Uploaded image for project: 'OpenShift Node'
  1. OpenShift Node
  2. OCPNODE-4115

Enable the ability to run systemd containers in OpenShift Dev Spaces and CI/CD pipelines for Ansible Molecule and other usecases.

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • Enable Read/Write cgroups for non-privileged containers in OpenShift
    • To Do
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • None
    • None
    • None

      Epic Goal

      • Enable Read/Write permissions on the cgroupfs mounted into non-privileged containers that have `host:Users: false`
      • NICE-TO-HAVE: Chown the cgroupfs to the UID of the container

      Why is this important?

      • Enable a full Ansible developer experience in OpenShift Dev Spaces including support for Molecule

      Scenarios

      1. Molecule testing of Ansible in OpenShift Dev Spaces

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • Containers in a Pod running under a specific SCC have access to a writable cgroupfs
      • NICE_TO_HAVE: The cgroupfs is owned by the uid of the container
      • An SCC enforces that cgroupfs can only be RW when the container is running in a user namespace i.e. `hostUsers: false`

      Dependencies (internal and external)

      1.  

      Previous Work (Optional):

      1. https://github.com/kubernetes/enhancements/issues/5474
      2. https://github.com/kubernetes/kubernetes/issues/121190
      3. https://github.com/cri-o/cri-o/issues/9768
      4. https://github.com/cgruver/systemd-in-devspaces

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              Unassigned Unassigned
              cgruver@redhat.com Charro Gruver
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: