features: set userns related features to have required min kubelet version to 1.30.0

which is the lowest version the kubelet will deny a pod if a userns can't be created

Signed-off-by: Peter Hunt <[email protected]>

Author: haircommander

features/features.go

@@ -677,6 +677,7 @@ var (
 						productScope(kubernetes).
 						enhancementPR("https://github.com/kubernetes/enhancements/issues/127").
 						enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+						requiredMinimumKubeletVersion("1.30.0").
 						mustRegister()
 
 	FeatureGateUserNamespacesPodSecurityStandards = newFeatureGate("UserNamespacesPodSecurityStandards").
@@ -685,6 +686,7 @@ var (
 							productScope(kubernetes).
 							enhancementPR("https://github.com/kubernetes/enhancements/issues/127").
 							enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+							requiredMinimumKubeletVersion("1.30.0").
 							mustRegister()
 
 	FeatureGateProcMountType = newFeatureGate("ProcMountType").
@@ -693,6 +695,7 @@ var (
 					productScope(kubernetes).
 					enhancementPR("https://github.com/kubernetes/enhancements/issues/4265").
 					enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+					requiredMinimumKubeletVersion("1.30.0").
 					mustRegister()
 
 	FeatureGateVSphereMultiNetworks = newFeatureGate("VSphereMultiNetworks").

features/util.go

@@ -9,6 +9,8 @@ import (
 )
 
 // FeatureGateDescription is a golang-only interface used to contains details for a feature gate.
+//
+//nolint:all
 type FeatureGateDescription struct {
 	// FeatureGateAttributes is the information that appears in the API
 	FeatureGateAttributes configv1.FeatureGateAttributes
@@ -45,12 +47,14 @@ var (
 	kubernetes  = OwningProduct("Kubernetes")
 )
 
+//nolint:all
 type featureGateBuilder struct {
-	name                string
-	owningJiraComponent string
-	responsiblePerson   string
-	owningProduct       OwningProduct
-	enhancementPRURL    string
+	name                  string
+	owningJiraComponent   string
+	responsiblePerson     string
+	owningProduct         OwningProduct
+	enhancementPRURL      string
+	minimumKubeletVersion string
 
 	statusByClusterProfileByFeatureSet map[ClusterProfileName]map[configv1.FeatureSet]bool
 }
@@ -111,6 +115,11 @@ func (b *featureGateBuilder) enableForClusterProfile(clusterProfile ClusterProfi
 	return b
 }
 
+func (b *featureGateBuilder) requiredMinimumKubeletVersion(version string) *featureGateBuilder {
+	b.minimumKubeletVersion = version
+	return b
+}
+
 func (b *featureGateBuilder) register() (configv1.FeatureGateName, error) {
 	if len(b.name) == 0 {
 		return "", fmt.Errorf("missing name")
@@ -142,9 +151,20 @@ func (b *featureGateBuilder) register() (configv1.FeatureGateName, error) {
 	}
 
 	featureGateName := configv1.FeatureGateName(b.name)
+	var minComponentVersions []configv1.MinimumComponentVersion
+	if b.minimumKubeletVersion != "" {
+		if minComponentVersions == nil {
+			minComponentVersions = []configv1.MinimumComponentVersion{}
+		}
+		minComponentVersions = append(minComponentVersions, configv1.MinimumComponentVersion{
+			Component: configv1.MinimumComponentKubelet,
+			Version:   b.minimumKubeletVersion,
+		})
+	}
 	description := FeatureGateDescription{
 		FeatureGateAttributes: configv1.FeatureGateAttributes{
-			Name: featureGateName,
+			Name:                             featureGateName,
+			RequiredMinimumComponentVersions: minComponentVersions,
 		},
 		OwningJiraComponent: b.owningJiraComponent,
 		ResponsiblePerson:   b.responsiblePerson,

payload-manifests/featuregates/featureGate-Hypershift-Default.yaml

@@ -152,7 +152,13 @@
                         "name": "PlatformOperators"
                     },
                     {
-                        "name": "ProcMountType"
+                        "name": "ProcMountType",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "RouteAdvertisements"
@@ -188,10 +194,22 @@
                         "name": "UpgradeStatus"
                     },
                     {
-                        "name": "UserNamespacesPodSecurityStandards"
+                        "name": "UserNamespacesPodSecurityStandards",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
-                        "name": "UserNamespacesSupport"
+                        "name": "UserNamespacesSupport",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode"

payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml

@@ -234,7 +234,13 @@
                         "name": "PrivateHostedZoneAWS"
                     },
                     {
-                        "name": "ProcMountType"
+                        "name": "ProcMountType",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
                         "name": "UpgradeStatus"
                     },
                     {
-                        "name": "UserNamespacesPodSecurityStandards"
+                        "name": "UserNamespacesPodSecurityStandards",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
-                        "name": "UserNamespacesSupport"
+                        "name": "UserNamespacesSupport",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode"

payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml

@@ -246,7 +246,13 @@
                         "name": "PrivateHostedZoneAWS"
                     },
                     {
-                        "name": "ProcMountType"
+                        "name": "ProcMountType",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
                         "name": "UpgradeStatus"
                     },
                     {
-                        "name": "UserNamespacesPodSecurityStandards"
+                        "name": "UserNamespacesPodSecurityStandards",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
-                        "name": "UserNamespacesSupport"
+                        "name": "UserNamespacesSupport",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode"

payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml

@@ -152,7 +152,13 @@
                         "name": "PlatformOperators"
                     },
                     {
-                        "name": "ProcMountType"
+                        "name": "ProcMountType",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "RouteAdvertisements"
@@ -188,10 +194,22 @@
                         "name": "UpgradeStatus"
                     },
                     {
-                        "name": "UserNamespacesPodSecurityStandards"
+                        "name": "UserNamespacesPodSecurityStandards",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
-                        "name": "UserNamespacesSupport"
+                        "name": "UserNamespacesSupport",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode"

payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml

@@ -234,7 +234,13 @@
                         "name": "PrivateHostedZoneAWS"
                     },
                     {
-                        "name": "ProcMountType"
+                        "name": "ProcMountType",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
                         "name": "UpgradeStatus"
                     },
                     {
-                        "name": "UserNamespacesPodSecurityStandards"
+                        "name": "UserNamespacesPodSecurityStandards",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
-                        "name": "UserNamespacesSupport"
+                        "name": "UserNamespacesSupport",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode"

payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml

@@ -246,7 +246,13 @@
                         "name": "PrivateHostedZoneAWS"
                     },
                     {
-                        "name": "ProcMountType"
+                        "name": "ProcMountType",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "RouteAdvertisements"
@@ -273,10 +279,22 @@
                         "name": "UpgradeStatus"
                     },
                     {
-                        "name": "UserNamespacesPodSecurityStandards"
+                        "name": "UserNamespacesPodSecurityStandards",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
-                        "name": "UserNamespacesSupport"
+                        "name": "UserNamespacesSupport",
+                        "requiredMinimumComponentVersions": [
+                            {
+                                "component": "Kubelet",
+                                "version": "1.30.0"
+                            }
+                        ]
                     },
                     {
                         "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode"