Skip to content

add option for containerd non-root device usage flag #499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 24, 2025
Merged

add option for containerd non-root device usage flag #499

merged 2 commits into from
Jul 24, 2025

Conversation

soer3n
Copy link
Contributor

@soer3n soer3n commented Jul 24, 2025
edited
Loading

What this PR does / why we need it:

This pr adds a flag to configure the setting in containerd configuration whether non-root users are allowed to use devices on the node. ref: kubermatic/kubermatic#14352

Which issue(s) this PR fixes:

Fixes #

What type of PR is this?

/kind feature

Does this PR introduce a user-facing change? Then add your Release Note here:

A flag called `device-ownership-from-security-context` was introduced to set containerd option to allow non-root user device usage on a node.

Documentation:

https://github.com/kubermatic/docs/pull/1927

@soer3n
add option for containerd non-root device usage flag
8f1bd02 
Signed-off-by: soer3n <srenhenning@googlemail.com>
@kubermatic-bot kubermatic-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. docs/tbd Denotes a PR that needs documentation (change) that will be done later. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. docs/provided Denotes a PR that has a valid documentation reference. and removed docs/tbd Denotes a PR that needs documentation (change) that will be done later. labels Jul 24, 2025
@soer3n
update test fixtures
71b665c 
Signed-off-by: soer3n <srenhenning@googlemail.com>
@kubermatic-bot kubermatic-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 24, 2025
@soer3n
Copy link
Contributor Author

soer3n commented Jul 24, 2025

/assign @soer3n

@moelsayed
Copy link
Contributor

/approve
/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 24, 2025
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 3e72498dfc6803af86d96ec18a40ad38b1a48713

@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: moelsayed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 24, 2025
@kubermatic-bot kubermatic-bot merged commit ce293d9 into kubermatic:main Jul 24, 2025
11 checks passed
@soer3n soer3n mentioned this pull request Jul 24, 2025
Open
@soer3n
Copy link
Contributor Author

soer3n commented Jul 25, 2025

/cherry-pick release/v1.7

@kubermatic-bot
Copy link
Contributor

@soer3n: new pull request created: #500

In response to this:

/cherry-pick release/v1.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kubermatic-bot kubermatic-bot mentioned this pull request Jul 25, 2025
Merged
@soer3n
Copy link
Contributor Author

soer3n commented Jul 25, 2025

/cherry-pick release/v1.6

@kubermatic-bot
Copy link
Contributor

@soer3n: #499 failed to apply on top of branch "release/v1.6":

Applying: add option for containerd non-root device usage flag
Applying: update test fixtures
Using index info to reconstruct a base tree...
M	pkg/controllers/osc/testdata/osc-kubelet-configuration-containerd.yaml
M	pkg/controllers/osc/testdata/osc-rhel-8.x-azure-containerd.yaml
M	pkg/controllers/osc/testdata/osc-rhel-8.x-cloud-init-modules.yaml
M	pkg/controllers/osc/testdata/osc-ubuntu-aws-containerd.yaml
M	pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml
M	pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack.yaml
M	pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-provisioning.yaml
M	pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml
M	pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-provisioning.yaml
M	pkg/controllers/osc/testdata/secret-ubuntu-aws-containerd-provisioning.yaml
M	pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-IPv6+IPv4-provisioning.yaml
M	pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-provisioning.yaml
Falling back to patching base and 3-way merge...
Auto-merging pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-provisioning.yaml
CONFLICT (content): Merge conflict in pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-provisioning.yaml
Auto-merging pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-IPv6+IPv4-provisioning.yaml
CONFLICT (content): Merge conflict in pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-IPv6+IPv4-provisioning.yaml
Auto-merging pkg/controllers/osc/testdata/secret-ubuntu-aws-containerd-provisioning.yaml
CONFLICT (content): Merge conflict in pkg/controllers/osc/testdata/secret-ubuntu-aws-containerd-provisioning.yaml
Auto-merging pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-provisioning.yaml
CONFLICT (content): Merge conflict in pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-provisioning.yaml
Auto-merging pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml
CONFLICT (content): Merge conflict in pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml
Auto-merging pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-provisioning.yaml
CONFLICT (content): Merge conflict in pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-provisioning.yaml
Auto-merging pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack.yaml
Auto-merging pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml
Auto-merging pkg/controllers/osc/testdata/osc-ubuntu-aws-containerd.yaml
Auto-merging pkg/controllers/osc/testdata/osc-rhel-8.x-cloud-init-modules.yaml
Auto-merging pkg/controllers/osc/testdata/osc-rhel-8.x-azure-containerd.yaml
Auto-merging pkg/controllers/osc/testdata/osc-kubelet-configuration-containerd.yaml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0002 update test fixtures

In response to this:

/cherry-pick release/v1.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

soer3n added a commit to soer3n/operating-system-manager that referenced this pull request Jul 25, 2025
@soer3n
add option for containerd non-root device usage flag (kubermatic#499)
514b38a 
* add option for containerd non-root device usage flag

Signed-off-by: soer3n <srenhenning@googlemail.com>

* update test fixtures

Signed-off-by: soer3n <srenhenning@googlemail.com>

---------

Signed-off-by: soer3n <srenhenning@googlemail.com>
@soer3n soer3n mentioned this pull request Jul 25, 2025
Merged
soer3n added a commit to soer3n/operating-system-manager that referenced this pull request Jul 25, 2025
@soer3n
add option for containerd non-root device usage flag (kubermatic#499)
711ebe1 
* add option for containerd non-root device usage flag

Signed-off-by: soer3n <srenhenning@googlemail.com>

* update test fixtures

Signed-off-by: soer3n <srenhenning@googlemail.com>

---------

Signed-off-by: soer3n <srenhenning@googlemail.com>
kubermatic-bot pushed a commit that referenced this pull request Jul 28, 2025
@soer3n
add option for containerd non-root device usage flag (#499) (#501)
ac8db87 
* add option for containerd non-root device usage flag



* update test fixtures



---------

Signed-off-by: soer3n <srenhenning@googlemail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@moelsayed moelsayed

@soer3n soer3n

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. docs/provided Denotes a PR that has a valid documentation reference. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@soer3n @moelsayed @kubermatic-bot