From a25ee9b14da53a1e44405db7aa5fea8b90be25ba Mon Sep 17 00:00:00 2001 From: Lisa Pettyjohn Date: Fri, 30 Jan 2026 11:03:43 -0500 Subject: [PATCH] OCPBUGS-63453_FOR_4_21#OCP 4.21 Add user namespaces support for storage --- ...sistent-storage-csi-drivers-supported.adoc | 48 +++++++++++-------- nodes/pods/nodes-pods-user-namespaces.adoc | 2 + .../persistent-storage-nfs.adoc | 5 ++ 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/modules/persistent-storage-csi-drivers-supported.adoc b/modules/persistent-storage-csi-drivers-supported.adoc index 6c48793f4552..d8300e315d9d 100644 --- a/modules/persistent-storage-csi-drivers-supported.adoc +++ b/modules/persistent-storage-csi-drivers-supported.adoc @@ -6,7 +6,6 @@ [id="csi-drivers-supported_{context}"] = CSI drivers supported by {product-title} -[role="_abstract"] {product-title} installs certain CSI drivers by default, giving users storage options that are not possible with in-tree volume plugins. To create CSI-provisioned persistent volumes that mount to these supported storage assets, {product-title} installs the necessary CSI driver Operator, the CSI driver, and the required storage class by default. For more details about the default namespace of the Operator and driver, see the documentation for the specific CSI Driver Operator. @@ -45,30 +44,29 @@ In addition to the drivers listed in the following table, {product-title} functi endif::openshift-rosa,openshift-rosa-hcp,openshift-aro[] .Supported CSI drivers and features in {product-title} -[cols=",^v,^v,^v,^v,^v,^v width="100%",options="header"] +[cols=",^v,^v,^v,^v,^v,^v ,^v width="100%",options="header"] |=== -|CSI driver |CSI volume snapshots |CSI volume group snapshots ^[1]^ |CSI cloning |CSI resize |Inline ephemeral volumes -|AWS EBS | ✅ | | | ✅| -|AWS EFS | | | | | +|CSI driver |CSI volume snapshots |CSI volume group snapshots ^[1]^ |CSI cloning |CSI resize |Inline ephemeral volumes |User namespaces +|AWS EBS | ✅ | | | ✅| |✅ +|AWS EFS | | | | | | ifndef::openshift-rosa,openshift-rosa-hcp[] -|Google Compute Platform (GCP) persistent disk (PD)| ✅| |✅^[2]^ | ✅| -|GCP Filestore | ✅ | | | ✅| +|Google Compute Platform (GCP) persistent disk (PD)| ✅| |✅^[2]^ | ✅| |✅ +|GCP Filestore | ✅ | | | ✅| | endif::openshift-rosa,openshift-rosa-hcp[] ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[] -|{ibm-power-server-name} Block | | | | ✅ | -|{ibm-cloud-name} Block | ✅^[3]^ | | | ✅^[3]^| +|{ibm-power-server-name} Block | | | | ✅ | |✅ +|{ibm-cloud-name} Block | ✅^[3]^ | | | ✅^[3]^| |✅ endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[] -|LVM Storage | ✅ | | ✅ | ✅ | +|LVM Storage | ✅ | | ✅ | ✅ | |✅ ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[] -|Microsoft Azure Disk | ✅ | | ✅ | ✅| -|Microsoft Azure Stack Hub | ✅ | | ✅ | ✅| -|Microsoft Azure File | ✅ | | ✅ | ✅| ✅ -|OpenStack Cinder | ✅ | | ✅ | ✅| -|OpenShift Data Foundation | ✅ | ✅ | ✅ | ✅| -|OpenStack Manila | ✅ | | | ✅ | -|Shared Resource | | | | | ✅ -|CIFS/SMB | | | ✅ | | -|VMware vSphere | ✅^[4]^ | | | ✅^[5]^| +|Microsoft Azure Disk | ✅ | | ✅ | ✅| | ✅ +|Microsoft Azure Stack Hub | ✅ | | ✅ | ✅| |✅ +|Microsoft Azure File | ✅ | | ✅ | ✅| ✅ | +|OpenStack Cinder | ✅ | | ✅ | ✅| |✅ +|OpenShift Data Foundation | ✅ | ✅ | ✅ | ✅| |✅ ^[4]^ +|OpenStack Manila | ✅ | | | ✅ | | +|CIFS/SMB | | | ✅ | | | +|VMware vSphere | ✅^[5]^ | | | ✅^[6]^| |✅ ^[7]^ endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[] |=== ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[] @@ -88,12 +86,20 @@ include::snippets/technology-preview.adoc[leveloffset=+1] 4. +* RBD supports user namespaces; CephFS does not. + +5. + * Requires VMware vSphere version 8.0 Update 1 or later, or VMware vSphere Foundation (VVF) 9, or VMware Cloud Foundation (VCF) 9, for both vCenter Server and ESXi. * Does not support fileshare volumes. -5. +6. * Online expansion is supported from VMware vSphere version 8.0 Update 1 and later, or VVF 9, or VCF 9. -- -endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[] \ No newline at end of file +endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[] + +7. + +* File persistent volumes (PVs), such as vSAN file service, do not support user namespaces. \ No newline at end of file diff --git a/nodes/pods/nodes-pods-user-namespaces.adoc b/nodes/pods/nodes-pods-user-namespaces.adoc index 798b0d60ca69..7d840fb9142b 100644 --- a/nodes/pods/nodes-pods-user-namespaces.adoc +++ b/nodes/pods/nodes-pods-user-namespaces.adoc @@ -19,6 +19,8 @@ When running a pod in an isolated user namespace, the UID/GID inside a pod conta Not all file systems currently support ID-mapped mounts, such as Network File Systems (NFS) and other network/distributed file systems. Any pod that is using an NFS-backed persistent volume from a vendor that does not support ID-mapped mounts might experience access or permission issues when running in a user namespace. This behavior is not specific to {product-title}. It applies to all Kubernetes distributions from Kubernetes v1.33 onward. ==== +To check user namespaces support for storage options, see xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#csi-drivers-supported_persistent-storage-csi[CSI drivers supported by {product-title}]. + // The following include statements pull in the module files that comprise // the assembly. Include any combination of concept, procedure, or reference // modules required to cover the user story. You can also include other diff --git a/storage/persistent_storage/persistent-storage-nfs.adoc b/storage/persistent_storage/persistent-storage-nfs.adoc index 7a89412dc5a5..8567fb62e87b 100644 --- a/storage/persistent_storage/persistent-storage-nfs.adoc +++ b/storage/persistent_storage/persistent-storage-nfs.adoc @@ -13,6 +13,11 @@ NFS-specific information contained in a PV definition could also be defined directly in a `Pod` definition, doing so does not create the volume as a distinct cluster resource, making the volume more susceptible to conflicts. +[NOTE] +==== +The in-tree NFS provisioner does not support user namespaces. +==== + [role="_additional-resources"] .Additional resources