Skip to content

Commit

Permalink
user-namespaces.md: subid count per pod is hard-coded to 65536
Browse files Browse the repository at this point in the history
The number of subuids and subgids for each of pods is hard-coded to 65536,
regardless to the total ID count specified in `/etc/subuid` and `/etc/subgid`:
https://github.com/kubernetes/kubernetes/blob/v1.32.0/pkg/kubelet/userns/userns_manager.go#L211-L228

This fact was not clarified in the documentation.

Co-authored-by: Tim Bannister <[email protected]>
Signed-off-by: Akihiro Suda <[email protected]>
  • Loading branch information
AkihiroSuda and sftim committed Jan 6, 2025
1 parent 4ebe365 commit 07ff00e
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions content/en/docs/concepts/workloads/pods/user-namespaces.md
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ to the `kubelet` user:
configuration.

* The subordinate ID count must be a multiple of 65536
(for Kubernetes {{< skew currentVersion >}} the subordinate ID count for each Pod is hard-coded
to 65536).

* The subordinate ID count must be at least `65536 x <maxPods>` where `<maxPods>`
is the maximum number of pods that can run on the node.
Expand Down

0 comments on commit 07ff00e

Please sign in to comment.