kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #40376 from dtzar/patch-1 

clarify Windows privileged containers feature enablement
This commit is contained in:
Kubernetes Prow Robot 2023-05-07 03:51:16 -07:00 committed by GitHub
parent 3bd3118093 8f3790c3a9
commit eb7c049f04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/en/docs/concepts/security/pod-security-standards.md
View File

@ -57,7 +57,7 @@ fail validation.
<tr> <tr>
<td style="white-space: nowrap">HostProcess</td> <td style="white-space: nowrap">HostProcess</td>
<td> <td>
<p>Windows pods offer the ability to run <a href="/docs/tasks/configure-pod-container/create-hostprocess-pod">HostProcess containers</a> which enables privileged access to the Windows node. Privileged access to the host is disallowed in the baseline policy. {{< feature-state for_k8s_version="v1.23" state="beta" >}}</p> <p>Windows pods offer the ability to run <a href="/docs/tasks/configure-pod-container/create-hostprocess-pod">HostProcess containers</a> which enables privileged access to the Windows node. Privileged access to the host is disallowed in the baseline policy. {{< feature-state for_k8s_version="v1.26" state="stable" >}}</p>
<p><strong>Restricted Fields</strong></p> <p><strong>Restricted Fields</strong></p>
<ul> <ul>
<li><code>spec.securityContext.windowsOptions.hostProcess</code></li> <li><code>spec.securityContext.windowsOptions.hostProcess</code></li>

8
content/en/docs/concepts/workloads/pods/_index.md
View File

@ -307,12 +307,10 @@ capabilities such as manipulating the network stack or accessing hardware device
{{< feature-state for_k8s_version="v1.26" state="stable" >}} {{< feature-state for_k8s_version="v1.26" state="stable" >}}
In Windows, you can create a [Windows HostProcess pod](/docs/tasks/configure-pod-container/create-hostprocess-pod) In Windows, you can create a [Windows HostProcess pod](/docs/tasks/configure-pod-container/create-hostprocess-pod) by setting the
by setting the `windowsOptions.hostProcess` flag on the security context of the pod spec. All containers in these `windowsOptions.hostProcess` flag on the security context of the pod spec. All containers in these
pods must run as Windows HostProcess containers. HostProcess pods run directly on the host and can also be used pods must run as Windows HostProcess containers. HostProcess pods run directly on the host and can also be used
to perform administrative tasks as is done with Linux privileged containers. In order to use this feature, the to perform administrative tasks as is done with Linux privileged containers.
`WindowsHostProcessContainers` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) must be enabled.
## Static Pods ## Static Pods