Skip to content

Add validations for Windows HostProcess CRI configs#6996

Merged
kzys merged 1 commit intocontainerd:mainfrom
dcantah:hpc-validations
Jun 1, 2022
Merged

Add validations for Windows HostProcess CRI configs#6996
kzys merged 1 commit intocontainerd:mainfrom
dcantah:hpc-validations

Conversation

@dcantah
Copy link
Copy Markdown
Member

@dcantah dcantah commented May 27, 2022

HostProcess containers require every container in the pod to be a HostProcess container and have the corresponding security context field set. The Kubelet usually enforces this so we'd error before even getting here, but we recently found a bug in that logic so better to be safe than sorry.

@dcantah
Copy link
Copy Markdown
Member Author

dcantah commented May 27, 2022

cc @marosset @jsturtevant

@dcantah dcantah marked this pull request as draft May 27, 2022 07:39
@dcantah dcantah force-pushed the hpc-validations branch from db90be8 to b56bd4a Compare May 27, 2022 08:16
@dcantah dcantah marked this pull request as ready for review May 27, 2022 15:14
@marosset
Copy link
Copy Markdown
Contributor

marosset commented May 27, 2022

Related to kubernetes/kubernetes#110140 which fixes a bug in the kubelet where sometimes the pod can be created without the hostprocess field set when it should be.

samuelkarp
samuelkarp reviewed May 28, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@samuelkarp samuelkarp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine, but one small suggestion.

Comment thread pkg/cri/server/container_create_windows_test.go Outdated
@dcantah
Add validations for Windows HostProcess CRI configs
978ff39 
HostProcess containers require every container in the pod to be a
host process container and have the corresponding field set. The Kubelet
usually enforces this so we'd error before even getting here but we recently
found a bug in this logic so better to be safe than sorry.

Signed-off-by: Daniel Canter <[email protected]>
@dcantah dcantah force-pushed the hpc-validations branch from b56bd4a to 978ff39 Compare May 28, 2022 04:17
@dcantah dcantah mentioned this pull request May 30, 2022
Merged
@kzys kzys merged commit c149e6c into containerd:main Jun 1, 2022
@dcantah dcantah mentioned this pull request Jul 29, 2022
Merged
@fuweid fuweid added the cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch label Jul 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzys kzys kzys approved these changes

@samuelkarp samuelkarp samuelkarp approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

Assignees

No one assigned

Labels

cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@dcantah @marosset @kzys @samuelkarp @cpuguy83 @fuweid