Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[WIP] Support Windows to run sandbox containers by Windows logic not linux logic #93299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[WIP] Support Windows to run sandbox containers by Windows logic not linux logic #93299

wants to merge 1 commit into from

Conversation

wawa0210
Copy link
Contributor

@wawa0210 wawa0210 commented Jul 21, 2020
edited
Loading

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:

/kind feature

What this PR does / why we need it:

Support users to pass in different usernames to run sandbox container and work container through SecurityContext.WindowsOptions.RunAsUserName. Currently working containers are supported, but sandbox does not

Which issue(s) this PR fixes:

Fixes #92963

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

/sig windows

@k8s-ci-robot
Copy link
Contributor

@wawa0210: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. sig/windows Categorizes an issue or PR as relevant to SIG Windows. labels Jul 21, 2020
@k8s-ci-robot
Copy link
Contributor

@wawa0210: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jul 21, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: wawa0210
To complete the pull request process, please assign vishh
You can assign the PR to them by writing /assign @vishh in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added area/kubelet sig/node Categorizes an issue or PR as relevant to SIG Node. labels Jul 21, 2020
@wawa0210
Copy link
Contributor Author

/hold

This pr is still in progress

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 21, 2020
@wawa0210 wawa0210 changed the title [WIP] [WIP] Support Windows to run sandbox containers by passing in a different username through SecurityContext.WindowsOptions.RunAsUserName Jul 21, 2020
@wawa0210 wawa0210 marked this pull request as draft July 25, 2020 14:48
@wawa0210 wawa0210 changed the title [WIP] Support Windows to run sandbox containers by passing in a different username through SecurityContext.WindowsOptions.RunAsUserName [WIP] Support Windows to run sandbox containers by Windows logic not linux logic Aug 5, 2020
@wawa0210 wawa0210 mentioned this pull request Aug 5, 2020
Merged
@wawa0210 wawa0210 marked this pull request as ready for review August 5, 2020 23:35
@wawa0210 wawa0210 force-pushed the windows-sandbox branch 4 times, most recently from 8f07cb7 to a50fc6d Compare August 6, 2020 16:00
ddebroy
ddebroy reviewed Aug 7, 2020
View reviewed changes
pkg/kubelet/dockershim/docker_sandbox_windows.go Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a corresponding PR over in https://github.com/kubernetes/cri-api/blob/master/pkg/apis/runtime/v1alpha2/api.pb.go to introduce a GetWindows() for runtimeapi.PodSandboxConfig? Note that it only has GetLinux() today.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the GetWindows() method to the current pr's staging/src/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/api.proto file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should coordinate changes to Containerd to support this additional CRI field as well.

@wawa0210 wawa0210 force-pushed the windows-sandbox branch 3 times, most recently from 53df439 to 9b6a6ae Compare August 19, 2020 15:53
@k8s-ci-robot
Copy link
Contributor

@wawa0210: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kubernetes-node-e2e ab084f0 link /test pull-kubernetes-node-e2e
pull-kubernetes-e2e-gce-ubuntu-containerd ab084f0 link /test pull-kubernetes-e2e-gce-ubuntu-containerd
pull-kubernetes-e2e-azure-file-windows ab084f0 link /test pull-kubernetes-e2e-azure-file-windows
pull-kubernetes-e2e-azure-disk-windows ab084f0 link /test pull-kubernetes-e2e-azure-disk-windows

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 13, 2020
@k8s-ci-robot
Copy link
Contributor

@wawa0210: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wawa0210
Copy link
Contributor Author

/close

This pr is more complicated than expected, I will try to split it into several prs

@k8s-ci-robot
Copy link
Contributor

@wawa0210: Closed this PR.

In response to this:

/close

This pr is more complicated than expected, I will try to split it into several prs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krmayankk krmayankk Awaiting requested review from krmayankk

@mattjmcnaughton mattjmcnaughton Awaiting requested review from mattjmcnaughton

2 more reviewers

@jsturtevant jsturtevant jsturtevant left review comments

@ddebroy ddebroy ddebroy left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/windows Categorizes an issue or PR as relevant to SIG Windows. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Windows pods need to support RunAsUserName like Linux pods, not just work containers, not pause containers
4 participants
@wawa0210 @k8s-ci-robot @jsturtevant @ddebroy