From 30f807a375ca617a8bb4c5ef01f8a1c0bd736e42 Mon Sep 17 00:00:00 2001 From: mesutoezdil Date: Wed, 6 May 2026 21:58:10 +0200 Subject: [PATCH] docs(arch): update Kubernetes supervisor delivery to reflect init-container pattern PR #1154 replaced the hostPath volume approach with an init container that copies the supervisor binary into a shared emptyDir. Two architecture docs still referenced the old hostPath pattern. Signed-off-by: mesutoezdil --- architecture/build-containers.md | 2 +- architecture/podman-driver.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/architecture/build-containers.md b/architecture/build-containers.md index 61cfe9d89..6ed267c6f 100644 --- a/architecture/build-containers.md +++ b/architecture/build-containers.md @@ -38,7 +38,7 @@ The `openshell-sandbox` supervisor is delivered by the selected compute driver: | Driver | Supervisor delivery | |---|---| -| Kubernetes | Sandbox pod image or Kubernetes driver pod template configuration. | +| Kubernetes | Init container copies the supervisor binary from the supervisor image into an `emptyDir` volume shared with the sandbox container. Configured via `supervisor_image` / `supervisor_image_pull_policy` in `KubernetesComputeConfig`. | | Docker | Local supervisor binary or supervisor image extraction configured by the gateway. | | Podman | Read-only OCI image volume from the `supervisor-output` image. | | VM | Embedded in the VM runtime rootfs. | diff --git a/architecture/podman-driver.md b/architecture/podman-driver.md index c6fcfdb0d..1c805e0cb 100644 --- a/architecture/podman-driver.md +++ b/architecture/podman-driver.md @@ -84,7 +84,7 @@ All capabilities are only available to the supervisor process. Sandbox child pro ## Supervisor Sideloading -The supervisor binary is delivered to sandbox containers via Podman's OCI image volume mechanism, distinct from both the Kubernetes hostPath approach and the VM's embedded rootfs. +The supervisor binary is delivered to sandbox containers via Podman's OCI image volume mechanism, distinct from the Kubernetes init-container approach (which copies the binary into an `emptyDir` volume) and the VM's embedded rootfs. ```mermaid sequenceDiagram