►
From YouTube: Kubernetes SIG Windows 20190618
Description
Kubernetes SIG Windows 20190618
A
Hello,
everybody
and
welcome
to
another
sea.
Witness
Meetup,
I,
think
you're,
pretending
it's
the
18th
of
June
and
wonder.
15
is
officially
pretty
much
out
the
door
so
we're
starting
to
concentrate
on
the
next
release.
A
couple
of
quick
announcements
for
today:
first
thing
is
our
documentation,
has
changed
location.
So
if
you
are
looking
for
the
dogs
in
their
original
location,
which
used
to
be
communities,
loyal
dogs
windows,
it's
no
longer
there.
A
Now
it's
in
community
style,
dog,
setup,
production,
environment
windows
so
make
sure
you
send
me
links
to
folks
don't
copy
no
leaks,
because
it's
just
gonna
give
them
a
photo
for
so
I.
Don't
know
why
they
made
that
change.
I
was
not
aware
of
it
until
today.
I
want
to
find
out
carving
from
people
that,
let
me
know
about
it.
So
I
was
like
okay,
that's
kind
of
killing
us,
so
that's
it!
You
know.
Obviously
we
are
a
little
bit.
A
We
didn't
deliver
a
lot
of
things
in
115,
but
we've
made
tremendous
amount
of
progress
so
now
the
responsibilities
analysis
and
seek
to
kind
of
take
the
ball
from
what
it
is
and
try
to
make.
A
lot
of
progress
world
also
run
its
user
name
or
container
D
of
Cuba
DM
to
kind
of
deliver
a
lot
of
functionality
with
the
next
release,
which
look
definitely
before
Cuba
console
gives
us
enough
time
to
test,
drive
them
and
obviously
move
them
forward
for
the
1.17
and
118
releases.
A
So
all
right.
So
let's
talk
a
little
bit
about
the
privileged
containers
proposal.
So
we
said
that
last
time
that
we're
going
to
provide
the
opportunity
for
folks
to
read
the
document
and
provide
feedback
and
see
if
there's
something
that
they
like
from
different
options
of
Patrick,
outlines
so
tricky.
But
the
mic.
B
A
Going
on
there
on
the
file
system,
issue
and
she's
right
right,
so
this
is
not
gonna,
be
the
same
approaches
having
privileged
containers
and
Linux
right.
There's
certain
concessions
that
needs
to
be
made
or
the
application
has
taken
advantage
of.
This
needs
to
be
aware
of
their
about
the
file
systems
and
the
circumstances
under
which
is
getting
that
elevated
privilege.
Mm-Hmm.
B
A
I
think
that
you
know
we're
gonna
have
the
expectation
that
any
app
that
worked
on
Linux
under
privileged
containers
is
collapse.
Moving
to
Windows
and
everything's
gonna
work,
that's
not
gonna,
be
the
case.
I.
Think
the
motivation
here
and
what
you're
trying
to
do
is
basically
starting
evolving,
some
of
the
csi's
first
and
some
of
the
other
things
that
potentially
mean
deliver
the
permissions
I'm,
not
making
a
general
purpose
approach.
I!
Think
that's
fine!
A
C
D
Option
B
this
option:
C
doesn't
solve
the
packaging
problem
right
I
mean
that
is
a
bigger
like.
Why
would
somebody
go
with
the
privileged
container,
in
my
opinion,
is
to
Botswana's
to
do
some
privileged
operations
of
the
hosts.
Second
is
to
service
that
binary
in
a
container
fashion
right,
the
top
ssin
see
you
won't
get
that.
D
B
D
B
There's
no
file
system,
isolation
from
the
host,
and
so,
if
you
want
to
do
something
like
replace
an
old
version
of
a
plug-in
with
the
new
version,
you
can
still
have
conflicts
there,
because
each
one
is
running
unbounded,
and
so
you
don't
get
any
of
the
resource
or
sub
or
separation.
Regard
like
this
is
a
separate
discussion
from
security
boundary.
It's
like
the
basically
creating
these
is
not
going
to
be
an
idempotent
operation.
I,
see.
D
Thing
is
the
customer
has
to
do
it.
Anything
can
be
different
for
Linux
and
Windows
right
with
option
C
with
option
B
what
I
the
customer
will
still
have
to
have
a
container.
She
can
reuse,
whatever
he's
running
it
in
Windows
versus
Linux,
and
the
only
thing
is,
we
will
have
inject
some
proxies
to
handle
the
privilege
calls.
Oh.
E
You're
thinking,
actually
the
containers
syscalls
would
be
intercepted
and,
like
I,
see,
I
thought
we
were
just
gonna
change
it
so
that,
like
I,
mean
he's
still
run
a
container
like
flannel
or
something,
but
that
it
would
be
like
specifically
like
the
windows
code
would
call
out
to
like
a
oxi.
Like
you
know,
like
you
know,
I
was.
E
D
E
Yeah
I
think
yeah
I
mean
I;
initially
it
was
dot.
C
was
the
better
just
because
it's
I
mean
obviously
gonna
be
like
the
thing
that
doesn't
need
any
kind
of
extension
really
like.
Once
you
can
run
a
hose
process,
then
it's
like
you
can
all
the
sis
Carlos
I
are
available
where
B
is
like.
If
we
need
new
AP
eyes
and
we
constantly
need
to
be
adding
more
proxies
or
updating
them,
but.
E
C
D
E
C
What
happened
was
I
pretty
much
got
it
working
with
CSI,
but
then
change
went
from
like
you
know,
a
regular
model
that
I
had
to
more
of
a
conciliation
model
or
a
controller
model,
and
that
seems
you
have
some
issues
with
the
way
things
are
working
in
Windows,
so
I'm
debugging
that
at
the
moment
so
plug
in
registration
just
broken
windows.
After
that
change
landed
like
feedback,
so
I'm
running
you
know
going
to
those,
hopefully
I'll,
you
know
be
able
to
figure
it
out
by
this
week
and.
D
C
Now
that
change
that
code,
like
took
a
pretty
major
change
like
couple
of
weeks,
back,
I,
think
or
like
about
a
week
back
where
it
moved
to
more
of
a
controller
model
where
they
constantly
monitor
the
paths,
try
to
clean
things
up
so
now
the
plug-in
registration
all
of
a
sudden
seems
to
be
broken
in
top
of
creep.
So
I'm
debugging
that
problem
once
I
have
that
figured
out
and.
C
B
B
B
B
C
B
So
we
do
have
this
SIG
windows
tools,
repo.
That
I
think
would
be
appropriate,
like
that's,
where
we
put
put
wind
cat,
which
is
needed
for
the
port
forward
that
had
been
contributed,
and
so
for
things
that
are
built
out
of
the
main
crew
Bernays
repo,
but
might
be
needed
for
Windows
nodes.
I.
Think
that
was
kind
of
the
intention
of
this
repo.
A
E
E
D
A
So
if
you
want,
if
you
can
send
me
some
rough
notes,
I'll
tighten
them
up
and
validate
them
and
run
them
through
once
in
my
environment
and
if
they
work,
I'll,
just
publish
them.
So
I
can
do
that
and
then
Microsoft
and
Patrick
and
and
Craig
were
the
ones
that
worked
on
that
and
they
build
the
original
post
container
that
was
pushed
on
in
CR.
You
can
have
them
also.
They
build
that
using
the
same
method.
Okay,.
B
Yeah
I've
got
that
on
my
list,
so
I've
got
that
docker
file
and
another
repo,
but
I'll
see
if
I
can
just
get
it
into
this
one
for
now
and
I'm
gonna
be
different.
It's
gonna
look
at
a
multi-stage,
build
that
uses
the
coaling
image
to
build
to
build
that
and
then
copy
it
in
there
and
then
so
yeah
I'll.
Take
that
as
it
doesn't
know
it
sorry,
hey.
That's
him
yeah
a
chance
to
do
anything,
but.
A
B
B
Okay,
so,
okay,
so
I'm,
sorry
well
going
back
to
the
privileged
stuff,
so
I
mean
it
sounds
like
there's
some
little
bit
of
consensus
around
going
with
be
especially
if
we've
got
some
working
prototypes.
There
has
anybody.
Looked
at
this
from
a
network
standpoint.
Is
there
something
some
code
that
that
could
be
shared
there
as
well?
I.
C
D
B
B
Yeah
basically
option
D
yeah
I
mean
just
just
to
be
transparent.
I
think
that
at
least
from,
if
I
think
about
this
from
a
cloud
provider
perspective
since
we're
already
publishing
custom
images
that
will
be
used
with
a
container
service
like
aks,
we're
probably
going
to
have
some
form
of
D
just
because
the
binaries
are
already
it's
in
there,
but
that's
really
kind
of
an
implementation
detail.
I
mean.
B
B
C
Question
around
what
are
the
latest
guidelines
vendor
external
stuff?
It
seems
like
one
of
the
other
areas
we
were
looking
at
at
that
John
was
taking
a
look
at
was
potentially
since
we
have
the
I
scuzzy
entry
provider,
porting
it
to
make
sure
which
to
support
Windows
so
rather
than
just
the
ADM
as
it
doesn't
Linux
and
I
scuzzy
commandlets.
C
That
are,
you
know
better
there
today,
as
a
flexible
plugin
like
can
that
be
brought
in
entry,
so
I
think
he
has
a
sort
of
a
prototype
going.
But
one
of
the
concerns
where,
like
you
need
to
get
like,
go
bindings
going
for
some
of
these
things
and
if
they're
like
a
huge
reservation
against
being
able
to
render
in
like
an
external
library
at
this
point
in
entry.
A
B
C
Like
you
know,
make
it
keep
it
out
of
tree
like,
as
a
you
know,
as
an
independent
rendered
library
that
anything
beyond
kubernetes
can
also
use
if
they
want
to
do
eyes
for
these
stuff
for
Windows
and
then
have
the
kubernetes
entry
I
scuzzy
provider
Hall
into
this
library
by
memory
I'm
just
wondering
if,
if
there's
any
thoughts
on
like
how
strong
the
opposition
is
rendering
in
new
things,
it
seems
like
there
is
you're
just
trying
to
render
in
something
really
tiny
and
there
was
like
holy
cow.
What
are
you
doing?
A
I
think
the
the
right
thing
is,
we
need
to
take
it
to
the
Sikh
architecture
office
hours
and
create
a
proposal
ahead
of
time.
Theme
of
this
is
a
small
word
document
talking
about
what
we
want
to
do.
We
send
it
to
them,
so
they
get
a
chance
to
read
it
for
a
few
days
and
then
show
up
at
office
hours.
So
we
can
all
show
up
me,
you
Patrick,
if
you
want
and
tell
about
it,
but
the
first
thing
is
you
guys
need
to
create
a
document
so.
B
I
guess
the
other
option
would
be
if
this
is
something
that's
closely
related
to
making
HCS
calls
on
Windows.
Maybe
we
put
in
each
session,
and
so
it
wouldn't
be
a
new
vendor
library,
but
we
could
basically,
if
we
need
to
do
things
like
be
able
to
enumerate
host
pads
in
format
them
in
a
way
that
could
be
used
to
attach
them
to
a
container.
Maybe
it
makes
sense
to
wrap
it
up.
There.
B
B
So
so
claudia
has
been
really
hard
at
work,
getting
working,
along
with
the
conformance
working
group
to
reduce
the
number
of
images
that
are
used
in
the
end
and
in
conformance
tests
and
so
a
whole
bunch
of
the
PRS
that
he
had
during
15
or
kind
of
on
hold,
because
people
don't
want
to
change
your
tests
right
then,
and
a
bunch
of
those
just
merged,
and
so
I
created
a
done.
Call
I'm
here
for
16
and
tried
to
move
the
stuff
that
I
was
aware
of.
B
That
was
less
than
15
into
here,
because
the
github
rule
was
automatically
still
merging
stuff
putting
stuff
in
this
column
rather
than
this
column.
So
that's
corrected
now
and
so
what's
left
is
we
still
need
to
basically
clear
out
this
15
backlog
and
drain
this
in
progress
and
review
queue
for
stuff
to
go
into
16.
B
So
get
that
column
out
of
the
way,
at
least
and
so
I
think
what
I'd
like
to
do
is
for
next
week,
if
there's
something
that
is
assigned
to
you
in
the
backlog
or
in
progress
that
you're
not
working
on,
go
ahead
and
get
it
back
here
into
this
general
backlog
column.
So
that
way
we
can
focus
on
finding
someone
else
to
work
on
it.
B
B
B
But
we're
still
hitting
some
issues
where
we
basically
can't
even
complete
a
test
pass
things
start
hanging
before
that,
and
so
once
that
is
at
a
point
where
it's
on
test
grid
I
think
we'll
be
on
a
better
track
tied
by
whether
things
are
whether
or
not
we
can.
You
know
to
clear
that
alpha
quality
416,
but
right
now
it's
still
kind
of
in
a
holding
pattern.
There.
You
know
with
the
goal
of
getting
that
on
the
test
grid.
B
The
other
one
is
I
heard
back
from
James
on
this
one
that
was
pushed
out
from
1516
on
run
as
user
name
and
he's
not
going
to
be
able
to
look
at
it
at
that
in
the
next
few
weeks,
and
so,
if
someone
else
wanted
to
take
these
changes
and
create
an
alternate
PR,
then
that's
something
that's
some
available.
If
someone
wanted
to
take
it
basically,
the
only
thing
that
really
needs
to
be
done
is.
B
There's
an
API
a
proposed
API
update
in
this
one.
That
needs
to
be
changed,
so
it's
basically
just
swapping
out
some
field
names,
but
James
already
had
tests
there.
So
if
you
made
the
same
change
everywhere,
then
it
should.
You
should
be
able
to
run
the
test
and
have
it
pass
and
then
get
that
submitted.