►
From YouTube: Kubernetes SIG Windows 20200908
Description
Kubernetes SIG Windows 20200908
A
All
right
welcome
to
the
september
8th,
sig
windows,
meeting
everybody.
This
meeting
is
being
recorded
and
so
just
make
sure
that
you
adhere
by
all
of
the
cncf
code
of
conduct
and
guidelines,
we'll
start
off
with
a
couple
of
announcements.
A
The
first
one
michael
kind
of
added
here
is
that
calico
is
now
open
sourced
for
windows.
So
it's
kind
of
big.
I
know
there's
a
lot
of
customers
asking
for
calco
support
for
windows
and
it
does
operate
with
linux
quite
nicely.
Everything.
The
next
announcement
is
that
sig
windows
will
be
presenting
at
next
week's
community
meeting.
That's
next
thursday,
9
17..
A
If
anybody
has
anything
that
they
want
to
be
included
in
that
community
meeting,
please
reach
out
to
myself
or
michael
michael
on
slack
and
we'll
make
sure
to
kind
of
add
any
highlights
there
for
people
new
here.
This
is
just
a
an
opportunity
for
different
cigs
to
give
a
ten
minute
presentation
to
anybody
else,
who's
at
these
community
meetings
to
kind
of
highlight
what
they're
working
on
what
the
roadmap
is
and
also
solicit
kind
of
support
and
new
contributors.
A
A
One
more
announcement
which
isn't
done
here
is:
we've
started
up
a
bi-weekly
sig
windows,
backlog,
grooming
meeting
every
other
thursday
at
12,
30
eastern
time,
9
30,
pacific
time.
The
next
meeting
is
this
thursday,
so
please
join
if
you
can
we'll
be
posting
links
to
the
meeting
in
the
sig
windows
slack
a
little
bit
before
the
meeting,
and
so
now
we'll
get
started
with
the
agenda.
A
B
Sure
so
I
was
looking
through
some
of
the
code
for
metrics.
I
think-
and
I
came
across,
that
we
have
still
have
some
hyper-v
support
for
docker
and
alpha
and
I
believe
we're
moving
forward
with
container
d
for
hyper-v
because
of
multi-pod
support.
So
I
open
up
an
issue
to
potentially
remove
that.
I
think
the
the
recommendation
came
back
to
mark
it
as
depreciated
in
120
and
removed
support
in
121,
but
I
wanted
to
bring
it
up
with
the
community
to
see
if
anybody
had
any
thoughts.
A
Yeah,
I
remember
looking
at
that
and
I
believe,
there's
some
pretty
severe
limitations
for
running
pods
with
hyper-v
isolation
in
docker.
C
No,
I
haven't
heard
anyone
using
hyper-v
with
docker
because
of
the
limitations,
so
I
think
it's
pretty
safe
to
deprecate
it
unless
we
hear
otherwise
from
someone
in
the
community.
A
A
Next
item,
pod
security
recommendations.
I
think
people
have
been
waiting
to
hear
some
of
this.
So
do
you
want
to
take
this
one
too
james.
B
B
The
usage
of
the
host
file
system-
and
I
think,
we've
discussed
this
in
the
past-
was
running
as
non-root,
making
sure
that
we're
not
running
the
container
as
container
administrator,
and
then
there
was
a
specific
one
that
wasn't
listed
in
any
of
those
but
gmsa
making
sure
certain
pods
don't
run
certain
gsma,
gmsa
and
so
yeah.
I
just
wanted
to
call
it
out.
Have
people
take
a
look
at
it
and
leave
any
comments
and
if,
if
not,
then
the
next
step
would
be
to
open
up
a
documentation?
B
Pr
to
point
people
towards
these
are
the
recommendations
from
sig
windows
for
for
various
psps
and
linking
it
to
that
pod
security
standards.
B
The
other
thing
that
I
also
did
in
conjunction
with
the
kepp
for
privileged
containers,
was
to
take
a
look
at
how
that
would
change
for
if
we
do
introduce
privileged
containers
and
so
there's
quite
a
pretty
extensive
list
in
the
kept
there
on
how
that
how
that
would
look.
So
please
take
a
look
at
that
as
well
and
yeah.
I
think
the
if
there's
any
comments
or
questions.
A
B
No,
I
know
I
think,
maybe
it
was
you
too,
as
I
think,
you've
run
into
some
problems
with
it
being
attached
to
the
linux
side,
and
so
we've
got
a
couple
open
pr's
to
resolve
some
of
those
as
well.
So
I
definitely
see
a
lot
of
activity
in
this
sense,
so
go
ahead.
D
Yeah,
one
of
the
things
that
I
would
like
to
know
is
like
in
openshift
the
way
we
associate
security
policies
to
parts
is
we
do
it
by
default
like
for
every
part
that
is
coming
up.
We,
we
add
certain
security
policies
like
s,
linux
and
other
things,
and
we
want
to
move
into
a
world
where
we
can
rely
more
on
runtime
classes.
D
For
this
like
in
the
part,
spec
say
if
there
is
a
runtime
class
associated
and
if
that
runtime
class
associated
is
with
the
windows
node
instead
of
as
a
linux
node,
we
would
not
like
to
apply.
We
would
not
like
to
apply
those
security
policies
to
those
type
of
parts,
but
the
problem
we
see
at
this
point
of
time
is
with
the
runtime
classes.
D
There
is
no
way
to
surface
clearly
if
it's
a
windows,
node
or
not,
we
are
relying
on
a
node
selector,
plus
a
toleration
that
gets
appended
to
the
pod
spec,
so
anyone
can
actually
add
or
or
modify
the
port
spec
to
say
that,
yes,
I
am
a
windows
node,
even
though
it's
it's
a
even
though
it
is
a
linux
part.
So
I'm
wondering
if,
if
you
want
to
have
like
some
sort
of
standardization
around
it
saying
that
this
particular
label
is
windows
specific,
this
particular
label.
D
Is
linux
specific
just
like
how
we
have
standard
labels
on
the
node
saying
that
slash
os
is
equal
to
windows
or
linux?
Can
we
have
something
similar
on
the
runtime
classes,
which
is
specified
that
this
is
a
windows,
specific
runtime
class
versus
linux,
specific
runtime
class.
A
So
I
I
have
been
going
to
some
of
the
signod
meetings
too,
and
I
know
that
I
think
sergey
from
signode
has
been
trying
to
make
a
decision
about
if
they
should
graduate
runtime
classes
to
stable,
with
this
release
or
not
and
we're
opening
where
they
opened
a
google
doc
and
we're
asking
for
usage
examples
of
runtime
classes
and
also
feature
requests
and
our
blockers
from
moving
that
to
stable.
A
Can
I
I
will
post
that
in
the
sig
windows
slack
channel
after
this
meeting,
that
might
be
a
good
place
to
to
comment
on
there
and
have
some
other
on-time
class.
Implementers
also
comment
on
that.
If
that
works
for
you
well,.
D
Sure
that
that
works
for
me,
I
just
want
to
get
to
know
what
does
the
sig
think
about
it
like
the
windows
think
about
it
like?
Do
you
think
it's
because
when
I
looked
at
the
history
of
the
runtime
classes,
implementation,
I
believe
whoever
has
written
the
design
document.
He
clearly
mentioned
that
we
can
have
an
explicit
label
or
a
reserved
label
which
says
this
is
a
windows.
D
C
I
was
in
touch
with
patrick,
I
wasn't
in
the
I
wasn't
too
involved
in
the
sig
windows
community.
We
had
a
discussion
with
patrick,
but
I
patrick
was
the
one
driving
insecurities.
B
To
that
where,
where
it
was
maybe
discussed,
you
can
take
a
look.
D
At
that,
oh
sure,
I
don't
have
it
handy
now,
but
I
can
post
it
on
sigmundo
slack.
A
Yeah
yeah,
I
think
we
could
probably
take
some
of
that
conversation
to
slack
with
some
more
links
after
the
meeting.
I
don't
think
I'm
opposed
to
that
idea.
I
know
that
just
relying
on
node
selectors
is
cause
always
kind
of
leaves
windows
with
the
short
end
of
the
stick.
If
people
choose
to
not
implement
node
selectors
for
all
of
their
their
workloads,
so
maybe
we
can
have
a
salient
argument
for
a
dedicated
field.
D
Yeah,
the
the
other
thing
is,
as
they
told
some
of
the
distributions
of
kubernetes.
Most
of
them
are
like
homogeneous
clusters.
Sorry
heterogeneous
clusters,
both
windows
and
linux,
worker
nodes.
A
D
There
is
an
inherent
bias
towards
linux
nodes
because
they
have
been
around
for
a
long
time
in
the
kubernetes
space
and
we
cannot
take
the
defaulting
out,
at
least
in
openshift,
for
the
security
policies
that
are
being
applied
to
the
pods.
So
if
you
have
some
sort
of
standard
way
to
distinguish
between
a
linux
versus
a
windows
worker
node,
we
would
say
that,
yes,
this
runtime
class
is
specific
to
windows.
So
we
would
not
like
to
apply
the
port
security
policies
of
linux
on
these
windows
nodes.
A
Yeah,
no,
I
think
these
are
good.
That's
a
good
conversation
to
to
have.
D
Sure
I
I'll
post
the
the
links.
Thank
you.
A
Sure,
yeah
and
I'll
make
sure
to
follow
up
with
that
too.
I
don't
see
anything
else
on
the
agenda,
except
for.
If
we
have
a
minute
we
can
go
and
look
at
the
120
pr's
and
see
where
those
are
that
was
kind
of
the
first
thing
here,
but
I'll
open
it
up.
Does
anybody
have
anything
they
want
to
discuss.
C
So
I
think
one
quick
thing
jing
last
time
brought
up
the
run
as
user
affect
the
file
permission
like
it
does
in
linux.
So
I
asked
the
the
windows
containers
engineers.
C
They
see
user
field
being
passed
to
hcs
and
the
assumption
it
will
change
the
user
context
in
the
container
and
and
hence
it
will
affect
the
file
permissions
based
on
what
the
user
will
have
access
to.
Now
they
were
asking
if
there
was
a
specific
interaction
with
the
file
permissions
that
we're
looking
into
so
I
have
asked
jing
before
I
mean
I
can
take
this
conversation
further
but
yeah
I
was
looking
at
the
you
know
the
the
github.
I
don't
see
the
issue
so
just
a
reminder
to
jenny.
C
If
you
can
open
the
issue,
the
engineers
can
look
at
it
and
there
could
be
a
back
and
forth
there
as
well
on
the
on
the
github,
because
there
were
a
couple
of
follow-up
questions.
The
quick
answer
was
yes,
it
will
affect
in
some
way,
but
they're
trying
to
understand
what
interactions
you
will
you're
looking
for.
So
you
can
open
the
issue
on
this
github.
That
would
be
helpful
in
getting
the
answer
you
need.
A
A
Okay,
I
have
a
quick
update
about
the
device
class
prs
as
well.
I
asked-
and
we
do
have
a
little
bit
of
a
budget
to
be
able
to
run
device
class
periodic
jobs
in
azure.
For
specifically,
I
think
there's
a
couple
of
prs,
both
implementation
and
test
prs
around
gpu
support.
A
All
right,
as
always,
you
can
find
the
sig
windows
backlog
up
here
at
the
top
of
the
meeting
notes.
It's
this
project
board
number
eight
for
in
the
kubernetes
projects,
which
I
open
here,
and
we
do
try
and
keep
it
organized
for
what's
kind
of
in
flight
and
in
progress
and
in
review
for
each
review.
I
was
taking
a
look
before
the
meeting
and
I
saw
pretty
much
all
the
issues
called
out
in
the
july
21st
meeting
for
move
to
128
already
open
here.
A
So
if
anybody
wants
to
start
getting
into
reviewing
some
zig
windows
prs,
this
is
probably
a
great
great
place
to
start.
A
lot
of
these
already
have
been
open
for
a
couple
releases
and
already
have
a
lot
of
discussions,
so
you
can
kind
of
see
what
people
are
commenting
on
and
reviewing
from
as
well.
A
A
A
All
right,
I
guess
that's
it
for
this
week's
sigmundus
meeting
thanks
everybody.