Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.34
Cloud being used: (put bare-metal if not on a public cloud)
Installation method: Fedora rpm
Host OS: Fedora
CNI and version:
CRI and version: CRI-O
I package Kubernetes for the Fedora repositories. I have a user request to implement User Namespace capabilities by default. I can easily create the kubelet user as required and apply appropriate subordinate user id configuration (/etc/subuid, /etc/subgid) albeit this is very brittle at the moment.
When testing the user namespace capability I found that if the node host has a kubelet user but does not have subordinate user ids configured then the kubelet service will fail to start
0334 run.go:72] "command failed" err="failed to run Kubelet: failed to creat kubelet: create user namespace manager: kubelet mappings: error retrieving additional uids for user \"kubelet\": exit status 1"
Dec 08 20:53:36 localhost.localdomain systemd[1]: kubelet.service: Failed with result 'exit-code'.
Is this the expected behavior? If so then implementing user namespace support via the rpm installation process will not be viable.
thanks