## START: Set by rpmautospec ## (rpmautospec version 0.8.3) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 6; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec # Do not edit this spec file. (Re-)Generate using newrelease %bcond check 1 Version: 0.1 %global common_description %{expand: Support for Kubernetes user namespace} Name: kubernetes-user-namespace Release: %autorelease Summary: Support for Kubernetes User Namespace License: MIT Source0: kubernetes-systemd-sysusers.conf Source1: README.md Source2: LICENSE Buildarch: noarch ############################################## BuildRequires: systemd-rpm-macros %{?sysusers_requires_compat} # additonal kubelet requirements Requires(pre): kubernetes >= 1.33 Requires: shadow-utils-subid %description %{common_description} Installs the `kubelet` user on a Kubernetes node where kubelet will be running. This user name is a required component for Kubernetes User Namespaces along with defined requirements for subordinate UID and GID ranges. A user namespace isolates the user running inside a container from the one on the host.See Kubernetes documentation for additional information. ############################################## ############################################## %prep ############################################## %install echo "+++ INSTALLING sysusers.d" install -D -m 0644 -vp %{SOURCE0} %{buildroot}%{_sysusersdir}/%{name}.conf echo "+++ INSTALLING README.md" cp %{SOURCE1} . echo "+++ INSTALLING License" cp %{SOURCE2} . %pre %sysusers_create_compat %{SOURCE0} # macro that appends kubelet string to subuid/subgid files # file is %1, kubelet string %2 %define post_subids() \ cp %1 %1.rpmsave; \ (cat %1.rpmsave; echo "# Example kubelet configuration"; echo %2) > %1 %define switch %{_sysconfdir}/nsswitch.conf %define subuid %{_sysconfdir}/subuid %define subgid %{_sysconfdir}/subgid %post # add kubelet to /etc/subuid and /etc/subgid conforming to Kubernetes guidelines # The string is identical for each file per guideline # Logic: as long as 'getsubids kubelet' is false then check for # the word kubelet in /etc/subuid and add as comment and example # if missing # # getsubids - checks for existing subids for kubelet if [ "$1" = 1 ] && [[ ! $(getsubids kubelet &> /dev/null) ]]; then # kubelet user not configured. Determine subid source: local or external # local if subid absent in nsswitch.conf or with files provider if ! grep -q "subid" %{switch} || ! grep -q "^subid.*files" %{switch} ; then # subids can be set locally kubelet_str="" # if /etc/subuid missing, create if [ ! -f %{subuid} ] ; then kubelet_str="# kubelet:65536:7208960" touch %{subuid} touch %{subgid} # if the string 'kubelet' missing, create elif ! grep -q "kubelet" %{subuid}; then kubelet_str=$(awk -F ':' -v mc=65536 '/^#/ {next} $2 > max {max=$2; count=$3} END {print "# kubelet:" int(((max+count)/mc)+0.5)*mc ":"110*mc}' %{subuid}) fi # add kubelet string as comment for user review/adjustment if [[ -n $kubelet_str ]] ; then %post_subids %{subuid} $kubelet_str %post_subids %{subgid} $kubelet_str fi fi fi %postun # convert kubelet id to comment if present if [ "$1" = 0 ] && [ -f %{_sysconfdir}/subuid ] ; then sed -i 's/^kubelet/\# kubelet/' %{subuid} sed -i 's/^kubelet/\# kubelet/' %{subgid} fi ############################################ %check # empty ############################################## %files %license LICENSE %doc README.md %{_sysusersdir}/%{name}.conf ############################################ %changelog ## START: Generated by rpmautospec * Mon Dec 22 2025 Bradley G Smith - 0.1-6 - Uncommitted changes * Sun Dec 21 2025 Bradley G Smith - 0.1-5 - Working configuration * Sun Dec 21 2025 Bradley G Smith - 0.1-4 - Update package * Fri Dec 19 2025 Bradley G Smith - 0.1-3 - Update README * Fri Dec 19 2025 Bradley G Smith - 0.1-2 - Update README * Fri Dec 19 2025 Bradley G Smith - 0.1-1 - Initialize repository - Initial repository contents ## END: Generated by rpmautospec