►
From YouTube: Kubernetes SIG-Windows 22021004
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everybody
and
welcome
to
the
October
4th
2022
iteration
of
the
kubernetes
windows
community
meeting.
As
always,
these
meetings
are
recorded
and
uploaded
to
YouTube
so
be
sure
to
adhere
to
the
cncf
code
of
conduct.
Let's
get
started
for
announcements,
just
another
update
that
enhancement
freezes.
This
Thursday
I
believe
it
is
6,
00
p.m,
PDT,
but
so
there's
that
I
think
that
or
most
of
the
enhancements
were
in
pretty
good
shape.
I
do
need
to
get
some
reviews
on
the
host
Network
support
for
Windows
kept
though.
A
All
right,
if
not,
we
can
see
if
there's
anybody
any
new
contributors
here
that
would
want
to
introduce
themselves.
We
can
give
some
space
to
have
anybody
who's
new
here
to
either
introduce
themselves
same
with
a
working
on
what
they'd
like
to
get
out
of
the
meetings,
if
they'd
like
feel
free
to
just
unmute
yourself
or
raise
your
hand.
A
All
right,
I,
don't
see
anybody
who'd
like
to
do
that,
so
I
think
we
can
get
onto
the
agenda.
James
looks
like
you're
first
up
did
you
want
to
share
your
screen?
Yeah.
A
A
A
Question
here,
I'll
follow
up
on
slack
about
this
after
the
meeting
since
Alex
isn't
here,
but
basically
the
the
guidance
is
just
to
not
use
volume
mounts
to
mount
in
the
sockets,
just
whatever
work
like
whatever
path
you
need
when
you're
running
in-house
process
container
just
use
it
hopefully
and
make
it
unique
somehow
for
the
container,
and
then
it
should
just
work.
We've
got
a
lot
even
tests,
our
Ed
tests
that
are
validating
this
for
both
named
pipe
and
unique
domain.
Sockets,
so
I'll
follow
up.
A
Do
you
want
to
talk
to
this.
D
Yeah
yeah
there
was
a
regression
in
1.24
and
above
found,
the
cause
of
stale
agents,
load,
balancer
proxy
rules.
Time
bot
is
deleted.
Each
each
deletion
will
kind
of
leak.
A
external
web
load,
balancing
rule
which
references
kind
of
endpoints
which
no
longer
exists
that
were
deleted,
or
you
know
any
any
pods
that
were
updated
that
belong
to
a
service.
D
So
yeah
I
mean
there's
a
fix
out
for
this
and
yeah
I.
Guess
you
just
have
to
get
that
fixed
and
yeah
I'll
review
it.
Any
comments
leave
comments.
There.
A
D
D
Yeah
I
think
so
yeah
I
think
the
in
the
issue.
D
There's
like
a
link,
I
add
so
this
this
commit
is
where
I
mean
we
we've
tingled
it
down
to
this
commit
and
there's
like
a
one
line
there,
which
I
think
was
a
perhaps
a
typo
or
it's
like
I,
think
there
was
a
I
remember
like
sort
of
mentioning
that
this
might
have
been
like
some,
like
someone
accepted
like
emerge,
conflict
that
kind
of
went
wrong
there,
but
yeah
there
seems
like
there's
some
duplicated
line
there,
so
that
that
is
causing
the
issues.
The
leakages,
okay,.
A
B
Where
was
this
when
we
fixed
that
other
load
balancing
thing
that
was
happening
a
while
back,
there
was
an
external
load,
balancer
issue,
yeah.
B
D
A
D
Oh
yeah,
or
it's
fine,
that's
fine
yeah
and
the
else
like
line
1320
is
like
skipped,
creating
HMS
load,
balancer
and
then
right
after
that,
we
actually
do
the
operation.
A
A
Okay,
well
yeah,
you
said,
there's
already
a
PR
for
this
open.
D
A
D
Yeah
yeah,
actually,
can
you
scroll
up
to
the
description,
so
what
you
will
see
is
there
will
be.
We
have
a
script
that
lets
you
detect
this
issue
that
I
linked
yeah
LinkedIn.
They
issued
this
network
health.ps1.
If
you're
suffering
from
this
issue,
you
can
just
run
network
health.ps1,
I'll
I'll,
give
you
the
command.
I'll
actually
add
that
to
the
the
exact
command,
but
it
will
print.
You
know
that
you
have
one
still
flip
and
you
can
inspect
it
with
the
Powershell.
That
is
also
in
the
issue.
D
Entries
or
for
that
web
so
there's
a
duplicated,
duplicated
load,
balancers,
basically.
B
D
D
D
D
You
can
just
delete
a
pod,
any
any
modification
to
the
service
itself.
Let's
say
the
the
endpoints
change,
because
the
Pod
got
added
or
deleted,
like
you're
scaling
down
or
up
your
service,
then
now
we're
recreating
that
service
kind
of
Q
proxy
will
recreate
that
service
policy,
and
it
will
leak
because
of
this
bug.
It
will
leak
the
previous
one.
It
won't
clean
it
up
now,
you'll
have
to
to
load
balancing
rules
that
will
like
it
will.
D
You
know
anytime
I
see
this
VIP
now
that
service
still
exists
right,
you
just
scaled
it
up
or
down,
but
you'll
have
two
duplicated
rules
now,
and
one
of
them
will
reference
an
endpoint
that
no
longer
exists
or
like
one
that
has
been
removed,
and
so
some
of
the.
If
it
matches
that
rule,
then
some
of
the
traffic
I
mean
it
will.
Some
of
it
will
pass
because
the
other
endpoints
will
still
be
valid,
but
if
it
decides
to
load
balance
to
the
endpoint
that
got
deleted,
yeah,
okay,.
D
Yeah
I
think
it
might
be
on
others
as
well.
I
haven't
tested
that
that's
just
the
Repro
steps.
I
think
it
might
be
other
service
types
as
well.
B
A
Yeah,
okay,
yeah!
Maybe
we
should
start.
Would
you
mind
David
posting
on
the
Sig
Windows
Channel
and
maybe
mention
it
so
that
people
can
get
up
in
in
slack?
That
might
be
a
good
way
to
first
start
letting
people
know
we
could
just
link
to
the
this
issue.
D
No
I
think
that's
all
I
have
to
add.
Oh
one
more
or
actually
one
last
thing.
Actually,
if
you
can
make
it
so
that
your
service,
all
the
pods
that
belong
to
the
servers,
are
only
on
one
node
and
this
issue.
I,
don't
see
that
the
connectivity
use
the
connectivity
failures.
A
Oh
I
see
I,
think
I
see.
Alex
joins
the
call
and
I
believe
Alex.
You
asked
this
question
about
it:
testing
UDS.
You
know
some
main
seconds:
correct,
yeah,.
B
Yeah
sorry
I
thought
the
demo
could
go
first,
but
yeah.
If
you
have
a
real
time
I.
Just
so
I
just
want
to
ask
a
few
questions
about
the
whole
process:
post-process
pods
and
how
exactly
it
worked.
B
A
A
That's
all
we
go
into
some
detail
into
that
in
the
cap
and
they're.
The
reason
why
we're
changing
that,
but
it
will
be
slightly
different.
The
once
once
we
switch
to
continuity.
1.7
volumes
will
work
much
more
like
they're,
actually
like
like
regular
containers,
where,
if
you
tell
it
to
Mount
something
at
like
slash
bar
run,
boo
it'll
show
up
at
C
colon
bar
run
through
instead
of
at
that
special
location,
because
we're
changing
the
types
of
the
ways
that
we're
doing
the
file
system.
B
I
believe
that's
one
I'm
playing
with
right
now,
like
you,
have
to
actually
explicitly
State
the
full
path
right
in
order
to
access
anything,
even
when
you're
in
the
container
environment
yeah.
So
that
breaks
up
integration
test
because
I
think
they
have
absolute
power
setup
and.
A
There
is
an
environment
variable,
that's
reset
on
in
in
in
each
container
that
points
to
that,
that's
also
in
in
the
documentation
and
then
the
cap
right
right,
I,
it's
possible
that
code.
That's
checking
for
if
it's
an
absolute
path
is
not
understanding
that
that
environment
variable
will
be
kind
of
rooted
at
an
absolute
path.
B
Yeah
yeah,
so
I
mean
I,
think
we're
gonna
have
to
so.
The
only
way
to
do
it
right
now
is
to
change
our
tests
to
like
kind
of
prepend
that
the
mount
path
to
whatever
path
like
tests
directly
viewed
but
then
later
on,
that's
going
to
be.
A
All
the
code
is
already
in
the
containerdy
1.7
or
like
in
continuity,
main
branch,
so
because
it's
a
so
it
will
be
a
breaking
change.
But
what
we're
doing
to
mitigate
the
braking
change
is.
If
you
are
running
container
D
1.6,
you
will
always
get
the
current
behavior
if
you're
running
containerd,
1.7
you'll
get
the
new
Behavior,
but
then
we'll
also
Sim
link
the
we'll.
B
A
I'll
reply
to
the
your
slack
your
your
post
and
psych
I
saw
that
yesterday,
I
didn't
have
a
chance
to
respond.
Yet
all.
A
A
All
right,
James,
I'm
gonna,
stop
sharing
something
share.
Now.
C
So,
a
couple
weeks
ago
there
was
like
a
little
mini
hackathon
to
so.
C
You
could
go
explore
and
experiment
with
things
and
the
thing
that's
been
on
my
list
for
a
very
long
time
was
checking
out
the
ebpf
for
Windows
project
and
so
I
just
couldn't
show
off
kind
of
what,
where
I
got
and
share
the
learnings
I
had
it
didn't
get
very
far,
but
I
do
have
a
kind
of
working
program
and
thought
I'd
be
able
to
maybe
accelerate
other
people
that
are
interested
in
it
and
some
folks
expressed
interest
in
it
last
week
as
well.
C
So
for
those
who
don't
know
anything
about
this,
BPF
is
Berkeley
packet,
filter,
I,
believe
I.
Don't
think
it's
related
to
that
anymore.
But
it's
a
Linux
technology,
that's
built
into
the
Linux
kernel
and
windows,
is
adopting
the
technology
for
the
windows
platform,
and
so
there's
a
project
up
here.
There's
a
team!
That's
working
on
this.
You
can
actually
join
their
meetings
on
Monday
morning
things
if
you're
interested
in
learning
more
or
just
joining
the
community,
but
so
what
they're?
C
What
they're
doing
is
trying
to
bring
the
similar
process
that
you
have
for
Epps
on
Linux
to
Windows,
and
so
my
idea
was
to
try
to
create
an
ebbf
program
for
to
proxy
that
would
for
the
kpng,
the
Q
proxy
next
gen.
There's
a
Linux
version
of
this
out
there,
that's
kind
of
a
demo
to
show
how
this
maybe
would
work
and
I
wanted
to
see
if
I
get
it
for
Windows.
C
I
didn't
get
quite
that
far
yet,
but
still
working
on
it.
So
there's
this.
This
diagram
here
is
very
complicated,
but
I
think
the
important
part
of
evpf
is
there's
two
different
parts
to
it:
there's
a
user
program
so
like
a
user
space
program,
so
the
program
that
you
kind
of
write
and
maybe
go
or
C,
plus
or
something
that's
running
in
user
space
and
then
there's
another
program
that
you
write,
typically
in
C
and
then
load
into
the
kernel
in
Windows.
C
What
happens
is
that
gets
translated
into
a
driver
and
it
runs
as
a
kernel
driver
and
then
the
user
space
application
talks
to
the
Linux
the
kernel
space
application
through
what
they
call
Maps
they're,
basically
key
value
Stores
for
storing
information
in
memory,
and
so,
if
I,
the
demo
I'm
going
to
show
is
if
I
wanted
to
block
a
particular
IP
address.
C
I
would
write
that
IP
address
into
a
map
the
evpf
program
running
in
the
kernel
which
look
at
that
identify
that
there
was
a
connection
made
to
a
particular
IP
address
and
then
shut
down
the
connection
right
there.
So
that's
what
I'll
demonstrate
here.
You
can
learn
a
lot
through
the
website
here,
this
tutorial
kind
of
talks
about
ebpf
and
what
what
the
program
looks
like
and
how
to
interact
with
it
on
Windows
I've
recently
just
pushed
updates
to
this.
C
So
it
should
be
a
lot
easier
and
smoother
experience
if
you're
trying
to
get
started
with
it
than
what
I
had.
Okay,
so
I'll
show
you
the
show
you
the
example
so
down
here.
What
I
can
do
is
I'm
just
going
to
curl
this
IP
address.
This
is
the
HTTP
bin
website,
so
it's
I'm,
just
calling
there
I'm
getting
a
200
back
and
what
I
can
do
over
here
is
run
my
evpf
program,
so
I
wrote
a
little
go
program.
That's
my
user,
Space
Program!
C
It's
going
to
take
the
evpf
program
and
inject
it
into
the
kernel
and
then
tell
the
program
to
block
any
IP
addresses
that
go
that
are
that
go
to
18
207
and
we
just
completely
reject
them.
So
hit
go
run.
C
It
takes
a
minute
to
compile
I'll
I'll
talk
through
what
some
of
this
stuff
does,
but
I
am
essentially
I
mentioned
those
Maps
I
injected
the
map
with
this
IP
address
18207,
which
you'll
see
the
same
over
here.
C
The
result
means
that
it
was
successful
and
if
I
I've
got
a
little
Trace
program
that
sets
up
some
etw
traces,
so
we
can
see
what's
actually
happening
inside
the
ebpf
program,
and
so
it
just
set
those
up
and
now,
if
I
try
to
make
that
request
again,
I
get
rejected
from
the
request
and
we'll
see
we
saw
the
connection
it's
going
and
then
it's
being
blocked.
C
I
haven't
quite
figured
out
how
to
do
the
ports
yet,
but
it's
blocking
that
IP
address
and
I
guess
it
made
two
requests:
I,
don't
know
if
that's
like
curl
stuff,
but
if
we
were
to
take
this
and.
C
There's
a
little
program
online
converts
decimal
to
IP
address.
You
should
see.
Oh,
it's
not
the
right.
One.
B
C
If
I
nope
one
of
those,
let's
see,
okay,
it
blocked
nine.
Six,
two
four
so
I
should
see
this
should
be
converted
to
18,
but
I.
Don't
know
why
it's
coming
up
wrong:
I
I
might
have
I
was
playing
around
I
was
trying
to
get
the
reader
at
14
this
morning.
C
I
might
have
messed
up
the
the
outputs,
but
you
can
see
that
we
are
actually
blocking
something
and
if
I
were
to
unload
the
program
and
run
it
over
here,
I'm
now
able
to
connect
again,
and
so
that's
kind
of
like
a
really
simple
demo.
The
idea
is
that
I
would
be
able
to
read
from
the
API
server.
C
Take
those
IP
addresses
the
VIP
IP
address
is
say:
if
a
request
comes
to
this
VIP
I
can
redirect
it
to
these
back-end
IP
addresses
for
the
for
the
pods
and
that's
what
I
was
I'm
trying
to
work
on
there's
a
current
PR
that
actually
implements
that
in
the
windows
EPF
right
now,
the
redirecting
doesn't
work
and
so
I've
built
from
that
from
source
and
I'm
playing
around
with
like
how
to
get
that
actually
set
up
and
having
coink
out
there.
C
So,
from
a
code
perspective
I'll
just
kind
of
walk
you
through
what
I'm
doing
it's
really
simple,
but
it
took
it
took
me
a
little
bit
to
like
figure
out
how
all
this
kind
of
interaction
works
together.
So
this
is
my
user
Space
Program
I'm
just
taking
a
couple
IP
addresses-
and
this
is
my
program-
that
I'm
gonna
load.
This
is
the
ebpf
program
and
I'll
talk
through
that
in
a
second.
C
Basically,
you
you
grab
the
the
evpf
program,
it's
built
into
an
FL
file
and
you
take
it.
You
get
the
object,
you
load
it
into
the
system
and
then
you
need
to
attach
it
to
ebpf.
Has
these
attach
points
so
there's
a
set
of
attach
points
that
are
implemented
in
the
Linux
kernel
and
then
there's
a
subset,
that's
implemented
in
Windows,
and
so
you
need
to
attach
it
to
that
attach
point
for
it
to
actually
run
and
I
was
actually
when
I
was
testing.
C
This
earlier
I
was
having
a
really
hard
time
figuring
it
out,
because
I
was
forgetting
to
attach
it
and
then
I,
then
I
go
get
the
map
that
they're
going
to
interact
with
and
finally
I
I
create
a
a
little
object
here
and
then
pass
it
down
and
update
the
map.
C
So
I'm,
just
and
you
have
to
this-
is
all
using
go
see
seago
so
behind
the
scenes,
I'm
I'm
using
all
unsigned,
integers
and
then
unsigned
unsafe
pointers
and
passing
that
down
to
the
map,
the
map
updates,
and
then
it
comes
back
and
says
you're
good
to
go
so
the
EPV
program
is
usually
just
written
in
C,
usually
in
a
separate
like
folder,
it's
from
what
I
can
see
and
then
here's
the
map.
C
So
it's
I'm
saying
this
is
my
structure
that
I'm
I'm
working
with
and
here's
the
size
of
it.
Here's
how
many
entries
we
can
put
into
it.
You
can
put
much
more
than
100.
and
then
down
here.
This
is
where
we
Define
the
attach
point,
and
this
function
can
be
anything
you
want.
It
comes
in.
C
It
comes
in
with
this
structure
that
says,
like
here's,
who's
who's,
calling
how
they're
calling
you
know
a
bunch
of
information
around
what
they're
doing
and
then
I
just
pass
the
map
and
that
information
to
this
function.
The
function
goes
through.
I
do
a
lookup
into
that
map
that
I
filled
from
the
user
Space
Program.
C
This
is
the
part
that
I'm
still
working
on
otherwise
blocking
and
I
just
return
or
reject,
and
that's
how
it
shuts
down
before
it
ever
goes
any
any
further
in
the
in
the
system
to
to
build
those
programs.
I
have
this
like
Janet
ebpf.
C
C
Something
I
didn't
mention
before
is
that
these
programs
are
have
very
strict
guidelines
on
what
you
can
do
in
there
and,
if
you're
missing,
if
you
don't
do
certain
checks
for
likes
of
the
maps,
you're
working
with
you
can't
load
that
program
and
so
I'm,
just
running
a
verification
to
make
sure
that
my
program
passes
that
verification
and
that's
kind
of
a
very
quick
overview
but
like.
If
you
don't
have
this
check
for
like
null,
then
your
program
won't
pass
verification.
D
So
could
we
one
day
have
like
come
say
your
shared
implementation
of,
like,
let's
say
a
back
end
and
Q
proxy
York
PNG,
like
one
shared
code
base.
That
is,
you
know
the
same,
a
c
code
kind
of
for
the
redirect
across
Linux
and
windows.
C
That's
a
good
question
so
I,
so
there
is
like
a
BPF
program
that
was
put
into
kpng
that
uses
this
C
group
connect
I,
tried
compiling
it
with
on
windows
with
the
BPI
program
and
wasn't
able
to
do
it
and
then
I.
It
was
way
over
my
head,
so
I
took
a
step
back
to
just
learn
the
basics,
which
is
what
I
just
demonstrated
and
I
haven't
gone
back
to
trying
to
get
this
thing
to
work
for
for
that
program
again,
and
so
potentially
yes,
that's.
C
The
idea
is
that
the
the
way
that
they've
built
ebpf
for
Windows
is
they
would
be
able
to
cross,
compile
some
of
the
ebbf
programs,
but
like
yeah,
your
mileage
is
gonna,
be
varied
there.
So.
B
C
Cool
yeah,
yeah
I'm
working
on
the
redirect
and
I
I
there's
just
as
I
said,
there's
a
lot
of
things.
I'm
learning
from
it's
been
a
long
time
since
I
wrote,
see
and
so
yeah,
hopefully,
I'll
get
something
working
eventually
here
and
then
and
then
I
can
maybe
move
that
back
into
like
a
demonstration
with
Q
proxy
foreign.
B
B
B
C
B
C
Exactly
so
this
program
here,
you'll
see,
it's
called
redirect
back
up
here
in
Maine.
Go
I
did
attach.
C
Yeah
so
I
got
the
program
called
redirect
from
the
L
file,
so
I
loaded,
the
L
file
I
got
the
redirect
and
I
attached
it
and
then
and
then
once
it's
attached
now
it's
now
it's
going
to
respond
to
any
of
those
events
that
the
ebpf
system.
B
C
And
then,
and
then
this
map
is
the
name
of
the
map,
that's
in
here
and
you
can
name
them
differently,
but
I
I,
don't
know
if
it's
convention
or
what,
but
they
usually
have
the
same
name
as
the
struct
of
the
map
so
and
so
yeah
and
so
and
then
you
just
write
into
that
map
and
there's
a
bunch
of
different
types
of
maps
I'm
just
using
a
hash
map
for
this
right
now,.
C
So
this
the
source
for
this
is
I,
put
it
up
on.
C
Github
here
I
could
put
it
in
chat
here
or
else
I'll
link
it
in
the
the
notes,
but
I'll
post
it
in
the
chat.
Here
too
again,
it's
super
simple
I
was
trying
to
just
learn
the
basics,
because
it
was
quite
a
bit
to
learn.
For
me
at
least,
there
are
some
requirements
as
to
how
you
set
this
up
right
now.
C
The
evpf
program
for
windows
isn't
signed
it's
still
very
early
and
so
they're
working
on
getting
the
signatures,
and
you
know
doing
the
whole
Security
review
and
all
those
things,
and
so
until
you
can
do
that,
you
have
to
kind
of
load
this
into
a
a
VMware
that
doesn't
have
that
allows
unsigned
drivers,
which
is
something
you
have
to
like
disabled
and
not
not
recommended
for
production
or
anything,
and
then
there's
a
few
other
components
that
are
required,
but
Define.
There.
B
C
I'm
gonna
go
ahead
and
stop
recording.
If
there's
something
else.