Workspaces: Negate the `hostUsers` boolean (!211474) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

In Workspaces, if I want to use Kubernetes User Namespaces (available in GKE from 1.33) I need to set

remote_development:
  # NOTE: This is a partial example.
  # Some required fields are not included.
  use_kubernetes_user_namespaces: true

However, this passes the true value directly through to the deployment/pod spec. And when we don't have a true we don't pass that through into the deployment/pod at all!

Whereas the kubernetes implementation needs a false there (in hostUsers) to 'enable' user namespaces:

apiVersion: v1
kind: Pod
metadata:
  name: userns
spec:
  hostUsers: false
  containers:
  - name: shell
    command: ["sleep", "infinity"]
    image: debian

This MR reverses the value we set, so that we correctly set false when we want to enable user namespaces.

References

https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Nov 04, 2025 by Raimund Hook

Workspaces: Negate the hostUsers boolean

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports

Workspaces: Negate the `hostUsers` boolean