024,6 +5027,7 @@ type NodeStatus struct {
 	Config *NodeConfigStatus
 	// The available runtime handlers.
 	// +featureGate=RecursiveReadOnlyMounts
+	// +featureGate=UserNamespacesSupport
 	// +optional
 	RuntimeHandlers []NodeRuntimeHandler
 }

pkg/apis/core/v1/zz_generated.conversion.go

@@ -5171,6 +5171,7 @@ func Convert_core_NodeRuntimeHandler_To_v1_NodeRuntimeHandler(in *core.NodeRunti
 
 func autoConvert_v1_NodeRuntimeHandlerFeatures_To_core_NodeRuntimeHandlerFeatures(in *v1.NodeRuntimeHandlerFeatures, out *core.NodeRuntimeHandlerFeatures, s conversion.Scope) error {
 	out.RecursiveReadOnlyMounts = (*bool)(unsafe.Pointer(in.RecursiveReadOnlyMounts))
+	out.UserNamespaces = (*bool)(unsafe.Pointer(in.UserNamespaces))
 	return nil
 }
 
@@ -5181,6 +5182,7 @@ func Convert_v1_NodeRuntimeHandlerFeatures_To_core_NodeRuntimeHandlerFeatures(in
 
 func autoConvert_core_NodeRuntimeHandlerFeatures_To_v1_NodeRuntimeHandlerFeatures(in *core.NodeRuntimeHandlerFeatures, out *v1.NodeRuntimeHandlerFeatures, s conversion.Scope) error {
 	out.RecursiveReadOnlyMounts = (*bool)(unsafe.Pointer(in.RecursiveReadOnlyMounts))
+	out.UserNamespaces = (*bool)(unsafe.Pointer(in.UserNamespaces))
 	return nil
 }
 

pkg/apis/core/zz_generated.deepcopy.go

@@ -2805,6 +2805,11 @@ func (in *NodeRuntimeHandlerFeatures) DeepCopyInto(out *NodeRuntimeHandlerFeatur
 		*out = new(bool)
 		**out = **in
 	}
+	if in.UserNamespaces != nil {
+		in, out := &in.UserNamespaces, &out.UserNamespaces
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }
 

pkg/generated/openapi/zz_generated.openapi.go

@@ -24540,6 +24540,13 @@ func schema_k8sio_api_core_v1_NodeRuntimeHandlerFeatures(ref common.ReferenceCal
 							Format:      "",
 						},
 					},
+					"userNamespaces": {
+						SchemaProps: spec.SchemaProps{
+							Description: "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.",
+							Type:        []string{"boolean"},
+							Format:      "",
+						},
+					},
 				},
 			},
 		},

pkg/kubelet/nodestatus/setters.go

@@ -485,7 +485,7 @@ func GoRuntime() Setter {
 // RuntimeHandlers returns a Setter that sets RuntimeHandlers on the node.
 func RuntimeHandlers(fn func() []kubecontainer.RuntimeHandler) Setter {
 	return func(ctx context.Context, node *v1.Node) error {
-		if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) {
+		if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
 			return nil
 		}
 		handlers := fn()
@@ -495,6 +495,7 @@ func RuntimeHandlers(fn func() []kubecontainer.RuntimeHandler) Setter {
 				Name: h.Name,
 				Features: &v1.NodeRuntimeHandlerFeatures{
 					RecursiveReadOnlyMounts: &h.SupportsRecursiveReadOnlyMounts,
+					UserNamespaces:          &h.SupportsUserNamespaces,
 				},
 			}
 		}

pkg/registry/core/node/strategy.go

@@ -103,7 +103,7 @@ func dropDisabledFields(node *api.Node, oldNode *api.Node) {
 		node.Spec.ConfigSource = nil
 	}
 
-	if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) {
+	if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
 		node.Status.RuntimeHandlers = nil
 	}
 }

staging/src/k8s.io/api/core/v1/generated.proto

@@ -2634,6 +2634,11 @@ message NodeRuntimeHandlerFeatures {
   // +featureGate=RecursiveReadOnlyMounts
   // +optional
   optional bool recursiveReadOnlyMounts = 1;
+
+  // UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.
+  // +featureGate=UserNamespacesSupport
+  // +optional
+  optional bool userNamespaces = 2;
 }
 
 // A node selector represents the union of the results of one or more label queries
@@ -2794,6 +2799,7 @@ message NodeStatus {
 
   // The available runtime handlers.
   // +featureGate=RecursiveReadOnlyMounts
+  // +featureGate=UserNamespacesSupport
   // +optional
   // +listType=atomic
   repeated NodeRuntimeHandler runtimeHandlers = 12;

staging/src/k8s.io/api/core/v1/types.go

@@ -5877,7 +5877,10 @@ type NodeRuntimeHandlerFeatures struct {
 	// +featureGate=RecursiveReadOnlyMounts
 	// +optional
 	RecursiveReadOnlyMounts *bool `json:"recursiveReadOnlyMounts,omitempty" protobuf:"varint,1,opt,name=recursiveReadOnlyMounts"`
-	// Reserved: UserNamespaces *bool (varint 2, for consistency with CRI API)
+	// UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.
+	// +featureGate=UserNamespacesSupport
+	// +optional
+	UserNamespaces *bool `json:"userNamespaces,omitempty" protobuf:"varint,2,opt,name=userNamespaces"`
 }
 
 // NodeRuntimeHandler is a set of runtime handler information.
@@ -6029,6 +6032,7 @@ type NodeStatus struct {
 	Config *NodeConfigStatus `json:"config,omitempty" protobuf:"bytes,11,opt,name=config"`
 	// The available runtime handlers.
 	// +featureGate=RecursiveReadOnlyMounts
+	// +featureGate=UserNamespacesSupport
 	// +optional
 	// +listType=atomic
 	RuntimeHandlers []NodeRuntimeHandler `json:"runtimeHandlers,omitempty" protobuf:"bytes,12,rep,name=runtimeHandlers"`

staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go

@@ -1238,6 +1238,7 @@ func (NodeRuntimeHandler) SwaggerDoc() map[string]string {
 var map_NodeRuntimeHandlerFeatures = map[string]string{
 	"":                        "NodeRuntimeHandlerFeatures is a set of runtime features.",
 	"recursiveReadOnlyMounts": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.",
+	"userNamespaces":          "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.",
 }
 
 func (NodeRuntimeHandlerFeatures) SwaggerDoc() map[string]string {

staging/src/k8s.io/api/core/v1/zz_generated.deepcopy.go

@@ -2803,6 +2803,11 @@ func (in *NodeRuntimeHandlerFeatures) DeepCopyInto(out *NodeRuntimeHandlerFeatur
 		*out = new(bool)
 		**out = **in
 	}
+	if in.UserNamespaces != nil {
+		in, out := &in.UserNamespaces, &out.UserNamespaces
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }
 

staging/src/k8s.io/api/testdata/HEAD/core.v1.Node.json

@@ -161,7 +161,8 @@
       {
         "name": "nameValue",
         "features": {
-          "recursiveReadOnlyMounts": true
+          "recursiveReadOnlyMounts": true,
+          "userNamespaces": true
         }
       }
     ]

staging/src/k8s.io/api/testdata/HEAD/core.v1.Node.yaml

@@ -111,6 +111,7 @@ status:
   runtimeHandlers:
   - features:
       recursiveReadOnlyMounts: true
+      userNamespaces: true
     name: nameValue
   volumesAttached:
   - devicePath: devicePathValue

staging/src/k8s.io/client-go/applyconfigurations/core/v1/noderuntimehandlerfeatures.go

@@ -22,6 +22,7 @@ package v1
 // with apply.
 type NodeRuntimeHandlerFeaturesApplyConfiguration struct {
 	RecursiveReadOnlyMounts *bool `json:"recursiveReadOnlyMounts,omitempty"`
+	UserNamespaces          *bool `json:"userNamespaces,omitempty"`
 }
 
 // NodeRuntimeHandlerFeaturesApplyConfiguration constructs a declarative configuration of the NodeRuntimeHandlerFeatures type for use with
@@ -37,3 +38,11 @@ func (b *NodeRuntimeHandlerFeaturesApplyConfiguration) WithRecursiveReadOnlyMoun
 	b.RecursiveReadOnlyMounts = &value
 	return b
 }
+
+// WithUserNamespaces sets the UserNamespaces field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UserNamespaces field is set to the value of the last call.
+func (b *NodeRuntimeHandlerFeaturesApplyConfiguration) WithUserNamespaces(value bool) *NodeRuntimeHandlerFeaturesApplyConfiguration {
+	b.UserNamespaces = &value
+	return b
+}

staging/src/k8s.io/client-go/applyconfigurations/internal/internal.go

@@ -6119,6 +6119,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: recursiveReadOnlyMounts
       type:
         scalar: boolean
+    - name: userNamespaces
+      type:
+        scalar: boolean
 - name: io.k8s.api.core.v1.NodeSelector
   map:
     fields: