►
Description
Impromptu Live Stream on the KPNG Windows Proxy and codebase with Microsoft
A
A
A
A
You
can
totally
use
this
workflow
dimitri.
So
what
I
do
is
I
compile
right
like
I,
you
know
you
just
get
go
laying
18
and
then
you
just
clone
down
this
pull
request,
and
then
you
just
run
make
windows.
Okay,
so
that's
not
a
hard
thing
to
do
like
I
can
just.
I
could
probably
just
do
it
here
right.
I
could
just
see
the
this.
A
A
A
A
Make
sure
I
have
the
right
goaling
version
here
there
we
go
okay,
so
you
so
this
is
going
118..
You
need
to
make
sure
you
have
that
okay,
so
now
this
is
going
to
compile
and
and
like.
Ultimately,
once
it's
done
compiling
you
you're
going
to
get
you're
gonna
get
you're
gonna
get
a
binary
right
and
then,
if
I
do
cd
source
have
you
heard
of
sig
windows,
devtools,
dimitri.
C
A
A
B
D
A
B
A
So
then,
what
you
do
is
you
you
pull
that
down
and
then
you
just
run
these
two
commands.
You
you
create
these
new
network,
firewall
rules,
and
these
I
got
from
the
calico
installation
because
calico
when
you
install
the
calico
coupe
proxy
in
kernel
space,
it
does
these
two
commands.
Okay
and
this
sort
of
sets
up
your
new
hns
network.
So
I
just
literally
run
these.
I
copy
paste
them
and
I
just
run
them
in
the
terminal.
So
I'll
just
like
run
this
one.
A
D
B
B
B
C
B
A
A
A
A
A
A
C
A
A
A
A
A
A
A
A
A
A
A
This
so
so
what
this
is
doing
what's
happening
now:
okay,
let's
kill
this,
so
you
can
see
what's
actually
happening
right
so
what's
happening
is
this
is
serving
a
grpc
endpoint
up,
okay
and
that
grpc
endpoint,
similar
to
kind
of
I
explained
a
little
bit
of
this
I
think
yesterday
to
or
I
don't
know,
if
did
I
so?
What
it's
doing
here?
Okay,
is
kpng,
takes
everything
in
the
api
server
and
then
makes
a
single
yaml
hierarchical
representation
of
the
kubernetes
network
space.
Okay.
A
A
A
The
the
existing
entry
coupe
proxy
in
memory
code
is
then
sort
of
wrapped
and
triggered
from
kpng,
and
so
the
kernel
space
that
you're
used
to
working
on
will
make
sense
from
here
on
down.
Does
that
make
sense?
That's
kind
of
the
most
important
thing
to
understand
here,
dimitri.
Is
that,
like
this
sync
dot
go?
C
C
A
A
That
said,
once
these
new
one,
I
feel
like
it's
not
a
lot
of
work,
especially
if
you
understand
the
windows
networking
model
the
way
you
all
do.
I
feel
like
it's
not
going
to
be
too
bad
to
finish
getting
the
the
windows
proxy
working
and
then
at
that
point
we
can
sort
of
say.
Okay,
now
we
at
some
point
for
the
future.
We
want
to
rebuild
the
entire
windows
proxy
to
use
this
pure
grpc
state,
that's
probably
what
we're
going
to
do
with
iptables.
A
The
first
thing
we
did
with
iptables,
because
it's
the
most
common
implementation
of
coop
proxy
for
linux
is,
we
just
took
all
the
logic
from
the
old
proxy
and
put
it
in
there
just
so,
we
could
really
show
that
all
the
tests
pass
and
then
now
people
are
starting
to
sort
of
think
about
like
what's
the
next.
When
are
we
going
to
be
able
to
make
the
iptables
implementation
truly
modernized
with
the
with
the
full-blown
sort
of
stateless
kpg
implementation,
so
the
overall
architecture-
I
probably
didn't.
A
So
what
I
just
showed
you
is
the
windows
kernel
space
back
end,
and
so
that's
called
a
sync
right,
and
so
that
code
then
flows
into
the
back
end
and
then
the
back
end
goes
and
writes
the
iptables
rules
right
or
the
I'm
sorry.
The
windows
networking
rules
right.
So
the
back
end,
in
other
words,
is
down
here
and
the
the
the
sort
of
global
data
model
is
here
right.
So
the
back
end
is
communicating
to
this
this
one-
and
this
is
pretty
easy
to
do
in
this
vagrant
setup,
because
the
ips
are
hard-coded.
A
10.20.30.11
is
going
to
be
your
ip
address
of
your
windows
node,
so
you
can
see
the
windows
node
is
checking
in
and
10.20.30.10
is
the
ip
address
of
the
linux
of
the
linux
node.
And
when
you
run
the
sig
windows,
dev
tools
you
just
run,
all
you
have
to
do
is
sort
of
comment
out
the
cni
part,
because
you
don't
want
to
install
calico
when
you're
testing
this,
because
calico
will
try
to
install
its
own
coop
proxy.
A
A
A
A
If
you
wanted
to
see
an
eye
in
my
experience,
you
don't
need
a
cni,
because
just
to
you
can
test
the
cube
proxy
without
a
cni
right,
because
if
you,
if
you
can
get
coordinates,
endpoints
being
written
on
that
windows
node
right,
then
you
know
that
that
the
proxy's
working
and
you
don't
need
a
cni
in
order
to
do
that
because
you're,
because
your
linux
cni,
is
working
right,
you
do
have
the
sienna.
You
know
you
do
have
end
points.
I'm
sorry
you
do
have
you
know
you.
C
A
A
Yeah
right
now,
it's
not
yeah
right
now,
it's
not
it's
not
fully
working
yet
so,
in
fact,
not
only
is
it
not
fully
working
but
matt
fixed
a
that
pushed
a
break
to
it,
something
that
broke
something
so
so
that's
that's
kind
of
where
we're
at
though,
where
we're
at
is
that
we
have,
we
have
it
compiling.
We
have
it
building
the
windows
binary.
A
We
have
it
connected
to
the
kpng
back
end,
but
it's
not
yet.
Writing
the
windows.
Networking
rules
out.
It's
not
making
the
calls
to
the
hns
api
to
write
out
those
windows,
networking
rules
yet
and
normally
normally
this
works.
So
I'm
kind
of
surprised
that,
like
that
hns
network
thing
that
I
tried
to
do
didn't
work,
maybe.
A
A
A
A
That
is
really
deeply
deeply
invested
in
the
windows,
networking
side,
full-time
kind
of
and
because
what
we
need
to
do,
which
is
what
we
had
to
do
with
iptables
right
is
we
just
need
to
make
sure
that
we
plumb
in
the
the
details
of
the
implementation
correctly,
because
you
know
the
fundamental
thing
that
happens
when
you
do
a
kp
g
proxy,
that
you
don't
have
this
problem
with
the
existing
coup
proxy
right,
because
it's
already
been
solved
in
the
existing
one.
The
fundamental
thing
is
really
simple:
you.
A
Yes
right!
So
so
so
the
kpng
doesn't
model
that
windows
specific
data
right,
and
so
since
that
model
is
it's
it's
bringing
in
the
abstract
model
of
a
kubernetes
endpoint
right
since
it's
bringing
that
in
what
we
need
to
do
is
just
make
sure
that
we,
when
we
get
grab
those
hns
ids,
just
like
we
do
in
the
existing
coupe
proxy.
We
just
need
to
cache
that
data.
A
A
A
A
B
A
So
so
I
think
this
is
probably
like.
You
know,
you
know
and
then
like
to
do
the
nft
approach
again.
Now
that
you
understand
the
set
service
implementation,
like
that
approach,
is
you
just
implement
this
callback
function
right
and
then
what
what
he's
done
in
the
nft
approach
is
he's
created
this
concept
of
a
thing
called
a
diff
diff
set
where
you
write
to
a
you,
continue
writing
to
something
and
then
once
you're
done
writing
to
it.
A
You
say
I'm
done
writing
and
then
now
you
start
writing
again
and
the
second
time
that
you
start
writing
it's
capturing,
diffs,
and
so
the
diff
state
is
how
that
works.
It's
a
diff
capturing
tool
and
so
that,
rather
than
having
a
cache
it,
he
just
has
his
own
implementation
of
which
is
really
similar
to
what
the
existing
kernel
space
one
does
anyways,
because
it's
like
caching
diffs
in
its
own
way,
but
it's
just
a
much
more
elegant
implementation.
C
A
B
The
dimitri
is
actually
from
cloudbase,
so
yeah
we
have
a.
We
have
a
contract
with
cloudbase
to
improve
proxy
okay,
so
we
and
part
of
it
is
we
want
to
look
at
kpmg,
so
I
don't
know
if
dmitry
will
be
looking
at
this
long
term
or
not.
We
don't
have
a
very
long
term
contract,
yet
that
needs
to
be
hashed
out,
but
once
cervantes
back,
we
can
talk
about
the
long-term
sense
of
this
and
looking
at.
C
B
C
B
C
A
Everything
else
is
working,
and
so
you
know
it's
hard
because,
like
we,
we
have
one
bug
on
ip
tables
related
to
the
other
stuff,
but
but
you're
right,
like
the
longer
we
go
and
have
two
coup
proxies.
The
more
things
diverge,
which
is
why
I
just
did
this
hacky
stupid
implementation
to
start
because
I'm
like
well
at
least
maybe
we
can
get
this
working
and
then
move
the
community
towards
this
right.
A
So
that
that's
kind
of
why
we're
in
the
state
we're
in
right
is
it
like?
I
just
wanted
to
at
least
have
something
that
we
could
sort
of
start
to
hand
over
to
the
experts
that
was
kind
of
the
thinking
but
yeah.
Once
we
have
windows
kernel
space,
I
think
we
we
will
be
able
to
really
just
start
converging
all
of
the
proxy
logic
and
yeah
you're
right.
A
A
A
A
I
think
we
can
literally
just
everything
else
is
just
we
can
parallelize
all
the
other
work
that
comes
after
this
right,
because
we
can
literally
say:
okay,
let's
get
four
engineers
and
let's
just
have
them,
do
this
right
and
I
think
that'll
that'll
be
pretty
easy,
because
it's
just
a
matter
of
moving
code
around
and
updating
documentation
and
setting
up
ci
jobs
and
so
on
and
so
forth,
and
that
stuff
can
be
done
in
a
parallel
kind
of
way.
You
know.