kubelet: set user namespace options

Set the user namespace options to use for the pod. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
openshift · Aug 3, 2022 · 138e808 · 138e808
1 parent 67b38ff
commit 138e808
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/pkg/kubelet/kuberuntime/util/util.go b/pkg/kubelet/kuberuntime/util/util.go
@@ -100,9 +100,15 @@ func PidNamespaceForPod(pod *v1.Pod) runtimeapi.NamespaceMode {
 // namespacesForPod returns the runtimeapi.NamespaceOption for a given pod.
 // An empty or nil pod can be used to get the namespace defaults for v1.Pod.
 func NamespacesForPod(pod *v1.Pod, runtimeHelper kubecontainer.RuntimeHelper) (*runtimeapi.NamespaceOption, error) {
+	userNs, err := runtimeHelper.GetOrCreateUserNamespaceMappings(pod)
+	if err != nil {
+		return nil, err
+	}
+
 	return &runtimeapi.NamespaceOption{
-		Ipc:     IpcNamespaceForPod(pod),
-		Network: NetworkNamespaceForPod(pod),
-		Pid:     PidNamespaceForPod(pod),
+		Ipc:           IpcNamespaceForPod(pod),
+		Network:       NetworkNamespaceForPod(pod),
+		Pid:           PidNamespaceForPod(pod),
+		UsernsOptions: userNs,
 	}, nil
 }