James Sturtevant

for anyone landing here, https://github.com/open-policy-agent/gatekeeper/tree/master/library/pod-security-policy is the currently list but is not separated into the buckets from https://kubernetes.io/docs/concepts/security/pod-security-standards/ as of now (privileged, baseline/default, and restricted)

> Note: if there is not a nodeSelector for kubernetes.io/os : windows this policy will never trigger a violation. Would there be a way to create a different policy such...

Discussed this at meeting on 4/21. To summarize (essentially the same as @maxsmythe's comment above): Ideally we would have something on the pod specs that would identify OS. In the...

> I would like to make a PR to fix this Thanks for taking a look!

for reference docker does work with the `c:\`: ``` docker run -it -v c:\temp:C:\temp k8s.gcr.io/e2e-test-images/busybox:1.29-2 cmd Microsoft Windows [Version 10.0.17763.2114] (c) 2018 Microsoft Corporation. All rights reserved. C:\>dir Volume in...

@wtfacoconut There is a bug in containerd for different drive letters in Windows: https://github.com/containerd/containerd/issues/6589. Once that is fixed and this parsing error here is fixed, we would be able to...

@kkbruce this won't work, there is a patch in progress at https://github.com/containerd/nerdctl/pull/924 work around is to use `/path/` without the `drive :` https://github.com/containerd/nerdctl/issues/759#issuecomment-1036215481

This looks like it isn't parsing the manifest properly. Since you are on WS2019, could you try using `hello-world:nanoserver-1809` directly?

confirmed `nerdctl run -it hello-world:latest` is failing on WS2019 and `nerdctl.exe run -it hello-world:nanoserver-1809` works. Also repo's on containerd 1.6 Haven't debugged but I think it maybe something in this...

yes `hello-world:latest` should work as it has a windows manifest for 1809: ``` (docker manifest inspect hello-world:latest -v | ConvertFrom-Json).Descriptor.platform."os.version" 10.0.20348.473 10.0.17763.2458 ```