Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates for WindowsHostProcessContainers going to stable #37340

Merged
merged 3 commits into from
Nov 28, 2022
Merged

Updates for WindowsHostProcessContainers going to stable #37340

merged 3 commits into from
Nov 28, 2022

Conversation

marosset
Copy link
Contributor

Signed-off-by: Mark Rossetti [email protected]

@k8s-ci-robot k8s-ci-robot added this to the 1.26 milestone Oct 17, 2022
@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 17, 2022
@k8s-ci-robot k8s-ci-robot added the language/en Issues or PRs related to English language label Oct 17, 2022
@netlify
Copy link

netlify bot commented Oct 17, 2022
edited
Loading

👷 Deploy Preview for kubernetes-io-vnext-staging processing.

Name Link
🔨 Latest commit 1d74e4c
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-io-vnext-staging/deploys/6373e7e0e9a5420009ce088b

@k8s-ci-robot k8s-ci-robot requested a review from tengqm October 17, 2022 17:10
@k8s-ci-robot k8s-ci-robot added sig/docs Categorizes an issue or PR as relevant to SIG Docs. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 17, 2022
@marosset marosset mentioned this pull request Oct 17, 2022
Closed
35 tasks
sftim
sftim reviewed Oct 18, 2022
View reviewed changes
Copy link
Contributor

@sftim sftim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An early nit

content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 10, 2022
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 10, 2022
@marosset marosset marked this pull request as ready for review November 11, 2022 17:59
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 11, 2022
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 11, 2022
@marosset
Copy link
Contributor Author

/assign @brasmith-ms @jsturtevant
Can you think of any other updates we want to make here?

@brasmith-ms and I are also working on a blog-post for this feature and we will include more in-depth examples in there

@marosset
Copy link
Contributor Author

/sig windows

@k8s-ci-robot k8s-ci-robot added the sig/windows Categorizes an issue or PR as relevant to SIG Windows. label Nov 11, 2022
@marosset
Copy link
Contributor Author

I will add a section about the HostProcess container base image.

brasmith-ms
brasmith-ms suggested changes Nov 11, 2022
View reviewed changes
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated Show resolved Hide resolved
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md Outdated
and the name of that local usergroup must be specified in the `runAsUserName` field in the deployment.
This will cause an new ephemeral local user account to be created, joined to the specified usergroup,
and used by the container. This provides a number a benefits including eliminating the need to manage
passwords for local user accounts.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
passwords for local user accounts.

@marosset
Copy link
Contributor Author

I will add a section about the HostProcess container base image.

added!

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 15, 2022
@marosset @brasmith-ms @tengqm
Apply suggestions from code review
1d74e4c 
Co-authored-by: Brandon Smith <[email protected]>
Co-authored-by: Qiming Teng <[email protected]>
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 15, 2022
jsturtevant
jsturtevant reviewed Nov 15, 2022
View reviewed changes
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md
This will cause an new ephemeral local user account to be created, joined to the specified usergroup,
and used by the container. This provides a number a benefits including eliminating the need to manage
passwords for local user accounts.
Prior to initializing the HostProcess container, a new **ephemeral** local user account to be created and joined to the specified usergroup, from which the container is run.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to be really clear here, might say something like "the runtime will create an ephemeral".

", from which the container is run." is a bit award to read I think.

content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md
passwords for local user accounts.
Prior to initializing the HostProcess container, a new **ephemeral** local user account to be created and joined to the specified usergroup, from which the container is run.
This provides a number a benefits including eliminating the need to manage passwords for local user accounts.
passwords for local user accounts. An initial HostProcess container running as a service account can be used to
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

container running as one of the built-in service account can be used to

krol3
krol3 approved these changes Nov 28, 2022
View reviewed changes
Copy link
Contributor

@krol3 krol3 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm @marosset can you confirm you applied the changes? This PR needs a doc review by Mon Nov 28th to get this into the release. Please reach out to required SIGs to get their review. Thank you!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 28, 2022
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: ee49e478433ac165b8399b09aedd84c8cc7126c8

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: krol3

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 28, 2022
@k8s-ci-robot k8s-ci-robot merged commit b32297f into kubernetes:dev-1.26 Nov 28, 2022
sftim
sftim reviewed Dec 3, 2022
View reviewed changes
Copy link
Contributor

@sftim sftim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should also have updated https://kubernetes.io/docs/concepts/workloads/pods/#privileged-mode-for-containers

@sftim sftim mentioned this pull request Dec 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sftim sftim sftim left review comments

@tengqm tengqm tengqm left review comments

@jsturtevant jsturtevant jsturtevant left review comments

@brasmith-ms brasmith-ms brasmith-ms requested changes

@krol3 krol3 krol3 approved these changes

@daminisatya daminisatya Awaiting requested review from daminisatya

@natalisucks natalisucks Awaiting requested review from natalisucks

@rajeshdeshpande02 rajeshdeshpande02 Awaiting requested review from rajeshdeshpande02

Assignees

@jsturtevant jsturtevant

@krol3 krol3

@brasmith-ms brasmith-ms

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. language/en Issues or PRs related to English language lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/windows Categorizes an issue or PR as relevant to SIG Windows. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
[sig-windows] PR tracking
Status: Done
Milestone
1.26
Development

Successfully merging this pull request may close these issues.
7 participants
@marosset @k8s-ci-robot @jsturtevant @tengqm @krol3 @sftim @brasmith-ms