Comments (6)
Roughly speaking the general workflow is like this:
- Setup a CCG instance by calling
HcsModifyServiceSettings
in theinternal/vmcompute
package to with aContainerCredentialGuardModifyOperation
of typeContainerCredentialGuardAddInstanceRequest
. - When creating the Container set the matching ContainerCredentialGuard here.
- If creating a Hypervisor container when creating the V2 UVM we need to set the Devices to include a
ServiceTable
entry for a HvSocketConfig that matches theID
of the created instance. Then in the hosted system do what #2 did. - When done remove the instance by issuing a
HcsModifyServiceSettings
with aContainerCredentialGuardModifyOperation
of typeContainerCredentialGuardRemoveInstanceRequest
And here is a definition of the types
type ContainerCredentialGuardTransport string
const (
CcgtLRPC ContainerCredentialGuardTransport = "LRPC"
CcgtHvSocket ContainerCredentialGuardTransport = "HvSocket"
)
type ContainerCredentialGuardState struct {
// Authentication cookie for calls to a Container Credential Guard instance.
Cookie string `json:"Cookie,omitempty"`
// Name of the RPC endpoint of the Container Credential Guard instance.
RpcEndpoint string `json:"RpcEndpoint,omitempty"`
// Transport used for the configured Container Credential Guard instance.
Transport string `json:"Transport,omitempty"`
// Credential spec used for the configured Container Credential Guard instance.
CredentialSpec string `json:"CredentialSpec,omitempty"`
}
type ContainerCredentialGuardHvSocketServiceConfig struct {
ServiceID Guid `json:"ServiceId"`
ServiceConfig *HvSocketServiceConfig `json:"ServiceConfig,omitempty"`
}
type ContainerCredentialGuardInstance struct {
ID string `json:"Id"`
CredentialGuard ContainerCredentialGuardState `json:"CredentialGuard"`
HvSocketConfig *ContainerCredentialGuardHvSocketServiceConfig `json:"HvSocketConfig,omitempty"`
}
type ContainerCredentialGuardSystemInfo struct {
Instances []ContainerCredentialGuardInstance `json:"Instances"`
}
type ContainerCredentialGuardAddInstanceRequest struct {
ID string `json:"Id"`
CredentialSpec string `json:"CredentialSpec"`
Transport ContainerCredentialGuardTransport `json:"Transport"`
}
type ContainerCredentialGuardRemoveInstanceRequest struct {
ID string `json:"Id"`
}
type ContainerCredentialGuardModifyOperation string
const (
CcgmoAddInstance ContainerCredentialGuardModifyOperation = "AddInstance"
CcgmoRemoveInstance ContainerCredentialGuardModifyOperation = "RemoveInstance"
)
type ContainerCredentialGuardOperationRequest struct {
Operation ContainerCredentialGuardModifyOperation `json:"Operation"`
OperationDetails interface{} `json:"OperationDetails"`
}
from hcsshim.
@jhowardmsft - Want to take a shot at this one?
from hcsshim.
@dmcgowan / @ddebroy - Here are some really rough notes. Some of this is already defined in internal/schema2
some needs to be added. But in general this is what is required here
from hcsshim.
@vikramhh - FYI as well
from hcsshim.
Thanks a lot! Will take a look
from hcsshim.
Closing as this work was merged awhile ago.
from hcsshim.
Related Issues (20)
- github.com/golang/mock/mockgen now included into callers HOT 2
- Windows Containers for GUI application
- Dynamic add MappedPipe to Silo unable to read HOT 6
- v0.11: dependency on `containerd/cgroups` was accidentally rolled back from v3 to v1? HOT 2
- Error in launching Windows container with GPU device in Hyper-v isolation HOT 1
- Feature request: ConPTY subpackage
- GitHub is showing deprecated v0.10.0 as "Latest release" HOT 1
- Where is the HNS/HCS Endpoint default DNS config? HOT 5
- containerd-shim-runhcs-v1 can't parse runtimeoptions.v1.Options
- windows server 2022: create HNSEndpoint error:The provided policy configuration is invalid or missing parameters.
- Update open-policy-agent dependency HOT 1
- "failed to create containerd task: failed to create shim task: hcs::CreateComputeSystem xxxxxxx--cid--xxxxxxxx : Access is denied.: unknown"
- questions w.r.t. "osversion" package HOT 2
- choco install magicsplat-tcl-tk fails with hcsshim::ImportLayer failed in Win32 HOT 1
- hcsshim::PrepareLayer failed in Win32: The system cannot find the path specified. (0x3) on Docker Desktop 4.28.0 (139021) HOT 1
- ORMergeHives - public documentation?
- Cannot create New-BCContainer: hcsshim::ExpandScratchSize failed in Win32: The system cannot find the file specified. "c:\bcartifacts.cache:c:\dl"
- Process running within Docker Container throws OOM error but container doesn't report the error when exited HOT 1
- v0.12.1 hash was changed? HOT 6
- [Feature Request] Provide details when throwing errors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hcsshim.