From b57e73ab90abf887038e5a56fbe9ee7f1d26540e Mon Sep 17 00:00:00 2001 From: Patrick Lang Date: Wed, 20 Nov 2019 01:41:19 -0800 Subject: [PATCH] Update RunAsUsername to beta (#17460) * doc:Update RunAsUsername to beta * doc: update samples - kubernetes.io/os is no longer beta * Updating based on review feedback --- .../configure-runasusername.md | 14 ++------------ .../windows/run-as-username-container.yaml | 2 +- .../en/examples/windows/run-as-username-pod.yaml | 2 +- 3 files changed, 4 insertions(+), 14 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-runasusername.md b/content/en/docs/tasks/configure-pod-container/configure-runasusername.md index 54bafcf3731bf..8fecb6535c1d8 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-runasusername.md +++ b/content/en/docs/tasks/configure-pod-container/configure-runasusername.md @@ -6,12 +6,12 @@ weight: 20 {{% capture overview %}} -{{< feature-state for_k8s_version="v1.16" state="alpha" >}} +{{< feature-state for_k8s_version="v1.17" state="beta" >}} This page shows how to enable and use the `RunAsUserName` feature for pods and containers that will run on Windows nodes. This feature is meant to be the Windows equivalent of the Linux-specific `runAsUser` feature, allowing users to run the container entrypoints with a different username that their default ones. {{< note >}} -Currently this feature is in alpha state. The overall functionality of the feature will not change, but there may be some changes regarding the username validation. Please take this into consideration when testing or adopting this feature. +This feature is in beta. The overall functionality for `RunAsUserName` will not change, but there may be some changes regarding the username validation. {{< /note >}} {{% /capture %}} @@ -20,16 +20,6 @@ Currently this feature is in alpha state. The overall functionality of the featu You need to have a Kubernetes cluster and the kubectl command-line tool must be configured to communicate with your cluster. The cluster is expected to have Windows worker nodes where pods with containers running Windows workloads will get scheduled. - -### Enable the WindowsRunAsUserName feature gate - -In the alpha state, the `WindowsRunAsUserName` feature gate needs to be enabled on the `kube-apiserver` service. Without it, the `runAsUserName` field will be dropped from the pod's, container's, and init container's SecurityContexts. See [Feature Gates](/docs/reference/command-line-tools-reference/feature-gates/) for an explanation of enabling feature gates. Please make sure `feature-gates=WindowsRunAsUserName=true` parameter exists in the `kube-apiserver` command line. - -{{% /capture %}} - -{{% capture steps %}} - - ## Set the Username for a Pod To specify the username with which to execute the Pod's container processes, include the `securityContext` field ([PodSecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritycontext-v1-core) in the Pod specification, and within it, the `windowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core) field containing the `runAsUserName` field. diff --git a/content/en/examples/windows/run-as-username-container.yaml b/content/en/examples/windows/run-as-username-container.yaml index beba04f42028e..77b7b2d18813b 100644 --- a/content/en/examples/windows/run-as-username-container.yaml +++ b/content/en/examples/windows/run-as-username-container.yaml @@ -14,4 +14,4 @@ spec: windowsOptions: runAsUserName: "ContainerAdministrator" nodeSelector: - beta.kubernetes.io/os: windows + kubernetes.io/os: windows diff --git a/content/en/examples/windows/run-as-username-pod.yaml b/content/en/examples/windows/run-as-username-pod.yaml index 38c04978b1450..281bbda597e38 100644 --- a/content/en/examples/windows/run-as-username-pod.yaml +++ b/content/en/examples/windows/run-as-username-pod.yaml @@ -11,4 +11,4 @@ spec: image: mcr.microsoft.com/windows/servercore:ltsc2019 command: ["ping", "-t", "localhost"] nodeSelector: - beta.kubernetes.io/os: windows + kubernetes.io/os: windows