Skip to content

CNTRLPLANE-1544: pkg/manifests: Enable user namespaces#452

Open
tchap wants to merge 1 commit into
openshift:masterfrom
tchap:userns-operand
Open

CNTRLPLANE-1544: pkg/manifests: Enable user namespaces#452
tchap wants to merge 1 commit into
openshift:masterfrom
tchap:userns-operand

Conversation

@tchap
Copy link
Copy Markdown
Contributor

@tchap tchap commented Nov 11, 2025

This updates the DaemonSet manifests to enable user namespaces and also restrict the DS so that it is aligned with restricted-v3 scc policy.

@tchap
pkg/manifests: Enable user namespaces
6612e2d 
This updates the DaemonSet manifests to enable user namespaces and also
restrict the DS so that it is aligned with restricted-v3 scc policy.
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Nov 11, 2025
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Nov 11, 2025
edited by openshift-ci Bot
Loading

@tchap: This pull request references CNTRLPLANE-1544 which is a valid jira issue.

Details

In response to this:

This updates the DaemonSet manifests to enable user namespaces and also restrict the DS so that it is aligned with restricted-v3 scc policy.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 11, 2025
@openshift-ci openshift-ci Bot requested review from bentito and rfredette November 11, 2025 15:28
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 11, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign knobunc for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 11, 2025

@tchap: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@tchap tchap changed the title WIP: CNTRLPLANE-1544: pkg/manifests: Enable user namespaces CNTRLPLANE-1544: pkg/manifests: Enable user namespaces Nov 12, 2025
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 12, 2025
@alebedev87
Copy link
Copy Markdown
Contributor

alebedev87 commented Nov 26, 2025

/assign @rikatz

@tchap
Copy link
Copy Markdown
Contributor Author

tchap commented Nov 26, 2025

/hold

I've been having issues with merging PRs that affect and break HyperShift. Does this affect HyperShift?

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 26, 2025
@rikatz
Copy link
Copy Markdown
Member

rikatz commented Feb 10, 2026

@tchap do you still need review here, given your last "hold" request?

@tchap
Copy link
Copy Markdown
Contributor Author

tchap commented Feb 10, 2026

@rikatz We can still merge this provided this is not being used by Hypershift. Is this being used by Hypershift? 🙂

@rikatz
Copy link
Copy Markdown
Member

rikatz commented Feb 27, 2026

@tchap I think you are missing some changes in

cluster-dns-operator/pkg/operator/controller/controller_dns_daemonset.go

Line 84 in 1d014df

func desiredDNSDaemonSet(dns *operatorv1.DNS, coreDNSImage, kubeRBACProxyImage string, caBundleRevisionMap map[string]string) (*appsv1.DaemonSet, error) {
(and on unit test).

From the DNS operator perspective, it considers the old and new manifest the same given this comparison, and it will not recreate the Daemonset nor the DNS pods (which I think is your expectation?)

If so, can you please fix so a cluster being upgraded also gets these directives?

Also, please feel free to ping me in Slack if I take too long to answer here, as I miss a lot of Github notifications (sorry!)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bentito bentito Awaiting requested review from bentito

@rfredette rfredette Awaiting requested review from rfredette

Assignees

@rikatz rikatz

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tchap @openshift-ci-robot @alebedev87 @rikatz