Initial additions of sandboxed containers

2026-02-05 12:46:18 +01:00 · 2021-03-29 16:42:10 -04:00
parent 33d78853d6
commit 7934758fee
20 changed files with 177 additions and 0 deletions
--- a/_topic_map.yml
+++ b/_topic_map.yml
@@ -1653,6 +1653,17 @@ Topics:
 - Name: Disabling Windows container workloads
  File: disabling-windows-container-workloads
 ---
+Name: Sandboxed Container Support for OpenShift
+Dir: sandboxed_containers
+Distros: openshift-origin,openshift-enterprise
+Topics:
+- Name: Understanding OpenShift sandboxed containers
+  File: understanding-sandboxed-containers
+- Name: Deploying sandboxed containers workloads
+  File: deploying-sandboxed-container-workloads
+- Name: Disabling sandboxed container workloads
+  File: disabling-sandboxed-container-workloads
+---
 Name: Logging
 Dir: logging
 Distros: openshift-enterprise,openshift-origin,openshift-dedicated
--- a/modules/common-attributes.adoc
+++ b/modules/common-attributes.adoc
@@ -26,6 +26,8 @@ endif::[]
 :cloud-redhat-com: Red Hat OpenShift Cluster Manager
 :rh-storage-first: Red Hat OpenShift Container Storage
 :rh-storage: OpenShift Container Storage
+:sandboxed-containers-first: OpenShift sandboxed containers
+:sandboxed-containers: Sandboxed Containers Operator
 :rh-virtualization-first: Red Hat Virtualization (RHV)
 :rh-virtualization: RHV
 ifdef::openshift-origin[]
--- a/modules/sandboxed-containers-about-sandboxing.adoc
+++ b/modules/sandboxed-containers-about-sandboxing.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/understanding_sandboxed_containers.adoc
+
+[id="about-sandboxing_{context}"]
+
+= About sandboxing
--- a/modules/sandboxed-containers-building-blocks.adoc
+++ b/modules/sandboxed-containers-building-blocks.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/understanding_sandboxed_containers.adoc
+
+[id="sandboxed-containers-building-blocks_{context}"]
+
+= Sandboxed containers building blocks
--- a/modules/sandboxed-containers-installing-operator-cli.adoc
+++ b/modules/sandboxed-containers-installing-operator-cli.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-installing-operator-cli_{context}"]
+
+= Installing the Sandboxed Containers Operator using the CLI
--- a/modules/sandboxed-containers-installing-operator-web-console.adoc
+++ b/modules/sandboxed-containers-installing-operator-web-console.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-installing-operator-web-console_{context}"]
+
+= Installing the Sandboxed Containers Operator using the web console
--- a/modules/sandboxed-containers-installing-operator.adoc
+++ b/modules/sandboxed-containers-installing-operator.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="installing-sandboxed-container-operator_{context}"]
+
+= Installing the Sandboxed Containers Operator
--- a/modules/sandboxed-containers-limitations.adoc
+++ b/modules/sandboxed-containers-limitations.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/understanding_sandboxed_containers.adoc
+
+[id="sandboxed-containers-limitations_{context}"]
+
+= Limitations
--- a/modules/sandboxed-containers-os-extensions.adoc
+++ b/modules/sandboxed-containers-os-extensions.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/understanding_sandboxed_containers.adoc
+
+[id="sandboxed-containers-os-extensions_{context}"]
+
+= OS extensions
--- a/modules/sandboxed-containers-preparing-openshift-cluster.adoc
+++ b/modules/sandboxed-containers-preparing-openshift-cluster.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-preparing-openshift-cluster_{context}"]
+
+= Preparing your cluster for OpenShift sandboxed containers
--- a/modules/sandboxed-containers-scheduling-workloads.adoc
+++ b/modules/sandboxed-containers-scheduling-workloads.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-scheduling-workloads_{context}"]
+
+= Scheduling sandboxed containers workloads
--- a/modules/sandboxed-containers-selecting-nodes.adoc
+++ b/modules/sandboxed-containers-selecting-nodes.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-selecting-nodes_{context}"]
+
+= Selecting nodes for OpenShift sandboxed containers
--- a/modules/sandboxed-containers-triggering-installation-kata-runtime.adoc
+++ b/modules/sandboxed-containers-triggering-installation-kata-runtime.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-triggering-installation-kata-runtime_{context}"]
+
+= Triggering the installation of the Kata runtime
--- a/modules/sandboxed-containers-uninstalling-kata-runtime.adoc
+++ b/modules/sandboxed-containers-uninstalling-kata-runtime.adoc
@@ -0,0 +1,20 @@
+//Module included in the following assemblies:
+//
+// *disabling-sandboxed-container-workloads.adoc
+
+[id="sandboxed-containers-uninstalling-kata-runtime_{context}"]
+
+= Uninstalling the Kata runtime
+
+This section describes how to remove and uninstall the `kata` runtime and all its related resources, such as CRI-O config and `RuntimeClass`, from from your cluster.
+
+.Procedure
+
+- Delete the `KataConfig` custom resource:
+
+[source,terminal]
+----
+oc delete kataconfig <KataConfig_CR_Name>
+----
+
+The {sandboxed-containers} removes all resources that were initially created to enable the runtime on your cluster. After you run the command above, your cluster is restored to the state prior to the installation process.
--- a/modules/sandboxed-containers-viewing-workloads-from-cli.adoc
+++ b/modules/sandboxed-containers-viewing-workloads-from-cli.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-viewing-workloads-from-cli_{context}"]
+
+= Viewing sandboxed containers workloads from the CLI
--- a/modules/sandboxed-containers-viewing-workloads-from-web-console.adoc
+++ b/modules/sandboxed-containers-viewing-workloads-from-web-console.adoc
@@ -0,0 +1,7 @@
+//Module included in the following assemblies:
+//
+// * sandboxed_containers/deploying_sandboxed_containers.adoc
+
+[id="sandboxed-containers-viewing-workloads-from-web-console_{context}"]
+
+= Viewing sandboxed containers workloads from the web console
--- a/sandboxed_containers/deploying-sandboxed-container-workloads.adoc
+++ b/sandboxed_containers/deploying-sandboxed-container-workloads.adoc
@@ -0,0 +1,16 @@
+[id="deploying-sandboxed-containers-workloads"]
+= Deploying OpenShift sandboxed containers workloads
+include::modules/common-attributes.adoc[]
+:context: deploying-sandboxed-containers
+
+toc::[]
+
+include::modules/sandboxed-containers-installing-operator.adoc[leveloffset=+1]
+include::modules/sandboxed-containers-preparing-openshift-cluster.adoc[leveloffset=+2]
+include::modules/sandboxed-containers-installing-operator-web-console.adoc[leveloffset=+2]
+include::modules/sandboxed-containers-installing-operator-cli.adoc[leveloffset=+2]
+include::modules/sandboxed-containers-triggering-installation-kata-runtime.adoc[leveloffset=+2]
+include::modules/sandboxed-containers-selecting-nodes.adoc[leveloffset=+2]
+include::modules/sandboxed-containers-scheduling-workloads.adoc[leveloffset=+1]
+include::modules/sandboxed-containers-viewing-workloads-from-web-console.adoc[leveloffset=+1]
+include::modules/sandboxed-containers-viewing-workloads-from-cli.adoc[leveloffset=+1]
--- a/sandboxed_containers/disabling-sandboxed-container-workloads.adoc
+++ b/sandboxed_containers/disabling-sandboxed-container-workloads.adoc
@@ -0,0 +1,8 @@
+[id="disabling-sandboxed-containers-workloads"]
+= Disabling OpenShift sandboxed containers workloads
+include::modules/common-attributes.adoc[]
+:context: disabling-sandboxed-containers
+
+toc::[]
+
+include::modules/sandboxed-containers-uninstalling-kata-runtime.adoc[leveloffset=+1]
--- a/sandboxed_containers/modules
+++ b/sandboxed_containers/modules
@@ -0,0 +1 @@
+../modules
--- a/sandboxed_containers/understanding-sandboxed-containers.adoc
+++ b/sandboxed_containers/understanding-sandboxed-containers.adoc
@@ -0,0 +1,28 @@
+[id="understanding-sandboxed-containers"]
+= Understanding OpenShift sandboxed containers
+include::modules/common-attributes.adoc[]
+
+:context: understanding-sandboxed-containers
+
+toc::[]
+
+[role="_abstract"]
+
+{sandboxed-containers-first} support for {product-title} provides users with built-in support for running Kata Containers as an additional optional runtime. This is particularly useful for users who are wanting to perform the following tasks:
+
+- Run privileged or untrusted workloads.
+- Ensure kernel isolation for each workload.
+- Share the same workload across tenants.
+- Ensure proper isolation and sandboxing for testing software.
+- Ensure default resource containment through VM boundaries.
+
+Furthermore, {sandboxed-containers-first} provide an additional option for users to choose from the type of workload they want to run to cover a wide variety of use cases.
+
+Sandboxed containers are only supported on bare metal.
+
+{op-system-first} is the only supported operating system for {product-title} 4.8.
+
+include::modules/sandboxed-containers-about-sandboxing.adoc[leveloffset=+1]
+include::modules/sandboxed-containers-building-blocks.adoc[leveloffset=+1]
+include::modules/sandboxed-containers-os-extensions.adoc[leveloffset=+1]
+include::modules/sandboxed-containers-limitations.adoc[leveloffset=+1]