This document will grow into an API by API list of work that needs to be done to clarify Windows & Linux differences. This will be used to help clarify what needs to be eventually implemented (need a tracking issue), or not implemented (need a doc note).
Out of the various volume types, these should all be possible on Windows but tests are lacking:
The main gaps in Windows Server 2016 & 1709 are that symlinks are pretty much broken. The only ones that work are SMB/CIFS mount points. Workarounds need to be investigated.
Mounting volumes across some (but not all) containers will need changes to Windows. Not ready in Windows Server 2016⁄1709.
Windows schedules CPU based on CPU count & percentage of cores. We need this represented because it can help optimize app performance. CPU count is immutable once set but you can change % of core allocations.
Also of note, requests aren’t supported. Will pod eviction policies in the kubelet ensure reserves are met by not overprovisioning the node?
Windows can either expose a NUMA topology matching the host (best performance) or fake it to be 1 big NUMA node (suboptimal). We should think of a way to turn this on/off later - probably q2 2018
V1.Pod.dnsPolicy - I think only ClusterFirst is implemented
V1.Pod.hostNetwork - Not feasible on Windows Server 2016 / 1709
How important are these? They’re not implemented in Windows Server 2016 / 1709, and I’m not too sure if they’d be helpful or not.
For cases where a pod/container need to talk to the host docker / containerd daemon we could map a named pipe as a volume which would offer the same functionality as the unix socket to the Linux daemons. It works in moby but isn’t hooked up in the kubelet yet.
These don’t have Windows equivalents since the permissions model is substantially different
This is probably doable if needed but not possible in Windows Server 2016 / 1709.
There are a few fields that refer to uid/gid. These probably need to be supplemented with a Windows SID (string) and username (string)
V1.podSecurityContext.runAsUser provides a UID
V1.podSecurityContext.supplementalGroups provides GID