►
Description
Impromptu Live Stream on the KPNG Windows Proxy and codebase with Microsoft
A
And
okay,
all
right-
we're
live
now
all
right,
so
right,
so
I'll
open
up
kpng
the
pull
request
on
this
side
over
here.
So
this
is
a
so.
This
is
a!
Let
me
put
the
thing
in
here:
windows,
kpng,
pr
and
setup.
A
All
right
I'll,
just
put
it
in
here
in
case
someone's
watching
all
right
cool
so
and
this
is
just
on
the
andrea
youtube
channel.
So
it's
just
networking
hacking
stuff.
So
it's
not
an
official
cncf
meeting
or
anything
like
that.
A
So
I'll
put
the
pull
request
over
here:
windows
kernel
space
that
we
have
okay,
and
so
this
is
mostly
compiling
now
and
on
the
right
over
here
I'll,
put
sort
of
the
instructions
that
I
have
on.
How
I
test
it
and
you
can
use
this.
A
You
can
totally
use
this
workflow
dimitri.
So
what
I
do
is
I
compile
right
like
I,
you
know
you
just
get
go
laying
18
and
then
you
just
clone
down
this
pull
request,
and
then
you
just
run
make
windows.
Okay,
so
that's
not
a
hard
thing
to
do
like
I
can
just.
I
could
probably
just
do
it
here
right.
I
could
just
see
the
this.
B
Is
on
the
linux
host
right.
A
Yeah
but-
and
I
only
do
it
on
linux,
because
when
I
do
it
in
when
I
do
this
in.
A
A
Yeah,
so
we're
gonna
have
to
ask
matt
where
the
hell
we
got
this
from,
so
he
can
get
blame
this
right.
Get
blame
okay,.
A
A
Make
sure
I
have
the
right
goaling
version
here
there
we
go
okay,
so
you
so
this
is
going
118..
You
need
to
make
sure
you
have
that
okay,
so
now
this
is
going
to
compile
and
and
like.
Ultimately,
once
it's
done
compiling
you
you're
going
to
get
you're
gonna
get
you're
gonna
get
a
binary
right
and
then,
if
I
do
cd
source
have
you
heard
of
sig
windows,
devtools,
dimitri.
A
A
I
don't
see
the
I
don't
see
it
so,
but
it's
okay,
I
don't
need
it,
I
can
go
and
I
can.
I
can
then
go
and
I
can
w
what
I
do
is
I
compile
it
on
a
remote
windows
box
and
a
remote
linux
box,
and
then
once
I
compile
it,
I
just
curl
it
down
like
this.
Okay.
B
D
A
B
A
So
then,
what
you
do
is
you
you
pull
that
down
and
then
you
just
run
these
two
commands.
You
you
create
these
new
network,
firewall
rules,
and
these
I
got
from
the
calico
installation
because
calico
when
you
install
the
calico
coupe
proxy
in
kernel
space,
it
does
these
two
commands.
Okay
and
this
sort
of
sets
up
your
new
hns
network.
So
I
just
literally
run
these.
I
copy
paste
them
and
I
just
run
them
in
the
terminal.
So
I'll
just
like
run
this
one.
A
D
B
B
C
B
A
A
C
I
I
actually
think
those
are
required.
I
have
the
same
requirement
for
flannel
when
installing.
A
A
In
any
case,
I
mean
it's
not
this
isn't
critical
to
what
I
was
going
to
show
you
anyways,
because
I
was
going
to
show
you
how
to
run
kp
g
right.
So
this
is
windows
stuff,
I'm
sure
you
all
can
figure
it
out.
A
So
now,
let's
go
here:
cd
source,
sig
windows,
dev
tools
and
let's
now
vagrant
ssh
control,
plane.
Okay,
so
now
I'm
in
the
control
plane
and
what
I'm
going
to
do
is
now
run
the
linux
binary,
and
this
is
the
part
that
I
really
needed
to
show
you
like,
so
to
run
the
linux
binary.
A
C
A
A
A
A
Okay,
there
we
go
okay,
so
now
you're
running
it
right.
So
now,
what's
happened.
Here
is
oh,
we
didn't
set
the
kube
network,
so
I
can
say,
like
kube
network
equals,
whatever
the
name
of
the
network
was
external.
I
guess.
A
A
B
Wait,
can
you
print
cube
network
just
run
cube
network
with
the
dollar
sign.
A
C
You
could
also
try
like
this.
A
A
A
This
so
so
what
this
is
doing
what's
happening
now:
okay,
let's
kill
this,
so
you
can
see
what's
actually
happening
right
so
what's
happening
is
this
is
serving
a
grpc
endpoint
up,
okay
and
that
grpc
endpoint,
similar
to
kind
of
I
explained
a
little
bit
of
this
I
think
yesterday
to
or
I
don't
know,
if
did
I
so?
What
it's
doing
here?
Okay,
is
kpng,
takes
everything
in
the
api
server
and
then
makes
a
single
yaml
hierarchical
representation
of
the
kubernetes
network
space.
Okay.
A
A
A
The
the
existing
entry
coupe
proxy
in
memory
code
is
then
sort
of
wrapped
and
triggered
from
kpng,
and
so
the
kernel
space
that
you're
used
to
working
on
will
make
sense
from
here
on
down.
Does
that
make
sense?
That's
kind
of
the
most
important
thing
to
understand
here,
dimitri.
Is
that,
like
this
sync
dot
go?
C
Basically,
we
don't
have
an
async
runner
that
will
run
30
30
seconds.
The
sync
will
be
triggered
by
these
four
methods.
A
Instead,
when
something
changes
kpng
this
linux
process
up
here,
we'll
talk
over
grpc
and
the
windows
process
here,
we'll
find
out
over
grpc
that
something
changed:
okay
and
then
the
specific
data
model
for
those
is
the
local
v-net
one
service
right
and
the
and
the
local
vnet
one
endpoint,
okay,
and
so
then
those
will
get
sent
in
and
then
everything
else
will
look
basically
the
same,
and
you
might
be
saying
well,
why
are
we
doing
the
same
thing?
C
A
Yeah,
okay,
so
this
service
endpoints.
This
does
essentially
the
same
thing,
but
but
what
it
does
is
it
takes
this
entire
data
structure,
all
of
these
services,
all
these
endpoints
and
it
sends
them
in
and
then
every
single
time
anything
changes.
A
All
the
data
is
updated
and
then
you
don't
need
any
of
these
caches
or
anything
else,
and
it
turns
out
that
this
is
actually
very
performant
when
you
do
it
over
grpc,
and
this
means
that
there's
just
this
is
a
much
more
elegant
implementation
of
the
kpng
proxy,
because
you're
not
reusing
the
old
code
from
the
old
proxy.
A
That
said,
once
these
new
one,
I
feel
like
it's
not
a
lot
of
work,
especially
if
you
understand
the
windows
networking
model
the
way
you
all
do.
I
feel
like
it's
not
going
to
be
too
bad
to
finish
getting
the
the
windows
proxy
working
and
then
at
that
point
we
can
sort
of
say.
Okay,
now
we
at
some
point
for
the
future.
We
want
to
rebuild
the
entire
windows
proxy
to
use
this
pure
grpc
state,
that's
probably
what
we're
going
to
do
with
iptables.
A
The
first
thing
we
did
with
iptables,
because
it's
the
most
common
implementation
of
coop
proxy
for
linux
is,
we
just
took
all
the
logic
from
the
old
proxy
and
put
it
in
there
just
so,
we
could
really
show
that
all
the
tests
pass
and
then
now
people
are
starting
to
sort
of
think
about
like
what's
the
next.
When
are
we
going
to
be
able
to
make
the
iptables
implementation
truly
modernized
with
the
with
the
full-blown
sort
of
stateless
kpg
implementation,
so
the
overall
architecture-
I
probably
didn't.
A
So
what
I
just
showed
you
is
the
windows
kernel
space
back
end,
and
so
that's
called
a
sync
right,
and
so
that
code
then
flows
into
the
back
end
and
then
the
back
end
goes
and
writes
the
iptables
rules
right
or
the
I'm
sorry.
The
windows
networking
rules
right.
So
the
back
end,
in
other
words,
is
down
here
and
the
the
the
sort
of
global
data
model
is
here
right.
So
the
back
end
is
communicating
to
this
this
one-
and
this
is
pretty
easy
to
do
in
this
vagrant
setup,
because
the
ips
are
hard-coded.
A
10.20.30.11
is
going
to
be
your
ip
address
of
your
windows
node,
so
you
can
see
the
windows
node
is
checking
in
and
10.20.30.10
is
the
ip
address
of
the
linux
of
the
linux
node.
And
when
you
run
the
sig
windows,
dev
tools
you
just
run,
all
you
have
to
do
is
sort
of
comment
out
the
cni
part,
because
you
don't
want
to
install
calico
when
you're
testing
this,
because
calico
will
try
to
install
its
own
coop
proxy.
A
A
A
A
If
you
wanted
to
see
an
eye
in
my
experience,
you
don't
need
a
cni,
because
just
to
you
can
test
the
cube
proxy
without
a
cni
right,
because
if
you,
if
you
can
get
coordinates,
endpoints
being
written
on
that
windows
node
right,
then
you
know
that
that
the
proxy's
working
and
you
don't
need
a
cni
in
order
to
do
that
because
you're,
because
your
linux
cni,
is
working
right,
you
do
have
the
sienna.
You
know
you
do
have
end
points.
I'm
sorry
you
do
have
you
know
you.
C
A
A
Yeah
right
now,
it's
not
yeah
right
now,
it's
not
it's
not
fully
working
yet
so,
in
fact,
not
only
is
it
not
fully
working
but
matt
fixed
a
that
pushed
a
break
to
it,
something
that
broke
something
so
so
that's
that's
kind
of
where
we're
at
though,
where
we're
at
is
that
we
have,
we
have
it
compiling.
We
have
it
building
the
windows
binary.
A
We
have
it
connected
to
the
kpng
back
end,
but
it's
not
yet.
Writing
the
windows.
Networking
rules
out.
It's
not
making
the
calls
to
the
hns
api
to
write
out
those
windows,
networking
rules
yet
and
normally
normally
this
works.
So
I'm
kind
of
surprised
that,
like
that
hns
network
thing
that
I
tried
to
do
didn't
work,
maybe.
A
A
A
But
okay
yeah,
I
I
think
we
we
definitely
will
want
to
solidify
that
for
sure
you
know,
but
right
now
I
have
a
development
environment
that
I
can
run
and
as
long
as
you
have
one
that
you
can
run,
I
think
all
that
really
matters
is.
You
know
that
we
start
sort
of
hacking
around
on
this.
A
That
is
really
deeply
deeply
invested
in
the
windows,
networking
side,
full-time
kind
of
and
because
what
we
need
to
do,
which
is
what
we
had
to
do
with
iptables
right
is
we
just
need
to
make
sure
that
we
plumb
in
the
the
details
of
the
implementation
correctly,
because
you
know
the
fundamental
thing
that
happens
when
you
do
a
kp
g
proxy,
that
you
don't
have
this
problem
with
the
existing
coup
proxy
right,
because
it's
already
been
solved
in
the
existing
one.
The
fundamental
thing
is
really
simple:
you.
A
We
just
need
to
make
sure
that,
like
this,
for
example,
when
you
set
an
endpoint
right,
this
local
v-net
endpoint,
that's
going
to
have
some
hns
metadata
associated
with
it
right
because
you're
going
to
make
an
api
call
to
hns
to
create
an
endpoint
and
then
that
endpoint
will
have
like
a
hash
right.
A
Yes
right!
So
so
so
the
kpng
doesn't
model
that
windows
specific
data
right,
and
so
since
that
model
is
it's
it's
bringing
in
the
abstract
model
of
a
kubernetes
endpoint
right
since
it's
bringing
that
in
what
we
need
to
do
is
just
make
sure
that
we,
when
we
get
grab
those
hns
ids,
just
like
we
do
in
the
existing
coupe
proxy.
We
just
need
to
cache
that
data.
A
So
I
I've
done
some
initial
caching
of
it
in
a
map
or
something
stupid
like
that
which
we
could
rethink
and
it'll
become
very
obvious
to
you
once
you
start
going
through
the
code
because
you'll
look
at
this
endpoint
update
and
you'll
see
what
that
calls
and
then
once
you
see
what
that
calls
it'll
be
kind
of
obvious
that
that's
calling
you'll
see
the
endpoint
update,
calling
and
then
that
ultimately
calls
the
update
pending
or
whatever,
and
at
some
point
once
that
update
is
pending.
A
A
B
Yeah
we
wanted
to
like
the
part
of
the
items
that
dmitry
was
looking
at,
was
simplifying
this
whole
huge
blob,
yeah.
A
A
B
A
So
so
I
think
this
is
probably
like.
You
know,
you
know
and
then
like
to
do
the
nft
approach
again.
Now
that
you
understand
the
set
service
implementation,
like
that
approach,
is
you
just
implement
this
callback
function
right
and
then
what
what
he's
done
in
the
nft
approach
is
he's
created
this
concept
of
a
thing
called
a
diff
diff
set
where
you
write
to
a
you,
continue
writing
to
something
and
then
once
you're
done
writing
to
it.
A
You
say
I'm
done
writing
and
then
now
you
start
writing
again
and
the
second
time
that
you
start
writing
it's
capturing,
diffs,
and
so
the
diff
state
is
how
that
works.
It's
a
diff
capturing
tool
and
so
that,
rather
than
having
a
cache
it,
he
just
has
his
own
implementation
of
which
is
really
similar
to
what
the
existing
kernel
space
one
does
anyways,
because
it's
like
caching
diffs
in
its
own
way,
but
it's
just
a
much
more
elegant
implementation.
A
That's
sort
of
really
easy
to
code
against,
so
you
could
sort
of
copy
the
nft
implementation
and
just
port
that
over
to
do
windows,
specific
logic
instead
of
nft
logic
right
and
that
that
would
be
another
way
to
do
the
same
thing
right.
A
C
A
B
The
dimitri
is
actually
from
cloudbase,
so
yeah
we
have
a.
We
have
a
contract
with
cloudbase
to
improve
proxy
okay,
so
we
and
part
of
it
is
we
want
to
look
at
kpmg,
so
I
don't
know
if
dmitry
will
be
looking
at
this
long
term
or
not.
We
don't
have
a
very
long
term
contract,
yet
that
needs
to
be
hashed
out,
but
once
cervantes
back,
we
can
talk
about
the
long-term
sense
of
this
and
looking
at.
C
B
Long-Term
design,
I
think,
probably
for
now
we
will
take
the
simple
approach
but
I'll
discuss
that
with
dmitry.
What
what
how
much
we
can
fit
in
and
we
need
to
weigh
the.
C
B
C
A
Everything
else
is
working,
and
so
you
know
it's
hard
because,
like
we,
we
have
one
bug
on
ip
tables
related
to
the
other
stuff,
but
but
you're
right,
like
the
longer
we
go
and
have
two
coup
proxies.
The
more
things
diverge,
which
is
why
I
just
did
this
hacky
stupid
implementation
to
start
because
I'm
like
well
at
least
maybe
we
can
get
this
working
and
then
move
the
community
towards
this
right.
A
So
that
that's
kind
of
why
we're
in
the
state
we're
in
right
is
it
like?
I
just
wanted
to
at
least
have
something
that
we
could
sort
of
start
to
hand
over
to
the
experts
that
was
kind
of
the
thinking
but
yeah.
Once
we
have
windows
kernel
space,
I
think
we
we
will
be
able
to
really
just
start
converging
all
of
the
proxy
logic
and
yeah
you're
right.
A
There
are
some
things
that
that
diverge
a
little
here
and
there
and
we're
just
gonna
have
to
before
we
cut
over
to
kpg
we're
just
going
to
have
to
audit
the
code
bases
and
make
sure
look
at
all
the
commits
and
make
sure
that
we've
ported
things
over
you
know
I
mean
and-
and
also
the
expectation
from
my
end-
is
that
the
end-to-end
tests
are
covering
things
right.
A
A
So
I
think
that
this
work
could
be
done
in
one
release
like,
I
think
I
think,
in
one
release
we
could
have
a
kpng
alpha
that
anybody
could
run
that
had
iptables
ipvs
and
windows,
support
and
and
as
soon
as
that,
alpha
came
out
like
we
could,
I
think,
as
soon
as
the
windows
thing
is
done,
we
could
like
merge
that
cap
and
then
we
could
have
a
kp
g
alpha
in
the
in
the
in
that
release,
right
or
in
the
following
release.
A
A
A
I
think
we
can
literally
just
everything
else
is
just
we
can
parallelize
all
the
other
work
that
comes
after
this
right,
because
we
can
literally
say:
okay,
let's
get
four
engineers
and
let's
just
have
them,
do
this
right
and
I
think
that'll
that'll
be
pretty
easy,
because
it's
just
a
matter
of
moving
code
around
and
updating
documentation
and
setting
up
ci
jobs
and
so
on
and
so
forth,
and
that
stuff
can
be
done
in
a
parallel
kind
of
way.
You
know.