github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Updating CRI API to include Windows Pod/Sandbox configs

Browse Source
This commit is contained in:
marosset 2021-02-24 10:48:00 -08:00 committed by James Sturtevant
parent 93da0fd45d
commit 51a02fdb80
4 changed files with 2033 additions and 807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1381
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
View File

File diff suppressed because it is too large Load Diff

28
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
View File

@ -388,6 +388,8 @@ message PodSandboxConfig {
map<string, string> annotations = 7; map<string, string> annotations = 7;
// Optional configurations specific to Linux hosts. // Optional configurations specific to Linux hosts.
LinuxPodSandboxConfig linux = 8; LinuxPodSandboxConfig linux = 8;
// Optional configurations specific to Windows hosts.
WindowsPodSandboxConfig windows = 9;
} }
message RunPodSandboxRequest { message RunPodSandboxRequest {
@ -687,6 +689,29 @@ message LinuxContainerConfig {
LinuxContainerSecurityContext security_context = 2; LinuxContainerSecurityContext security_context = 2;
} }
// WindowsSandboxSecurityContext holds platform-specific configurations that will be
// applied to a sandbox.
// These settings will only apply to the sandbox container.
message WindowsSandboxSecurityContext {
// User name to run the container process as. If specified, the user MUST
// exist in the container image and be resolved there by the runtime;
// otherwise, the runtime MUST return error.
string run_as_username = 1;
// The contents of the GMSA credential spec to use to run this container.
string credential_spec = 2;
// Indicates whether the container requested to run as a HostProcess container.
bool host_process = 3;
}
// WindowsPodSandboxConfig holds platform-specific configurations for Windows
// host platforms and Windows-based containers.
message WindowsPodSandboxConfig {
// WindowsSandboxSecurityContext holds sandbox security attributes.
WindowsSandboxSecurityContext security_context = 1;
}
// WindowsContainerSecurityContext holds windows security configuration that will be applied to a container. // WindowsContainerSecurityContext holds windows security configuration that will be applied to a container.
message WindowsContainerSecurityContext { message WindowsContainerSecurityContext {
// User name to run the container process as. If specified, the user MUST // User name to run the container process as. If specified, the user MUST
@ -696,6 +721,9 @@ message WindowsContainerSecurityContext {
// The contents of the GMSA credential spec to use to run this container. // The contents of the GMSA credential spec to use to run this container.
string credential_spec = 2; string credential_spec = 2;
// Indicates whether a container is to be run as a HostProcess container.
bool host_process = 3;
} }
// WindowsContainerConfig contains platform-specific configuration for // WindowsContainerConfig contains platform-specific configuration for

1387
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/api.pb.go
View File

File diff suppressed because it is too large Load Diff

28
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/api.proto
View File

@ -392,6 +392,8 @@ message PodSandboxConfig {
map<string, string> annotations = 7; map<string, string> annotations = 7;
// Optional configurations specific to Linux hosts. // Optional configurations specific to Linux hosts.
LinuxPodSandboxConfig linux = 8; LinuxPodSandboxConfig linux = 8;
// Optional configurations specific to Windows hosts.
WindowsPodSandboxConfig windows = 9;
} }
message RunPodSandboxRequest { message RunPodSandboxRequest {
@ -693,6 +695,29 @@ message LinuxContainerConfig {
LinuxContainerSecurityContext security_context = 2; LinuxContainerSecurityContext security_context = 2;
} }
// WindowsSandboxSecurityContext holds platform-specific configurations that will be
// applied to a sandbox.
// These settings will only apply to the sandbox container.
message WindowsSandboxSecurityContext {
// User name to run the container process as. If specified, the user MUST
// exist in the container image and be resolved there by the runtime;
// otherwise, the runtime MUST return error.
string run_as_username = 1;
// The contents of the GMSA credential spec to use to run this container.
string credential_spec = 2;
// Indicates whether the container be asked to run as a HostProcess container.
bool host_process = 3;
}
// WindowsPodSandboxConfig holds platform-specific configurations for Windows
// host platforms and Windows-based containers.
message WindowsPodSandboxConfig {
// WindowsSandboxSecurityContext holds sandbox security attributes.
WindowsSandboxSecurityContext security_context = 1;
}
// WindowsContainerSecurityContext holds windows security configuration that will be applied to a container. // WindowsContainerSecurityContext holds windows security configuration that will be applied to a container.
message WindowsContainerSecurityContext { message WindowsContainerSecurityContext {
// User name to run the container process as. If specified, the user MUST // User name to run the container process as. If specified, the user MUST
@ -702,6 +727,9 @@ message WindowsContainerSecurityContext {
// The contents of the GMSA credential spec to use to run this container. // The contents of the GMSA credential spec to use to run this container.
string credential_spec = 2; string credential_spec = 2;
// Indicates whether a container is to be run as a HostProcess container.
bool host_process = 3;
} }
// WindowsContainerConfig contains platform-specific configuration for // WindowsContainerConfig contains platform-specific configuration for