Merge pull request #267382 from AbelHu/abelch/update-win-hpc-example

{AKS} update Windows host process containers

Author: prmerger-automator[bot]

articles/aks/node-access.md

@@ -172,6 +172,56 @@ To connect to another node in the cluster, use the `kubectl debug` command. For
     >  ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p [email protected]' -o PreferredAuthentications=password [email protected]
     > ```
 
+## Use Host Process Container to access Windows node
+
+1. Create `hostprocess.yaml` with the following content and replacing `AKSWINDOWSNODENAME` with the AKS Windows node name.
+
+    ```yaml
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      labels:
+        pod: hpc
+      name: hpc
+    spec:
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: "NT AUTHORITY\\SYSTEM"
+      hostNetwork: true
+      containers:
+        - name: hpc
+          image: mcr.microsoft.com/windows/servercore:ltsc2022 # Use servercore:1809 for WS2019
+          command:
+            - powershell.exe
+            - -Command
+            - "Start-Sleep 2147483"
+          imagePullPolicy: IfNotPresent
+      nodeSelector:
+        kubernetes.io/os: windows
+        kubernetes.io/hostname: AKSWINDOWSNODENAME
+      tolerations:
+        - effect: NoSchedule
+          key: node.kubernetes.io/unschedulable
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/network-unavailable
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+    ```
+
+2. Run `kubectl apply -f hostprocess.yaml` to deploy the Windows host process container (HPC) in the specified Windows node.
+
+3. Use `kubectl exec -it [HPC-POD-NAME] -- powershell`.
+
+4. You can run any PowerShell commands inside the HPC container to access the Windows node.
+
+> [!Note]
+>
+> You need to switch the root folder to `C:\` inside the HPC container to access the files in the Windows node.
+
 ## SSH using Azure Bastion for Windows
 
 If your Linux proxy node isn't reachable, using Azure Bastion as a proxy is an alternative. This method requires that you set up an Azure Bastion host for the virtual network in which the cluster resides. See [Connect with Azure Bastion][azure-bastion] for more details.

articles/aks/use-windows-hpc.md

@@ -32,13 +32,12 @@ To use HostProcess features with your deployment, set *hostProcess: true* and *h
 ```yaml
     spec:
       ...
-      containers:
-          ...
-          securityContext:
-            windowsOptions:
-              hostProcess: true
-              ...
+      securityContext:
+         windowsOptions:
+           hostProcess: true
+           ...
       hostNetwork: true
+      containers:
       ...
 ```
 
@@ -63,21 +62,18 @@ spec:
     spec:
       nodeSelector:
         kubernetes.io/os: windows
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: "NT AUTHORITY\\SYSTEM"
+      hostNetwork: true
       containers:
         - name: powershell
-          image: mcr.microsoft.com/powershell:lts-nanoserver-1809
-          securityContext:
-            windowsOptions:
-              hostProcess: true
-              runAsUserName: "NT AUTHORITY\\SYSTEM"
+          image: mcr.microsoft.com/powershell:lts-nanoserver-1809 # or lts-nanoserver-ltsc2022
           command:
-            - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
-            - -command
-            - |
-              $AdminRights = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")
-              Write-Host "Process has admin rights: $AdminRights"
-              while ($true) { Start-Sleep -Seconds 2147483 }
-      hostNetwork: true
+            - powershell.exe
+            - -Command
+            - Start-Sleep -Seconds 2147483
       terminationGracePeriodSeconds: 0
 ```