►
From YouTube: Kubernetes SIG Windows 20220614
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everybody
and
welcome
to
the
june
14
2022
iteration
of
the
kubernetes
sig
windows
community
meeting.
As
always,
these
meetings
are
recorded
and
uploaded
to
youtube
so
be
sure
to
adhere
to
the
cncf
code
of
conduct.
All
right,
let's
get
started
with
some
announcements.
First
announcement
is
that
enhancement
freeze
was
delayed
for
a
week.
A
A
That's
good
next
announcement
is.
I
will
be
on
pto
starting
next
week
for
two
weeks,
so
I
think
I'll
talk
to
james
and
jay
and
claudium.
Hopefully
one
of
them
can
run
the
community
meetings
for
those
two
weeks.
A
A
All
right,
I
don't
see
anybody
wanting
to
do
that,
so
we
can
continue
on
with
the
agenda,
which
is
mostly
spillover
from
last
week.
See
this
first.
One
is
one
of
something
that
I
added.
I
think
we've
mentioned
this
before
in
the
in
the
past,
but
long
story
short
is
because
of
the
way
we're
building
the
pause
image
in
the
kubernetes
project.
A
We're
using
build
kit
to
build
it
on
linux
machines
that
method
of
doing
so
makes
it
so
that
we're
unable
to
have
registry
changes
during
the
build
process
kind
of
committed
and
stuck
with
that
which
actually
is
limiting
the
flexibility
of
what
we
can
do
with
the
pause
image.
So
what
we've
done?
There's
an
issue
describing
more
information
about
why
we
can't
do
that,
but
this
pr
here
opens
up-
or
at
we've,
actually
made
and
published
another
intermediate
base
or
another
media
image.
A
It's
getting
published
to
mcr
called
the
windows,
pause
image
base
and
there's
more
information
about
where
that
gets
built
and
what
the
docker
5
looks
like
in
this
peer
description
and
the
other
issue.
But
this
is
built
on
a
windows
machine
where
we're
able
to
commit
changes
to
the
registry
and
this
pr
updates
the
pos
image,
build
and
kubernetes
communities
to
use
that
base
image.
A
So
we
are
able
to
more
cleanly
do
things
like
disable
the
diag
track
service
to
get
that
performance
back
and
also
setting
some
other
registry
keys
to
improve
some
of
the
behaviors
around
that.
If
anybody
is
interested
in
reviewing
this
pr
take
a
look,
it
actually
has
approvals
from
the
owners
of
the
pause
image
too.
So
it's
ready
to
merge
I'm
planning
on
merging
this
pretty
soon.
B
Yep,
we'll
take
a
look
tomorrow
and
the
purpose
as
well.
The
only
thing
that
came
comes
to
mind
if
that
image
has
versions
for
all
the
windows
versions
that
we
support
for
1809
to
2022.
That's.
B
A
And
that
that
other
image
is
open
source
too,
so
anybody
can
submit
pull
requests
to
to
it
and
then
we
can
build
another
image.
But
yes,
yes,
it's
building,
2019,
20h2
and
ltsc
2022.
A
And
I've
actually
built
and
published
the
image
with
these
scripts.
I've
got
some
references,
the
two
and
these,
the
other
images
they're
notary
signatures
too.
So
moving
forward.
All
of
the
image
container
images
that
are
published
in
the
mcr
are
going
to
include
notary
signatures
for
build
attestation.
A
A
Machines
we
we
didn't.
That
was
one
of
the
approaches
that
was
discussed
in
the
the
issue.
It
was
cleaner
and
let
me
oh,
the
the
owners
of
the
test
in
front
were
still
not
super
on
board
with
having
their
own
windows
build
machine.
A
C
A
Yeah,
so
if
there's
any
other,
if
anybody
up
else
decides
or
identifies
any
issues
that
we
can
do
to
help
speed
up
like
the
performance
of
pods
out
of
times,
I
think
we're
going
to
in
a
little
bit
so
folks
at
microsoft,
are
going
to
re-evaluate
that
and
see
if
we
can
trim
down
that
image
more
to
get
the
container
startup
times
approved.
A
Okay,
next
is
this
enhancement
james?
Did
you
wanna
set,
give
some
background
or
talk
about
this?
If
not,
maybe
I
can
a
little
bit.
D
Yeah
sure
I
can
try
to
do
this.
I
think
this
kind
of
ties
into
the
next
issue
as
well,
so
I
this
cube
adm
for
windows,
has
been
around
it's
a
enhancement,
that's
been
around
for
a
few
years
now,
and
there
was
a
ton
of
work
by
paulia
and
ben
moss.
D
I
think
to
make
this
work,
and
I
think
initially,
cuba
dm
didn't
work
at
all
for
women
news
and
they
did
a
bunch
of
work
to
make
that
happen,
and
now
we
actually
use
it
in
all
of
the
cluster
api
stuff,
and
so
it's
pretty
solid.
There
was
a
couple
different
implementations
of
this.
D
Initially
there
was
a
some
powershell
scripts
and
then
there
was
another
set
of
scripts
and
some
docker
containers
that
enabled
you
to
run
flannel
and
q
proxy.
Those
used
some
limitations.
I
guess
there
were
limitations,
but
they
they
used
them
effectively
to
accomplish
being
able
to
spin
up
q,
proxy
and
flannel
as
containers
and
as
we
moved
into
host
process.
D
A
lot
of
that
wasn't
needed
anymore,
and
I
think
the
the
the
new
approach
with
host
process
is
a
is
a
little
bit
cleaner
of
an
approach,
and
so
with
with
that,
we
were
looking
at
this
proposal
and
trying
to
determine,
if,
like,
how
do
we
take
it
forward
and
do
we
need
to,
and
I
think
you
know
we
we
looked
at
cute
like
cube,
am,
and
it
doesn't
actually
require
any
changes
from
windows
side,
and
so
I
think
the
proposal
here
is
to
close
down
this
cube,
adm
for
windows,
enhancement
and
just
mark
it
as
complete
for
now.
D
I
think
so
I
think
that's
kind
of
where
we're
at,
but
we
wanted
to
bring
it
up
in
case.
Anybody
wanted
to.
A
Yeah
james
and
I
were
talking
about
this-
a
lot
like
a
lot
of
like,
as
mentioned
a
lot
of
the
the
workarounds
that
are
called
that
in
here
were
required
for
docker
shim
and
to
get
networking
set
up
with
docker
shim
and
since
docker
shims
removed
and
the
host
process
containers
kind
of
address.
All
of
the
issues
we
had
running
the
cni's
and
q
proxy
via
daemon
set.
A
D
Yeah-
and
I
think
part
part
of
this
as
well-
was
getting
tests
in
place
and
now
that
we
have
all
of
the
cluster
api
tests
running,
we
actually
are
testing
cubanium,
maybe
even
more
extensively
than
we
were
prior
with
some
of
the
older
implementations
of
this.
A
Because
is
anybody
else
on
the
call
using
question
api
or
cuba
dm
typical
windows
notes?
That
would
also
be
another
good
data
points.
A
A
E
A
In
the
okay
yeah,
so
I
think
the
next
I
think
we
probably
should
still
loop
in
lumiere
and
then
also
maybe
do
a
final
round
of
kept
updates
explaining.
A
Why
we're
closing
it
down
and
saying
you
know
things
kind
of
work
and
then
think
two
examples,
because
these
enhancement
proposals
do
kind
of
stick
around
for
posterity.
C
Yeah
and
if
someone
finds
an
issue,
they
should
open
github
issues
against
the
individual
cloud
provider
reports
is
that
the
goal.
A
I
think
it
depends.
I
think
that
there
are
there's
there
are
some
cases
where
they're
I'm
trying.
Maybe
james,
has
some
better
ideas,
but
I
know
like
one:
one
issue
that
came
up
was
how
to
support
if,
if
they
should
limit
it,
so
that
all
the
club
fighters
and
then
the
cap,
the
cube
adm
infrastructure
itself,
can
support
more
than
like
the
netbios
names
for
windows
like
longer
names
or
not.
A
So
I
think
it
depends
if,
for
for
issues
like
that,
there
still
is
a
kind
of
a
desire
to
have
consistency
across
all
of
the
different
cluster
api
providers
and
have
a
common
behavior
in
cuba
dm.
But
if,
but
for
other
things,
it
sometimes
they're
a
provider
specific.
Yes,.
C
Yeah,
I'm
wondering
what
should
we
update
in
the
enhancement
or
the
github
issue,
while
closing
like?
Should
we
tell
that
if
it's
an
issue
with
cubadm
open,
github
issues
against
qadm
and
if
it's
for
other
providers,
these
are
the
list
of
providers
that
are
actually
supported
by
or
using
cubadm?
And
you
should
open
issues
against
those
reports.
A
A
Okay,
real
quick
before
we
talk
about
the
cube
proxy
image.
I
see
I
think
nancy.
Did
you
add
this
item.
G
Yes,
I
did
so
the
thread
for
that
is
already
open
and
just
added
it.
So
I
can
get
more
attention
to
it
and.
A
Danny
cantor,
who
I
mentioned,
who
I
tagged
in
the
thread,
he's
not
on
the
car
right
now,
he's
probably
gonna
be
able
to
resolve
that
the
quickest
I
recommend,
let's
just
reach
out
or
see,
wait,
wait
for
danny
to
respond
on
that.
He
does
a
lot
of
that
work
in
the
in
the
htm
repository
and
he
might
just
know,
what's
wrong.
D
The
the
other
thing
about
those
those
feature
checks
there's
been
some
changes
in
the
latest
versions
of
hcs
shim
to
those
for
various
reasons
and
things
so
making
sure
you
have
the
latest
version
of
his
shim
for
like
library
patched
in
for
whatever
you're.
H
Using
would
help
as
well,
we
are
trying,
but
the
thing
is
that
we
are
using
same.
C
Html
version
in
aws,
as
well
as
azure
only
azure,
fails
that's
what
I'm
a
little
reluctant
to
move
to
the
latest
one,
but
still
that's
what
we
are
going
to
try.
I
don't
know
already
we
discussed
about
it.
I
don't
know
once
we
tried
it
yesterday
or
not,
but
yeah.
The
same
version
should
not
behave
differently
but
azure
and
is
right.
A
There
is,
I
I
don't
think
or
each
day
shim
has
a
specific.
I
don't
think
they
have
releases,
but
they
do
cut
tags.
You
might
want
to
look.
A
My
recommendation
is
to
look
at
whatever
version
or
the
tag
of
the
html
repository
is
getting
vendored
into
the
container
d
1.6
repository
and
try
that
one
out,
because
we
I
know
in
azure
we
do
pretty
extensive
testing
of
container
d
1.6
on
windows,
server,
2019
and
2022.
G
A
Okay,
it
looks
like
they're
using
0.93
here,
but
if
not
danny's,
probably
the
person
best
suited
to
look
at
that.
A
That
james
did
you
want
to.
D
D
So
for
windows,
you
kind
of
need
to
provide
a
q
proxy
image
yourself
or
install
q
proxy
manually
on
the
host
and
one
of
the
things
we
did
when
we
were
trying
out
host
process
containers
was
make
a
hook
up
a
q
proxy
container
and
we
did
it
for
flannel
first
and
then
we
did
it
for
calco
and
I
think
there's
several
other
implementations
of
this
out
there
and
I
was
looking
into
and
claudu
actually
helped
out
too.
D
He
he
kind
of
started
to
build
a
q
proxy
host
process,
image
that
would
be
baked
into
the
kubernetes
repository
and
build
process,
but
it
requires
like
powershell
scripts
and
right
now
those
powershell
scripts
are
very
dependent
on
or
can
be
very
dependent
on
the
particular
cni
and
the
type
of
network
that
you're
using
like
underlying
network
that
you're
using.
D
So
I
was
going
through
trying
to
figure
out
how
to
get
rid
of
those
powershell
scripts
and
solve
like
figure
out
what
why
why
we
had
the
powershell
scripts
and
what
we
didn't.
So
I
wrote
this
document
and
it
goes
through
and
calls
out
some
of
the
various
workarounds
that
we
have
in
the
scripts.
D
Some
of
them
are
things
like
waiting
for
the
hns
network
to
come
online,
and
I
think
this
first
was
a
workaround,
because
q
proxy
the
windows,
q
proxy
didn't
wait
for
the
h
s,
but
since
then
it's
been
resolved,
and
so
I've
linked
to
the
exact
exam
like
some
examples
of
these
custom
scripts,
as
well
as
the
fixes
that
are
in
q
proxy
today,
the
one
that
I
wasn't
able
to
resolve
was
the
source
vip
for,
if
you're,
using
vxlan
and
so
calico
uses
vxlan
as
well
as
flannel
does,
or
at
least
you
can
use
it
with
those
and
one
of
the
things
that
needs
to
happen
for
that
source.
D
Vip
that
is
passed
into
the
cube
is
that
it
needs
to
be
allocated
via
ipam,
and
it
doesn't
necessarily
need
to
be
created.
Did
you
say
passed
into
the
kubelet
yeah.
D
Yeah
yeah
there's
a
flag
that
you
pass.
You
just
pass
dash
dash
sourcefip
and
when
you
pass
that
flat
that
and
you
pass
the
ip
address
and
that
ip
address
has
to
be
allocated
in
ipam,
otherwise,
q
proxy
will
potentially
could
create
that
ip
address
and
and
then
you'll
have
next
time.
Q
proxy's
going
through
and
allocating
ip
addresses.
You'll
have
two
ip
addresses
stop
on
top
of
each
other,
so
it
needs
to
be
done
through
ipam
and
it's
done
differently
for
different
cni's.
So
calico.
D
What
you're
saying
there's
there's
two
scenarios
so
yeah
flannel
and
we've
had
this
bug
come
up
in
kubernetes
a
couple
times
with
flannel
flannel
doesn't
really
do
anything
when
it
starts
up
it,
just
kind
of
delegates,
everything
off
to
the
components,
but
you
pass
in
this
ip
address
that
you
want
for
your
sourcefip
qproxy
looks
and
says:
is
this
ipad
just
already
allocated?
If
not,
I
will
create
it
now.
Q
proxy
doesn't
have
any
knowledge
of
the
ipam
that
the
cni
is
using,
and
so
it
creates
an
endpoint
in
hns
and
later
on.
D
The
cni
doesn't
know
about
that,
because
it
hasn't
been
allocated
in
ipam
that
it's
using
and
it
could
create
an
ip
address
on
top
of
the
one
that
was
allocated
by
qproxy,
and
so
what
we
did
in
flannel
is.
We
have
in
part
of
the
startup
script.
Is
that
flannel
startup
script
will
allocate
the
ip
address
in
ipam,
but
it
doesn't
actually
create
the
endpoint
and
then
it
lets
q
proxy
create
the
endpoint.
D
Yeah
it
uses
host
local,
it's
or
node.
C
Ipm,
I
think,
even
in
my
previous
ipam
implementation,
also,
we
always
dot
200.3
on
the
subnet.
First
will
even
inside.
B
C
H
C
Maybe
I
think
calico
and
the
ipad
what
I
implemented.
We
kind
of
had
a
similar
role
like
exactly
like
you
said,
so
we
passed
that
information
so
that
ipam
will
not
use
the
ip
in
future.
Any
part
when
we
create
it
will
go
from
dot
three
or
four
instead
of
using
the
first
yeah.
F
D
No,
this
has
to
do
with
the
vxlan.
David
might
be
able
to
answer
that.
Okay,
a
little
bit
more
detail,
but
it's
yeah,
so
there's
vip
and
vxlan
is
used
in
three
different
ways:
it's
used
for
the
node
node
s-natting,
as
well
as
for
the
service.
S-Netting
is
my
understanding,
and
if
you
don't
have
that,
then
you
potentially
have
you
know
packets
not
been
routed
back,
which
shows
weird
network
behavior.
F
C
B
C
Yep
possible
yeah,
I
I
I
forgot-
it's
been
a
while,
but
if
it
is
for
vxlan,
then
generally
there
should
be
a
vtep
ip,
which
will
kind
of
have
that
a
packet
inside
a
packet.
Basically,
we
put
the
layer
three
packet
inside
another
electro
packet
and
vtep
the.
F
F
D
Yeah
so
cube
proxy.
So
so
we
have
to
give
that
ip
address.
So
for
calc
for
flannel
yeah,
we
say
it's
the
dot,
2
or
dot
3,
or
something
in
calico.
They
do
the
ipam
and
it
I
was
seeing
it
come
back
as
different
ip
addresses
every
time,
and
so
either
way
you
need
to
kind
of
do
this
allocation
up
front
and
before
q
proxy
starts
and
there's
no
contract
right
now
between,
like
q,
proxy
and
the
cni's.
D
That
says,
like
you
need
to
create
this
ip
address
and
you
need
to
reserve
it
in
ipam,
and
then
you
need
to
give
it
to
us
as
the
source,
bib
and
so
there's
kind
of
this,
like
confusion
of
like
who
does
what
responsibility,
which
makes
it
required
to
have
these
scripts
up
front,
and
so
what
I'm
proposing
is
just
that
we
if
we
say
the
cni,
needs
to
create
a
well-known
named
endpoint
and
then
pass
that
name
to
q,
proxy
and
q.
D
Well,
it
doesn't
even
need
to
pass
the
name
because
it'll
be
a
well-known
name.
The
q
proxy
can
then
look
it
up
and
say.
If
it's
there,
I'm
going
to
use
that
as
my
source
fip,
because
it's
called
sourcefit
bendpoint
or
something,
and
if
it's
not,
then
the
it'll
fall
back
to
the
old
behavior,
which
is
passing
in
that
ip
address,
and
so
everything
would
be
backwards
compatible
as
it
works.
D
But
this
would
allow
us
to
get
rid
of
all
of
those
scripts
and
in
the
document
I
also
link
to
like
the
docker
file.
It
makes
the
docker
file
for
q
proxy
really
simple,
and
we
just
use
the
binary
and
we
don't
have
any
scripts,
and
this
makes
you
know
the
configuration
of
q
proxy
really
simple
as
well,
because
we
can
use
all
of
the
configurations
instead
of
having
to
do
all
this
startup
script.
Stuff.
C
D
F
D
D
D
Yeah
same
same
thing
as
q
proxies
sits
there
and
waits
for
the
hms
network,
and
until
the
hsh
network
is
created,
then
it
doesn't
do
anything
else,
and
so
we
do
essentially
the
same
like
because
we
have
that
logic
already
there
when
calico
creates
the
hns
end
point:
it
creates
sorry
it
creates
a
network.
It
creates
that
source
fifth
endpoint
hns
sees
the
network,
looks
for
the
end
point
and
boots
up.
Oh.
F
A
See
that
behavior,
where
the
cube
proxy
uses
weights,
could
that
have
issues
if,
like
we're,
deploying
keep
practicing
through
demon
said
if
those
containers
get
restarted
or
anything,
could
it
start
up
again
query
for
hns
networks
and
say:
okay?
This
is
already
configured
and
progressed
before
we
redo
all
this
stuff
to.
D
B
D
If
that
problem
already
existed,
then
it
would
already
be
there,
but
we
should
probably
look
at
that.
That's
a
good
call
out.
E
Yeah
my
two
cents
here
is
like
I
agree.
I
think
this
is
a
good
approach.
Koprox
should
not
know
about
ipam
or
manage
this
kind
of
things,
and
coupling
them
even
in
these
scripts
is
a
very.
B
F
F
I'm
trying
to
remove
like
a
coupe
proxy
init
thing
and
then
maybe
it's
like
we
should
have
a
for
back
ends
in
kp
and
g.
Maybe
we
should
have
a
generic
in
it
that
we
add
for
for
other
ones,
because
you
know
ipvs
has
to
do
something
similar
right,
ipvs
has
to
make
some
fake
device,
the
dummy
device
or
whatever
and
that's
kind
of
hacked
into
the
ipvs
startup
as
I
require,
as
I
recall.
F
C
Are
forcing
ipam
to
do
that
by
then
the
behavior
between
the
linux
ipam
and
the
linux
side
and
the
window
side?
Is
it
going
it's
going
to
be
different
right?
I
don't
think
we
enforce
anything
in
the
linux
side.
D
Yeah,
I
don't
know
if
this
is
like
this
whole
sourcefit
vxlan
thing
isn't
really
a
thing
on
the
linux
side
as
as
far
as
I'm
aware
that
sounds
like.
D
So
please
take
a
look
at
the
document
and
review
it
and
get
feedback,
but
it
sounds
like
generally.
This
makes
sense
to
folks
and
if
so
then
I'll
open
up
pr
to
get
there
and
then
should
make
easy
building
that
you
proxy
image
easier,
which
is
nice.
J
D
I
I
think,
as
part
of
the
pr
we
should-
or
I
guess
I
could.
We
can't
do
it
in
the
same
exact
pr.
But
as
part
of
that
is
we
add
it
to
the
docs
and
with
the
improvements
that
we
made
to
the
docs.
We
have
now
have
a
sig
networking
section
and
we
can
add
the
existing
behavior
and
this
new
behavior
and
expectation
in
those
docs.
J
D
Yeah
kind
of
where
I'm
thinking
we
have
that
we
we
just
did
a
reorganization
of
that
and
it
there's
this
new
windows,
networking
page
that
should
be
live
actually,
and
we
can
add
it
there.
Okay,
cool.
D
The
other
part
of
this
is
that
the
cni's
would
need
to
adapt
to
create
this
new
type
of
endpoint,
or
this
named
endpoint.
So
we'd
have
to
communicate
that
with
the
cni's
as
well.
J
And
what
will
we
do
if,
let's
say
someone
is
able
to
update
their
q
proxy
but
they're
using
like
they
want
to
use
the
q
proxy
daemon
set
with
you
know
the
updated
logic
but
they're
using
an
older,
cni,
binary
and
they're?
They
will
not
be
using
the
script
to
create
the
source
fib.
D
Then
they'll
have
to
I
don't
think
they'll
be
able
to
use
that
new
q,
proxy
image
or
or
the
other
thing
I
had
in
there
as
a
proposal.
A
potential
solution
is
using
internet
containers,
so
we
could
have
a
init
container.
That
does
this
and
then
updates
the
config
and
then
the
next
container
would
start,
but
I
haven't
tested
that,
but
that's
a
potential
solution
for
that.
D
All
right
well
we're
eight
minutes
over,
so
we'll
we'll
wrap
it
up
here
and.