►
From YouTube: Kubernetes SIG Windows 20200204
Description
Kubernetes SIG Windows 20200204
A
Hello,
everybody
and
welcome
to
another
sip
windows,
Meetup,
it's
the
4th
of
February
and
as
always,
this
recorded
meeting.
So
please
adhere
to
the
same
GF
code
of
conduct
all
right.
So
we
have
a
big
agenda
for
today.
So,
let's
get
started
partly
you
wanna
take
their
continuity
process,
a
progress
update.
B
B
The
exit
was
running
pretty
consistently,
but
I
think
there
was
one
one
or
two
failures
that
were
related
to
test
images
that
we
needed
to
update
and
so
we'll
check
on
that
and
get
that.
So
if
you
can
help
get
that
fixed,
there's
also
two
test
passes
that
are
running
with
flannel,
and
so
those
are
running
so
out
of
the
failures
here.
We've
actually
got
PRS
open
to
fix
the
CPU
limit
and
request
stuff
here.
This
is
just
a
configuration
and
precedence
that
needs
to
be
set
and
so
I'm
trying
to
find
someone
else.
B
So
if,
if
someone
can
you
know,
works
with
a
cubelet,
approver
would
be
greatly
appreciate
if
you
could
on
view
that
and
get
them
to
prove
that,
because
I'll
take
care
of
that,
blocker
read
their
these
ones.
We
figured
out
what
the
issue
is
when
we're
running
flannel
and
certain
configurations
on
on
Azure.
We
need
to
do
some
workarounds
because
the
MTU
slower
than
what
what
we
typically
use
with
flannel
and
so
we'll
get
that
fixed.
It's
mostly
just
a
configuration
problem
and
then
I
think
those
are
the
known
issues
that
should
be
fixed.
B
B
There
are
some
things
that
we've
started
to
look
at
that
need
to
be
deferred
out
past
1:18.
One
of
them
is
that
Lantau
had
filed
an
issue
saying
that
image
polls
were
a
lot
slower.
So
this
is
tracked
over
on
the
container
d.
Repo
and
we've
got
this
on
someone's
schedule
to
look
at,
but
it's
going
to
be
probably
a
week
or
two
before
we
had
know
before
we
have
any
clues
on
on
what
it
is
and
so
I
don't
think.
B
That's
something
that
would
block
alpha,
but
so
I
moved
it
moved
over
to
the
beta
M
criteria
there.
The
Etsy
hosts
mapping
is
something
that
wasn't
working
in
docker.
Previously,
it's
feasible
to
fix
it
in
container
D,
but
there's
still
a
Windows,
but
blocking
this
from
working
and
so
I've
parentally
pushed
this
one
out
to
19
as
well.
B
The
last
one
that's
there
is
live,
restore
and
there's
nobody
working
on
container
D
right
now.
That
has
time
to
do
this
for
118,
basically
live,
restores
the
functionality
and
container
D
that
lets
you,
if
you
restart,
if
you
restart
the
container
DD
m--
and
it
needs
to
go,
find
all
the
running
containers
and
then
get
sockets
or
whatever
pipes
or
whatever.
It
is
to
things
like
standard
out
and
standard
air
and
reconnect
those
to
the
new
instance
of
the
demon.
It's
a
pretty
large
work
item
and
it's
needed
for
that
to
be
recycled.
B
B
So
I've
got
those
all
updated
over
here
on
the
on
the
tracking
board,
and
so
there's
just
a
couple
PRS
and
they
need
to
get
merged
there,
and
these
other
ones
on
the
in
review
column
should
be
fixed
once
we
have,
the
merge
is
done
and
so
I'll
try
to
update
that
over.
The
next
probably
update
in
like
two
weeks
from
now,
because
I'm
going
to
be
out
of
town
next
next
Tuesday,
but
I
can.
B
B
Yeah
and
then
once
we
get
something
sort
of
validated,
then
we
could
probably
work
with
lantau
or
or
the
container
D
folks
and
see
if
we
can
get
them
to.
You
know
tag
a
releases
like
alpha
windows,
support
or
something
like
that.
So
there's
something
people
could
download,
instead
of
so
building
from
source
like
like
clientele
and
I,
are
doing
right
now.
So.
A
Absolutely
so
so
Timo
clear
edit
view
of
the
camp
for
Cuba
diem,
and
he
had
some
concerns
on
that
from
a
security
perspective,
how
to
better,
harden
and
protect
ourselves
against
a
bad
actor
so
gap.
You
and
I
kind
of
give
us
an
overview
of
some
of
the
ideas
that
that
team
had
and
which
of
them.
We
might
be
able
to
explore
sure.
D
Yeah,
he
basically
proposed
two
alternatives:
one
of
them
being
adding
a
custom
admission
controller
that
will
only
allow
when
us
to
be
mounted
for
privileged
containers
and
then
the
other,
so
that
one
would
be
like
something
that
we
would
actually
have
to
add
to
kubernetes.
And
then
the
other
alternative
was
something
where
we
would
patch
win
us.
So
win.
Us
will
have
like
this
authentication
layer
where
it
will
look
for
a
service
account
to
validate
like
the
container,
that's
actually
trying
to
access
it.
I
reached
out
to
the
by.
D
D
He
he
also
suggested
just
upstream
patching
witness
and
seeing
if
ranchers
open
to
that
I
got
in
touch
with
the
maintainer
over
at
Rancher
as
well,
and
he
mentioned
that.
Originally
they
were
just
relying
on
pod
security
policies,
but
they
haven't
had
enough
user
feedback,
so
he
seems
pretty
open
to
like
collaborating
on
this.
So
I
asked
him
about
the
authentication
bit
today.
Let's
see
what
he
responds
with.
D
I
did
not
ask
about
those
calls
specifically,
but
I
did
experiment
with
omitting
those
commands
when
building
with
us
and
that's
pretty
trivial,
but
I
can
ask
about
that
as
well,
and
it
looks
like
a
lot
of
them
are
just
getting
information
out
of
the
system.
The
only
thing
that
you
can
actually
modify
on
top
of
running
a
process
is
just
being
able
to
add
routes.
A
That's
great
so
I
didn't
follow.
Did
team
approve
the
cap
as
it
stands
today
or
obviously
I
know
the
cap
positive
he
processes
over,
but
the
steam?
Is
it
a
prerequisite
for
them
to
allow
us
to
move
on
to
the
next
stage
of
merge
that
link?
He
made
one
of
these
two
ideas
for
at
least
looking
to
further
locking
down
witness,
or
what's
your
feeling
on
that.
D
E
D
A
We
should
probably
just
follow
up
with
him
and
you
can
do
it
on
slack
or
something
hey
we're.
Looking
into
this,
you
know
great
great
ideas.
I
saw
that
you
commented
on
that
and
see
if
there's
just
I
think
you
know
this
will
improve
our
security.
So
let
us
know
what
happens
with
rancher.
So
if
venture
is
open
to
this,
that
that'd
be
great
for
us
to
collaborate.
If
that
means,
if
I
can
make
this
better
yeah.
F
F
D
A
Anyway,
v1
you
can
follow
up
on
the
thread
as
well
the
ticket
all
right.
We
have
a
new
community
member
that
attended
a
few
meetings
already,
but
never
really
introduced.
Jocelyn
is
going
to
help
us
on
the
cluster
API
work
for
Windows
coming
from
Microsoft.
So
just
tell
us
cover
things
about
you
and
some
of
the
things
that
you
working
on.
Yes,.
G
G
Bootstrap
providers
for
Windows
and
trying
to
come
up
with
the
documents
that
could
suggest
on
how
this
could
be
implemented
and
how
we
could
get
the
bootstrap
provider
to
work
great
across
multiple
options
that
we
have.
We
especially
have
coordinates,
and
we
have
the
inbox
anathan
that
XML
file,
that
are
two
options,
and
ideally
we
would
like
to
group
these
solutions
and
make
sure
some
kind
of
maybe
a
fan
interface
that
would
be
generating
off
that
other
solutions
could
plug
in
so
we're
totally
looking
into
and
collaborating
with.
A
All
right,
Thank,
You,
Jocelyn
and
welcome
to
our
to
our
virtual
groups.
We
look
forward
to
all
your
contributions
on
the
area
of
clustered
API.
Thank
you
and
when
Gaby's
said
it
wouldn't
Ben
is
back
from
vacation.
Obviously
you
should
sync:
with
the
governor
by
one
Ben
is
back
on
vacation.
You
guys
should
definitely
sit
down
and
chat.
Sounds.
G
B
So
got
a
quick
question
from
an
organizational
standpoint:
are
you
planning
on
like
drafting
there
and
then
reviewing
it
with
the
cluster
API
working
group
first
or
do
we
need
to,
or
should
we
put
something
on
the
agenda
here
to
talk
about
it
in
more
depth?
Like
you
know,
in
a
couple
of
weeks,
that's.
G
A
G
B
A
A
E
We
were
looking
into
that
with
the
reasons
for
that
delay,
with
some
mobi
maintain
errs,
who
one
of
them
is
on
my
team
and
noticed
that
the
container
stats
calls
always
takes
a
fixed
amount
of
time
to
return,
and
the
reasoning
was
is
that
it
returns
two
different
sets
of
metrics
at
two
different
time
stamps
so
that
you
can
create
a
delta
of
them,
which
is
not
really
what
we
want
to
capture
here.
So
we
just
want
a
point
in
time.
E
Snapshot
of
it,
so
I
think
that
there's
actually
the
proposal
to
update
the
docker
API
is
to
get
a
point
in
time.
Snapshot
of
the
container
sets
as
well,
but
that
would
require
a
new
API
version
and
ingesting
that
and
it
could
burn
I
used
to
take
a
long
time.
So
instead
I
noticed
well
I'm.
Actually,
just
I've
made
a
PR
that
updates
the
code
paths
and
kubernetes
to
use
the
same.
A
A
E
E
A
Will
be
impossible
to
kind
of
take
a
two-stage
approach.
Number
one
is
creating
images
for
1903
in
1909,
the
new
location
that
you
have
there,
then
she
are
micro,
comm
always
ask
Amanda
dispose
and
then
keep
the
old
images
there
for
the
previous
location.
So
now
we
don't
break
folks
overnight
right
and
then
you
can
give
a
grace
period
of
the
next
six
months,
for
example,
and
we
can
actually
tweet
lead
posted
in
our
forums
after
the
documentation.
A
So
there's
a
few
things
that
we
need
to
do
about
trying
to
make
sure
that
folks
are
aware
that
this
is
going
to
go
away,
but
that's
kind
of
my
thinking.
If
we
have
basically
that's
if
we
have
to
be
basically
completely
tired
at
all,
if
you
can
keep
the
old
or
indefinite
until
we
no
longer
support
otherwise
image,
then
that's
even
better,
but
if
we
have
to
retire,
it
have
to
have
this
grace
period
where
both
the
old
and
the
new
are
there.
So.
E
A
That's
perfect
them,
then,
let's
just
publish
the
new
one
and
we'll
update
out
the
communication
will
update
the
scripts.
I
know
that
you
know
distributions
like
the
EM
work.
We
support
both
the
MCR
image
that
you
guys
do,
but
also
have
a
way
to
basically
create
an
aircard
installation
methods,
so
people
can
download
it
to
their
own
pilot
registry.
So
let's
go
ahead
and
stop
publishing
the
new
ones
in
the
new
location.
Then
update
dogs
educate
people
and
then
keep
the
old
ones
that
they
all
okay.
E
A
One
advantage
you
have
is
that,
as
folks
need
to
make
use
of
new
operating
systems,
they
will
have
to
figure
out
where
the
new
location
of
the
pause
image
is
they're,
going
to
find
it
anywhere.
I
understand,
that's
a
good
user
experience,
but
it's
gonna
be
a
forcing
function
to
folks
to
identify
communication
yeah,
but
it's
not
like
version
1.1
to
version
1.2.
Where
folks
may
not
be
aware.
There's
new
updates,
because
there's
no
new
tag
in
the
image
right
here.
They
actually
have
to.
E
B
B
A
H
H
D
Cloudbees
in
it
is
what
Ben
and
I
used
Yossi
would
cluster
API?
What
I
think
joseline
and
his
team
is
suggesting
is
something
where
we're
not
relying
on
like
the
cloud
init
interface,
so
cloud
base
in
it
kind
of
tries
to
mirror
cloud
in
it.
What
Jocelyn
is
trying
to
do
is
kind
of
like
an
OS
agnostic
way.