Add user namespace support #790
Comments
|
The kubernetes PR is punted to 1.12. Let's punt, too. |
|
I saw.. :( |
|
Hello, we're currently evaluating to use containerd/crio, crio has host-level user namespaces ready, we're wondering the timeline or plan of cri-containerd can have any level of user namespaces support? In addition, regarding user namespaces performance issue: the performance overhead of chowning is significant (1s v.s. N>=7 mins in our use case), any plan to improve user namespaces performance? Given most organizations taking long time to upgrade kernel (>=4.19) to be able to use Any thoughts? Thanks for sharing! |
|
Hi! We (@alban @mauriciovasquezbernal @rata) are working on implementing user namespaces support in containerd/cri. At the moment, we have a working proof-of-concept based on Kubernetes 1.17 and containerd/cri 1.3 (kinvolk#1). Once ready and rebased on master, we can make a proper PR. |
Excellent, interested to see your POC. If I remember right from the June 9 sig-node call.. Vince?? took the task to open a new kep to replace the now very old node level user namespace issue that was written pre-kep process. |
|
@mikebrow more-or-less I did 😸 . I was a conversation to see what the next step needed will be, and the answer was a KEP. |
@mikebrow The links to the POC are the following: |
We should support node level user namespace after kubernetes/kubernetes#64005 is merged.
It shouldn't be hard for containerd given that all these happen on the client side, and there is already existing util function for per container user namespace remapping. https://github.com/containerd/containerd/blob/129167132c5e0dbd1b031badae201a432d1bd681/container_opts_unix.go#L149
The text was updated successfully, but these errors were encountered: