Enable LocalStorageCapacityIsolationFSQuotaMonitoring
only when hostUsers in PodSpec is set to false.
Modify unit tests and e2e tests to verify
Signed-off-by: PannagaRamamanohara <pbhojara@redhat.com>
We don't have the alpha limitation anymore, let's just use the kubelet
maxPods instead of our hardcoded 1024 max.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
allow to specify what IDs must be used by the kubelet to create user
namespaces.
If no additional UIDs/GIDs are not allocated to the "kubelet" user,
then the kubelet assumes it can use any ID on the system.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
block the creation of a pod that requires a user namespace, unless the
runtime handler has support for it.
If the pod requested for a user namespace, and the handler does not
support it then return an error regardless of the feature gate.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The error we are wrapping is already verbose, let's just use minimal
wrapping as it is usually the case in go code.
Note that the error on parseUserNsFileAndRecord() can be returned to the
user, so we added some context about user namespace. Otherwise, an error
to parse the json would not be clear to which of all the json the kubelet
parses it refers to.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Most error messages are properly wrapped already, but this was missing.
The kubelet logs will show something like this now:
E0201 12:00:03.505680 3007049 run.go:74] "command failed" err="failed to run Kubelet: failed to create kubelet: record pod mappings: create user namespace store: mkdir XXX: permission denied"
Before this commit, the message was not so clear:
E0120 16:02:40.484404 474711 run.go:74] "command failed" err="failed to run Kubelet: failed to create kubelet: mkdir XXX: permission denied"
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
To that end, we need to add one kubelet getter listPodsFromDisk(). Other
than that, it is a pretty trivial move.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
