►
From YouTube: Securing Windows workloads
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
We
offer
calico
a
free
and
open
source,
networking
and
network
security
solution
for
containers,
virtual
machines
and
native
host-based
workloads.
Calico
supports
multiple
architectures
and
platforms.
Calico
is
designed
to
be
modular
and
its
plugable
data
plane
approach
offers
ebpf
and
linux
ip
tables
for
linux,
environments
and
host
network
service
or
hns
for
windows
environments.
A
A
For
example,
kubernetes
officially
supports
windows,
and
if
you're
now
wondering
yes,
you
can
containerize
your
windows
applications
to
run
them
at
a
scale
by
using
the
same
tools
and
manifests
that
you
are
already
using
for
your
linux
containers
but
before
jumping
into
installation
steps.
There
are
a
few
requirements
that
we
need
to
discuss.
A
A
A
A
Another
thing
to
keep
in
mind
when
working
with
windows
containers
is
the
kernel
compatibility
windows.
Containers
are
highly
dependent
on
the
host
kernel,
so
in
the
container
build
process,
we
have
to
be
very
cautious
about
choosing
a
base
image
that
matches
the
underlying
host
windows
offers
two
methods
of
isolation,
the
hyper-v
and
the
process.
Isolation
modes
kubernetes
only
supports
process.
Isolation
in
this
mode
processes
are
run
concurrently
on
a
host
in
different
namespaces.
A
A
A
A
A
A
Cloud
resources
in
azure
need
to
be
associated
with
a
resource
group
for
this
demo,
I'm
going
to
create
a
resource
group
in
the
australia
east
region.
I've
chosen
australia
east
because
I'm
using
a
free
account
for
this
demo
and
since
this
region
is
usually
not
crowded,
I
can
pretty
much
create
any
resources
in
it.
Without
restrictions.
A
A
A
Seems
like
the
container
can
reach
the
internet,
which
is
a
huge
security
risk.
So
let's
change
that
by
leveraging
the
calico
global
network
security
policies,
aks
installs
calico
through
the
calico
operator,
which
allows
us
to
use
the
coop
cattle,
get
tire
status
command
to
check
which
calico
components
are
installed
in
this
cluster,
it
seems
like
only
calico
is
installed.
A
A
A
A
All
right,
I've
got
a
local
linux
machine
with
all
the
necessary
kubernetes
packages,
and
all
I
need
to
do
at
this
point
is
to
instruct
coupe
adm
to
initiate
my
cluster
similar
to
aks
after
coupe
adm
is
done.
We
need
to
copy
the
cube
config
file
to
the
current
user
home
directory
to
access
the
cluster
api
server.
A
A
A
I've
got
an
idea:
let's
download
the
calico
cattle
binary
and
check
out
how
that
works.
Calico
kettle
can
use
the
same
coop
config
file
that
we
copied
at
the
end
of
coupe
adm
initialization
step
to
change
the
calico
configurations,
for
example
by
using
calico
cattle.
We
can
change
district
affinity
value
and
prevent
linux
nodes
from
borrowing
ip
in
a
hybrid
setup.
A
A
A
A
A
Notice
how
I
specified,
which
version
of
kubernetes
must
be
installed
on
my
system.
This
is
important
in
a
production
environment
since
mismatch
in
the
kubernetes
version
might
create
version
skew
problems
and,
as
I
said
before,
we
need
to
specify
which
calico
backend
is
going
to
be
used
for
our
calicon
node
to
node
communications.
A
While
the
installer
is
busy
with
the
installation,
I'm
going
to
set
a
watch
in
my
linux
node
to
notice.
When
my
windows
is
joined
to
the
cluster
after
installer
finishes,
you
should
be
able
to
find
calico
binaries
inside
the
calico
windows
directory
in
your
windows,
drive
navigate
inside
the
kubernetes
directory
within
the
calico
windows
folder,
and
execute
the
coupe
service
script
to
complete
the
installation.