►
From YouTube: Kubernetes SIG-Windows 20230307
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everybody
and
welcome
to
the
March
7th
2023
iteration
of
the
kubernetes
community
meeting.
As
always,
these
meetings
are
recorded
and
uploaded
to
YouTube
so
be
sure
to
adhere
to
the
cncf
code
of
conduct.
For
anybody.
That's
new
here
that
just
pretty
much
boils
down
to
be
a
nice
person.
Let's
get
started
with
some
announcements.
First
announcement
is
code.
Freeze
is
5
p.m.
A
Next,
Tuesday,
that's
one
week
from
today,
so
I
saw
that
Arvin
said
his
the
new
that
enhancements
ready
for
views,
I
think
that's
one
of
the
bigger
ones
that
we're
tracking
but
yep
anything
that's
not
really
related
to
fixing
tests.
Issues
needs
for
127
needs
to
be
merged
by
then.
So,
let's
let
us
know
in
this
the
segment
of
slack
Channel.
If
there
is
a
PR
set
integral
to
use
tracking
just
so,
we
can
make
sure
that
those
get
reviews
as
appropriate.
A
Yeah
next
announcement
is:
the
annual
reports
are
due
soon
I
believe
that
they're
asking
for
each
site
to
have
a
draft
of
their
annual
report
ready
for
review
by
March
24th.
This
is
mainly
for
the
single
eats,
but
for
anybody
who's
interested
every
year
as
part
of
the
cncf.
Each
special
interest
group
and
working
group
needs
to
publish
an
annual
report
to
that
helps
measure
the
health
of
the
sigs.
It
has
things
like
how
many
you
know
active
participants
in
the
meetings,
how
many,
how
many
like
sub-projects
are
there?
A
Are
there
new
sub
projects
or
retiring
sub-projects?
All
of
that
stuff,
so
I
I'll
start
working
on
that
this
week.
If
anybody
wants
to
join
me
feel
free
to
do
so,
but
Jay
James
cardio,
oh
that's
going
to
be
due
pretty
soon
for
us.
A
Next
announcement
is
I,
don't
know
if
people
have
seen
But
the
kubernetes
project
really
wants
people
to
stop
using
capes.gcr.io
everywhere
for
about
a
year
now,
there's
been
registry.kates.io
that
has
every
single
image
that
kate.gcr.io
had
and
it's
so
the
issue
is
that
the
kubernetes
project
is
running
out
of
money
to
host
the
case.g
Sierra.
A
I
o
so
they're
just
trying
to
ask
everybody
in
all
channels
to
stop
pulling
images
from
that,
and
the
reasoning
is
the
registry
that
case
that
IO
they
can
redirect
requests
to
different
like
major
Cloud
providers
or
container
Registries,
based
on
where
the
the
image
pulls.
B
A
Coming
from
so
it
can
save
a
lot
of
money
into
ingers
traffic
for
the
project,
but
please
please
update
that
and
actually
starting
with
127
new
container
images
will
no
longer
be
published
for
case.gcr.io.
So
if
you're
trying
to
upgrade
a
cluster
and
still
using
that
it
won't
work,
that's
all
I'll
say
about
that.
A
Next
is
we'll
give
some
space
if
there's
any
new
contributors
here
that
want
to
introduce
themselves
or
say
hi,
say
what
they're
working
on
I
think
most
of
the
people
on
the
call
are
familiar
faces,
but
we'll
still
pause
just
interrupt.
If
you
want
say
something.
A
A
B
A
Okay,
so
a
couple
of
weeks
ago,
or
almost
two
months
ago
now,
somebody
opened
up
this
issue
about
reducing
the
frequency
that
the
the
perf
counters
for
windows
are
are
queried,
because
there
was
some
they
found
that
it
took
up.
It
was
like
consuming
a
lot
of
CPU
usage
and
by
moving
this
from
one
second
to
ten
seconds,
they
were
able
to
free
up
I
think,
like
maybe
a
quarter
of
a
core
on
the
Windows
nodes.
A
In
some
cases
we
talked
about
this
at
the
Sig
Windows
community
meeting
a
while
ago,
but
I
think
James
and
I
have
and
we're
talking
to
with
Somebody
from
Microsoft
on
the
performance
team
too,
and
we
are
thinking
that
it
makes
sense
to
make
this
change
so
I
wanted
to
bring
it
up
with
with
people
here.
I.
A
Don't
think
that
we
we
thought
that
the
trade-off
of
having
you
know
one
second
versus
10
second
perfometrics
versus
that
extra
CPU,
like
a
quarter
of
a
CPU
being
freed
up,
was
worth
it,
but
we
wanted
to
bring
it
up
to
the
community
again
just
to
double
check.
B
A
Thinking
of
just
making
the
change
and
labeling
it
as
breaking
change,
so
people
are
aware
of
it,
but
I'll
you
know
leave
it
up
for
some
comments.
Now.
D
C
And
I
think
it
matches
the
same
time
interval
that
Linux
uses.
So
yes,.
A
Everybody,
including
this
author,
was
trying
to
figure
out
why
the
Winston's
perf
counter
was
set
to
one
second
and
the
Linux
like
the
sea
advisor
scrape
time
was
10
seconds
and
I
couldn't
find
anything.
It
seems
like
just
somebody
not
one.
Second
was
a
good
idea.
That
was
another
reason
to
just
go
ahead
and
make
the.
B
C
Yeah
so
we
saw
the
cubelet
is
using,
or
this
particular
sub
process
of
cubelet
is
consuming
one
third
of
the
culit
CPU,
which
is
pretty
small
on
like
a
idle
machine,
so
cubelets
may
be
using
half
a
percent
or
something,
and
so
it's
a
third
of
a
half
percent.
But
when
running
at
Large
Scale
hundreds
of
nodes,
thousands
of
nodes,
type
of
thing
with
hundreds
of
PODS,
it
ends
up
being
a
significant
amount,
which
was
why
they
would
like
to
decrease
this.
It's.
E
A
A
Mean
I
think
we
have
enough
organic
approvals
from
the
throughput
maintainers
anyway,
okay,
just
because
that's
where
it
is.
A
Okay,
next
announcement:
this
is
something
that
I've
been
working
on
a
little
bit,
so
we
now
with
containerd17
in
addition
to
a
bunch
of
stuff
like
new
host
process,
behavior
and
things,
there
is
experimental
support
for
hyper-v,
isolated
containers.
A
A
Set
up,
that's
launching
all
of
the
container
Windows
containers
as
hyper
parasolated
containers
as
of
yesterday,
and
so
we're
gonna
just
start.
Looking
at
seeing
looking
at
some
of
these
test
failures,
just
to
figure
out,
what's
what's
working
and
not
working
so
there's
a
lot
of
the
basic
functionality
is
seems
like
it's
working,
there's
some
networking
stuff
and
things
that
interact
with
the
host
like
node
ports
and
things
aren't
working.
A
So
this
will
be
interesting
for
anybody
who
wants
to
run
hypervisolated
containers
and
also,
if
you've
been
in
the
Sig
for
a
while
you'll.
Remember
that
with
Docker
and
Docker
Shin,
there
was
hyper-v
isolated,
container
support
in
a
very
kind
of
crude
fashion,
and
that
allowed
you
that
only
allowed
you
to
have
a
single
container
per
pod.
C
A
Instead
of
the,
instead
of
so
normally
when
we
start
Windows,
at
least
in
ink
or
Windows
containers
in
kubernetes
they're,
just
there's
some
winbox
or
Windows
sandbox
technology,
that's
used
to
kind
of
separate
processes
into
different
namespaces,
but
they're
still
all
kind
of
running
in
the
same
on
the
same,
like
kernel
space,
but
with
Hyper
acid
containers,
there's
a
another
utility
or
this
utility
be
on
the
startup.
A
That's
using
kind
of
the
hyper-v
hyper-v
by
kernel,
isolation
technology
to
separate
that
out,
and
then
all
of
the
containers
that
have
started
in
the
Pod
are
started
in
the
same
utility.
Vm.
B
B
A
I
I
think
because
you
can
still
start
Brandon.
Maybe
you
need
to
correct
me
if
I'm
wrong,
but
I
think
because
there
is
still,
you
still
need
to
support
multiple
containers
running
in
the
same
utility
VM
that
they're
still
the
need
for
the
job
object.
So
you
can
control
the
resource
limits
per
container,
because
job
objects
are
also
how
like
resource
limits.
Enforcement
happens
for
Windows
containers,
yeah.
F
Okay,
yeah
I
keep
forgetting
that
yeah
all
right
cool,
and
this
will
also
work
for
what
is
that
post
process
containers?
No.
A
Host
process
containers
and
that's
also
something
that
we
set
up
in
the
test
host
process
containers
will
not
cannot
run
in
hyper-v,
isolated
containers.
F
A
Yeah
so
there'll
be
more
information
and
hopefully
more
documentation
can
think
about
about
this
about
containers.
But
we've
got
some
a
test
signal.
A
A
A
A
B
B
D
Yeah
I,
don't
care
yeah,
it's
fine,
yeah,
actually,
I
didn't
even
see
his
Damon
I
was
looking
at
it
with
Damon.
This
morning
he
was
like
man
I'm
trying
to
get
this
thing
he's
like
I'm,
trying
to
see
which
one
of
the
tests
are
failing,
but
that
link
you
gave
me
was
gone.
I
was
like
oh
okay,
oh
oops,.
A
Yeah
cool
all
right
so
was
this:
you.
D
A
D
Yeah
Ross
or
anyone
else
qemu
around
we
or
continue
to
continuing
to
chip
away
at
this
qemu
thing,
but
there's
something
called
TPM,
which
we
don't
know
what
that
is,
and
so
we
don't
know
the
right
way
to
run
it.
So
we're
copy
and
pasting
code
from
the
internet
related
to
TPM
to
see
if
we
can
get
distrusted
provider
module
to
work
with
Windows.
It's.
B
A
I
was
gonna,
I
was
gonna,
say
so.
The
TPM
is
this:
trusted
platform,
module
and
windows.
I.
Think
modern
versions
of
Windows
now
use
this
thing
called
secure
boot
by
default,
and
so
there
you
need
to
have
like
the
TPM
enabled
and
all
of
the
bioses
come
with
Windows
like
keys
to
say
you
know,
trust
this
and
sell
with
Windows
and
that's
needed
for
secure
boots.
A
Jay
is
the
issue
that
you're
having
trouble
booting
the
windows
machines
without
this,
because
there
is
a
way
to
through
updating
the
the
BCD
of
the
boot
configuration
database
to
say
should
be
to
ignore
secure
boot,
which
is
probably
okay
for
our
testing
scenarios
and.
B
A
B
D
Okay,
I
think
you
I
think
you've
I
think
by
by
saying
that
you've
sort
of
unblocked
us
that's
good
I
mean
it's
not
a
solution,
but
it's
a
it's
enough
information
for
us
to
say.
Okay
now,
I
know
a
different
way
of
thinking
this
problem,
which
is
figure
out
whether
or
not
we
can
disable
secure
boot
and.
F
Like
if
you
think
about
Windows
11,
Windows
11
for
it
to
be
fully
supported,
needs
TPM
2.0,
but
you
can
actually
run
Windows
11
on
platforms
that
doesn't
have
TPM,
2.0
and
I'm
guessing
you
can
do
the
same
for
2022,
but
I'm,
not
100,
sure,
2019,
I.
Think
for
sure
you
should
be
able
to
do
this.
That's.
A
What
I
thought,
let's
yeah,
we
can,
we
can
follow
up
offline.
Is
there
a
fact
right
about
this
software
TPM,
stuff
change.
D
There's
yeah
I,
actually
I,
actually
bugged,
pramita,
I,
think
to
to
post
it
in
Sig
Windows,
there's
a
few
scattered
messages,
and
we
were
talking
about
it
today
in
in
the
zoom
call.
So
I
I
asked
her
to
sort
of
ride
up
the
problem,
so
so
all
you're,
okay,
help
us
with
it
and
so
I
will
I'll
follow
up
on
this
and
start
bugging
people
about
it,
either
tomorrow
she's
in
India.
D
So
it
might
be
tomorrow
morning
that
I'm
able
to
get
all
the
aggregate
all
the
stuff
there's
like
a
couple
of
screenshots
and
stuff
floating
around,
but
yeah,
okay,.
A
I've
done
it
yeah
with
the
you
there's,
there's
either
bios
options
to
do
that,
which,
if
there's
bios
options,
there's
probably
settings
in
Q
mu
itself
to
to
disable
that.
But
you
can
also
do
it.
If
you
can
boot
Windows
or
have
access
to
the
vhd,
you
can
use
BCD
edit
to
write
to
the
boot
configuration
database
and
disable
it
that
way
got.
D
A
And
I
believe
yeah
BCD
edit,
should
a
lot
should
work
on
offline,
okay
generation
data
stores.
F
C
F
A
F
A
Hopefully
you
can
unbox
some
stuff
there,
all
right,
okay,
James,
I,
think
this
is
you.
C
Yeah
I
was
just
calling.
This
is
just
a
call
for
contributors
he,
so
there
is
a
cap
for
cry,
only
support
it's
implemented
for
Windows.
It's
an
alpha
and
over
the
last
few
months,
I've
been
working
to
enable
that
for
Windows
I
made
the
cry
changes.
I've
got
the
the
container.
D
changes
just
finally
merged
yesterday,
so
they'll
be
in
1.7,
and
we
just
need
some
changes
to
the
cubelet
and
I
thought.
C
It
would
be
a
pretty
good
first
PR
for
somebody
interested
in
contributing
to
Cuba
there's
an
ex.
This
is
the
code
that
initially
enabled
this
for
Linux
and
so
I
just
need
to
kind
of
mimics
parts
of
that
to
map
The
Cry
information
to
the
qubit
API,
so
I
just
throw
that
out
there.
If
anybody
wants
to
happy
to
help
kind
of
walk
through
changing
it,
but
it's
a
it
would
be
a
good
first
change.
A
C
It's
really
kind
of,
if
you
know,
go
and
you
want
to
start
contributing
to
cubelet.
This
is
probably
a
good,
a
good
one.
They're.
D
Going
to
add
end
to
end
tests
is
the
reason
I'm
asking
right
or
no
you're
gonna
have
to
modify
e2e
test
or
something
to
like
get
the
stats
out
or
I.
C
Don't
think
so
there
wasn't
any
there
wasn't
any
end-to-end
tests
added
here.
So
we.
A
Already
have
some
end-to-end
tests
that
do
check
the
the
stats
they're
not
super.
What
they
do
is
they
check
to
make
sure
they
start
some
containers
and
then
they
make
sure
that
the
metrics
are
non-zero
and
return
in
reasonable
amount
of
time
that
same
tests
should
cover
this.
As
long
as
we
enable
the
feature
gate
for
the
testing,
so
okay
right
I
mean,
and
it
may
make
sense
to
have
a
more
detailed
checks
in
those
Ed
tests.
A
B
D
A
This
this
came
from
Sig
node
originally,
and
what
ends
which
James
is
just
implementing
the
windows
portion
of
it
so
that
they,
the
functionality,
can
progress
in
lockstep.
C
Yep
I'll
I'll
probably
get
to
it
in
128
if
or
nobody
gets
to
it.
But
if
anybody's
interested
yeah
yeah.
B
C
Cool
yeah,
just
reach
out
to
me
and
I,
can
point
you
in
the
right
direction
and
happy
to
help.
F
C
Right,
yes,
yeah
I
remembered
some
contributions
to
the
Windows
exporter,
stuff.
A
D
F
D
D
E
D
I
I
noticed
this
morning
that
nodes
can't
ping
each
other
and
I
think
it's
probably
a
pretty
easy
one
or
two
line
change.
It's
probably
some
Windows
Defender
stuff
that
we
default
to
on
that.
We
can
turn
off
and
I
just
filed
an
issue
on
sign,
Windows
Dev
tools.
If,
if
you
or
anyone
else,
wants
to
take
a
look
at
it,
it's
really
easy
to
reproduce.
E
Okay,
I
can
have
a
look,
but
I
first
want
to
close
my
other
PRS
that
that.
C
E
B
A
All
right
does
anybody
have
anything
else
to
discuss
like
we're
almost
at
the
end
of
the
meeting.