OCPNODE-3225,OCPNODE-2557: features: set user namespace features on by default

[haircommander]

now that we are approaching kube 1.33 rebase (and are moving away from 1.32), we are safe from the risks that caused us not to turn this on by default (needing a n-3 version skew to 1.30 to make sure a user namespace is created or a pod is denied)

[openshift-ci]

Hello @haircommander! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: haircommander
Once this PR has been reviewed and has the lgtm label, please assign joelspeed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@haircommander: This pull request references OCPNODE-3225 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

This pull request references OCPNODE-2557 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

In response to this:

now that we are approaching kube 1.33 rebase (and are moving away from 1.32), we are safe from the risks that caused us not to turn this on by default (needing a n-3 version skew to 1.30 to make sure a user namespace is created or a pod is denied)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[haircommander]

i'm unsure why this snuck in

[JoelSpeed]

Please make sure you're rebased on the latest tip of master and try the generation again 🤔

[haircommander]

this happened to me on master too, but I just dropped manually

[bertinatto]

/retest

[haircommander]

/retest

I think the remaining verify failures are expected. We have this weird deadlock where upstream userns tests will fail because the feature is turned off, but they're only enabled in tech preview clusters so we don't have any feedback that they're working. If needed, I could duplicate the upstream tests in o/origin to mimic the upstream behaviors, but we still would need to wait a bit to get test readiness. OR we can override.

I ask because this is blocking @bertinatto 's rebase and needs timely consideration. WDYT @JoelSpeed

[openshift-ci]

@haircommander: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	0f9a8e8	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/verify-feature-promotion	0f9a8e8	link	true	/test verify-feature-promotion
ci/prow/e2e-aws-serial	0f9a8e8	link	true	/test e2e-aws-serial
ci/prow/verify-crd-schema	0f9a8e8	link	true	/test verify-crd-schema

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.