This document will grow into an API by API list of work that needs to be done to clarify Windows & Linux differences. This will be used to help clarify what needs to be eventually implemented (need a tracking issue), or not implemented (need a doc note).
V1.Pod.Volumes
Out of the various volume types, these should all be possible on Windows but tests are lacking:
- EmptyDirVolumeSource
- Secret
- hostPath
The main gaps in Windows Server 2016 & 1709 are that symlinks are pretty much broken. The only ones that work are SMB/CIFS mount points. Workarounds need to be investigated.
V1.Container.volumeMounts
Mounting volumes across some (but not all) containers will need changes to Windows. Not ready in Windows Server 2016/1709.
- FlexVolume does not work on Windows node
- feature proposal add SMB(cifs) volume plugin
- add NFS volume support for Windows
V1.Container.ResourceRequirements.limits.cpu
V1.Container.ResourceRequirements.limits.memory
Windows schedules CPU based on CPU count & percentage of cores. We need this represented because it can help optimize app performance. CPU count is immutable once set but you can change % of core allocations.
V1.Container.ResourceRequirements.requests.cpu
V1.Container.ResourceRequirements.requests.memory
Also of note, requests aren't supported. Will pod eviction policies in the kubelet ensure reserves are met by not overprovisioning the node?
Windows can either expose a NUMA topology matching the host (best performance) or fake it to be 1 big NUMA node (suboptimal). We should think of a way to turn this on/off later - probably q2 2018
V1.Pod.dnsPolicy - I think only ClusterFirst is implemented
V1.Pod.hostNetwork - Not feasible on Windows Server 2016 / 1709
V1.Pod.hostIPC, v1.pod.hostpid
How important are these? They're not implemented in Windows Server 2016 / 1709, and I'm not too sure if they'd be helpful or not.
For cases where a pod/container need to talk to the host docker / containerd daemon we could map a named pipe as a volume which would offer the same functionality as the unix socket to the Linux daemons. It works in moby but isn't hooked up in the kubelet yet.
V1.Container.SecurityContext.CapabilitiesV1.Container.SecurityContext.seLinuxOptions
These don't have Windows equivalents since the permissions model is substantially different
V1.Container.SecurityContext.readOnlyRootFilesystem
This is probably doable if needed but not possible in Windows Server 2016 / 1709.
There are a few fields that refer to uid/gid. These probably need to be supplemented with a Windows SID (string) and username (string)
V1.podSecurityContext.runAsUser provides a UID
V1.podSecurityContext.supplementalGroups provides GID