openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
a1756a02b227a10f70c3a9188a78b1c342da5cf2
openshift-docs/windows_containers/understanding-windows-container-workloads.adoc
Michael Burke 58ca2d09e4 WMCO remove Hyper-V statements as it is not supported
2025-05-22 14:07:05 +00:00

29 lines
2.1 KiB
Plaintext
Raw Blame History

:_mod-docs-content-type: ASSEMBLY
[id="understanding-windows-container-workloads"]
= Understanding Windows container workloads
include::_attributes/common-attributes.adoc[]
:context: understanding-windows-container-workloads
toc::[]
{productwinc} provides built-in support for running Microsoft Windows Server containers on {product-title}. For those that administer heterogeneous environments with a mix of Linux and Windows workloads, {product-title} allows you to deploy Windows workloads running on Windows Server containers while also providing traditional Linux workloads hosted on {op-system-first} or {op-system-base-full}.
[NOTE]
====
Multi-tenancy for clusters that have Windows nodes is not supported. Clusters are considered _multi-tenant_ when multiple workloads operate on shared infrastructure and resources. If one or more workloads running on an infrastructure cannot be trusted, the multi-tenant environment is considered _hostile_.
Hostile multi-tenant clusters introduce security concerns in all Kubernetes environments. Additional security features like link:https://kubernetes.io/docs/concepts/policy/pod-security-policy/[pod security policies], or more fine-grained role-based access control (RBAC) for nodes, make exploiting your environment more difficult. However, if you choose to run hostile multi-tenant workloads, a hypervisor is the only security option you should use. The security domain for Kubernetes encompasses the entire cluster, not an individual node. For these types of hostile multi-tenant workloads, you should use physically isolated clusters.
Windows Server Containers provide resource isolation using a shared kernel but are not intended to be used in hostile multitenancy scenarios.
====
[role="_additional-resources"]
.Additional resources
* See xref:../networking/ovn_kubernetes_network_provider/configuring-hybrid-networking.adoc#configuring-hybrid-ovnkubernetes_configuring-hybrid-networking[Configuring hybrid networking with OVN-Kubernetes]
include::modules/windows-workload-management.adoc[leveloffset=+1]
include::modules/windows-node-services.adoc[leveloffset=+1]
//modules/windows-linux-containers-differences.adoc[leveloffset=+1]
View Git Blame Copy Permalink