content: Add OCI runtime requirements for userns

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
kubernetes · Mar 7, 2024 · a8ab40e · a8ab40e
1 parent a004ac8
commit a8ab40e
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/content/en/docs/concepts/workloads/pods/user-namespaces.md b/content/en/docs/concepts/workloads/pods/user-namespaces.md
@@ -46,7 +46,20 @@ tmpfs, Secrets use a tmpfs, etc.)
 Some popular filesystems that support idmap mounts in Linux 6.3 are: btrfs,
 ext4, xfs, fat, tmpfs, overlayfs.
 
-In addition, support is needed in the 
+In addition, support is needed in the container runtime and in the OCI container
+runtime.
+
+The OCI container runtime requirements are as follows:
+
+ * [crun][crun]: version 1.9 or greater (1.13+ recommended)
+
+Please note that [runc][runc] is the default OCI container runtime in several
+Kubernetes distributions. Version `1.1.z` of runc doesn't support all the
+features needed by the Kubernetes implementation. If there is a newer release of
+runc than 1.1 available for use, check its documentation and release notes for
+idmap mount support.
+
+The requirements for the 
 {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}
 to use this feature with Kubernetes pods:
 
@@ -64,6 +77,8 @@ You can see the status of user namespaces support in cri-dockerd tracked in an [
 on GitHub.
 
 [CRI-dockerd-issue]: https://github.com/Mirantis/cri-dockerd/issues/74
+[crun]: https://github.com/containers/crun
+[runc]: https://github.com/opencontainers/runc/
 
 ## Introduction