Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 59c2758

Browse files
haircommanderhaircommander
committedMar 17, 2025·
features: set userns related features to have required min kubelet version to 1.30.0
which is the lowest version the kubelet will deny a pod if a userns can't be created Signed-off-by: Peter Hunt <[email protected]>
1 parent b01c2df commit 59c2758

11 files changed

+168
-41
lines changed
 

‎features/features.go

+3
Original file line numberDiff line numberDiff line change
@@ -677,6 +677,7 @@ var (
677677
productScope(kubernetes).
678678
enhancementPR("https://github.com/kubernetes/enhancements/issues/127").
679679
enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
680+
requiredMinimumKubeletVersion("1.30.0").
680681
mustRegister()
681682

682683
FeatureGateUserNamespacesPodSecurityStandards = newFeatureGate("UserNamespacesPodSecurityStandards").
@@ -685,6 +686,7 @@ var (
685686
productScope(kubernetes).
686687
enhancementPR("https://github.com/kubernetes/enhancements/issues/127").
687688
enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
689+
requiredMinimumKubeletVersion("1.30.0").
688690
mustRegister()
689691

690692
FeatureGateProcMountType = newFeatureGate("ProcMountType").
@@ -693,6 +695,7 @@ var (
693695
productScope(kubernetes).
694696
enhancementPR("https://github.com/kubernetes/enhancements/issues/4265").
695697
enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
698+
requiredMinimumKubeletVersion("1.30.0").
696699
mustRegister()
697700

698701
FeatureGateVSphereMultiNetworks = newFeatureGate("VSphereMultiNetworks").

‎features/util.go

+15-5
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ import (
99
)
1010

1111
// FeatureGateDescription is a golang-only interface used to contains details for a feature gate.
12+
//
13+
//nolint:all
1214
type FeatureGateDescription struct {
1315
// FeatureGateAttributes is the information that appears in the API
1416
FeatureGateAttributes configv1.FeatureGateAttributes
@@ -23,9 +25,6 @@ type FeatureGateDescription struct {
2325
OwningProduct OwningProduct
2426
// EnhancementPR is the PR for the enhancement.
2527
EnhancementPR string
26-
// RequiredMinimumKubeletVersion is the lowest version the MinimumKubeletVersion field in the
27-
// nodes.config object may be set to to enable this feature.
28-
RequiredMinimumKubeletVersion string
2928
}
3029

3130
type FeatureGateEnabledDisabled struct {
@@ -48,6 +47,7 @@ var (
4847
kubernetes = OwningProduct("Kubernetes")
4948
)
5049

50+
//nolint:all
5151
type featureGateBuilder struct {
5252
name string
5353
owningJiraComponent string
@@ -151,10 +151,20 @@ func (b *featureGateBuilder) register() (configv1.FeatureGateName, error) {
151151
}
152152

153153
featureGateName := configv1.FeatureGateName(b.name)
154+
var minComponentVersions []configv1.RequiredMinimumComponentVersion
155+
if b.minimumKubeletVersion != "" {
156+
if minComponentVersions == nil {
157+
minComponentVersions = []configv1.RequiredMinimumComponentVersion{}
158+
}
159+
minComponentVersions = append(minComponentVersions, configv1.RequiredMinimumComponentVersion{
160+
Component: configv1.RequiredMinimumComponentKubelet,
161+
Version: b.minimumKubeletVersion,
162+
})
163+
}
154164
description := FeatureGateDescription{
155165
FeatureGateAttributes: configv1.FeatureGateAttributes{
156-
Name: featureGateName,
157-
RequiredMinimumKubeletVersion: b.minimumKubeletVersion,
166+
Name: featureGateName,
167+
RequiredMinimumComponentVersions: minComponentVersions,
158168
},
159169
OwningJiraComponent: b.owningJiraComponent,
160170
ResponsiblePerson: b.responsiblePerson,

‎payload-manifests/crds/0000_10_config-operator_01_featuregates-CustomNoUpgrade.crd.yaml

+8-6
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@ spec:
185185
type: string
186186
requiredMinimumComponentVersions:
187187
description: |-
188-
requiredMinimumComponentVersion is a list of component/version pairs that declares the is the lowest version the given
188+
requiredMinimumComponentVersions is a list of component/version pairs that declares the is the lowest version the given
189189
component may be in this cluster.
190190
Currently, the only supported component is Kubelet, and setting a required minimum kubelet component will set the
191191
minimumKubeletVersion field in the nodes.config.openshift.io CRD.
@@ -201,8 +201,9 @@ spec:
201201
- Kubelet
202202
type: string
203203
version:
204-
description: version is the minimum version the
205-
given component may be in this cluster.
204+
description: |-
205+
version is the minimum version the given component may be in this cluster.
206+
version must be in semver format (x.y.z) and must consist only of numbers and periods (.).
206207
maxLength: 8
207208
type: string
208209
x-kubernetes-validations:
@@ -233,7 +234,7 @@ spec:
233234
type: string
234235
requiredMinimumComponentVersions:
235236
description: |-
236-
requiredMinimumComponentVersion is a list of component/version pairs that declares the is the lowest version the given
237+
requiredMinimumComponentVersions is a list of component/version pairs that declares the is the lowest version the given
237238
component may be in this cluster.
238239
Currently, the only supported component is Kubelet, and setting a required minimum kubelet component will set the
239240
minimumKubeletVersion field in the nodes.config.openshift.io CRD.
@@ -249,8 +250,9 @@ spec:
249250
- Kubelet
250251
type: string
251252
version:
252-
description: version is the minimum version the
253-
given component may be in this cluster.
253+
description: |-
254+
version is the minimum version the given component may be in this cluster.
255+
version must be in semver format (x.y.z) and must consist only of numbers and periods (.).
254256
maxLength: 8
255257
type: string
256258
x-kubernetes-validations:

‎payload-manifests/crds/0000_10_config-operator_01_featuregates-DevPreviewNoUpgrade.crd.yaml

+8-6
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@ spec:
185185
type: string
186186
requiredMinimumComponentVersions:
187187
description: |-
188-
requiredMinimumComponentVersion is a list of component/version pairs that declares the is the lowest version the given
188+
requiredMinimumComponentVersions is a list of component/version pairs that declares the is the lowest version the given
189189
component may be in this cluster.
190190
Currently, the only supported component is Kubelet, and setting a required minimum kubelet component will set the
191191
minimumKubeletVersion field in the nodes.config.openshift.io CRD.
@@ -201,8 +201,9 @@ spec:
201201
- Kubelet
202202
type: string
203203
version:
204-
description: version is the minimum version the
205-
given component may be in this cluster.
204+
description: |-
205+
version is the minimum version the given component may be in this cluster.
206+
version must be in semver format (x.y.z) and must consist only of numbers and periods (.).
206207
maxLength: 8
207208
type: string
208209
x-kubernetes-validations:
@@ -233,7 +234,7 @@ spec:
233234
type: string
234235
requiredMinimumComponentVersions:
235236
description: |-
236-
requiredMinimumComponentVersion is a list of component/version pairs that declares the is the lowest version the given
237+
requiredMinimumComponentVersions is a list of component/version pairs that declares the is the lowest version the given
237238
component may be in this cluster.
238239
Currently, the only supported component is Kubelet, and setting a required minimum kubelet component will set the
239240
minimumKubeletVersion field in the nodes.config.openshift.io CRD.
@@ -249,8 +250,9 @@ spec:
249250
- Kubelet
250251
type: string
251252
version:
252-
description: version is the minimum version the
253-
given component may be in this cluster.
253+
description: |-
254+
version is the minimum version the given component may be in this cluster.
255+
version must be in semver format (x.y.z) and must consist only of numbers and periods (.).
254256
maxLength: 8
255257
type: string
256258
x-kubernetes-validations:

‎payload-manifests/crds/0000_10_config-operator_01_featuregates-TechPreviewNoUpgrade.crd.yaml

+8-6
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@ spec:
185185
type: string
186186
requiredMinimumComponentVersions:
187187
description: |-
188-
requiredMinimumComponentVersion is a list of component/version pairs that declares the is the lowest version the given
188+
requiredMinimumComponentVersions is a list of component/version pairs that declares the is the lowest version the given
189189
component may be in this cluster.
190190
Currently, the only supported component is Kubelet, and setting a required minimum kubelet component will set the
191191
minimumKubeletVersion field in the nodes.config.openshift.io CRD.
@@ -201,8 +201,9 @@ spec:
201201
- Kubelet
202202
type: string
203203
version:
204-
description: version is the minimum version the
205-
given component may be in this cluster.
204+
description: |-
205+
version is the minimum version the given component may be in this cluster.
206+
version must be in semver format (x.y.z) and must consist only of numbers and periods (.).
206207
maxLength: 8
207208
type: string
208209
x-kubernetes-validations:
@@ -233,7 +234,7 @@ spec:
233234
type: string
234235
requiredMinimumComponentVersions:
235236
description: |-
236-
requiredMinimumComponentVersion is a list of component/version pairs that declares the is the lowest version the given
237+
requiredMinimumComponentVersions is a list of component/version pairs that declares the is the lowest version the given
237238
component may be in this cluster.
238239
Currently, the only supported component is Kubelet, and setting a required minimum kubelet component will set the
239240
minimumKubeletVersion field in the nodes.config.openshift.io CRD.
@@ -249,8 +250,9 @@ spec:
249250
- Kubelet
250251
type: string
251252
version:
252-
description: version is the minimum version the
253-
given component may be in this cluster.
253+
description: |-
254+
version is the minimum version the given component may be in this cluster.
255+
version must be in semver format (x.y.z) and must consist only of numbers and periods (.).
254256
maxLength: 8
255257
type: string
256258
x-kubernetes-validations:

‎payload-manifests/featuregates/featureGate-Hypershift-Default.yaml

+21-3
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,13 @@
152152
"name": "PlatformOperators"
153153
},
154154
{
155-
"name": "ProcMountType"
155+
"name": "ProcMountType",
156+
"requiredMinimumComponentVersions": [
157+
{
158+
"component": "Kubelet",
159+
"version": "1.30.0"
160+
}
161+
]
156162
},
157163
{
158164
"name": "RouteAdvertisements"
@@ -188,10 +194,22 @@
188194
"name": "UpgradeStatus"
189195
},
190196
{
191-
"name": "UserNamespacesPodSecurityStandards"
197+
"name": "UserNamespacesPodSecurityStandards",
198+
"requiredMinimumComponentVersions": [
199+
{
200+
"component": "Kubelet",
201+
"version": "1.30.0"
202+
}
203+
]
192204
},
193205
{
194-
"name": "UserNamespacesSupport"
206+
"name": "UserNamespacesSupport",
207+
"requiredMinimumComponentVersions": [
208+
{
209+
"component": "Kubelet",
210+
"version": "1.30.0"
211+
}
212+
]
195213
},
196214
{
197215
"name": "VSphereHostVMGroupZonal"

‎payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml

+21-3
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,13 @@
234234
"name": "PrivateHostedZoneAWS"
235235
},
236236
{
237-
"name": "ProcMountType"
237+
"name": "ProcMountType",
238+
"requiredMinimumComponentVersions": [
239+
{
240+
"component": "Kubelet",
241+
"version": "1.30.0"
242+
}
243+
]
238244
},
239245
{
240246
"name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
273279
"name": "UpgradeStatus"
274280
},
275281
{
276-
"name": "UserNamespacesPodSecurityStandards"
282+
"name": "UserNamespacesPodSecurityStandards",
283+
"requiredMinimumComponentVersions": [
284+
{
285+
"component": "Kubelet",
286+
"version": "1.30.0"
287+
}
288+
]
277289
},
278290
{
279-
"name": "UserNamespacesSupport"
291+
"name": "UserNamespacesSupport",
292+
"requiredMinimumComponentVersions": [
293+
{
294+
"component": "Kubelet",
295+
"version": "1.30.0"
296+
}
297+
]
280298
},
281299
{
282300
"name": "VSphereControlPlaneMachineSet"

‎payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml

+21-3
Original file line numberDiff line numberDiff line change
@@ -246,7 +246,13 @@
246246
"name": "PrivateHostedZoneAWS"
247247
},
248248
{
249-
"name": "ProcMountType"
249+
"name": "ProcMountType",
250+
"requiredMinimumComponentVersions": [
251+
{
252+
"component": "Kubelet",
253+
"version": "1.30.0"
254+
}
255+
]
250256
},
251257
{
252258
"name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
273279
"name": "UpgradeStatus"
274280
},
275281
{
276-
"name": "UserNamespacesPodSecurityStandards"
282+
"name": "UserNamespacesPodSecurityStandards",
283+
"requiredMinimumComponentVersions": [
284+
{
285+
"component": "Kubelet",
286+
"version": "1.30.0"
287+
}
288+
]
277289
},
278290
{
279-
"name": "UserNamespacesSupport"
291+
"name": "UserNamespacesSupport",
292+
"requiredMinimumComponentVersions": [
293+
{
294+
"component": "Kubelet",
295+
"version": "1.30.0"
296+
}
297+
]
280298
},
281299
{
282300
"name": "VSphereControlPlaneMachineSet"

‎payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml

+21-3
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,13 @@
152152
"name": "PlatformOperators"
153153
},
154154
{
155-
"name": "ProcMountType"
155+
"name": "ProcMountType",
156+
"requiredMinimumComponentVersions": [
157+
{
158+
"component": "Kubelet",
159+
"version": "1.30.0"
160+
}
161+
]
156162
},
157163
{
158164
"name": "RouteAdvertisements"
@@ -188,10 +194,22 @@
188194
"name": "UpgradeStatus"
189195
},
190196
{
191-
"name": "UserNamespacesPodSecurityStandards"
197+
"name": "UserNamespacesPodSecurityStandards",
198+
"requiredMinimumComponentVersions": [
199+
{
200+
"component": "Kubelet",
201+
"version": "1.30.0"
202+
}
203+
]
192204
},
193205
{
194-
"name": "UserNamespacesSupport"
206+
"name": "UserNamespacesSupport",
207+
"requiredMinimumComponentVersions": [
208+
{
209+
"component": "Kubelet",
210+
"version": "1.30.0"
211+
}
212+
]
195213
},
196214
{
197215
"name": "VSphereHostVMGroupZonal"

‎payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml

+21-3
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,13 @@
234234
"name": "PrivateHostedZoneAWS"
235235
},
236236
{
237-
"name": "ProcMountType"
237+
"name": "ProcMountType",
238+
"requiredMinimumComponentVersions": [
239+
{
240+
"component": "Kubelet",
241+
"version": "1.30.0"
242+
}
243+
]
238244
},
239245
{
240246
"name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
273279
"name": "UpgradeStatus"
274280
},
275281
{
276-
"name": "UserNamespacesPodSecurityStandards"
282+
"name": "UserNamespacesPodSecurityStandards",
283+
"requiredMinimumComponentVersions": [
284+
{
285+
"component": "Kubelet",
286+
"version": "1.30.0"
287+
}
288+
]
277289
},
278290
{
279-
"name": "UserNamespacesSupport"
291+
"name": "UserNamespacesSupport",
292+
"requiredMinimumComponentVersions": [
293+
{
294+
"component": "Kubelet",
295+
"version": "1.30.0"
296+
}
297+
]
280298
},
281299
{
282300
"name": "VSphereControlPlaneMachineSet"

‎payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml

+21-3
Original file line numberDiff line numberDiff line change
@@ -246,7 +246,13 @@
246246
"name": "PrivateHostedZoneAWS"
247247
},
248248
{
249-
"name": "ProcMountType"
249+
"name": "ProcMountType",
250+
"requiredMinimumComponentVersions": [
251+
{
252+
"component": "Kubelet",
253+
"version": "1.30.0"
254+
}
255+
]
250256
},
251257
{
252258
"name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
273279
"name": "UpgradeStatus"
274280
},
275281
{
276-
"name": "UserNamespacesPodSecurityStandards"
282+
"name": "UserNamespacesPodSecurityStandards",
283+
"requiredMinimumComponentVersions": [
284+
{
285+
"component": "Kubelet",
286+
"version": "1.30.0"
287+
}
288+
]
277289
},
278290
{
279-
"name": "UserNamespacesSupport"
291+
"name": "UserNamespacesSupport",
292+
"requiredMinimumComponentVersions": [
293+
{
294+
"component": "Kubelet",
295+
"version": "1.30.0"
296+
}
297+
]
280298
},
281299
{
282300
"name": "VSphereControlPlaneMachineSet"

0 commit comments

Comments
 (0)
Please sign in to comment.