logo
allArticlesConferencesPresentations

Windows HostProcess Containers For Configuration And Beyond

Conference:  KubeCon + CloudNativeCon North America 2022

2022-10-26

Authors:   James Sturtevant, Mark Rossetti

Summary

Host process containers are a way to package, distribute, and deploy workloads as containers to Windows nodes, running as a process directly on the host, with almost full access to the host's file system, network stack, process space, and event viewers. This feature was designed to be Kubernetes first, allowing for familiar deployment and upgrade stories, and easy monitoring of workloads.
  • Host process containers are conceptually equivalent to privileged containers on Linux.
  • They allow for easy deployment and monitoring of workloads on Windows nodes.
  • They run as a process directly on the host, with almost full access to the host's resources.
  • This feature was designed to be Kubernetes first, allowing for familiar deployment and upgrade stories.
  • Contributing to the Kubernetes ecosystem through this feature is a great way to contribute to Windows.
The networking team used host process containers to identify an individual pod running in a 100 node cluster that was causing problems, enabling them to quickly resolve the issue.

Abstract

The days of needing custom scripts and hard-won knowledge to set up and configure Windows Server hosts are over. The new Windows HostProcess Container feature in Kubernetes has begun to close a major feature gap between Windows and Linux containers. We now have a way to carry out key tasks such as running kube-proxy and CNIs (Container Network Interface) as containers in the cluster. Beyond the basics, HostProcess containers also open the door to more effective logging, monitoring and debugging of the Windows environment.   In this session, we will cover the basics of using HostProcess containers and see how they differ from other Windows containers. After gaining an understanding of these differences, we will explore three examples covering the common use cases for HostProcess containers: CNIs, debugging, and on-demand monitoring. The attendees will see concrete examples of HostProcess Containers, novel approaches to debugging, and gain inspiration for new ways of interacting with Windows enabled clusters.
Materials:
Slides
Tags:
Windows Server
Kubernetes
containers
HostProcess containers
CNIs

Post a comment

Related work

Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework

Conference:  Defcon 31
Authors: Daniel Avinoam Security Researcher, Deep Instinct
2023-08-01

Debugging at Scale in Production - Deep into Your Containers with Kubectl Debug, KoolKits and Continuous Observability

Conference:  ContainerCon 2022
Authors: Shai Almog
2022-06-23

The COW (Container On Windows) Who Escaped the Silo

Conference:  Black Hat USA 2022
Authors:
2022-08-11

Preventing Controller Sprawl From Taking Down Your Cluster - When a Scalable Pattern Stops Being Scalable

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Madhu C.S.
2022-10-28

Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout

Conference:  Defcon 29
Authors:
2021-08-01

Zombie Ant Farming: Practical Tips for Playing Hide and Seek with Linux EDRs

Conference:  BlackHat USA 2019
Authors:
2019-08-08