Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing WindowsHostProcessContainers feature-gate #117570

Merged
merged 1 commit into from May 1, 2023
Merged

Removing WindowsHostProcessContainers feature-gate #117570

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/openapi-spec/swagger.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/openapi-spec/v3/api__v1_openapi.json
View file
Open in desktop
Expand Up @@ -7958,7 +7958,7 @@
"type": "string"
},
"hostProcess": {
"description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
"description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
"type": "boolean"
},
"runAsUserName": {
Expand Down
2 changes: 1 addition & 1 deletion api/openapi-spec/v3/apis__apps__v1_openapi.json
View file
Open in desktop
Expand Up @@ -5036,7 +5036,7 @@
"type": "string"
},
"hostProcess": {
"description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
"description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
"type": "boolean"
},
"runAsUserName": {
Expand Down
2 changes: 1 addition & 1 deletion api/openapi-spec/v3/apis__batch__v1_openapi.json
View file
Open in desktop
Expand Up @@ -4210,7 +4210,7 @@
"type": "string"
},
"hostProcess": {
"description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
"description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
"type": "boolean"
},
"runAsUserName": {
Expand Down
9 changes: 3 additions & 6 deletions pkg/apis/core/types.go
View file
Open in desktop
Expand Up @@ -5802,12 +5802,9 @@ type WindowsSecurityContextOptions struct {
RunAsUserName *string

// HostProcess determines if a container should be run as a 'Host Process' container.
// This field is alpha-level and will only be honored by components that enable the
// WindowsHostProcessContainers feature flag. Setting this field without the feature
// flag will result in errors when validating the Pod. All of a Pod's containers must
// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
// containers and non-HostProcess containers). In addition, if HostProcess is true
// then HostNetwork must also be set to true.
// All of a Pod's containers must have the same effective HostProcess value
// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
// In addition, if HostProcess is true then HostNetwork must also be set to true.
// +optional
HostProcess *bool
}
Expand Down
10 changes: 0 additions & 10 deletions pkg/features/kube_features.go
View file
Open in desktop
Expand Up @@ -868,14 +868,6 @@ const (
// Enables support for joining Windows containers to a hosts' network namespace.
WindowsHostNetwork featuregate.Feature = "WindowsHostNetwork"

// owner: @marosset
// alpha: v1.22
// beta: v1.23
// GA: v1.26
//
// Enables support for 'HostProcess' containers on Windows nodes.
WindowsHostProcessContainers featuregate.Feature = "WindowsHostProcessContainers"

// owner: @kerthcet
// kep: https://kep.k8s.io/3094
// alpha: v1.25
Expand Down Expand Up @@ -1135,8 +1127,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS

WindowsHostNetwork: {Default: true, PreRelease: featuregate.Alpha},

WindowsHostProcessContainers: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28

NodeInclusionPolicyInPodTopologySpread: {Default: true, PreRelease: featuregate.Beta},

SELinuxMountReadWriteOncePod: {Default: true, PreRelease: featuregate.Beta},
Expand Down
2 changes: 1 addition & 1 deletion pkg/generated/openapi/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions pkg/kubelet/metrics/metrics.go
View file
Open in desktop
Expand Up @@ -613,7 +613,7 @@ var (
&metrics.CounterOpts{
Subsystem: KubeletSubsystem,
Name: StartedHostProcessContainersTotalKey,
Help: "Cumulative number of hostprocess containers started. This metric will only be collected on Windows and requires WindowsHostProcessContainers feature gate to be enabled.",
Help: "Cumulative number of hostprocess containers started. This metric will only be collected on Windows.",
StabilityLevel: metrics.ALPHA,
},
[]string{"container_type"},
Expand All @@ -623,7 +623,7 @@ var (
&metrics.CounterOpts{
Subsystem: KubeletSubsystem,
Name: StartedHostProcessContainersErrorsTotalKey,
Help: "Cumulative number of errors when starting hostprocess containers. This metric will only be collected on Windows and requires WindowsHostProcessContainers feature gate to be enabled.",
Help: "Cumulative number of errors when starting hostprocess containers. This metric will only be collected on Windows.",
StabilityLevel: metrics.ALPHA,
},
[]string{"container_type", "code"},
Expand Down
9 changes: 3 additions & 6 deletions staging/src/k8s.io/api/core/v1/generated.proto
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 3 additions & 6 deletions staging/src/k8s.io/api/core/v1/types.go
View file
Open in desktop
Expand Up @@ -6801,12 +6801,9 @@ type WindowsSecurityContextOptions struct {
RunAsUserName *string `json:"runAsUserName,omitempty" protobuf:"bytes,3,opt,name=runAsUserName"`

// HostProcess determines if a container should be run as a 'Host Process' container.
// This field is alpha-level and will only be honored by components that enable the
// WindowsHostProcessContainers feature flag. Setting this field without the feature
// flag will result in errors when validating the Pod. All of a Pod's containers must
// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
// containers and non-HostProcess containers). In addition, if HostProcess is true
// then HostNetwork must also be set to true.
// All of a Pod's containers must have the same effective HostProcess value
// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
// In addition, if HostProcess is true then HostNetwork must also be set to true.
// +optional
HostProcess *bool `json:"hostProcess,omitempty" protobuf:"bytes,4,opt,name=hostProcess"`
}
Expand Down
2 changes: 1 addition & 1 deletion staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 0 additions & 2 deletions staging/src/k8s.io/pod-security-admission/test/fixtures_windowsHostProcess.go
View file
Open in desktop
Expand Up @@ -18,7 +18,6 @@ package test

import (
corev1 "k8s.io/api/core/v1"
"k8s.io/component-base/featuregate"
"k8s.io/pod-security-admission/api"
"k8s.io/utils/pointer"
)
Expand All @@ -43,7 +42,6 @@ func init() {
return nil
},
expectErrorSubstring: "hostProcess",
failRequiresFeatures: []featuregate.Feature{"WindowsHostProcessContainers"},
generateFail: func(p *corev1.Pod) []*corev1.Pod {
p = ensureSecurityContext(p)
if p.Spec.SecurityContext.WindowsOptions == nil {
Expand Down