Merge pull request #92863 from AkihiroSuda/rootless-pr

kubelet & kube-proxy: ignore sysctl errors and rlimit errors when running in UserNS (for rootless)
2025-11-01 18:58:18 +00:00 · 2021-07-07 18:08:53 -07:00
parent 818ed1afff 26e83ac4d4
commit ebbe63f116
4 changed files with 43 additions and 4 deletions
--- a/pkg/features/kube_features.go
+++ b/pkg/features/kube_features.go
@@ -762,6 +762,14 @@ const (
 	//
 	// Allows clients to request a duration for certificates issued via the Kubernetes CSR API.
 	CSRDuration featuregate.Feature = "CSRDuration"
+
+	// owner: @AkihiroSuda
+	// alpha: v1.22
+	//
+	// Enables support for running kubelet in a user namespace.
+	// The user namespace has to be created before running kubelet.
+	// All the node components such as CRI need to be running in the same user namespace.
+	KubeletInUserNamespace featuregate.Feature = "KubeletInUserNamespace"
 )

 func init() {
@@ -876,6 +884,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
 	ReadWriteOncePod:                               {Default: false, PreRelease: featuregate.Alpha},
 	CSRDuration:                                    {Default: true, PreRelease: featuregate.Beta},
 	DelegateFSGroupToCSIDriver:                     {Default: false, PreRelease: featuregate.Alpha},
+	KubeletInUserNamespace:                         {Default: false, PreRelease: featuregate.Alpha},

 	// inherited features from generic apiserver, relisted here to get a conflict if it is changed
 	// unintentionally on either side: