December 14, 2019

194 words 1 min read

Superpowers for Windows Containers

Superpowers for Windows Containers

The Windows Operating System does not support privileged operations from inside a container today. Daemon-sets on Windows nodes in Kubernetes clusters that need to perform configuration actions on the …

Talk Title Superpowers for Windows Containers
Speakers Deep Debroy (Engineering Manager, Docker Inc.), Jean Rouge (Senior Software Engineer, Docker)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location San Diego, CA, USA
Date Nov 15-21, 2019
URL Talk Page
Slides Talk Slides
Video

The Windows Operating System does not support privileged operations from inside a container today. Daemon-sets on Windows nodes in Kubernetes clusters that need to perform configuration actions on the node are significantly impacted by the absence of privileged mode support on Windows. In this talk we:1. Explore the pros and cons of the options the SIG Windows community brainstormed to provide containers running on Windows the ability to perform privileged operations while being managed by Kubernetes.2. Delve into the specific characteristics of the privileged proxy approach we decided to adopt.3. Demonstrate how the privileged proxy approach is used to support privileged operations that need to be executed by daemon-sets associated with CSI plugins running on Windows nodes in a Kubernetes cluster.

comments powered by Disqus