m/node: enable user namespaces in K8s This enables the two feature gates for user namespace support in K8s. We did not previously have a passwd file which caused Go's UserLookup to fail with an unexpected error. Add an mostly-empty placeholder file to placate it. Change-Id: I71a7a6dc889a289512075a25b7e551f2cd65ffb6 Reviewed-on: https://review.monogon.dev/c/monogon/+/3665 Reviewed-by: Tim Windelschmidt <tim@monogon.tech> Tested-by: Jenkins CI

commit: 2ecccae4ff62b687ec5e218349fcf8a42069dfc9 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Wed Nov 27 22:03:35 2024 +0100
committer: Lorenz Brun <lorenz@monogon.tech> Mon Dec 02 16:50:54 2024 +0000
tree: c5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610
parent: d58edf4e2f745427d69ecc72bfe9a9ead69d697d [diff] [blame]
diff --git a/metropolis/node/kubernetes/feature_gates.go b/metropolis/node/kubernetes/feature_gates.go
index 06d970f..9be3b35 100644
--- a/metropolis/node/kubernetes/feature_gates.go
+++ b/metropolis/node/kubernetes/feature_gates.go

@@ -5,6 +5,7 @@
 	"strings"
 
 	"k8s.io/component-base/featuregate"
+	"k8s.io/kubernetes/pkg/features"
 )
 
 type featureGates map[featuregate.Feature]bool
@@ -32,4 +33,7 @@
 	return out
 }
 
-var extraFeatureGates = featureGates{}
+var extraFeatureGates = featureGates{
+	features.UserNamespacesSupport:              true,
+	features.UserNamespacesPodSecurityStandards: true,
+}
commit	2ecccae4ff62b687ec5e218349fcf8a42069dfc9	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Wed Nov 27 22:03:35 2024 +0100
committer	Lorenz Brun <lorenz@monogon.tech>	Mon Dec 02 16:50:54 2024 +0000
tree	c5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610
parent	d58edf4e2f745427d69ecc72bfe9a9ead69d697d [diff] [blame]