k3s/pkg/agent/config/config_windows.go

44 lines
1.5 KiB
Go

//go:build windows
// +build windows
package config
import (
"path/filepath"
"github.com/k3s-io/k3s/pkg/agent/util/acl"
"github.com/k3s-io/k3s/pkg/cli/cmds"
"github.com/k3s-io/k3s/pkg/daemons/config"
"github.com/pkg/errors"
"golang.org/x/sys/windows"
)
func applyContainerdStateAndAddress(nodeConfig *config.Node) {
nodeConfig.Containerd.State = filepath.Join(nodeConfig.Containerd.Root, "state")
nodeConfig.Containerd.Address = "npipe:////./pipe/containerd-containerd"
}
func applyCRIDockerdAddress(nodeConfig *config.Node) {
nodeConfig.CRIDockerd.Address = "npipe:////.pipe/cri-dockerd"
}
func applyContainerdQoSClassConfigFileIfPresent(envInfo *cmds.Agent, containerdConfig *config.Containerd) {
// QoS-class resource management not supported on windows.
}
// configureACL will configure an Access Control List for the specified file,
// ensuring that only the LocalSystem and Administrators Group have access to the file contents
func configureACL(file string) error {
// by default Apply will use the current user (LocalSystem in the case of a Windows service)
// as the owner and current user group as the allowed group
// additionally, we define a DACL to permit access to the file to the local system and all administrators
if err := acl.Apply(file, nil, nil, []windows.EXPLICIT_ACCESS{
acl.GrantSid(windows.GENERIC_ALL, acl.LocalSystemSID()),
acl.GrantSid(windows.GENERIC_ALL, acl.BuiltinAdministratorsSID()),
}...); err != nil {
return errors.Wrapf(err, "failed to configure Access Control List For %s", file)
}
return nil
}