►
Description
Don't miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from 18 - 21 April, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A
Foreign
Welcome
to
Cloud
native,
live
where
we
dive
into
the
code
behind
Cloud
native
I'm,
Annie,
talvasto
and
I'm,
a
cncf
Ambassador
as
well
as
handling
marketing
and
vision.
I
will
be
your
host
tonight.
So
every
week
we
bring
a
newsletter
presenters
to
Showcase
how
to
work
with
cloud-related
Technologies.
A
They
will
build
things,
they
will
break
things
and
they
will
answer
all
of
your
questions,
so
you
can
join
us
every
Wednesday
to
watch
live
so
this
week
we
have
Reza
with
here
with
us
to
talk
about
exploring
kubernetes
Windows
host
process,
installer
very
exciting,
and
as
always,
this
is
an
official
live
stream
of
the
cncf
and
as
such
it
is
subject
to
the
cncf
code
of
conduct.
So
please
do
not
add
anything
to
the
chat
or
questions
that
will
be
in
violation
of
that
code
of
conduct.
B
Hello
everyone.
So
with
that
introduction,
let's
talk
about
host
process
installer,
my
name
is
Reza
I'm
a
developer
Advocate
at
tigera
and
tiger
is
the
company
behind
the
open
source
project
Calico.
B
This
webinar
is
divided
into
five
sections.
I'll
start
by
giving
you
an
overview
of
project
Calico,
then
I'm
going
to
briefly
talk
about
hybrid
clusters,
Windows
containers,
Windows
host
process
containers
and
at
the
end
there
is
a
Hands-On
Workshop
that
I
will
share
with
you,
but
don't
feel
overwhelmed.
If
you
are
new
to
cloud
and
Cloud
Journey,
there
is
a
slide
at
the
end
of
this
presentation,
which
gives
you
all
the
resources
that
you
need
in
order
to
run
the
same
thing
or
create
the
same
environment
both
locally
or
in
the
cloud.
B
If
you
got
any
questions,
please
feel
free
to
share
it
and
I'll
try
to
answer
it
by
the
end
of
this
webinar.
Keep
in
mind
that
you
can
run
the
demo
in
your
own
browser
when
I
share
the
QR
code,
instead
of
just
watching
me
pleading
to
the
demo
gods
for
favors.
B
So,
let's
start
by
checking
out
what
is
Project
Calico
project
Calico
is
an
active
Community
about
the
cloud.
Networking
and
security
feel
free
to
join
our
community.
Using
these
social
networking
handles
and.
A
B
The
conversation
where
you
need,
when
you
see
a
change
when
you
see
a
need
for
a
change,
oh
boy,
or
seek
help
for
your
Calico
Journey
from
developers
who
are
actively
working
on
the
project
and
if
you're,
already
a
Community
member,
you
might
find
our
Calico
big
cat
ambassador
program,
a
very
interesting
Next
Step.
B
Now
that
we
know
where
to
find
Calico.
Let's
talk
about
what
is
calico
project
Calico
is
a
community
behind
a
pure
layer,
3
approach
to
Virtual
networking
and
security
for
highly
scalable
data
centers.
We
offer
Calico
a
free
and
open
source.
Networking
and
network
security
solution
for
containers,
virtual
machines
and
Native
host
based
workloads,
Calico
supports
multiple
architectures
and
platforms,
and
it
is
designed
to
be
modular.
B
And
host
network
service
or
hns
for
Windows
environments,
this
flexibility
and
its
modular
architecture
makes
Calico
a
great
choice
for
any
environment
and
gives
you
the
required
tools
to
be
to
be
in
charge
of
your
software-defined
networking
Journey.
B
Okay,
now
that
we
have
a
better
understanding
about
calico,
let's
see
if
we
can
find
it
in
a
hybrid
cluster.
B
It
is
difficult
to
think
about
kubernetes
without
talking
about
Linux,
but
kubernetes
supports
a
broad
range
of
platforms.
For
example,
kubernetes
officially
supports
Windows,
and
if
you're
now
wondering
yes,
you
can
containerize
your
windows
applications
to
run
them
at
a
scale
by
using
the
same
tools
and
materials
that
you
already
are
using
for
your
Linux
containers,
but
before
jumping
into
transforming
all
your
workloads
into
containers
and
the
ammo
files,
there
are
a
few
requirements
that
we
need
to
discuss.
B
First
of
all,
windows
nodes
can
only
be
workers
in
a
kubernetes
environment,
which
means
that
you
will
need
a
Linux
control,
plane,
node
to
run
the
kubernetes
system.
Applications
in
your
cluster,
you
should
also
keep
in
mind
that
containerization
is
Fairly.
New
Concept
for
Windows,
so
make
sure
you're
using
a
recent
copy
of
Windows,
preferably
2019
or
above
another
thing
to
consider
is
the
version
of
your
kubernetes
cluster.
B
B
B
Okay,
now,
let's
talk
about
Windows
workloads.
B
All
right,
Linux
and
windows
containers
are
very
similar.
For
example,
you
can
run
a
Windows
container
in
both
on-prem
or
Cloud
environments,
which
will
allow
you
to
create
an
Agile
development
environment
in
your
Enterprise
local
Enterprise
locally,
or
deploy
your
application
at
a
scale
in
the
cloud.
B
Windows
containers
can
be
lightweight
which
can
help
you
to
minimize
the
attack
Surface
by
removing
unnecessary
libraries
from
your
production
environment
and
like
Linux.
They
offer
process
isolation
which
can
efficiently
divide
your
Hardware
resources
and
save
a
lot
of
costs
for
you
and
your
company,
and,
if
you're
wondering
why
there
are
stars
in
the
slide.
Well,
now
we're
getting
to
it
since
Linux
and
Windows
operating
systems
are
different
on
a
fundamental
level.
Some
of
the
capabilities
that
we
take
for
granted
in
a
Linux
environment
can
be
a
bit
more
complicated
for.
A
B
Windows
containers
are
highly
dependent
on
the
host
kernel,
so
in
the
container
build
process,
we
have
to
be
very
cautious
about
choosing
a
base
image
that
matches
the
underlying
host
or
the
whole
thing
doesn't
work,
and
you
will
see
a
lot
of
errors.
B
B
B
Okay.
Now,
let's
talk
about
host
process
containers
running
a
host
process
container
in
kubernetes
is
pretty
easy.
All
you
need
to
do
is
create
a
Windows
container
and
add
the
required
annotations
to
the
security
context
in
terms
of
pros
and
cons.
A
pro
is
that,
since
these
containers
run
with
direct
access
to
the
host,
there
will
be
no
compatibility
issues
and
similar
to
Linux
privilege
containers.
B
B
Just
to
make
a
note,
job
objects
are
different
from
kubernetes
jobs.
These
are
internal
Windows
objects
that
happening
inside
the
windows,
kernel,
which
is
a
break
from
previous
container
model
of
using
service
silos.
So
Silo
is
similar
to
a
name
to
space
like
an
isolated
place
that
you
can
stack
your
containers
into
it.
B
A
job
object
is
a
kernel
object
that
can
be
used
to
manage
and
group
processes
on
a
Windows
system.
It
provides
a
way
to
limit
CPU
memory
and
other
resources
that
a
group
of
processes
can
use
it's
similar
to
C
group
but
kind
of
different,
as
well
as
a
controller
process.
Life
cycle
silos
are
an.
B
Of
job
objects
they're,
primarily
their
primary
goal
is
to
encapsulate
as
much
of
Windows
user
experience
mode
as
it's
required
for
an
application
or
for
a
job.
There
are
two
types
of
silos:
application,
silos
and
server
silos
and
other
than
being
a
fun
game.
Whenever
I
mention
silos,
please
think
of
it,
as
so.
Whenever
I
mention
silos,
please
think
of
it
as
a
server
silo
all
right.
So
now
that
we
know
the
underlying
Technologies,
let's
put
them
on
the
board
before
we
get
to
the
demo.
B
Part
first
of
all,
container
management
components
are
part
of
the
root
Silo
in
Windows,
host
networking
service
or
hns,
and
host
compute
system
or
HCS
are
the
two
components
that
are
are
the
two
components
that
we
will
take.
A
look
at
the
host
compute
system.
Api
provides
the
functionality
to
start
and
control
both
VMS
and
containers
and
windows.
B
After
that,
hns
is
used
to
prepare
the
networking
requirement,
keep
in
mind
that
in
some
networking
cases,
both
hns
and
HCS
will
need
to
work
together
in
order
to
provide
the
functionality
container.
D
uses
something
called
HCS
Shem,
which
is
a
go
library
to
communicate
with
HCS,
and
then
HCS
will
invoke
that
cxse
service
inside
the
container
Silo,
which
is
an
isolated
part,
similar
to
name
a
spaces
and
for
the
networking
part
container,
D
communicates
with
hns
via
your
awesome
cni
to
handle
the
networking
part.
B
This
usually
happens
when
you
create
a
pod
in
kubernetes
kublet
orders
the
container
D
to
create
a
container
inside
a
container
Silo,
which
is
fully
isolated
from
the
root
silo
now
with
the
host
processes.
If
you
decide
to
create
a
host
process,
then
a
job
inside
a
rude
Silo
will
run
your
container,
allowing
it
to
access
your
host
resources.
B
And
all
right
I
know
about
you,
but
this
is
more
Concepts
that
I
can
handle
before
my
morning.
Coffee
is.
B
Awesome,
thank
you.
So
let's
switch
gears
and
try
the
demo
by
the
way
you
can
use
this
QR
code
to
run
the
demo
on
your
own
system
and
hopefully,
I
can
find
the
demo
as
well.
B
All
right,
so
the
demo
part
is
an
interactive
Workshop
I'm,
going
to
share
the
URL.
A
You
can
send
it
to
the
chat
on
the
down
below
and
I'll.
Send
it
then
to
the
audience
all.
A
B
Awesome
all
right
so,
while
we're
waiting
for
the
demo
to
start,
let's
talk
about
what
will
happen
so
in
this
demo,
you
will
get
the
chance
to
create
a
hybrid
cluster.
There
are
two
nodes,
a
Linux
and
of
a
nose
node.
B
You
will
read
about
the
stuff
that
you
can
do
in
order
to
join
these
notes
together.
After
that
there
will
be
an
introduction
to
those
process.
Installer,
you
will
install
the
cni
in
your
Linux
and
windows
node.
Then
you
will
use.
B
Policies
to
secure
your
application
and
yes,
there
will
be
an
a
Windows
application
that
you
will
deploy
into
your
cluster
in
order
to
understand,
like
get
a
better
understanding
of
how
these
things
works.
B
If
we
get
to
the
point
of
deploying
the
application,
I
will
show
you
the
Cs
xsc
service,
which
happens
in
a
container
silo
if
you're
doing
this
inside
a
local
environment,
you
can
also
use
CIS
internals.
A
B
Yes,
that
is
true
and
I
was
thinking
about
starting
it
beforehand,
but
somehow
I
forgot
so
jokes.
A
B
B
Yeah,
oh
one
more
thing
worth
mentioning
here
is
the
actual.
B
All
right,
so
this
one
is
the
most
important
resource
in
order
to
understand
kubernetes
and
it's
way
of
interacting
with
windows.
So
in
this
link
you
will
find
whose
processes
why
they
were
created.
What
is
the
motivation
like
how
they
interact
with
everything
and
what
is
the
next
step
in
terms
of
the
cloud
Journey
Cloud
Bank
of
Journey,
all
right?
So,
let's
start
it
now,
as
I
said,
there
are
two
nodes
here:
one
is
Windows
and
one
is
a.
A
B
Note
if
we
do
a
coupe
Kettle
get
nodes,
there
is
only
one
node
at
the
moment
in
our
kubernetes
cluster.
So
what
we
need
to
do
is
use
Cube
ADM
join
command.
B
As
you
can
see,
the
join
command
is
already
stored
in
the
windows.
Node,
all
you
need
to
do
is
run
the
join
pad
and
it
will
hopefully
add
it
to
the
cluster
all
right.
So
everything
works,
but
if.
B
B
All
right
all
right,
so
in
the
next
module
you
again
have
both
nodes.
A
B
Note,
first
of
all,
because
this
Workshop
is
using
Calico
and
Calico
requires
trigger
rules
when
you
are
using
Windows.
This
is
because
Windows
nodes
have
some
limitations
in
order
to
announce
their.
B
Well,
we
can
say
limitations
there.
It
is
more
stricter
in
terms
of
what
you
can
access
and
a
Windows
node,
which
will
create
a
problem
when
you
want
to
borrow
IP
addresses.
So
what
we
need
to
do
is
first
of
all,
disable
the
IP
address
borrowing
mechanism
of
Calico.
B
This
manifest
uses
host
process
installer
and
it
represents
itself
as
a
host
process
to
kubernetes.
Then
it
uses
the
username
or
the
identity
of
anti-authority
system
to
run
a
shell
script
or
a
Powershell
script
inside
the
root
silo.
This
will
allow
this
container
to
transfer
its
content
into
the
host
system.
B
Now
there
is
another
recording
in
the
cncf
that
you
can
find,
which
is
again
me
talking
about
securing
Windows
workloads.
However,
that
is
when
we
didn't
have
the
host
process
installer
technology
available
to
us,
so
you
can
go
and
watch
that
and
see
how
we
needed
to
like
copy
paste,
all
the
binaries
from
one
place
to
another
in
order
to
get
it
to
work.
A
B
B
A
B
You
should
be
able
to
see
your
cluster
and
both
nodes
will
be
ready.
Next,
you
will
be
prompted
to
actually
deploy
a
Windows
workload
and
secure
it.
B
All
right,
so
in
this
part,
you
get
to
create
a.
B
Fun
stuff:
it
talks
about
compatibility.
So
if
you
remember,
I
talked
about
a
Windows
compatibility
in
the
kernel,
so
here
my
windows
is
using
version
1809,
so
the
images
that
I
need
to
create
I
need.
The
images
that
I
want
to
deploy
on
this
system
needs
to
be
needs
to
use
the
1809
kernel.
B
Sorry-
and
this
is
actually
tagged
as
image
that
is
built
with
the
1809
kernel,
and
there
is
also
a
node
selector,
which
assures
or
ensures
that
this
deployment
will
only
happen
on
our
Windows
node.
So
if
I
come
here
and
do
get,
you
will
see
the
win
web
container
running
now.
B
What
I
need
to
do
after
is
to
create
a
service,
because
my
pod
exposes
a
vet,
a
port
which
I
can
then
access
by
using
the
web.
Ui
tab,
oh
boy,
now
all
I
need
to
do
is
wait
for
the
internet
to
act
as
how
it's
published
to.
B
All
right,
for
some
reason,
this
container
is
thinking,
it
doesn't
have
internet
and
we
can
do
two
containers
that
are
pretty
adamant
about.
B
B
B
Why
this
is
not
Connect
into
the
internet,
but,
as
I
said,
an
online
demo
usually
doesn't
work
anyway.
You
can
use
it
in
your
own
browser,
and
hopefully
this
will
work
for
you.
B
It
will
talk
about
how
you
can
actually
secure
this
workload
and
what
needs
to
happen
at
the
end.
There
is
our
social
handles
and
places
that
you
can
come
and
shout
if
something
like
this
doesn't
work,
so
somebody
like
me
would
go
and
fix
it
now.
B
A
B
Yes,
you
can
use
net4
policies,
tourist
trick,
internet
access.
In
fact,
if
you
go
to
Project
Calico
documentation,
which
is
docs.tigerat,
oh
there
is
a
page
talking
about
the
same
thing
it's
called
default
deny
it
allows
you
to
write
a
policy
to
restrict
networking
access,
yeah.
A
And
I
think
they
might
have
also
suggested
that
as
a
possible
issue
with
the
demo.
B
No
I
don't
think
so,
because
we
didn't
install
it
or
I
did
I.
Don't
remember.
I
have
to
go
check
the
video
anyway.
So
please
check
out
my
GitHub
repository
link.
It's
at
the
top
of
this
slide,
I,
usually
post.
My
findings
in.
A
B
And
don't
be
shy
to
contact
me
if
something
goes
wrong,
like
the
demo
unreachable,
Calico
users
like
and
these
social
places,
and
oh
and
this
is
the
QR
code
for
the
previous
installation
method.
If
you
fancy
your
journey
into
windows
and
like
copy
pasting,
everything
by
yourself
feel
free
to
watch
it
as
promised.
These
are
the
resources
that
I
used
to
appear
in
this
presentation
and
act
like
I
know
these
sort
of
stuff.
A
Great,
if
anyone
has
any
questions
now
is
the
time
to
send
them
in
so
that
we
can
get
them
answered
so
far,
no
questions
from
the
audience,
but
there
was
a
thank
you
for
all
the
links,
because
you
think
it
was
very
happy
to
receive
those,
and
then
people
are
also
saying
the
demos
all
the
time.
These
things
happen
so
but
I
like
the
fact
that,
if
something
goes
wrong
with
the
audience,
they
know
that
they
can
contact
you
as
well
as
there
goes.
A
But
while
we
see
if
anyone's
gonna
write
in
a
question,
I
would
have
a
question.
So
can
you
give
us
any
kind
of
information
or
sneak
peek
or
or
what's
the
kind
of
future
plans
for
Calico
project
in
general?.
B
I
have
heard
that
there
is
going
to
be
evpf
in
Windows,
but
no
timelines,
I'm
assuming
this
will
be
a
huge
thing,
because
we
already
doing
EB
offer
ebpf
and
Linux,
which
had
like
a
very
good
performance
boost
and
I'm.
Assuming
if
it
happens
in
the
windows
environment,
then
people
have
more
reasons
to
actually
use
a
Windows
container
environment.
A
Yeah
sounds
really
good
and
then
Paul
says.
Thank
you
so
much.
This
was
very
helpful.
So
that's
very
nice
to
hear,
and
since
we
are
not
getting
any
immediate
audience,
questions
I
think
everyone
was
very
clear
which
is
always
nice
to
see.
Do
you
have
any
final
things
that
you
want
to
kind
of
mention
to
the
audience
or
anything
else
that
you
want
to
highlight.
B
A
Great,
and
then
Paul
wants
to
know
is
calico
a
kind
of
Open
Source
technology.
B
It's
an
open
source
project.
It
uses
a
lot
of
Open
Source
Technologies
to
deliver
to
deliver
security
and
networking.
B
I
will
not
be
I
would
like
to
be
in
Amsterdam,
but
unfortunately,
I
will
not
be,
but
my
colleagues
will
be
there
who
know
more
than
me
and
their
demos
always
works
so
check
out.
Our
booth
I
think
we're
28.
A
A
Nice
everyone
can
find
great
people
who
are
there
then
yeah,
good,
perfect.
B
A
Yeah
perfect,
thank
you
from
the
audience
as
well
says
everyone
and
fantastic
and
so
forth.
So
great
but
I
guess
that's
it
as
far
as
the
questions
go
and
everything.
So
we
can
start
wrapping
up.
It's
a
really
nice
and
great
to
see
the
audience
interacting
as
well.
That's
always
great,
but
as
always
thank
you
everyone
for
joining
the
latest
episode
of
cloud
native
live
today.
A
It
was
great
to
have
a
session
about
exploring
communities,
Windows,
host
process,
installer
and
I
really
love
the
audience,
interaction
and
questions
from
the
audience
as
well,
and
as
always,
we
bring
you
the
latest
cloud
gaming
code,
every
Wednesday
in
the
coming
weeks.
We
do
have
more
great
session
coming
up,
but
next
week
we
will
not
have
a
cloud
native
live
since
it's
kubecon
week,
so
everyone
is
joining
there.
Obviously,
but
as
always,
thank
you
for
joining
us
today
and
we'll
see
you
in
the
coming
weeks.