►
From YouTube: GMT 2017-11-30 Containerization WG
Description
Agenda and Notes: https://docs.google.com/document/d/1z55a7tLZFoRWVuUxz1FZwgxkHeugtc2nHR89skFXSpU/edit?usp=sharing
A
C
A
B
B
B
B
B
B
B
B
C
B
C
C
C
C
B
C
Do
anything
okay,
which
is
the
so
this
is
the
this-
is
the
kind
of
the
really
I
think
this
is
the
last
piece
of
seeing
that
requires
operation
in
operator
intervention
in
our
cluster.
An
isolation
stack
CPU
memory.
Noise
is
annoying,
but
they
they
kind
of.
They
need
to
be
there.
They
kind
of
had
know
differently,
but
this
space
leak
is
problematic.
We
kind
of
average,
while
sperma
one
happening
provides,
which
makes
it
machine
unusable.
I,
see.
C
A
D
B
A
Yeah
so
one
quick
question,
one
quick
question:
so
the
limp
in
the
loop
FS
sighs
here
it
means
either
when
we
eat
permission
the
raw
file
system,
it
cannot
exist
limit
of
the
user
set
or
after
the
request,
preparation
finished.
The
container
can
now
accept
that
limit.
So
I
am
still
a
little
confused
on
this
two
part
because
I
miss
the
Christopher
Chris
conversation
I.
C
Am
NOT
very
explicit
on
this
part
right
now,
because
I
think
whatever
the
whatever
the
root
has
has
side
the
users
after
the
provisioning,
but
before
we
start
a
process
that
that
typically
is
okay,
like
I
haven't
seen
that
causes
trouble
in
any
practical,
practical
experiment,
because
that's
at
most
destr,
that's
not
going
to
be
bigger
than
the
talker
image
size,
which
we
typically
try
to
build
higher.
At
least
there's
they're
pretty
easy
to
know.
C
B
Yeah
so
I
think
I
feel,
like
we're
part
need
to
do
this.
You
know
a
back-end
specific
way
because
I
think
for
coffee
back
and
you
do
need
to
limit
the
size
for
the
entire
provisioner
through
AFIS,
because
that's
kind
of
private
to
each
container
well
for
overlay,
the
part
is
actually
the
upper
layer,
because
the
lower
layer
is
actually
sure
you
cannot
like
limit
the
size
with
that
like
how
do
we
account
for
the
size
for
that
I?
Don't
know,
maybe
like
it
I,
don't.
B
B
C
Know
so
we
is
interesting
like
we
have
ed
over,
we
have
two
type
of
cluster
our
service
cluster.
The
layer
sharing
is
not
aggressive
like
between
different
images.
They
share
maybe
I'm,
making
that
making
less
than
half
of
the
layers.
However,
in
our
batch
cluster
we
pretty
much.
We
probably
launch
one
docker
image
for
every
for
all
the
tasks.
B
See
so
you're
saying
like
in
some
specific
workload
that
calculation
might
be
too
conservative
and
doesn't
make
sense,
correct,
correct,
okay,
yeah
I
think
we
part
need
to
design
some
Sun
like
policy
there,
like
one
thing
like
we
can
just
kept
the
over
the
upper
layer
size
less
one
policy,
the
ought.
The
other
policy
is
like
just
kept.
The
entire
thing
depends
on
whether
that
the
user
wants
to
be
conservative
or
not
and
and
then
we
should
let
the
operator
choose
which
one
to
use
I,
guess:
yeah.
C
B
C
Sandbox
is
the
directory
that
I
said
all
of
these
guys
later
it's
closely
tracking,
that's
provision,
I
think
I
believe
if
we
simply
provision
all
these
mutable
paths
there
we
can,
we
can
achieve
something
pretty
fast
by
in
the
US
and
other
the
other.
Both
both
discs
release
Isolators
can
can
just
track
it
outside
and
the
report.
It
can
also
report
I,
think
I
believe
we
can
be
proud.
Post
members,
as
reports
call
the
sandbox
I
than
the
root
filesystem
sighs.
It's
a
fun
member
yeah.
B
So
yeah
this
has
okay,
yeah
I,
understand
this
part,
so
yeah
so
I
think
the
only
it
might
be
complicated
because
the
way
we
do
by
announce,
whereas
in
sandbox,
because
we
really
like
my
mom,
the
sandbox
itself
to
the
real
fast.
So
did
you
see
I'm
saying
it's
kind
of
a
cyclic
dependency
yeah
the
sandbox
depends
on
real
fast,
then
I
mean
previously
right
now
currently,
so
the
sandbox
does
not
depend
on
reference
right.
B
C
B
C
B
D
C
C
So
so
the
sandbox
in
the
root
is
so
and
I
believe
right
now,
the
sandbox
directory
is
something
like
slash
framework
IDs,
execute,
ID,
slash
their
runs,
and
then
the
UID
I
forgot
what
our
idea
is
yeah,
so
you
are
used
to
continue
ID
community.
Then
then
we
treat
that
container
ID
as
a
sandbox.
Maybe
we
can
probably
do
what
level
they'll
say.
One
of
the
minutes
actually
create
a
slash,
sandbox
and
a
slash
root.
This
is
the
hidden
name
he's
picking
it
is,
but
having
a
UID
part
I
see.
B
B
So
that
rule
F
is
writable,
it's
the
same
ufs
as
if
it
was
the
yes,
so
the
last
story
for
that
image
wrong.
Is
we
used
to
plan
to
use
that
to
support
thermals
because
thermals
wants
to
screw
themselves,
so
they
don't
want
to
prepare
their
FS
by
themselves.
The
one
makes
us
to
prepare
a
reference
for
them
and
then
they
can
screw
into
that
red
vest.
B
So
so
down
with
that's
the
reason
we
add
this
image
bonding
thing
where
we
use
the
same
provisioner
to
provision
or
ufs
for
the
container,
so
there
might
be
multiple
image
volumes,
which
is
useful
in
general,
I
mean
for
debugging.
Maybe
who
knows
like,
maybe
in
the
future,
it
might
be
useful,
pretty
interesting
potential.
C
B
B
C
B
Okay,
maybe
we
should
go
through
all
that
design,
like
all
the
alternatives.
First
before
we
kind
of
thinking
which,
which
one
is
the
best
not
understand
that
you
want
to
have
a
I
think
this
might
be
something
we
want
to
do,
because
I
think
this
is
just
something
that
we
regret,
that
we
didn't
do
initially
Syria.
C
B
C
Mike
I
didn't
play
like
I,
haven't
even
really
expand.
How
to
do
this,
as
providers
probably
means
we
need
to
send
more
information
to
other
post,
disc
Isolators
and
say
they
I
think
right
now
the
isolator
only
know
the
routes
file
system
path.
It
does
not
really
know
anything
about
the
backend
or
any
which
how
this
is
done,
but
other
religious.
B
C
B
B
B
I
may
be
generalizing
interface,
say
hey.
These
are
the
disk
space.
Then
these
are
the
directory
that
whose
disk
space
might
be
counted
towards
the
quota
of
the
the
container
things
like
this
and
the
ask-ask
the
back
end
to
return
a
list
of
directory,
or
just
wonder
actually
that
you
can
actually
do
a
deal
in
directory.
B
C
B
B
C
B
C
C
B
B
Where
do
we
put
right
now?
I
surrender,
there's
only
one
sandbox
for
each
container
right
so
and
we
have
a
containers
subdirectory
under
the
sandbox
and
then
container
ID,
and
then
that
would
be
the
sandbox
of
the
nasty
container
I
see
so
yeah,
it's
all
merged
into.
So
if
we
want
to
split
these
two,
which
I
think
it's
we
should
do
like
just
like
backwards.
Compatibility
story
is
hard
yeah.
Let's
say
we
have
to.
Then
you
have
you
can't
have
anything.
That's
user
visible
should
be
part
of
the
sandbox.
B
B
C
B
B
C
B
C
Yeah
the
reason
the
reason
is
like
tu
does
not.
The
reason
we
want
to
do
that
is
to
you
has
the
limitation
that
it
does
not
know
it
does
not
track
styles,
which
are
deleted,
are
still
being
held,
but
still
has
it
handle
being
held
by
something
like
if
I
have
a
files
that
deleted,
but
there's
still
another
open
tour
descriptor.
B
Yeah
yeah
I
do
yes.
Ideally
we
should
purchase
use
XFS
or
some
other
ways
to
make
that
so
that
means
like
we
only
have
one
option
just
put
that
well.
Otherwise
you
have
to
make
sure
that
you
can
understand
the
structure
of
the
the
provisioner
yeah
I.
Think
the
long
turn
to
rush
I
really
like
like
prefer
the
design
is
actually
something
you
want
to
do
long
term.
If
we
could
have
a
backward
compatibility
story:
okay,
yeah!
Maybe
we
just
spend
some
time
thinking
about
how
to
do
that.
That's
something
worth
thinking
about
it!
C
C
B
Okay,
I
see
okay,
yeah.
Okay,
we
can
yeah
art
need
to
think
about
that
a
little
bit
more
and
I
think
we
should
spend
some
time
thinking
about
the
preferred
design,
because
I
don't
I'm,
pretty
sure
how
to
do
that
for
the
alternative
design
you
just
pretty
no
pretty
hacky,
yeah
I.
Think
the
rule
of
thumb
here
is
like
anything,
that's
private
to
the
Container.
It
should
be
part
of
the
containers,
ephemeral
disk
space
and
that
disk
space
is
part
of
one
single
directory.
So
that's
much
easier
to
track.
B
Right
so
I
think
I
don't
have
anything
else
for
this
working
group.
I
want
to
have
a
demo
for
standalone
container,
but
I
think
we're
too
busy
that
we
don't
have
time
to
prepare
for
that.
So
maybe
next
time
and
and
yeah
I
think
things
like
I
think
like
next
time,
I'm
gonna
send
out
email
early
and
then
we
need
to
go
through
the
the
priority
list
of
things
that
we
want
to
do.
C
C
B
B
B
B
Anyway,
so
yeah
I
think
we
could
do
that.
It's
not
that
hard
and
just
adding
some
implementation
there
yeah
that's
a
plan,
that's
the
Poncho's
I
think
what
we
do
right
now
is
that
we
kind
of
come
for
the
stand
on
continuous
stuff.
We
kind
of
combine
like
so
so.
The
launched
nested
container
on
API
will
be
deprecated
in
favor
of
just
launch
container,
which
can
launch
both
yes
ticket
container
or
top-level.
Can
you
hate?
C
Another
question
is
about
the
security
like,
especially
for
the
default
installation:
I,
don't
know
how
many
people
actually
set
up
the
entire
credential
ACL
on
our
agent
side.
So
this
is
actually
not
super
tribute,
not
super
truly
to
set
up,
because
in
a
class
at
her
nerve
agent
is
almost
always
the
first
element
you
get
up
and
the
dependency
of
the
agent
to
other
security
or
secret
distribution
system
is
often
tricky.
So
obviously
we
don't
have
any
secrets
or
credential
set
up
an
agent
side.
Yeah.
B
B
You
see
less
yeah.
The
u.s.
is
likely
to
have
a
centralized
server
key
management
server
that
you
can
hit
on
to
to
do
authorization
authentication,
but
but
the
default
one
is
actually
based
on
some
fire
on
the
localhost
right.
So
that's
not
on
well
I.
Think
I.
Remember
you!
We
used
to
do
like
just
have
puppy
or
chef
to
populate
those
keys
and
then
make
sure
they
are
protected
by
root
user
yeah.
C
C
B
Only
allow
one
particular
user
through
to
call
those
api's
principle,
but
you
hope
you
have
to
set
up
both
authentication
and
authorization
for
set
up
authentication
right
now.
I
think
you
can
use
the
basic
of,
but
that
means
you
have
to
save
some
credential
file
on
your
on
the
agent
note,
which
is
a
little
tricky.
I
have
to
distribute
a
key
to
every
single
note
row
taking
it
actually,
a
mop
is
a
bigger
problem
and
key
rotation
is
hard.
C
Mean
if
we
look
at
other
system
like
what
docker
do
is
doing,
is
that
the
default,
the
only
this
part
of
API,
only
listens
at
a
root
you
curve
at
the
root
own
the
domain
socket.
So
we
saw
the
call
the
caller
part
needs
to
have.
It
could
have
been
a
good
permission
to
actually
use
the
code,
easy
guys,
yeah.
B
C
B
D
D
C
B
C
C
C
D
B
Yeah,
that's
sure,
to
write
a
module.
If
you
want
that
I
think
that's
the
only
way
I
can
think
of
right
now,
because
you
have
special
requirement,
I
think
most
people
I
put
default.
They
don't
care.
People
can
not
log
into
agent
boxes
anyway
and
then
we'll
be
firewall
to
your
given
I,
don't
know
what
what
can
we
do
in
firewall
to
prevent
people
directing
agent
API
and.
D
B
B
B
D
B
A
D
B
Yeah
you
can
set
up
an
ACL
to
just
basically
DISA
just
allow
anyone
to
hit
the
endpoint
that
particularly
launched
continual
launch
the
container,
yeah
I.
Think
that's
one
thing
you
can
definitely
do
to
prevent
anyone
like
accidentally
hitting
the
API,
but
that
also
means
the
operator
cannot
use
that
API.