Uploaded image for project: 'OpenShift Node'
  1. OpenShift Node
  2. OCPNODE-1997

Unprivileged Podman in Openshift

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Obsolete
    • Icon: Normal Normal
    • openshift-4.17
    • None
    • None
    • None
    • Supported Podman in Openshift configuration
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-207 - TP in 4.17 : Support User Namespaces in pods
    • OCPSTRAT-207TP in 4.17 : Support User Namespaces in pods
    • L

      Epic Goal

      • Be able to run podman in openshift without needing access to the privileged SCC or PSA
      • Have a supported podman in openshift image for customers to use

      Why is this important?

      • There are a number of features customers are asking to run inside of openshift that rely on an internal container. While they can access this today with privilege, it would be better to give them access without privilege

      Scenarios

      1. as an openshift developer, I would like to be able build images inside of a cluster without using the inefficient vfs nor privileged pods
      2. As an openshift admin, I would like to give my developers a consistent container development environment inside of openshift

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              pehunt@redhat.com Peter Hunt
              pehunt@redhat.com Peter Hunt
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: