From 3bd458c31c8048e8c4e46fa0e0f645dc0c52a460 Mon Sep 17 00:00:00 2001 From: Michael Burke Date: Tue, 8 Apr 2025 13:06:22 -0400 Subject: [PATCH] WMCO remove Hyper-V statements as it is not supported --- .../understanding-windows-container-workloads.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows_containers/understanding-windows-container-workloads.adoc b/windows_containers/understanding-windows-container-workloads.adoc index 24ecf7f95c..d67ad341d9 100644 --- a/windows_containers/understanding-windows-container-workloads.adoc +++ b/windows_containers/understanding-windows-container-workloads.adoc @@ -14,7 +14,7 @@ Multi-tenancy for clusters that have Windows nodes is not supported. Clusters ar Hostile multi-tenant clusters introduce security concerns in all Kubernetes environments. Additional security features like link:https://kubernetes.io/docs/concepts/policy/pod-security-policy/[pod security policies], or more fine-grained role-based access control (RBAC) for nodes, make exploiting your environment more difficult. However, if you choose to run hostile multi-tenant workloads, a hypervisor is the only security option you should use. The security domain for Kubernetes encompasses the entire cluster, not an individual node. For these types of hostile multi-tenant workloads, you should use physically isolated clusters. -Windows Server Containers provide resource isolation using a shared kernel but are not intended to be used in hostile multitenancy scenarios. Scenarios that involve hostile multitenancy should use Hyper-V Isolated Containers to strongly isolate tenants. +Windows Server Containers provide resource isolation using a shared kernel but are not intended to be used in hostile multitenancy scenarios. ==== [role="_additional-resources"]