- Hosted by @jayunit100
- Recording date: 2021-01-28
- 00:00:00 - Welcome to TGIK and introductions/announcements
- 00:15:18 - Looking at how NetworkPolicy Truth tables work on unsupported clusters
- 00:32:29 - Viewing working NetworkPolicies in Windows with Calico 3.16
- 00:45:01 - Lookint at CAPI on Windows
- 00:55:40 - How CNIs are installed with post-kubeadm/preBootstrap commands on Windows
- 01:02:15 - How runtimeClasses, taints, nodeSelectors work together to schedule Windows pods
- 01:13:53 - How Cluster API works on NSX for windows with VSphere and NSX as the network plane
- 01:15:34 - How to use hub.docker.com to lookup windows images matching your OS
- 01:19:07 - Looking at CSI Proxy, briefly
- 01:26:45 - The most interesting problem in containerd and windows networking : The CNI ADD Codepath!
- CKA/CKAD Exam tips from Brad McCoy
- From David McKay and Matt Turner: Fun live coding of a KubeCtl plugin to add noun-verb ordering. (Joe agrees that noun verb is better!)
- OpenAI talks about scaling k8s to 7500 nodes.
- David Giffin shares a post on how to debug CrashLoopBackOff.
- https://github.com/cockroachlabs/crl-scheduler
- https://learnk8s.io/troubleshooting-deployments
- images and wrong architectures
- windows: "issue w/ kubelet" -> issue w/ HNS, or CNI provider
- kube-proxy may not be syncing all the hns/iptables/ipvs ruls
- firewall rules or network policies
- https://github.com/kubernetes/sig-release/tree/master/releases/release-1.21
- https://twitter.com/Aspenwilder/status/1354842524683100205?s=20
- Joe did an AMA for kube.academy yesterday. Video is now up (Warning: webinar registration link)
- Brian McClain wrote up an article about "The Hate for YAML" based on the "I'm sorry about the YAML" talk Joe gave at Software Circus
- Get an early ebook copy of "Production Kubernetes" from Josh Rosso, Rich Lander, Alex Brand and John Harris. All great folks with a lot to share. (Warning: contact capture to download.)
- Tanzu Tuesdays! Tiffany and Ollie demonstrate the latest on running Spring Boot apps on k8s.
- Paul presents a guide to using Harbor to deal with Docker Hub rate limits.
-
The "real" K8s Contributor experience on Windows
- WSL2 : build, test, hack, build exes, copy them to c:/
hnsdiagandhcsdiagmy 2 best friends- e2e tests, agnhost, ...
e2e.exe... yes it works !- RDP!
- getting felix / node logs
- eventviewer and kube proxy / HNS logs
- testing network policies
-
Priveleged containers in windows kubernetes/enhancements#2288 (comment) , for internal details, read about https://docs.microsoft.com/en-us/windows/win32/procthread/job-objects
-
Containerd on windows
- BLEEDING EDGE OMG
- containerd/containerd#4851
- antrea-io/antrea#1581
- projectcalico/calico#4334
- antrea : same ipam, calls to HNSEndpoint
- Kubelet -> ContainerD <-> CNI (race) ContainerD->HCSShim VNIC vs. docker bridge, see docker design doc antrea original antrea design doc
- BLEEDING EDGE OMG
-
windows networkpolicies
- Help us test them ! kubernetes/kubernetes#98077
- Run the hacked e2e binary
wget https://storage.googleapis.com/jayunit100/content/e2e.test.win.12followed by./e2e.test.win.12 --provider=local --kubeconfig=/home/kubo/.kube/config --ginkgo.focus="Netpol.*" --ginkgo.skip="udp|Slow|SCTP" --node-os-distro="windows" --dump-logs-on-failure=false - taints? you might want to add the
--non-blocking-taints="os,node-role.kubernetes.io/master,node.kubernetes.io/not-ready"
- https://drive.google.com/file/d/1ZS4YGgPGXT5P-fpL2j0Ehdk4QhzVkZCE/view?usp=sharing - Kubelet, containerd, hcmshim, CNI interplay by Ravi.G
-
look at container networks
hnsdiag.exe list all -
Calico, docker, containerd
- calico: (quick demo)
- antrea: (quick demo)
-
https://github.com/vmware-tanzu/antrea/blob/main/pkg/agent/util/net_windows.go#L304
- powershell:
[System.Environment]::OSVersion.Version - images need to match your OS, look it up in this table! https://hub.docker.com/_/microsoft-windows
- csi proxy: kubernetes-csi/csi-proxy#106
- Interested in how to build a csi-proxy compatible storage solution? https://github.com/gab-satchi/vsphere-csi-driver#windows-prototype
-
scaffolding for Windows MachineDeployment https://github.com/jayunit100/k8sprototypes/blob/master/windows/peri-min.yaml.sh#L222
-
Now: post kubeadm + image builder
- Cloud init ignition
- cloud-init
- windows sysprep
-
Node agent:
- kubeadm post actions
-
- encapsulate common use cases into node agent
- http proxies/certs arent easy to embed
-
- get rid of user_data size limits
-
- reach out to CAPI / naadir / etc for future of images on CAPI
- kubeadm post actions
-
To create the prom daemonset https://raw.githubusercontent.com/jayunit100/k8sprototypes/master/windows/tgik-prometheus.yaml
-
kubectl exec privileged powershell.exe get-hnsnetwork
- containerd / crio / ... -> lxc / runc / hcsshim
- CRI : image + runtime
- --> Calls CNI to setup networking
- runtime -> shim (
runc,runhcs,kata,firecracker,gVisor,plugin)- shim binary : substitute w/ custom runhcs.exe
- Example:
- run a windows iis pod https://github.com/containerd/containerd/blob/master/pkg/cri/config/config_windows.go
kubectl exec privileged powershell.exe get-hnsnetwork will be working
New-Item -ItemType Directory -Force -Path C:\k\antrea
New-Item -ItemType Directory -Force -Path C:\k\antrea\logs
New-Item -ItemType Directory -Force -Path C:\k\antrea\bin
New-Item -ItemType Directory -Force -Path C:\var\log\kube-proxy$env:HostIP = (
Get-NetIPConfiguration | Where-Object {
$_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.Status -ne "Disconnected"
}
).IPv4Address.IPAddress
$file = 'C:\var\lib\kubelet\kubeadm-flags.env'
$newstr="--node-ip=" + $env:HostIP
$raw = Get-Content -Path $file -TotalCount 1
$raw = $raw -replace ".$"
$new = "$($raw) $($newstr)`""
Set-Content $file $new
[Environment]::SetEnvironmentVariable("NODE_NAME", (hostname).ToLower())curl.exe -LO "https://raw.githubusercontent.com/vmware-tanzu/antrea/master/hack/windows/Install-OVS.ps1"
We need to enable test signing if this is the first time...
invoke-expression "bcdedit /set TESTSIGNING ON"
Restart-computer
./Install-OVS.ps1 Important that installing on the host requires a kubeconfig to get the secrets and nodes for the demo we have given the rights to system:nodes C:/etc/kubernetes/kubelet.conf << this needs to be changed in future!
This cannot be done over ssh (RDP or terminal in) ``` powershell cd c:\k\antrea
curl.exe -LO https://raw.githubusercontent.com/vmware-tanzu/antrea/master/hack/windows/Helper.psm1
curl.exe -LO http://w3-dbc302.eng.vmware.com/rcao/image/containerd/antrea-agent.exe
mv antrea-agent.exe c:\k\antrea\bin
Import-Module ./helper.psm1
Install-AntreaAgent -KubernetesVersion "v1.19.1" -KubernetesHome "c:/k" -KubeConfig "C:/etc/kubernetes/kubelet.conf" -AntreaVersion "v0.12.0" -AntreaHome "c:/k/antrea"
New-KubeProxyServiceInterface
nssm install kube-proxy "c:/k/kube-proxy.exe" "--proxy-mode=userspace --kubeconfig=C:/etc/kubernetes/kubelet.conf --log-dir=c:/var/log/kube-proxy --logtostderr=false --alsologtostderr"
nssm install antrea-agent "c:/k/antrea/bin/antrea-agent.exe" "--config=c:/k/antrea/etc/antrea-agent.conf --logtostderr=false --log_dir=c:/k/antrea/logs --alsologtostderr --log_file_max_size=100 --log_file_max_num=4"
nssm set antrea-agent DependOnService kube-proxy ovs-vswitchd
nssm set antrea-agent Start SERVICE_DELAYED_START
start-service kube-proxy
start-service antrea-agent
```
- Tail a file:
Get-Content myfile.txt -Wait - Find a file:
Get-Childitem –Path C:\ -Recurse -Name *ctr* - List processes:
Get-Process *ovs* | Format-Table -Property Name - Chocolatey:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')), then runrefreshenvin the shell - use Vim:
choco install vim -y - You can run
ctr --namespace=k8s.io containers list - Look at VNIC Events
Get-WinEvent Microsoft-Windows-Hyper-V-VmSwitch-OperationalandMicrosoft-Windows-Hyper-V-Compute-Operational - sort cmd line output:
| Sort-Object - look at the containers
hcsdiag.exe list all - look at container networks
hnsdiag.exe list all - look at all containers
ctr.exe --namespace=k8s.io c ls - version
[System.Environment]::OSVersion.Version - grep ~
Select-String, i.e.Get-WinEvent -ListLog * | Out-String -Stream | Select-String SSH
Kube-proxy: c:/var/log/kube-proxy Antrea-Agent: c:/k/antrea/logs Kubelet: c:/var/log/kubelet Containers: c:/var/log/containers OVS: c:/openvswitch/var/log/openvswitch
.
kubernetes/kubernetes#98102 antrea-io/antrea#1581 containerd/containerd#4851 https://www.youtube.com/watch?v=FKoVztEQHss
- What is Windows sig currently focused on?
- Having a proper end-to-end post merge release blocking test suite using containerd. Ravi.G, James et al. are working on it
- 1.21 KEP
- KEP 2258: Use kubectl to view system service logs #2271
- KEP 1981: Windows privileged container KEP updates for alpha #2288
- https://drive.google.com/file/d/1ZS4YGgPGXT5P-fpL2j0Ehdk4QhzVkZCE/view?usp=sharing - Kubelet, containerd, hcmshim, CNI interplay by Ravi.G