►
From YouTube: Kubernetes SIG Windows 20200616
Description
Kubernetes SIG Windows 20200616
A
Hello,
everybody
and
welcome
to
another
sig
windows
meeting
it's
the
16th
of
june.
As
always,
this
is
a
recorded
invite.
So
please
adhere
to
the
cncf
code
of
conduct.
Thank
you
all
for
attending.
So
a
few
topics
today
on
our
agenda.
Let's
dive
right
in
isn't
lash
online.
A
So
I'm
not
sure
if
he's
gonna,
he
was
able
to
stay
awake
or
wake
up
early
enough,
but
one
of
the
topics
that
nilesh
wanted
to
talk
about
was
this
seek
off
discussion
and
there
was
recommended
policy
profiles
for
security
parts.
I
think
of
this
as
basically
trying
to
to
augment
the
pot
security
policies
and
add
a
little
bit
more
definition
around
this,
and
they
were
looking
to
see
how
this
would
impact
windows.
What
would
it
look
like
for
windows
and
have
a
discussion
on
that?
B
Well,
I
I
don't
have
a
solution.
I
just
wanted
to
bring
it
up
and
see
if,
as
a
group,
we
could
come
to
some
strategies
for
how
we
can
better
collaborate
with
the
node.
To
get
I
mean
what
are
frankly,
small
things,
reviewed
and
and
changed
so
for
anybody
who
doesn't
know
the
background
they're.
Basically,
some
cherry
picks
prs
that
I
added
to
the
notes
that
get
small
fixes
into
various
patch
releases
and
they
had
a
long
time
to
review
them.
B
They
didn't
get
reviewed,
they
didn't
get
approved
and
merged
and
that's
causing
pain
for
our
users,
because
these
are
the
changes
that
improve
the
performance
on
for
metrics
and
and
that's
yeah,
obviously
something
that
impacts
our
users
significantly.
B
One
thing
that
I
have
been
thinking
about
is
whether
or
not
there's
a
way
you
know
if
you,
if
you
attend
the
sig
node
meetings,
they
tend
to
be
very
long
and
kind
of
drawn
out.
I'm
just
wondering
if,
if
there's
a
better
strategy
for
getting
the
attention
of
folks
there,
you.
C
A
I
I
completely
agree
with
you:
I've
we've
escalated
the
mother
before
to
the
sick
contributor
ex,
and
I
just
I
wrote
them
another
note
right
now,
like
frankly,
it's
unacceptable.
You
know,
I
paint,
I
believe,
a
pink
multiple
times
on
each
one
of
these,
and
you
know
I
sent
dawn
and
slack
messages
as
well.
Like
I
don't
know
what
you
know,
attending
sickness
meeting.
Patrick
has
done
that
in
the
past
that
didn't
help
either.
So
I
I
actually
have
a
conflict
at
that
time,
so
I
can
attend
but
yeah.
A
So
we
commented
seven
days
ago.
Six
days
ago,
five
days
ago,
I
had
you
know.
Five
square
had
also
commented.
13
days
ago
I
mean
they've
had
more
than
three
or
four
notifications
on
this.
Oh
and
and
mark
also
commented
on,
may
14th.
So,
like
going
back
a
month,
we
had
four
or
five
notifications,
we're
asking
signo
to
do
something
about
it
and
it
hasn't
worked.
So
I
think
time
is
right
now
to
launch
an
official
complaint
about
this.
A
Like
I
mean
the
way
kubernetes
was
segmented
was
that
every
every
siege
has
a
little
bit
of
authority
to
basically
do
what's
right
for
our
users
and
our
customers
right
and
it
looks
like
you
know,
things
didn't
work
the
way
they
were
intended
to
here.
So
we
need
to
figure
out
the
solution.
This
is
not
the
first
time
either.
So
this
is
you.
D
A
D
D
It's
been
more
than
three
months
and
nobody
has
even
looked
at
it
like
if
you
create
an
issue
or
anything.
So
basically
I
mean
when
you're
talking,
I
mean,
let
me
know
if
I
can
help
as
well,
but
basically
what
we're
asking
for
is
if
there
is
a
better
way
of
doing
it,
we're
happy
to
follow
a
process
right
like
if
they
have
a
process.
A
We
talked
about
them.
There
is
no
such
thing
so
who
looked
for
it
by
the
way,
but
my
thinking
is,
you
know
at
the
very
least.
What
needs
to
happen
is
that
signal
needs
to
come
to
us.
Hey
we're
really
busy,
we'll
put
this
on
our
to-do
list
or
get
to
it
in
a
week
or
in
a
day
or
in
a
month
like
you
know
at
least
have
a
conversation
when
there
is
an
absence
of
complete
conversation
is
really
where
it's
hurting
us.
A
So
I
take
this
seriously
and
let
me
see
what
we'll
do
about
this.
I
am
not
gonna.
Let
go
now
so,
okay,
I
can't
promise
you
can
fix
it,
but
we'll
make
enough
noise.
Maybe
now
nothing
will
go
through
signal,
so
it
could
backfire.
So
just
let
you
guys
know
now
and
like
seriously,
there's
no,
no
joke
in
the
right
side.
You
know
what,
when
customers
are
impacted,
you
know
this
is
problematic.
C
A
And-
and
I
just
got
the
ping
right
now,
but
my
ping
is
for
something
else:
hardboard
just
graduated
in
cncf-
I
think
I
don't
know
if
you
guys
know
I'm
the
I'm
the
lead
maintainer
for
harbor,
so
so
it's
I
think
it
looks
like
it's
going
to
become
the
11th
project.
Like
all
of
a
sudden,
my
slug
lead
up
like
crazy
and
it
was
a
microsoft
vote.
Michelle
new
rally,
thank
you
to
michelle
craig.
I
don't
know
if
you
know
her
in
person
too,.
A
Cool
all
right,
so
anything
else
on
this
topic.
D
No,
but
I
see
david
shot
has
joined.
I
think
he
has
some
update
for
ipv6.
I
don't
know
david
if
you
want
to
share
something.
A
Yeah,
let
I
mean
it
doesn't
look
like
there's
anything
else
exhausted
this.
You
know.
We
know
that
something
needs
to
happen.
We'll
try
to
see
what
you
can
do
is
see
contributor
x,
I
I'll
start
there
and
we
move
on
from
there.
So
jing
had
an
issue
above
you
david,
but
since
you
started
talking,
let's
cover
that
pvc
stuff.
E
E
Like
the
it's
very
similar
to
the
linux
implementation,
so
such
that,
for
example,
a
single
pod
can
have
two
ip
addresses
assigned
one
from
the
ipv4
family
and
another
one
from
the
ipv6.
So
it
can
communicate
on.
C
A
E
B
A
F
A
E
So
this
it
can
be
enabled
you
know,
using
the
same
feature,
gate
and
flags
that
linux
already
implements
so
the
ipv6
dual
stack
feature
gate
that
you
just
mentioned,
and
the
changes
were
also
tested
together
with
the
azure
cni,
but
we
hope
to
follow
up
with
ipv6
support
soon
to
some
of
the
other
windows
cni
reference
plugins.
E
That
being
said,
there's
still
two
limitations
or
gotchas.
I
should
also
highlight
so
on
ipv4
today,
kubernetes
and
windows
pods
in
general
support,
l2
bridge
and
overlay
networking
modes,
but
right
now,
ipv6
support
has
only
been
added
to
l2
bridge,
which
is
something
that
we
will
document
and
you
know,
depending
on
user
feedback.
Support
for
ipv6
overlay
could
be
added
to
a
later
windows
release
as
well,
and
the
second
limitation
is
on
the
supported
windows
os.
E
Since
this
is
a
new
feature
and
right
now
it
is
only
available
on
pre-release
insider
builds
on
specifically
on
built
19603
and
above,
but
the
platform
pieces
will
also
be
back
ported
and
enabled
on
windows
server
2004,
using
a
cumulative
update
that
is
scheduled
to
come
out
in
august.
E
A
So
so
david
you,
you
made
some
updates
to
the
docs
the
other
day
as
well,
and
I
I
know
if
you
saw
my
comment
that
you
know
you
created
a
little
matrix
with
networking
impact,
two
different
versions
of
the
os,
and
I
mentioned
that
2004
is
not
supported
by
kubernetes
yet
right.
So
we
have
another
support
for
this.
So
I'm
thinking-
and
maybe
one
mark
is
here
next
week
who
can
revisit
the?
I
know
we
talked
you
know
we'll
support
lts,
plus
the
latest
two
sacs.
A
Now
we
see
a
lot
of
things
that
you
that
your
team
have
put
has
put
in
2004
right
from
a
networking
standpoint.
So
so
maybe
there's
a
need
here
to
accelerate
2004
so
that
in
119
we
have
this
in
so
like
it
kind
of
balances
things
out.
D
A
Any
next
steps-
yeah,
no,
I
mean
I
think
we
discussed
it,
maybe
like
almost
maybe
a
month
out
now,
so
we
we
agreed
that
that
was
it
right.
Two
lta
two
sacs
two
sacks
and
one
lts.
A
What
was
our
agreement,
but
you
know
we
haven't
started
executing
on
it
right
so
so
now
we
need
to
actually
execute
and
say:
2004
needs
to
be
supported,
so
we
can
actually
get
these
changes
in
for
for
the
networking
that
the
david
and
team
have
been
doing
and
make
sure
that
that
that's
coming
in
and
then
figure
out
how
to
move
on
from
there.
D
Yeah,
no,
that
sounds
good.
So,
if
mark
is
back,
let's
let's
talk
about
it,
because
I
also
want
to
kind
of
come
up
with
like
a
strategy
on
the
next
check
comes
out.
Like
you
know,
we
should
you
know
we
should
have
like
a
timeline
like
you
know.
It
takes
someone
to
get
it.
You
know
started
and
this
this
is
how
long
it
takes
to
get
it
in
the
testing
suite.
G
From
a
20
2004
perspective,
I
know
that
claudu
is
has
just
opened
a
pr
to
add
support
from
for
the
pause
image.
So
I
think
that's
that's,
at
least
in
progress
right
he's
on
the
call.
B
Yeah,
that
and
all
of
the
image
promoter
work
will
make
it
much
faster
to
add
the
support
for
new
sax
when,
when
all
that's
done.
A
E
On
the
change
in
this
case
for
ipv6,
it's
probably
not
going
to
be
backported
to
ltsc.
Okay,
you
know
talking
with
the
responsible
teams.
The
changes
are
are
just
so
substantial
that,
okay,
to
quote
them
that
you
know
it's
basically
changing
the
dna
of
hns
and
bringing
it
back
to
even
1903.
It
would
be
a
huge
amount
of
work.
Okay,
so
2004
on
your
only
got
it
for
ipv6,
but
for
dsr
we
are
bringing
that
to
windows.
F
So
I
just
understand
correctly
that
I
think
the
kept
has
been
modified
and
david
is
correct.
I
think
linux
supports
ipv6
only
cluster
software.
I
just
pasted
the
sorry
about
that.
I
think
david.
We
need
to
document
it
correctly.
Windows
is
the
only
one
that
doesn't
support
that.
A
Okay:
let's
go
ahead
and
talk
about
the
next
issue:
jing,
since
we
have
about
10
minutes
left.
A
Sure
yeah,
let
me
show
my
screen
really
quickly.
You
guys
should
be
able
to
see
my
screen.
C
Right
right,
so,
if
you
click
that
one
six
166
pr
right,
that's
the
where,
like
during
after
the
disk,
is
attached
to
the
node
and
in
the
could
you
also
open
the
file
changed.
C
We
use
powershell
commands
right
to
initialize
and
format
the
disk
before
in
entry
driver
we
use,
assign
drive
lighter
so
that
for
that
volume
right
after
is
formatted,
you
have
driver
letter
for
that
volume
and
then
we
mount
a
not
month.
We
create
sync
link
from
the
driver
lighter
to
a
volume
like
under
the
pod
directory
and
because
travel
letter
cause
problems
like
you
might
run
out
of
the
travel
lighters.
So
we
want
to
remove
that
and
now
the
volume
use
volume
b
to
creating
link.
C
C
But
this
way,
if
you
use
subpath
feature
so
during
creating
the
subpass,
we
use
go
library
like
evaluating
link
to
each
of
the
parts
volume
directory
and
after
this
change,
the
evaluation
link
function
from
go.
We
always
return
arrow
like
too
many
links,
so
basically
that
evaluation
link
function
no
longer
work.
If
you
don't
have
a
driver
lighter
assigned
to
a
volume,
so
I
want
to
ask
like
here:
anybody
have
idea
like
if
we
have
some
other
equivalent
like
a
functional
command
we
can
use.
C
C
H
So,
just
in
a
nutshell,
the
ask
is
like
can
be
like.
Is
anyone
aware
of
ways
to
evaluate
sim
link
while
using
volume
guides
rather
than
drive
letters.
I
On
it,
I've
I've
done
mounted
with
volume
volume
good
pass
in
the
past,
but
I've
not
done
sub
paths
in
the
volume
good.
I
do
know
that
there
are
issues
with
some
windows
code.
If
you
mix
mix
the
slashes,
when
you
use
volume
guide
guidepaths,
I
actually
have
a
pr
that
was
approved
in
the
client.
Go
library
to
always
use
the
correct
slashing
when
using
volume
do
it
paths.
A
Yeah,
I
think
this
is
an
implementation
of
the
language
right.
So,
if
you're,
using
like
c
sharp
or
something
like
that
windows
is
a
little
bit
more
native
to
windows,
it
like
this
works
very
well
whether
you're
using
the
volume
grids,
sim
links
or
anything
else,
but
so
the
problem
with
trendy
solving
is
that
you
don't
want
anybody
to
create
a
symbolic
link.
That
points
to
outside
of
your
volume
is
that
correct.
C
A
H
A
H
H
H
But
I
think,
after
the
removal,
what
jing
found
is
that
the
subpath
security
check
around
sim
link
evaluation
that
begins
to
fail,
because
for
windows,
the
golang
simlink
evaluation
library
function
does
not
work
in
that
expected
way.
Right.
A
A
Whenever
you
do
the
check
the
check
that
was
failing
well,
it's
if
you
go
back
to.
C
My
issue,
I
have
a
link
here:
the
sub
pass
yeah.
A
If
the
only
way
that,
if
the
only
way
that
this
works
is
if
it
has
a
path,
then
we
can
do
that
because
I
guess
it
doesn't
work
with
symbolic
links
here,
right
or
volume
mount
links,
so
you
could
always
assign
it
to
remove
it.
So
we
have
two
options:
either
we
fix
this
call
this
api
and
go
yeah
and
make
go
better
and
we
could.
That
should
be
the
right
solution,
but
in
the
meantime
we
could
assign
a
driver
letter
to
the
evaluation
and
then
remove
it.
C
H
I
I
think
jing
that
should
be
doable,
because,
given
the
volume
grid,
we
can
use
some.
You
know
powershell
or
some
other
mechanism
to
figure
out
what
the
volume
is.
Okay,
and
call
that
dash
assign
drive
letter
right
there
to
just
sign
it.
Something.
A
H
A
A
A
Cool
all
right,
thank
you,
no
problem.
Thank
you.
So,
going
back
to
our
notes
and
elisha,
are
you
on?
A
I
don't
see
him
on
there
on
the
participants
that
you
see
there.
Maybe
we'll
move
it
to
next
week
if
he
join.
If
he
joins
us,
no,
it's
super
early
in
the
morning.
This
is
a
problem
like
we
don't
have
two
meetings
like
other
teams
have
so
I
don't
know.
If
that's,
I
guess,
that's
hurting
us
a
little
bit
in
some
cases,
but
you
know
I
don't
know
if
anybody
wants
to
up.
Maybe
we'll
have
a
special
meeting
just
for
nilesh
or
me
and
mark
talk
with
him.
B
I
was
going
to
suggest
that
maybe
let's
go
to
the
email,
because
this
is
the
kind
of
topic
that
probably
uses
some
thinking
and
response.
Yeah.
A
Yeah,
absolutely
I'll
I'll.
If
he
pings
me
back
I'll
I'll
tell
him
to
to
you
know
either
started
well.
He
started
it
on
email.
So
if
you
go
to
groups.google.com,
so
he
actually
started
it
here.
A
A
Yeah,
where
is
it?
A
This
is
a
problem.
I
can't
see,
see
windows
there.
He
started
here
I
so
that's.
This
is
a
discussion.
So
folks,
if
you
want,
I
know
deep,
you
replied,
but
if
I
rather
want
to
chime
in
let's
talk
about
this
here,
cool
all
right,
everybody,
okay,
yeah.
C
So
the
the
pod
security
policy,
like
I
thought,
is
kind
of
going
to
be
deprecated.