►
From YouTube: Kubernetes SIG Windows 20200114
Description
Kubernetes SIG Windows 20200114
A
Hello,
everybody
and
welcome
to
another
sip
windows,
meetup
it's
their
14th
of
January
and
were
back
on
track,
getting
started
for
the
new
release
of
Canaries,
as
always
is
a
recorded
meeting.
So
please
adhere
to
the
scene,
CF
code
of
conduct.
Alright,
let's
get
started.
I
know
you
guys
did
not
discuss
the
one
agenda
item
I
added
last
week:
I
think
you
may
have
waited
for
me
if
I'm
not
mistaken.
B
B
So
your
enhancement,
you
freeze,
your
caps-
are:
do
need
to
be
merged
by
January
28th
code,
freeze,
March
5th,
pretty
similar
schedule
length.
So
the
last
few
releases
I
didn't
want
to
mention.
There's
a
couple:
a
couple
issues
that
we
kept
getting
pinged
on,
both
on
like
slack
and
also
on
the
issues
themselves.
One
of
them
is
around
the
CPU
limits,
so
I've
got
a
P
I
finished.
Writing
some
tests
for
that
yesterday
and
I
get
a
PR
open
for
that.
A
C
D
C
Other
thing
for
the
maybe
the
high
priority
think
Patrick
yeah
we've
been
getting
a
lot
of
requests
about
why
graceful,
they're,
graceful
termination
and
the
shutdown
period
isn't
honored
I
think
we
should
update
the
docks
with.
There
are
a
couple
of
registry
settings.
You
can
add
to
a
container
that
will
have
docker
give
you
an
extended
shutdown,
duration,
I,
think
we
should
document
that,
because
we've
been
getting
a
lot
of
requests
for
that.
Okay.
B
E
C
A
C
B
A
B
B
B
G
Yes,
so
the
work
is
in
progress.
I
think
Kiki
started
pretty
much
a
new
branch
where
his
he's
good
he's,
integrating
it
with
I
sure
disc
CSI
driver.
So
so
you
know
pretty
solid
progress
on
the
disk
volume
and
the
file
system.
Api
is
there
kind
of
more
incompletion,
so
alpha
and
1aq
should
be.
Let
me
look
at
it.
Okay,.
G
B
So
I
talked
to
the
people
that
were
working
on
that
and
they've
got
a
plan
proposed
and
they're
trying
to
get
somebody
to
to
work
on
it.
You
know
like
over
the
next
next
few
months
and
so
I'm
trying
to
see
if
I
can
get
kind
of,
like
a
public
version
of
that
doc
out
for
review
it
so
kind
of
the
the
main
that
impact
is.
B
Just
because
I
don't
see
there
being
anything
before
code
freeze
and
you
know
and
I,
don't
know
for
sure.
If
it's
something
that
would
be
available,
you
know
between
March
and
June
or
if
it's
even
late
or
if
it's
later
than
that
so
I'm
trying
to
get
some
more
details
on
that.
So
we
can
use
that
to
to
reference
in
our
planning.
G
B
B
G
B
F
At
least
you
had
that
link
there
I'm
updating
it.
Okay,.
B
F
H
H
Find
the
gaps
between
Windows
and
Linux
and
we
have
been
trying
to
propose
a
bootstrap
provider
that
can
work
similar
to
how
the
Linux
cloud
and
it
works
so
basically
have
the
cloud,
and
it
is
today
giving
us
the
cube,
config
and
basically
the
join
token
in
order
to
join
the
worker.
Node
right,
you're.
F
H
H
H
H
H
Think
this
is
another
thing
that
I
feel
like
privileged
container
is
the
right
way
to
solve
the
problem,
because
Venus
will
keep.
We
have
to
keep
adding
kpi's
across
its
inverse
and
across
its
es.
If
we
go
through
this
route,
I
I've
been
putting
pressure
on
the
base
team
to
basically
timeline
on
the
privilege,
container
and
they've
been
telling
every
iteration
so
I.
Think
if
you
put
pressure
I,
don't
know
what
do
you
think.
G
B
So
so
the
winners
proxy
can
just
run
an
arbitrary
process,
and
so
this
would
give
you
a
way
to
potentially
ship
something
and
then
run
it
on
the
host.
It's
not
as
clean
as
running
in
a
true
container,
but
it
lets
you
run
arbitrary
code,
and
so
you
know
for
trying
to
move
back
to
using
the
same
sort
of
cube,
ATM
phases
that
are
used
by
both
cluster
API
and
cube
ATM
itself.
This
is
much
more
consistent
because
it
still
relies
on
getting
configurations
from
from
kubernetes
and
CR
DS.
B
It
still
schedules
things
with
the
demon
set
and
what
I
think
what
I'm
hoping
is
feasible
is
that
we
could
use
things
like
the
CSI
proxy
and
win
s
today
on
Windows
Server,
2000
19.
So
that
way,
we've
got
a
solution
for
people
that
want
to
use
cube
ATM
with
that
LTS
version,
and
then,
when
a
new
version
of
Windows
is
out,
that
hat
offers
a
privileged
container
support.
We
could
say
you
no
longer
need
the
proxy
or
you
can
just
run
migrate,
the
proxy
and
do
it
into
a
privileged
container.
B
F
H
B
A
F
F
A
F
A
Do
make
a
lot
of
things
complicated?
That's
why
you're
seeing
other
tools
sitting
on
top
of
kubernetes
time
to
manage
those
things,
but
I
mean
the
biggest
thing
for
us.
Is
you
just
need
to
give
them
the
available
tools?
So
if
someone
doesn't
want
to
go
down
this
path,
obviously
they
don't
have
to
use
cube,
ATM
or
write
API.
They
can
just
manually
bootstrap
everything,
but
if
they
do
choose
to
use
them,
they
could
be
restrictive.
The
same
way
that
could
be
on
Linux
or
so
yeah.
C
A
F
H
H
F
B
So
the
I
think
the
question
is:
do
we
make
a
you,
a
forked
version
or
similar
project
with
a
slightly
narrower
scope
and
basically
maintain
that
as
a
sig?
Or
do
we
basically
share
the
same
thing
with
with
Rancher
I
mean
it
may
be
that
that
with
your
other
POC,
maybe
they
decide
to
that?
They
don't
even
want
to
maintain
that
H&S
calls
in
there
if
they
consolidate
on
the
same
approach,
so
I
think
would
be
reasonable
to
at
least
see
if
we
can
reach
out
to
them
and
see
what
they
think
about
it.
Yeah.
F
H
F
Oh,
so
that's
so
I
think
what
you're
referring
to
is
like
when
you
create
the
flannel
Damon
said
it
has
to
be
on
the
like.
It's
a
host
network
container
that
you
create,
and
that's
just
because
kubernetes
like
the
cubelet
will
refuse
to
schedule.
Pods
when
CNI
hasn't
been
initialized,
looks
for
like
specific
files
to
be
written
to
disk,
and
but
it
will
allow
host
network
pods
to
be
created.
F
F
B
F
H
B
F
But
this
is
like
you
know,
on
Linux,
by
default,
you
can
like
mount
the
root
disk
and,
like
you
know,
hose
your
whole
machine.
If
you
want
to
it's
the
same
story
there
like
by
default,
it's
very
insecure,
but
we
have,
we
can
have
like
recommendations
for
how
to
make
a
production-ready
configuration.
H
A
Which
is
probably
also
engage
with
the
security
virtual
team
in
the
kubernetes
community,
and
let
them
know
that
this
is
coming
and
what
it
looks
like
I
know.
Kubernetes
goes
through
penetration
testing
reports
tours
one
this
summer,
you
know
discovered,
like
30-plus
vulnerabilities
it
worthwhile
to
make
sure
they're
aware
of
this,
so
potentially
could
get
some
focus
on
the
next
one,
but
also
get
their
opinion,
so
so
been
it
possible
once
you
actually
get
the
document
in
the
cab
up
and
running.
Let's
make
sure
that
six
security
is
also
part
of
the
review
cycle
sounds.
H
They
might
put
a
block
on
this
if
he,
because
this
host
network
is,
we
changed
the
requirement
of
networking
for
kubernetes,
based
on
the
assumption
that
we
don't
have
hosts
networking
support.
So
we
need
to
add
something
in
the
kit
that
says
that
we
are
using
that
as
a
for
Chrome
browser
than
we
starting
the
support
of
host
network.