►
From YouTube: Kubernetes SIG Windows 20190409
Description
Kubernetes SIG Windows 20190409
A
B
Everybody
and
welcome
to
another
see
windows
meetup,
it's
the
9th
of
April
and
thank
you
all
for
attending.
We
have
a
few
things
on
our
agenda
for
today
so
that,
let's
kick
that
off.
So
the
first
thing
on
our
agenda
is
we
have
office
hours
for
kubernetes
on
April
11th
at
8
a.m.
we
will
promote
that
using
Twitter
and
kubernetes
IO,
the
CMC
F
Twitter
account,
but
we
also
want
to
encourage
you
guys
to
all
promote
that
as
well.
B
If
you
have
a
Twitter
account
and
kind
of
stood
regularly
and
you
have
a
lot
of
followers
just
like
Patrick
does
you
can
go
ahead
and
and
I'm
gonna
push
the
message
for
theorem
slack
as
well,
and
you
know
I'm
sorry
looks
like
I'll
post
it
on
slag
as
well
as
here
on
Zoom,
but
here's
a
message:
Thank
You
Craig.
Yes,
that
was
sarcasm,
Patrick
does
not
tweet,
but
I
posted
a
message
here
on
Zoom,
so
feel
free
to
send
it
out
to
everybody.
You
can
click
on
the
link
yourself
and
add
the
reminder.
B
B
You
know
at
the
high
level,
who
might
tell
them
a
little
bit
of
watching
a
road
map
from
container
B
and
runtime
class
for
hyper-v
isolation
and
GMS
a
and
some
of
the
other
work
that
we're
doing
and
obviously
cube
ATM
as
well,
but
recent
opportunity
for
them
to
tell
us
things.
That's
on
their
mind
and
potentially
you
might
catch
a
couple
of
areas
that
you
might
want
to
invest
more
in
and
Craig
anything
else.
You
wanna
add
to
that.
D
B
So
I
guess
we'll
find
out
the
the
second
thing
that's
happening
from
a
from
an
awareness
perspective
is
the
CNCs
webinar
on
April,
23rd,
Patrick
and
I
will
be
part
of
that
I.
Don't
know
if
we're
gonna
have
an
opportunity
to
do
a
demo.
Is
it's
gonna
be
mostly
just
talking
and
going
to
some
of
our
slides
but
I
guess
we'll
find
out
as
we
get
closer
to
that
date,
so
that's
happening
as
well.
So
if
I'm
not
in
two
weeks,
all
right
release
planning
for
1.15,
Patrick
I,
guess
you
added
this
one
yeah.
D
D
Okay,
how's
that
now
a
lot
better.
Okay,
yeah
is
there's
some
app
where
I
think
it's
the
one
we
use
from
Microsoft
internal
chat
decides
to
back
off
the
mic
for
some
reason:
okay,
so
the
so
right
now
the
release
team
has
been
formed
and
that
link
I
have
lists
who
the
release
lead
and
the
shadows
are
going
to
be,
and
so
they've
put
out
a
proposed
process.
They're,
you
know
with
April
30th
being
the
enhancement
freeze,
and
so
that's
when
anything
that
requires
a
cap
should
be
marked
implementable
and
so
I.
D
Don't
think
it's
likely
that
these
dates
are
gonna
change
much.
This
is
an
11
week,
release
cycle
which
is
similar
to
what
they
usually
do.
But
what
they
tried
to
do
is
make
sure
that
none
of
the
let
the
enhancements,
freeze
and
code
freeze
didn't
happen
during
a
conference.
Unfortunately,
that
means
code
freeze
is
happening
the
week
after
cube
con
Barcelona,
and
so
anybody
that's
there
might
be
coding
at
night,
but
that's
at
least
I
don't
have
to
cut
a
release
during
or
cut
a
release
during
those
days.
D
E
On
the
first
one,
but
sorry
I
hope
you
can
hear
me
so
basically
the
one
from
the
GMS
a
cap
is
now
under
review
by
jordan
Liggett.
So
do
you
want
to
make
it
a
separate
thing,
or
can
we
just
add
a
comment
there
to
say,
like
you
know,
since
we're
putting
in
this
window,
security
context
could
run
as
user
name
be.
Another
part
yeah.
D
D
D
So
I'm
basically
going
to
be
following
the
same
process,
but
because
it's
mostly
out
of
tree
work,
I
for
container
D
I,
don't
know
if
it's
technically
required.
The
other
piece
of
feedback
I
got
is
that
CRI
changes
like
a
couple
of
the
things
that
are
in
the
container
D
stuff
I'm,
proposing
moving
a
few
things
out
of
and
out
of
vendor
specific
annotations
and
just
into
the
CRI
spec
itself,
and
since
CRI
itself
is
not
stable.
D
Sig
note
basically
just
owns
that,
and
so
it
may
be
that
it
doesn't
need
a
kept
review
with
like
sig
architecture,
maybe
that
it's
just
but
between
us
and
said
node
to
get
that
done,
and
so
that's
one
of
the
things
that
I'll
be
answering
around
when
we
review
that,
with
with
yuju
and
and
dawn
over
in
sig,
node
and
I.
Think
Derek
is
going
to
take
a
look
as
well
as
maybe
Jordan
as
well,
but
anyways
moving
on
to
the
container
d-doc.
D
C
B
B
D
So
one
one
question
that
I
want
discussed
here.
That's
actually
in
common
between
the
two
of
these
is
that,
like
cube,
a
DM
makes
several
assumptions
about
the
paths
that
a
Linux
system
uses
and
so
I'm
wondering
if
we
should
use
that
cap
to
also
propose
the
default
locations
of
where
docker
or
container
D
and
their
configuration
files
would
be
stored.
Do
you
think
that
that's
something
that
would
be
in
the
scope
there,
or
should
we
just
put
that
somewhere
else
like
in
the
windows
Docs.
B
And
when
you
say
pass
these,
basically
all
the
config
paths
that
we're
gonna
need
for
across
the
board.
You
know
when
I
was
looking
at
the
dart
that
Talia
and
Lumiere
posted
I
was
almost
thinking
that
we
should
have
like
a
config
file
for
Windows
and
one
for
Linux
that
tube
ADM
ingest,
and
that
makes
all
the
decisions
about
what
folders
to
drop
things,
what
files
locations
and
that
config
file
could
span.
B
D
B
D
F
Can
take
it
over
sorry,
I'm
late,
everyone
I
had
training
go
over.
Can
you
all
hear
me
yep
yeah,
so
the
way
this
works,
I
don't
know
have
any
of
you
ever
seen
or
participated
in
an
office
hours
before
the
kubernetes
one.
So
we
do
upstream,
okay.
So
what
we
basically
do
is
we
run
a
live
stream.
It's
a
zoom
meeting,
just
like
this,
except
I'll,
put
the
sink
window
slack
channel
in
like
a
little
sidebar
and
a
little
thing
on
the
bottom.
F
That
says,
you
know:
join
sig
Windows
on
slack
buckets
at
I/o
and
then
usually
people
ask
questions
and
then
the
panel
answers
them
and
stuff.
So
that's
how
it
works
for,
like
the
kubernetes
off
people
say
you
know,
I,
don't
know
what
a
CR
D
is.
Can
someone
explain
it
and
then
we
do
that
kind
of
thing,
so
I
think
the
idea
is
you
all
want
something
similar
to
that,
except
you
can
put
demos
in
there.
We
can
basically
run
it.
F
However,
you
want
and
then
I
like
stream,
that
on
YouTube
and
then
it
gets
auto
recorded
we
put
in
your
playlist
and
then
we
ask
sans
you
have
to
retweet
it
and
all
that
kind
of
stuff.
So
we
can
do
Q&A.
We
could
do
demos,
you
could
I,
don't
know
talk
about
new
features,
I'm
pretty
sure.
That's
mostly
what
you
want
to
talk
about,
so
it
could
be
as
formal
or
informal
as
you
want,
but
as
far
as
recording
it
and
hosting
it
I'm
seeing
questions.
B
Yeah
there
I
think
demo
might
not
do
one,
since
we
have
a
scheduled
demo
for
the
community.
Meeting
emerging
looks
like
so,
and
that's
a
few
hours
later,
so
might
not
do
a
demo,
but
obviously
we'll
be
there
to
answer
questions
and,
from
our
end,
we'll
prepare
a
couple
of
slides
to
talk
about
what's
coming
up
next,
but.
A
F
F
B
D
F
F
F
You
know
and
that
that'll
kind
of,
like
I,
usually
find
what
these
office
hours
the
first
10
minutes,
or
so
you
go
through
the
queue
and
then
in
this,
like
it's
kind
of
weird
and
then
right
when
you
get
going
and
users
are
engaged,
you
run
out
of
time,
but
I
mean
we
could
cross
that
bridge
or
with
that
I
think
just
having
like
content
in
place
where
it's
like,
you
could
show
us
something
or
you
know,
and
then
definitely
you
reminded
me
Michael.
We
should
definitely
remind
everybody
about
it.
On.
F
Yeah
and
then,
of
course,
if
you
want
I'm
always
available
to
do
these,
so
we
could
do
these
every
cycle,
we
can
do
it
once
a
month,
I
figure.
We
would
just
try
it
because
you
know
this
last
release
basically
is
like
you'll.
Finally
have
people
you
know
using
you
know
so
I'm
definitely
available
to
do
that.
So
don't
feel
ya.
B
F
And
that
for
everybody
else,
who's
going
to
be
in
the
zoom
just
show
up
10
minutes
early,
so
I
can
test
your
audio
I'll.
Give
you
all
a
little
countdown
and
we'll
just
kind
of
take
it
from
there.
It's
it's
pretty
fun.
It
only
takes
one
really
engaged
user
to
like
really,
you
know
make
it
start
to
be
fun
so,
but
yeah
I'll
be
there.
I
think
this
will
be
good
I'm
doing
more
for
sick
cluster
lifecycle
the
next
day.
So
I
want
to
get
these
across
the
project.
Cuz
they're.
F
B
B
D
D
Okay,
okay,
something
shared
yep,
yep,
okay,
that's
weird!
Usually
it
used
to
give
me
a
list
of
all
the
apps
and
I
could
pick
the
one
I
want
to
share,
and
this
time
it
I
had
to
draw
like
a
little
green
box
around
it
and
then
okay,
there
we
go
so
basically
what
I
did
was
I
was
trying
to
split
this
up
into
a
couple
different
high
level
scenarios
of
what
we
can
do
when
we're
using
cry
container.
D,
that's
different
from
what's
available
in
docker
today
and
so
I.
Think.
D
Probably
the
most
important
thing
for
this
sake
is
that
we
understand
a
little
bit
at
the
background
here.
So
when
they
developed
Windows
Server
2016,
there
was
a
set
of
there's.
Basically,
a
Windows
service
called
the
hosts
compute
service,
which
is
what
actually
implements
a
lot
of
the
container
functionality
you
could
like.
You
could
sort
of
think
of
it
as
being
it
could
do
a
lot
of
the
same
stuff
that
Linux
does
with
like
C
groups
and
run
C.
D
That
kind
of
functionality
is
sort
of
wrapped
up
into
what's
called
the
HCS
and
that
was
initially
developed
and
then
docker
was
developed
on
top
of
that,
and
all
of
that
was
done
without
any
concept
of
pods
being
implemented
and
so
over.
The
last
few
releases,
after
that,
the
Windows
service
team
created
what
they
are
calling
the
HCS
v2
API,
but
which
was
really
fine
but
ultimately,
basically
finalized
for
Windows,
Server,
2000
19
and
the
container
D
code
has
been
built
on
top
of
that.
D
And
so
what
that
means
is
things
that
we
need
like
being
able
to
start
separate
sand
boxes
like
having
separate
sandbox
start
and
on
containers
start
react.
Actions
are
possible,
it
brings
in
container
namespaces
and
then
also
brings
finer
grained
control
of
file
mappings
and
so
in
terms
of
being
able
to
create
pods.
You
know,
we've
got
some
work
around
someplace
that
work
with
each
CSV
one
today,
they're
not
optimal,
but
it
doesn't
really
but
like
cleaning
up
that
code
doesn't
really
bring
new
user
benefit.
D
So
the
first
thing
here
is
because
we
can
mount
single
files.
That
means
that
we
can,
after
we
migrate
to
container
D
support
things
like
populating.
The
Etsy
hosts
file,
termination
messages
and
a
couple
I
think
those
are
the
main
two
features
that
require
single
file
mapping.
But
those
are
things
that
would
be
feasible
with
container
D.
D
The
next
group
of
functionality
actually
depends
on
using
hyper-v
isolation,
and
what
that
does
is
it
brings
up
a
separate
kernel
for
each
pod,
and
that
means
that
when
we
want
to
deploy
a
Windows
Server
1903,
if
you
want
backwards
compatibility
for
a
container
that
you
built
using
2019
the
only
way
you
can
get
that
backwards.
Compatibility
is
using
the
hyper-v
isolation,
and
so
we
can
use
what
I'm
proposing
is
that
we
can
use
ones
runtime
class
to
pick
between
process,
isolation
and
hypervisor
based
isolation,
and
so
at
a
high
level
that
lets
us.
D
And
if
you
take
this
a
step
further
and
start
looking
at
what
features
are
available
in
hyper-v.
What
hyper-v
actually
does
is
it
gets
us
much
more
finer,
grained
control,
/
how
memory
and
CPU
can
actually
be
used.
So
today,
when
we
specify
a
memory
limit,
that's
enforced
around
the
processes
and
then
the
CPU
is
basically
trying
to
use
like
a
fair
share
algorithm.
But
it
it's
not
really
a
hard
limit.
Things
get
throttled
after
some
time,
but
you
can't
do
something
like
on
a
24
core
CPU.
D
Only
let
the
application
schedule
2
cores
you
can
do
that
with
hyper-v
and
so
with
hyper-v.
We
can
go
in
there
and
the
processes
could
only
see
a
subset
of
the
memory
in
a
subset
of
the
cores
and
that's
something
that's
configurable,
and
so
we
could
either
do
that
by.
You
know
creating
basically
like
a
t-shirt
size
around
a
different
runtime
class.
So
we
could
say
you
know
here's
a
pod
that
gives
you
4
gigs
of
memory
and
4
cores.
D
D
But
even
if
we
don't
get
that
API
change,
we
can
still
do
it
through
annotations.
You
just
have
to
basically
define
those
on
the
node
first
and
then
ask
for
that
runtime
class.
When
you
schedule
a
pod
and
then
the
last
thing
I
want
to
mention
is
that
with
this
technology,
windows
can
actually
run
Linux
containers
as
well.
This
is,
and
there
is
a
prototype
in
docker
for
some
time,
and
so
we
could
create
a
runtime
class
to
run
a
Linux
container
on
a
Windows
node.
That's
it's
something:
that's
technically
feasible!
D
It's
I
and
I'm
kind
of
looking
for
feedback
from
the
SIG's
on
how
important
it
is
right
now.
I
believe
that
getting
you
know
just
the
windows
containers
working
with
and
without
hyper-v
isolation.
First
brings
the
most
benefit
because
we
really
need
to
solve
that
cross
version.
Compatibility
problem,
the
Linux
one
I
would
need
some
more
feedback
on
what
the
use
cases
are
and
getting
support
across
multiple
SIG's.
To
do
that
later,
so
yeah
I
think.
B
The
the
Linux
one
will
be
helpful
if
someone
is
doing
some
dev
test
and
they
just
need.
They
only
have
a
Windows
box
and
a
couple
of
Linux
boxes,
and
they
just
basically
want
to
experiment
and
try
things
out.
So
that's
super
useful
there,
but
I
mean
for
production.
Scenarios
is
going
to
get
a
little
bit
more
tricky
because
things
that
they,
the
same
Linux
container,
cannot
run
the
same
on
a
Windows
host
and
on
a
Linux
host
right.
B
There's
things
like
persistent
volumes,
privileges,
everything
else
that
comes
into
play
that
may
or
may
not
be
available
in
Windows
that
if
you
can
offer
a
one-to-one
experience,
then
I'm
sure
six
will
push
back.
But
I
did
hear
in
the
dev
testing
scenario,
and
you
want
to
basically
quickly
spin
up
some
Linux
notice.
What
in
those
containers
to
try
some
things
out,
then
that
makes.
A
B
A
D
Okay,
let
me
let
me
talk
to
you
more
about
that
afterwards.
If
you've
got
some
ideas
on
how
CSI
could
work
cuz
I
think
it'd
be
good
to
summarize
that
in
here,
because
sig
note
has
been
asking
some
questions
around,
is
there
a
way
that
we
can
run
plug-ins
and
privileged
containers,
basically
as
part
of
a
pod
rather
than
on
the
host,
and
so
basically
moving
that
security
boundary
to
be
within
the
pod.
D
Boundary
may
have
some
benefit
and
I
think
that
that's
sort
of
how
this
could
be
done,
but
anyway,
we're
out
of
time
so
but
I'd,
like
everyone
to
sort
of
you,
know,
review
that
this
stock.
If
you
got
questions,
please
go
ahead
and
start
adding
comments
in
there
and
and
I'll
I'll
be
checking
that
pretty
much
daily
over
the
next
week.
A
D
D
B
A
B
Excellent,
the
dog
that
Callie
and
Luba
me
worked
on
by
the
way
is
linked
in
our
meeting
notes.
So
if
anybody
is
interested
and
you
want
to
go-
provide
some
feedback
and
kind
of
see
the
discussion
from
next
week,
please
go
ahead
and
do
that
again,
tweet
to
your
users,
about
the
open
hours
office
hours
this
Thursday
and
thank
you
all
for
attending
and
we'll
see
you
guys
next
week
right,
yeah.