azure / container-upstream Goto Github PK
View Code? Open in Web Editor NEWThis project captures work in progress, and completed work for the Azure Core Container Upstream team
License: MIT License
This project captures work in progress, and completed work for the Azure Core Container Upstream team
License: MIT License
https://github.com/Azure/kubernetes-kms
support key rotation
support bring your own key vault/key
add kms feature to AKS
Please help me clarify this issue!
Proposal:
Azure/aks-engine#443
Implementation:
Azure/aks-engine#479
For 1.15:
For 1.15 or later if needed:
For full context, see April 9 notes in https://docs.google.com/document/d/1W31nXh9RYAb_VaYkwuPLd1hFxuRX3iU0DmaQ4lkCsX8/edit# and the notes from the breakout with dims, Claudiu and Patrick.
Tracking issue for kubernetes/website#12426
Build https://github.com/kubernetes-sigs/sig-windows-tools/tree/master/cmd/wincat and add it to pause image
Move Windows containers towards parity with Linux containers, and enable new Windows features to be exposed in K8s tracking issue
Github project: https://github.com/orgs/kubernetes/projects/34
Implement the proposal outline here: Azure/aad-pod-identity#153
Tracking issue for VK 1.0 virtual-kubelet/virtual-kubelet#413
Minimum Feature Set
We believe the following minimum feature set will be best to have:
Upstream doc PR moby/moby#38620
Primary goal here is better stability in the upstream engine.
Container will have Windows support in version 1.3.
This work stream is about moving moby off of Windows HCS and rely on containerd.
This is needed rather imminently for the upcoming Docker release.
This is primarily driven by John Howard, but requires review upstream: moby/moby#38541
let's get rid of azure.json and use configmaps instead
As a developer for Kubernetes/Kubernetes, I want to run e2e tests against a Kubernetes cluster built with my changes on Azure to make sure my PR did not break anything.
Since contained 1.0, containerd now handles full container and image management lifecycle.
Much of this is duplicated in Moby (older codebase). The work item here is to migrate Moby to use containerd's image management.
Exercising containerd's full capabilities through Moby is a huge step towards ensuring stability of containerd which is at the core of basically all container workloads.
Work stream is happening here: moby/moby#38738
This is mainly being driven by Docker, but there are many TODO's in the change and needs help to get in.
I do not believe there is enough time to get this in for the next Docker release, however.
Work on kubernetes/kubernetes#54090 for Windows
Tracking issue for the KEP and associated work tracked in the SIG-Windows project board
In addition to the Azure-CNI support for Advanced networking in AKS, Windows containers need to support kubenetI for basic networking.
TODO: document definition of done
TODO: Link to issue for aks-engine implementation and testing
User namepsaces is an important security feature that almost no one uses because it's really difficult to do.
Just using user namespaces would have mitigated CVE-2019-5736, among others.
Making user namepsaces easier to use and even enabled by default will help the whole industry.
Acceptance Criteria:
Tracking kubernetes/test-infra#11260
As an Application Operator, I need to specify the operating system and architecture of the images I pull from a registry so that I am sure the right images are going to the right machines
Note: the Application Operator is specified as a new persona as identified in the Snowball working group
Speed up Windows deployments and enable testing new Windows, ContainerD, and Kubernetes builds.
I started to play with downloading & caching files here: PatrickLang/aks-engine@c255df0
applicable only on Standard LoadBalancer
Windows Update's automatic behavior doesn't match what's needed for AKS-Engine or AKS in a few ways:
It would need to be configurable so that we can use it to patch VHDs with the known-good list of patches from Windows Update services, but also used for private testing to apply new patches in testing that may be in private storage blobs.
doc, github
can orchestrate upgrades across multiple nodes, and handles stopping the Service Fabric service cleanly before reboot and starts it after upgrades complete. It also has a central service to make sure nodes are not taken down simultaneously. That would work for "hotpatching" scenarios if adapted to work with Kubernetes.
As a standalone service, it may still be possible to use this to control what updates are installed. This config would let you include/exclude specific patches using a query language.
https://github.com/Azure/aks-engine/tree/master/extensions/windows-patches
This uses the AKS-Engine extension support which calls an extra script as a VM extension. It has a few downsides:
We should find out the best price/perf point for the most common VM sizes. Variables to test include standard/premium disks, and size since the IOPS quota is related to disk size.
Ephemeral disks can also give a good improvement and might be the best price/perf default. This work item is needed to enable ephemeral disks and has a partially completed PR attached: Azure/aks-engine#1287
This should yield improvements in:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.