Add support for CRI-O user namespaces (#8268)

* add support for cri-o user namespaces * comply with yamllint rules
2026-03-06 03:01:13 -03:30 · 2021-12-20 15:37:25 +01:00
parent c59407f105
commit f01f7c54aa
4 changed files with 45 additions and 0 deletions
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -97,3 +97,12 @@ skopeo_packages:
 # Configure the cri-o pids limit, increase this for heavily multi-threaded workloads
 # see https://github.com/cri-o/cri-o/issues/1921
 crio_pids_limit: 1024
+
+# Reserve 16M uids and gids for user namespaces (256 pods * 65536 uids/gids)
+# at the end of the uid/gid space
+crio_remap_enable: false
+crio_remap_user: containers
+crio_subuid_start: 2130706432
+crio_subuid_length: 16777216
+crio_subgid_start: 2130706432
+crio_subgid_length: 16777216