Superpowers for Windows Containers
The Windows Operating System does not support privileged operations from inside a container today. Daemon-sets on Windows nodes in Kubernetes clusters that need to perform configuration actions on the …
Talk Title | Superpowers for Windows Containers |
Speakers | Deep Debroy (Engineering Manager, Docker Inc.), Jean Rouge (Senior Software Engineer, Docker) |
Conference | KubeCon + CloudNativeCon North America |
Conf Tag | |
Location | San Diego, CA, USA |
Date | Nov 15-21, 2019 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
The Windows Operating System does not support privileged operations from inside a container today. Daemon-sets on Windows nodes in Kubernetes clusters that need to perform configuration actions on the node are significantly impacted by the absence of privileged mode support on Windows. In this talk we:1. Explore the pros and cons of the options the SIG Windows community brainstormed to provide containers running on Windows the ability to perform privileged operations while being managed by Kubernetes.2. Delve into the specific characteristics of the privileged proxy approach we decided to adopt.3. Demonstrate how the privileged proxy approach is used to support privileged operations that need to be executed by daemon-sets associated with CSI plugins running on Windows nodes in a Kubernetes cluster.