►
From YouTube: Kubernetes SIG Windows 20190122
Description
Kubernetes SIG Windows 20190122
A
I
heard
everybody
and
welcome
to
another
windows
Meetup.
Thank
you
all
for
attending.
We
have
quite
a
few
topics
today,
there's
been
a
tremendous
amount
of
progress
going
on
in
our
in
our
seek
in
the
last
week,
especially
a
ton
of
emails
going
back
and
forth,
so
try
to
kind
of
get
through
all
of
them
in
half
an
hour
window,
so
I
look
at
any
particular
order.
I'll
just
go
by
the
order
which
the
agenda
items
are
on
the
on
the
document,
and
you
know
we'll
take
it
from
there.
A
The
first
one
is,
first
of
all,
the
group
managed
service
accounts.
Thank
you
deep
and
Jeremy's
been
having
good
progress.
They've
had
a
lot
of
meetings
on
this
and
there's
a
lot
of
iterations
on
the
cap
on
this.
So
they've
had
few
four
or
five
folks
or
been
commenting
on
that,
and
one
of
the
discussion
items
that
came
out
of
that
and
I
told
debug
was
bring.
This
up
is
as
part
of
securing
access
to
the
group
managed
service
account
in
Windows.
A
Deep
and
Jeremy
have
proposed
is
a
process
where
you
have
to
enable
our
bug,
and
then
you
basically
create
a
service
account
and
you
added
to
a
role
definition
and
with
access
to
the
role
and
as
soon
as
you
granted
that
the
new
access
to
a
service
account
that
kubernetes
would
allow
you,
through
the
admission
control,
to
light
up
in
your
pod.
So
you
can
use
that
identity
in
the
network.
Now
one
of
the
things
I
asked
Jeremy
and
indeed
was
what
happens
if
our
bug
is
not
enabled
well.
A
If
our
bug
is
not
enabled,
then
essentially
anyone
has
access
or
knows
what
the
credential
spec
look
like,
we'll
be
able
to
to
essentially
utilize
that
and
any
container
Quran
any
under
any
windows
identity.
That's
authorized
for
that
node
and
there's
a
credential
speck
in
kubernetes,
so
did
mentioned
that
you
know
don't
have
to
be
as
opinionated
on
that
other
parts
of
kubernetes.
Essentially,
if
you're
enable
our
bug
enrolls,
essentially
you
have
keys
to
the
kingdom.
So
maybe
you
should
not
be
different
here.
B
A
And
I
was
initially
against
that,
but
then
discussing
you,
keep
on
the
threat.
I
come
around
saying
you
know
it
is
a
big
security
flaw.
Will
document
the
hell
out
of
it.
You
know
dog,
saying
you
know
best
practice,
you
do
this.
You
basically
allow
anybody
to
have
an
unsanctioned
identity
in
the
network.
Our
recommendations
create
roles
secured
using
service
accounts
and
then
obviously
in
Active
Directory.
You
need
enable
specific
notes
to
have
access
to
that
G
MSA
is
there.
Anybody
has
an
objection
to
us
being
non
opinionated
as
him.
C
C
A
Maybe
we'll
have
to
reserve
this
and
and
talk
about
this
next
week
when
he
has
a
chance
to
review
the.
What
we
can
do
here.
Our
problem
here
is
that
you
know
whenever
someone
stops,
the
service
starts
again,
so
he
doesn't
do
what
it's
intended
to
do.
So
we
definitely
have
to
fix
this
for
GA
and
that's
why
I
wanted
this
to
be
surfaced
in
our
discussion
and
we'll
talk
about
next
week
since
Allen
just
mentioned
that
he's
gonna
communicate.
A
E
A
C
C
A
A
A
C
C
And
so
for
this
one
I
I,
guess
that
the
two
things
that
we
need
are
I
just
put
this
on
a
signal
agenda
so
hopefully,
and
get
them
to
weigh
in
today,
but
one
is,
is,
is
using
node
selectors
by
default
and
okay
practice.
If
sig
node
says
yes,
which
I
believe
they
will
say.
Yes,
because
they're
in
the
process
of
promoting
node
selectors
from
beta
to
stable,
because
it's
been
there
for
something
like
five
or
six
releases.
C
So
if
I
can
get
them
to
agree
that
that's
a
reasonable
practice,
then
I
think
that
we
could
see
what
the
next
step
is
from
there
and
I
mean
turn
through
Sinclair
was
asking
for
cap
I,
don't
know
exactly
why
he
needs
a
cap
for
this.
But
if
we
want
to
mention
in
the
Windows
one
with
a
line
saying
you
know,
services
are
a
part
of
cube
system
that
are
not
ported
to
Windows,
we'll
have
a
node
select
area
of
Linux,
and
so,
if
we
want
to
put
that
line
in
there,
I'm.
Okay
with
that.
C
D
C
Mean
so
my
view
on
this
one
is
that
we
would
remove
the
node
selector
if
the
upstream
team
is
building
and
testing
a
multi
architecture
image
and
if
they're
not
willing
to
do
that,
then
then
maybe
the
answer
is
never
you
know
if
people
from
sig
windows
want
to
help
with
that
I'm
all
for
it,
but
I
think
it's
something
that
we
would.
We
would
look
at
well
sometime
after
we've
got
the
windows
cubelet
and
cube
proxy
stable.
C
A
All
right,
let's
move
on
the
time,
so
there's
an
issue
that
has
a
lot
of
red
screen
back
and
for
around
the
CPU
usage
of
the
use
or
nanoseconds
usage
of
none.
Of
course,
it's
a
it's
an
act.
The
cubelet
reports
that's
not
implemented
on
Windows.
Basically,
it's
not
implemented
only
thing,
that's
not
basically
any
non-doctor.
She
arise
and
as
a
result
of
that,
if
you
do
something
that
keeps
ETL
top
part
through
server,
for
example,
it
will
give
you
an
error
that
certain
metrics
are
not
found.
I
guess
my
first
question,
I,
don't
know!
A
C
A
G
C
C
G
D
F
G
There's
a
there
is
a
proposal
to
switch
to
using
core
metrics
I,
don't
think
I
think
I'm,
not
sure
about
the
progress.
Yeah,
there's
a
reason
that
we
can
emerge
this.
There
were
stats.
How
would
you
beat
me
were
and
I
I
have
several
questions,
but
it's
I
think
looks
pretty
much
good
to
go
so
I
think
we
can
merge
that
first
and
if
we
need
to
switch
to
core
metrics,
they
won't
do
that.
A
All
right
so
I
guess.
The
next
item
is
oh
by
the
way
one
thing
I
want
to
mention
for
deep
in
Jeremy
on
your
cap.
Can
we
actually
push
to
get
approval
to
go
under,
implement
a
implementable
status
for
your
cab
I?
Think,
once
the
most
of
the
questions
I
think
the
jig
is
the
last
one:
it's
going
to
become
the
sea,
god
plastic
architecture.
Approver!
Let's
see,
if
he's
willing
to
play
that
your
role
and
let's
get
implementable
because
I,
don't
think
there's
any
other
body
or
that
cap.
A
A
B
A
C
Craig
was
going
to
check
with
the
other
SIG's
to
see
if
they
wanted
to
have
someone
doesn't
as
an
approver
rather
than
just
reviewers
the
key
distinction
there
is
that
approvers
are
the
ones
that
have
to
give
an
LG
TM,
whereas
reviewers
are
just
assumed
to
have
looked
at
it
and
if
they
don't
have
any.
You
know
outstanding
comments
on
there.
Then
then
it's
good
to
go
and
the
other
thing
Craig's
working
on
is
the
release
criteria
section
that
were
sorry.
C
The
I
remember
was
a
stable
criteria,
he's
going
to
work
on
that
section
this
week
and
so
I'm
just
going
back
through
and
updating
the
areas
missing
tests,
I
did
a
bunch
of
additions
to
that
on
Friday
and
then
the
other
thing
Brian
grant
had
asked
for
was
the
API
list.
I
have
an
earlier
draft
of
that
so
I'm
going
to
update
that
and
put
that
in
line.
C
A
One
thing
I
want
to
add
here
is,
even
though
we
have
a
lot
of
six
that
are
gonna,
be
part
of
the
reviewers
list.
Like
signal
signal,
working,
sixth
or
age,
six
will
be
six
testing
sick
dogs.
The
list
is
endless,
there's
only
two
people,
besides
myself
and
Patrick
time,
need
to
give
the
yey
go
or
no-go,
and
it's
Brian
grant
who's
gonna,
basically
be
our
biggest
gatekeeper
and
an
iron
from
sick
testing
securities.
A
It
looks
like
Brian
is
invested
in
basically
moving
forward
with
this,
so
you
know
once
you
kind
of
finalize
all
the
things
that
he's
asking
for
I
think
we'll
be
in
good
shape
for
him
to
say
yes
as
long
as
number
one,
the
tests
are
all
green.
We
fix
just
talked
about
today
that
we
need
to
fix
to
hire.
A
C
H
Yeah,
it's
it's
going
pretty
well
and
we're
starting
to
work
on
documentation
for
that,
and
we
also
had
a
recent
update
word.
Finally,
the
backboard
to
Windows
Server
2019
was
approved
so
that
should
be
going
forward
and
it's
scheduled
for
February
26th
I
believe
to
come
out
of
a
Kb.
H
The
KB
article
hasn't
been
identified
yet,
but
I'll
all
our
reach
out
to
you
guys
and
share
it
once
we
know
that
what
it
is
so
yeah
I
should
follow
up
in
the
next
couple
weeks
with
some
more
official
dogs
right
now,
we're
kind
of
working
through
them
internally
and
still
finishing
up
validation
of
them.
What.
D
E
H
A
I
I
E
J
Just
just
to
following
following
up
on
the
on
the
patches
for
a
few
of
the
fixes
in
Windows
2019
there's
one
work
around
the
can
only
create
one
container
with
a
shared
network
stack
on
Windows
2019,
which
was
mentioned
that
it
would
be
coming
out
in
sort
of
the
end
of
January
patch
just
wanted
to
check.
If
there
was
any
update
on
that.
A
Dinesh
was
the
one
that
commented
he's
not
on
right
now
so
next
week,
okay,.
C
A
Dinesh
said
it's
already
fixed
for
seven
2019
only,
but
he
didn't
say
when
it's
gonna
come
out.
That
was
the
64
188
issue.
Actually,
my
bad,
it
was
the
mobi
issue.
3
7/8
lead
to
obesity
about
magic,
and
the
LA
is
a
lady
subject.
That
I
have
is
that
he
was
already
fixed
from
1903
and
it's
I
just
pasted.
The
link
I
was
fixed
for
1903
and
will
be
back
for
the
2019,
but
the
nation's
one
has
the
update.