You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/concepts/workloads/pods/_index.md
+12-3Lines changed: 12 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -289,9 +289,18 @@ section.
289
289
290
290
## Privileged mode for containers
291
291
292
-
In Linux, any container in a Pod can enable privileged mode using the `privileged` (Linux) flag on the [security context](/docs/tasks/configure-pod-container/security-context/) of the container spec. This is useful for containers that want to use operating system administrative capabilities such as manipulating the network stack or accessing hardware devices.
293
-
294
-
If your cluster has the `WindowsHostProcessContainers` feature enabled, you can create a [Windows HostProcess pod](/docs/tasks/configure-pod-container/create-hostprocess-pod) by setting the `windowsOptions.hostProcess` flag on the security context of the pod spec. All containers in these pods must run as Windows HostProcess containers. HostProcess pods run directly on the host and can also be used to perform administrative tasks as is done with Linux privileged containers.
In Linux, any container in a Pod can enable privileged mode using the `privileged` (Linux) flag
295
+
on the [security context](/docs/tasks/configure-pod-container/security-context/) of the
296
+
container spec. This is useful for containers that want to use operating system administrative
297
+
capabilities such as manipulating the network stack or accessing hardware devices.
298
+
299
+
In Windows, you can create a [Windows HostProcess pod](/docs/tasks/configure-pod-container/create-hostprocess-pod)
300
+
by setting the `windowsOptions.hostProcess` flag on the security context of the pod spec. All containers in these
301
+
pods must run as Windows HostProcess containers. HostProcess pods run directly on the host and can also be used
302
+
to perform administrative tasks as is done with Linux privileged containers. In order to use this feature, the
303
+
`WindowsHostProcessContainers`[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) must be enabled.
295
304
296
305
{{< note >}}
297
306
Your {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}} must support the concept of a privileged container for this setting to be relevant.
0 commit comments