Run podman as USER then as sudo in driver check

[djplt]

Fixes #11973

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please log a ticket with the Linux Foundation Helpdesk: https://support.linuxfoundation.org/
• Should you encounter any issues with the Linux Foundation Helpdesk, send a message to the backup e-mail support address at: [email protected]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

Hi @djplt. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: djplt
To complete the pull request process, please assign spowelljr after the PR has been reviewed.
You can assign the PR to them by writing /assign @spowelljr in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[minikube-bot]

Can one of the admins verify this patch?

[medyagh]

why we run this only if sudo needs password?
what if sudo does NOT need password, we dont wanna run it then?

[medyagh]

thank you very much for taking this issue @djplt
just minor comments

and please check the CLA singing

[medyagh]

is there a cheaper way than executing a command ? (since this code is used in driver check it would worth to optimize second to miliseconds

how about this one ? https://askubuntu.com/questions/357220/how-to-check-if-sudo-password-has-been-entered-for-this-terminal-session#:~:text=If%20a%20password%20is%20required,2%3E%2Fdev%2Fnull%20.

if sudo -n true 2>/dev/null```

[AkihiroSuda]

Can we rather use --rootless flag? #12901

[AkihiroSuda]

I don't think this works.

At least you have to let pkg/drivers/kic/oci.podmanSystemInfo() to report Rootless bool to the caller, otherwise kubelet and CRI can't work with Rootless Podman.

Please see #12901

[djplt]

I think the changes are in conflict with #12901 and so I've merged with that branch (assuming it will be merged in). I've gone for a simpler approach where only root or rootless will be attempted in a given driver check.

[djplt]

I signed it

[klaases]

hi @djplt, were you able to address @medyagh's comment above?

[djplt]

hi @djplt, were you able to address @medyagh's comment above?

@klaases yes I believe so. However, my changes were in conflict with #12901 so I merged those changes into this branch as per the comments of @AkihiroSuda.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[djplt]

@klaases and @AkihiroSuda I've merged in the latest master branch - it appears to be working now. Happy to get this re-reviewed thanks.

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[djplt]

/remove-lifecycle rotten

[spowelljr]

/ok-to-test

[spowelljr]

Hi @djplt, this PR has a merge conflict, could you please rebase and then push it up and then I can take a look at it, thanks!

[djplt]

@spowelljr that's been done now!

[minikube-pr-bot]

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 13061) |
+----------------+----------+---------------------+
| minikube start | 51.9s    | 50.2s               |
| enable ingress | 27.7s    | 29.0s               |
+----------------+----------+---------------------+

Times for minikube (PR 13061) start: 50.0s 49.5s 50.4s 50.6s 50.6s
Times for minikube start: 50.8s 51.8s 53.8s 51.7s 51.4s

Times for minikube ingress: 25.6s 29.1s 29.1s 29.1s 25.6s
Times for minikube (PR 13061) ingress: 28.1s 29.6s 29.0s 29.1s 29.1s

docker driver with docker runtime

+-------------------+----------+---------------------+
|      COMMAND      | MINIKUBE | MINIKUBE (PR 13061) |
+-------------------+----------+---------------------+
| minikube start    | 25.2s    | 24.8s               |
| ⚠️  enable ingress | 22.4s    | 34.9s ⚠️             |
+-------------------+----------+---------------------+

Times for minikube start: 24.6s 24.8s 25.7s 25.1s 25.7s
Times for minikube (PR 13061) start: 24.5s 24.9s 24.9s 24.8s 24.8s

Times for minikube ingress: 21.9s 22.4s 22.0s 23.9s 21.9s
Times for minikube (PR 13061) ingress: 21.9s 82.9s 23.9s 22.9s 22.9s

docker driver with containerd runtime

+-------------------+----------+---------------------+
|      COMMAND      | MINIKUBE | MINIKUBE (PR 13061) |
+-------------------+----------+---------------------+
| ⚠️  minikube start | 30.6s    | 35.7s ⚠️             |
| enable ingress    | 26.3s    | 25.9s               |
+-------------------+----------+---------------------+

Times for minikube start: 29.3s 38.4s 28.6s 28.3s 28.5s
Times for minikube (PR 13061) start: 29.8s 44.1s 31.6s 32.7s 40.2s

Times for minikube ingress: 22.4s 22.4s 32.4s 32.4s 21.9s
Times for minikube (PR 13061) ingress: 22.4s 17.9s 18.9s 47.9s 22.4s

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.