Skip to content

docs: Clarify filesystem support for user-namespace Pods #50679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: Clarify filesystem support for user-namespace Pods #50679

wants to merge 1 commit into from

Conversation

@utam0k
Copy link
Member

@utam0k utam0k commented Apr 26, 2025

Description

The user namespace with a pod has a limitation on the filesystem. This PR makes it clear.
ref: kubernetes/enhancements#127 (comment)

Issue

ref: kubernetes/enhancements#127 (comment)

@k8s-ci-robot k8s-ci-robot requested a review from lmktfy April 26, 2025 06:46
@k8s-ci-robot k8s-ci-robot added the language/en Issues or PRs related to English language label Apr 26, 2025
@k8s-ci-robot k8s-ci-robot requested a review from tengqm April 26, 2025 06:46
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 26, 2025
@utam0k utam0k mentioned this pull request Apr 26, 2025
Open
49 tasks
@netlify
Copy link

netlify bot commented Apr 26, 2025
edited
Loading

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit 31a5631
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/680f6d3bee760f000863afef
😎 Deploy Preview https://deploy-preview-50679--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@lmktfy
Copy link
Member

lmktfy commented Apr 27, 2025

@kubernetes/sig-node-pr-reviews is this change technically accurate?

@k8s-ci-robot k8s-ci-robot added the sig/node Categorizes an issue or PR as relevant to SIG Node. label Apr 27, 2025
@rata
Copy link
Member

rata commented Apr 28, 2025

The PR is accurate. I wonder if being more verbose, as I've just written here is better: https://kubernetes.io/blog/2025/04/25/userns-enabled-by-default/#everything-you-wanted-to-know-about-user-namespaces-in-kubernetes. See questions 3 and 4.

@utam0k what do you think?

@utam0k
Copy link
Member Author

utam0k commented Apr 28, 2025

@rata Thanks for your suggestion. In my opinion, the user document has to keep it simple. How about adding the link as a reference for those who want to know more technical details?

@rata
Copy link
Member

rata commented Apr 28, 2025

SGTM, thanks!

rata
rata approved these changes Apr 28, 2025
View reviewed changes
Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rata
Once this PR has been reviewed and has the lgtm label, please assign natalisucks for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@bart0sh bart0sh moved this from Triage to Needs Reviewer in SIG Node: code and documentation PRs May 7, 2025
@utam0k
Copy link
Member Author

utam0k commented May 8, 2025

@lmktfy What should I do next?

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 6, 2025
@utam0k
Copy link
Member Author

utam0k commented Aug 8, 2025

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 8, 2025
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 29, 2025
@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

SergeyKanzhelev
SergeyKanzhelev reviewed Sep 2, 2025
View reviewed changes
content/en/docs/concepts/workloads/pods/user-namespaces.md

Pods that use a user namespace require the filesystem to support **idmapped mounts**.
Some filesystems don't support id-mapped mounts, and therefore cannot be used with user namespaces.
NFS volumes cannot be mounted in a user-namespace pod because the Linux NFS client doesn't yet support idmapped mounts.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please clarify in this text what will be the result of attempting doing so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lmktfy lmktfy Awaiting requested review from lmktfy

@tengqm tengqm Awaiting requested review from tengqm

2 more reviewers

@SergeyKanzhelev SergeyKanzhelev SergeyKanzhelev left review comments

@rata rata rata approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. language/en Issues or PRs related to English language needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. sig/node Categorizes an issue or PR as relevant to SIG Node. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

SIG Node: code and documentation PRs
Status: Needs Reviewer

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@utam0k @lmktfy @rata @k8s-ci-robot @k8s-triage-robot @SergeyKanzhelev