►
From YouTube: Kubernetes SIG-Apps 20170313
Description
aggregated api servers, CI/CD
A
A
Okay,
so
first
up,
let's
talk
about
coop,
con
Berlin
and
so
we're
having
a
cig,
apps
meeting
interesting
meeting,
just
like
we
are.
We
did
in
Seattle
the
day
before
coop
con,
so
I'm
looking
for
some
help,
organizing
and
leading
this
big
meeting
in
Berlin,
not
Serena's
not
going
to
be
around
and
it'll,
be
a
fun
chance
to
to
get
something
else,
or
one
or
two
people
on
board
and
help
facilitate
discussion,
and
that
kind
of
thing.
A
B
A
A
Don't
think
he
is
so
I
will
message
him
in
a
second
and
we're
going
to
have
a
p.m.
update
from
dan
and
antwine.
Before
that.
I
just
wanted
to
address
a
an
announcement
we
had
or
something
that
came
up
on
the
mailing
list
on.
So
there
were
30
issues
under
this
big
ass
umbrella
that
we're
blocking
the
16
relief,
and
I
was
curious
as
to
who
was
triaging
them,
and
so
Eric
Cain,
replied
and
mention
not
keep
the
triage
them
and
now
there
are
zero
issues
on
that
cube.
So
yay
for
that.
C
Sure
so
hi
I'm,
then
I'm
with
the
I
work
for
Google
as
a
product
manager,
so
I'm,
Antoine
and
I
are
the
other
two
p.m.
reps.
For
for
this
cig.
Just
to
give
you
a
quick
background
on
PM
group,
the
coronaries
can
group
has
started
you
know.
So,
thanks
to
some
of
the
community
members
like
Igor
Aparna
Caleb
for
kicking
this
off,
the
group
meets
every
other
week
on
Tuesday
mornings.
The
main
tests
that
were
that
were
that
were
attached
with
is
number
one.
C
Is
you
know
we
collect
user
feedback
for
the
features
that
we're
building
so
hopefully
this
will
help
drive
a
lot
of
pie
or
ease
that
we're
doing
so
I'm.
You
know,
for
example,
a
few
weeks
ago,
Niles
at
a
client
meeting
they're
using
goober
Nettie's,
but
they're
using
one
of
the
alpha
features,
specifically
they're
using
cron
jobs
in
a
production
environment.
C
Likewise,
if
we
become
aware
of
work,
that's
happening
and
another
thing
will
help
coordinate
those
efforts
as
well.
Third,
as
we
haven't
support
a
lot
of
the
marketing
and
promotion
or
work
within
the
community
large
within
CNCs,
since
we
work
to
make
sure
that
our
the
roadmap
is
well
known,
as
well
as
the
work
that
we're
doing
going
forward.
C
Fourth,
is
we
also
work
on
overall
product
or
project
governance,
or
things
like
the
elder
board,
the
technical
escalation
plan
and
procedures
gathering
metrics
working
on
bylaws
I'm,
all
things
that
we
need
to
do
so
as
the
project
matures.
We
essentially
help
with
that
and
try
to
bring
that
information
back
to
the
stage,
so
I
mean
sure
we're
going
to
do
whatever
it
takes
to
get
to
let
the
project
continued
and
progress,
and
one
of
things
for
one
dot.
C
Six
I
think
Michelle
mentioned
it
just
before
now,
but,
like
you
know,
will
help
work
with
the
reliefs
are
and
any
other
people
in
the
team
to
help
triage
issues
and
bugs,
if
that
come
up
or
you're,
not
exactly
sure
who
should
be
working
on
it
or
who
is
working
on
it
and
will
help
so
that
will
help
take
that
that
stuff,
through
and
and
if
you
know
if
it
helps
like
we'll
try
to
work
on
as
well.
So
I
guess
it's.
C
D
A
Awesome,
thank
you
so
much.
That's
really
helpful.
Okay
pin!
So,
let's
go
into
our
first
discussion
on
the
AP
advocated
using
API
servers
proposal,
the
showed
up
and
github
around
early
January.
It's
a
way
to
extend
khoobam
Eddie's,
and
today
we
have
David
ease
and
Daniel
I,
can't
remember
your
last
name
right
now,
but
you're
black
people
is
very
memorable
like
lava
lamp.
E
B
E
All
this
is
one
mechanism,
the
other
ring
third-party
resources.
I
have
a
couple
slides,
describing
what
the
eight
aggregating
gas
over
looks
like
I'm
five
min
left
and
then
a
brief
demo
showing
how
it
wires
together
so
share
my
screen,
all
right,
so
API
aggregation.
We
need
to
be
able
to
develop
our
API
separately.
Not
all
of
our
AP
is
a
really
poor
a
right.
There
are
a
lot
of
peripheral
things
around
the
core.
E
You
need
to
be
able
to
have
a
core
that
can
run
pods
and
have
nose
and
a
few
other
basic
things
and
then
enough
to
to
extend
the
API
level
pieces
and
that
will
allow
us
to
reduce
the
overall
code
complexity
in
our
API
server,
particularly
things
like
admission
that
our
share
chains
across
everything,
the
API
server-
and
there
are
a
couple
other
examples
of
cross-cutting
pieces
that
are
shared
for
all
resources
and
right
now
being
able
understand.
A
lot
is
pretty
difficult.
E
E
Cadences
Raytheon's,
especially
as
you're
an
incubator
things
like
service
catalog
that
want
to
be
able
to
ship
on
top
of
committees,
but
they
aren't
going
to
link
releases
to
us
right
they're,
going
to
release
that
their
own
cadence
when
they're
ready
and
once
you
have
the
ability
to
have
separate
API
servers
releasing
differently
you
get
independent
feature,
updates.
I
need
a
new
version
of
X
I.
E
Don't
have
to
wait
for
communities
to
rebuild,
include
ship,
a
level
I
can
get
the
new
version
of
access
to
that
other
team
releases
it
so
having
multiple
AP
on
servers
has
benefit
but
increases
complexity,
so
we
also
need
to
prevent
present
a
unified
API
to
clients,
and
this
is
about
reducing
complexity
for
users
right.
You
want
to
be
able
to
tell
a
user.
D
A
E
It's
one-stop
shopping,
it
appears
as
a
single
unified
API
that
has
consistent
medication
authorization
applied
across
the
cluster
and
a
cluster
admin
will
be
able
to
manage,
which
API,
which
API
servers
you
want
to
expose
as
a
whole,
verse
Bhaskar.
So
in
terms
of
an
overall
picture
of
how
requests
run,
this
is
a
simple
diagrams
that
come
out
of
it.
We
have
a
client
and
the
client
has
to
pass
he's
normally
going
to
want
to
go
down
the
blue
path.
The
blue
path
says:
okay,
I
want
to
make
a
request
for
core
a
peon.
E
Core
API
to
both
in
another
quest
to
satisfy,
but
now
I
want
to
get
a
resource
from
extension,
API
one
so
I
take
the
boot
back
again.
I
do
the
aggregator
I
see
it
as
a
resource
on
that
main
API
server,
but
under
the
covers
that
API
servers
proxy
my
request
with
the
appropriate
authentication
information
to
a
service
which
will
then
be
satisfied
by
line
extension
API
server
that
I
have
installed.
E
That
is
the
easy
path.
That's
the
everything's
working
right.
We
have
the
client,
the
club
stratum
is
configured
it.
We
also
need
to
have
a
separate
green
path
that
I've
done
in
green.
It
is
for
cases
where
something's
not
wrong,
maybe
the
aggregators
or
open.
Maybe
the
client
just
doesn't
want
to
take
the
hop
through
a
proxy
sees
no
reason
to
do
that,
and
so
they
can
go
down
and
green
path
where
he
hits
an
ingress.
E
B
B
B
G
F
E
E
B
Sure
I
can
I
can
answer
that
question.
The
question
was:
why
do
we
have
to
pass
that
seems
complicated
yeah?
It
is
complicated
and
I
don't
know
if
I
would
have
mentioned
it
as
the
first
thing
to
tell
people
about
this
setup,
but
the
purpose
is
we
didn't
want
to
force
users
to
go
through
the
proxy
so
like
it,
if
you're
serving
a
very
high
band,
went
API
or
if
you're
surfing,
agree
high
bandwidth,
API,
you
don't
want
to
go
through
the
proxy
or,
if
you're,
in
a
different
network
inefficient.
B
G
A
F
E
I
will
assume
Daniel
did
an
awesome
job
answering
questions
and
I
will
continue
the
demo.
So
I
have
here
and
api
server.
I'm
launching
up
using
local
up
buckets,
nothing,
nothing,
fancy
and
it's
going
to
come
up
and
I'm
going
to
get
with
the
namespaces.
Okay,
I'm
going
to
create
a
new
name
space.
Actually
I
guess
I'll
start
here,
I
want
a
wonder:
it's
our
sample
sample
app
and
it
doesn't
have
that
resource
and
that's
expected
right.
E
There's
a
brand
new
cluster,
so
I
then
go
ahead
and
create
an
inspection
results
and
I'm
going
to
create
some
resources
and
the
resources
are
normal
pieces.
There
are
role
windings
or
some
permissions
that
you
need
service
account
to
be
able
to
run
the
API
server
service
to
expose
it
and
the
only
other
and
there's
a
replication
controller.
Creating
a
pod,
simple
launch,
an
image,
odd
and
then
an
API
service
object,
and
this
is
how
you
can
tell
the
aggregator.
E
E
But
right
now
it
requires
dns,
and
so
I
will
just
set
that
up
for
free
x,
103,
so
hand
wave
on
dns,
but
imagine
that
it
actually
works
local
cluster
up
doesn't
actually
do
do
you
have
yeah,
it
doesn't
and
it
a
hot
issue.
So
so
now
there
we
go
blenders.
No
new
resources
exist.
Well,
I
really
want
much
wonder
so.
I
am
going
to
create
one
and
I
have
a
simple
funny
resource
that
you
can
see
here.
G
E
Don't
see
dependency
management
as
something
that
is
going
to
be
so
late.
Aggregator
I
think
that
dependency
management
is
actually
a
general
problem
for
anyone
trying
to
create
any
application
on
the
system
right
if
you
have
at
one
and
it
relies
on
that
too,
you
have
to
coordinate
their
install
and
get
some
configured.
This
is
just
a
particular
case
of
again
a
nap,
so
the
aggregator
will
aggravate
the
api's,
but
it
will
not
show
you
enforce
it.
A
tendency
change
for
you,
yeah.
A
A
E
Today,
today
already
we
have
delegated
authentication
and
authorization
ap
odds.
These
are
api's
that
if
you
had
the
permissions-
and
that
was
one
of
the
role
bindings
that
I
created-
if
you
have
the
permission
and
if
this
particular
role
will
grant
it
to
you,
you
can
determine
what
user
or
user
a
token
corresponds
to,
and
you
can
determine
whether
a
particular
subject,
a
user
group
tuple,
is
allowed
to
perform
an
action.
So
the
combination,
if
those
allows
you
to
terminate
authentication,
we
also
publish
a
config
map
inside
of
cube
systems.
E
That
indicates
non-confidential
information
used
to
configure
authentication,
so
client
certificate
CA
as
a
for
instance.
So
you
can
terminate
that
for
yourself
as
well
inside
the
blue
line
case.
Let
me
bring
that
back
up
here
inside
the
blue
line
case.
The
aggregator
server
actually
terminate
authentication
for
you.
We
have
to
because
it's
actually
terminating
the
TLS
connection,
so
it
terminates
user
information
and
acts
as
a
front
property
to
the
backing
API
server
and
again
in
code.
We
have
a
simple
little
one
liner.
That
allows
you
to
add
a
trust.
E
E
D
E
There
are
currently
it
takes
normal
flags
right
in
short
answer.
It
takes
exactly
the
same
flags
as
you
would
expect
for
the
queue
API
servers
dashed.
Asus
eee
servers,
dash
dash,
I
am
cert
and
all
that
kind
of
connection.
What
that
means
is
that
you
can
actually
wire
it
up
so
that
it
speaks
to
the
single
SPD.
E
If
you
want
to
add
a
share,
an
SPD
with
your
API
server
or
you
would
be
able
to
create
your
own
SED
with
a
persistent
volume
and
saved
at
that,
and
there
are
thoughts
about
further
extending
it,
as
we
can
actually
use
a
resource
in
the
cube.
Api
server
restore
your
data,
but
right
now
not
hold
that
slogan.
Sweet.
E
Basic
auth
has
been
discouraged
since
10
it.
It
has
issues
with
CSRs
attacks
and
it
it's
difficult
to
get
right
off
for
people
trying
to
use
it.
We
haven't
sig,
often
preferring
tokens
for
a
very
long
time,
so
there
is
not
an
easy
way
to
terminate
basic
off.
This
does
not
make
it
impossible
to
turn
air
base
it
off.
If
you're,
too
gay
p
on
server
terminates
basic
month,
then
your
extension
API
server
when
access
down
the
blue
path
can
use
it.
I
David:
yes,
what
if
people
want
to
be
able
to
allow
delegate
responsibility
for
registering
aggregate
API
servers
where
they
don't
ever
want
credentials
to
be
forwarded,
because
we
trust
people
to
run
services?
We
don't
trust
them
to
handle
credentials.
Can
we
go
now
configure
the
API
server
to
say
never
foreign
credentials,
the.
E
I
E
I
I
mean
unless
there's
if
there
are
some
valid
use
cases
for
clients
that
send
credentials
directly,
the
back
ends
it's
kind
of
hard
to
prevent
people
from
using
those
in
our
own
cases
right.
So
either
the
system
should
I,
don't
know
if
it's
kind
of
an
attractive
nuisance
of
the
discovery
sometimes
tells
you
where
to
send
stuff
and
some
clients
do
that.
G
Ever
the
quick
question
about
name
handler-
and
it
occurs
to
me
that
if
you
have
multiple
parties,
developing
API
extensions,
they're,
potentially
going
to
end
up
running
into
naming
conflicts
like
you
know,
whatever
your
thing
was
called
a
rumble
or
something.
Somebody
else
is
also
developing
a
different
thing
called
a
crumble
and
map.
Is
there
any
thinking
around
how
to
avoid
that?
That's.
E
Actually,
a
problem
that
we
introduced
into
our
API
server
by
adding
API
groups
when
we
added
a
piano
groups,
we
explicitly
added,
we
said
that
they
should
be
dns
qualified
names.
So
you
know
canadian
escaped
io
to
end
its
roots,
and
so
it
has
authorizations
up
case.
I
am
open
shift
as
/
Chappell
everyone
else.
It's
like
Java
packages
when
an
API
server
host,
multiple
resources
that
have
the
same
name
we
actually
have
opted,
opens
the
clients,
since
13
ish
the
ability
to
use
discovery
to
deconflict
partial
name
matches.
E
G
A
Think
we're
good
on
questions,
so
thank
you
so
much
David
EADS
and
daniel
Smith
I
found
out
what
your
last
name
is:
Daniel
and
and
yeah.
Thank
you
so
much
for
that.
So
everybody
come
out
of
that
a
youtuber
Nettie's
load
and
take
a
breath
cuz
we're
going
to
move
up
a
little
bit
and
talk
cipd.
So
at
this
time
I'll
hand
it
over
to
David
Iran
chicks,
to
share
with
us
some
of
his
boss
around
the
state
and
the
future
of
cipd
and
kind
of
ask
a
few
questions
and
and
leave
this
conversation.
J
J
You
can
get
I,
don't
think
that
you'll
get
through
one
hundred
percent
due
to
the
way
that
community
still
requires
either
a
hosted,
docker,
repo
or
container
Rico,
and
some
cert
verification
things
like
that.
But
I
think
that
most
folks
are
okay.
With
that.
I
put
together,
I've
had
many
conversations
around
this
through
the
community
and
I
put
together
a
very,
very
early
draft
about
what
what
the
steps
are
that
are
involved
here.
J
The
the
pattern
that
I
would
like
to
go
through,
that
we
engage
with
everyone
lift
in
the
community
and
make
it
a
very
community
driven
process
very
similar
to
the
one
that
we
went
through
with
Cooper
Nettie's,
the
hard
way
around
setup,
and
this
would
be
Cooper
Nettie's.
You
know
cice
the
hard
way
where
the
steps
look
like.
First,
we
identify
all
the
opinionated
steps
we
want.
You
know
when
it
comes
to
being
a
best
practice.
J
Second,
we
identify
how
one
might
Solis
solve
those
in
two
ways:
either
one
that
hosted
path
or
to
the
non
hosted
path
with
very
clear
documentation
and
three
we
establish
as
part
of
that
process.
Now,
actually,
you
know
the
steps
between
three
and
six
are
actually
super
broken.
You
know,
there's
something
we
can
do
in
the
core
project
that
might
make
that
easier.
J
This
I
should
should
have
started
out
by
saying
all
of
this
is
one
hundred
percent
outside
of
core.
You
know
we
don't
have
a
cig,
you
know
we
don't
have
any
kind
of
special
working
group
or
anything
like
that.
We
may
decide
to
spin
one
up
as
a
group,
but
I
don't
want
to
come
in
and
dictate
that
from
the
top,
if
we
say
geez.
Actually,
this
is
something
that
we
need
masses
work
on
and
constant
attention.
We
could
spin
up
something
like
fig
big
data
or
something
similar,
but
really
just
from
the
ground
up.
J
You
know
the
deliverable
at
the
end
of
this.
Is
we
have
these?
You
know
we
have
a
very
high
level
pass
kind
of
a
single
page
documentation
that
says
hey
if
you're
rolling
up
to
production
if
you're
building
applications
that
run
on
community.
This
is
a
path
to
go
through
to
do
it,
and
here
are
two
blessed
helm,
charts
to
spin
up
and
start
and,
at
the
end
of
you
know,
helm,
install
foo
or
Helmand
star
stall
bar.
You
have
an
endpoint
that
targets
a
coup,
benetti's
cluster.
So
that's
the
high
level.
J
The
entire
point
of
this
conversation
is
just
to
let
everyone
know,
get
feedback
to
the
the
paper
that
I
put
out
on
Friday
and
it
was
fairly
recent.
But
if
everyone's
okay
with
that
I'd
like
to
talk
about
the
same
thing
at
the
community
meeting,
either
this
thursday
or
one
coming
up.
If
we
still
feel
like,
we
have
a
lot
of
to
discuss
and
then
immediately
move
forward
to
starting
to
implement
and
divvy
up
and
take
volunteers
to
help
improve
or
or
at
least
that,
the
different
steps.
Any
questions.
G
You
me
against
the
choice
to
make
a
distinction
between
hosted
and
on
prem
deployments
central
reasonably
central
to
the
communities.
Messages
is
portability
in
your
application,
can
move
between
installations
of
Cuban
Eddie's
fairly
painlessly,
and
there
are
obviously
cases
where
that
is
not
true,
but
for
the
most
part,
those
are
seen,
as
you
know,
lack
of
particular
features
on
particular
platforms
rather
than
fundamental
terms
of
design.
J
Sorry,
let
me
let
me
clarify,
hosted
and
not
hosted
in
that
case
actually
refers
to
the
CIC
d.
Cooling
rabid
am
the
actual
Cooper
Nettie's
installation.
So
what
what
you
see
in
the
community
is
they're
basically
two
sets
of
very
common
patterns
out
there.
One
is
I'm
going
to
run
and
host
Jenkins
myself.
It
needs
to
stay
in
the
balance
of
my
enterprise
and
I'm,
happy
with
that
and
2
I'm
going
to
use
a
hosted
service,
something
like
shippable,
google
cloud
builder
amazon
builder,
something
outside
of
my
organization.
J
Technically,
there
should
be
very
little
difference
here.
Most
of
them
subscribe
to
the
same
api's
and
so
on
and
so
forth.
I
just
wanted
to
have
two
template
proof
of
concepts
for
people
who
were
deciding
and
who
had
already
made
an
internal
decision
that
you
I'm
going
to
host
and
manage
this
myself,
or
this
is
something
that
I
want
to
use
external
service
for
you.
G
J
I,
a
thousand
percent
agree-
and
you
know
in
some
fantastic
future
world
without
dictating
any
form
of
the
ultimate
solution
that
we
come
up
to
here.
You
could
imagine
a
single
llamo
file
that
in
fact
was
detailed
with
the
whatever
13
steps
that
we
identify
in
it
in
each
step.
You're,
given
a
pony
Eric's
me
an
endpoint
come
from
credential
or
whatever
is
necessary
in
order
to
take
that
off.
J
You
know
in
the
dream
world
you're
able
to
swap
one
of
those
steps
out
for
anything
that
you
arbitrarily
choose.
So
if
you
say
well
previously,
I
was
using
a
custom,
bash
script
and
daugher
to
build
locally,
and
now
I'm
going
to
switch
and
go
to
you
know
Antoine's
container
builder
or
k
or
whatever
you
know
off,
you
go,
and
you
just
swap
out
that
one
step
in
order
to
accomplish
that.
K
J
I
I
mean,
to
be
honest,
I
think
this
is
up
to
us
to
somewhat
have
a
conversation
around
it.
I
love,
helm,
I,
love
what
the
people
have
done
with
it
and
as
a
packaging
system
for
deploying
applications,
I
think
it
solves
a
number
of
different
problems.
You
know
upgrading
versioning,
multiple
dependencies
and
things
like
that,
and
those
are
things
that
we're
never
going
to
solve
in
the
core
product
intentionally
right.
So
to
that
end,
I
would
like
to
see
it
there.
J
But
you
know
at
the
end
of
the
day,
I'm
a
product
manager
and
I
really
want
to
represent
the
customer
rather
than
the
ultimate
goals,
so
I'd
love
to
chat
with
whoever
decided
to
pick
up
that
particular
staff,
the
you
know
you
have
a
built
artifact
and
you
want
to
push
up
to
production,
chat
with
them
and
say
well.
This
is
what
they
want.
You
know,
and
and
as
we
have
that
conversation
they
say
well,
we
can
accomplish
this
via
home
or
actually
it's
better
to
have.
J
You
know
separate
artifacts
for
whatever
reason
and
go
from
there
I'm
really
trying
to
stay
away
from
those
direct
opinions.
If
those
appear
boo,
if
the
Dodge
meant
came
off
that
way,
that
I
I
had
an
opinion
about
exactly
what
tool
we
use
to
accomplish
this,
that
is
merely
an
artifact
of
me,
throwing
together
what
I
already
knew
and
and
at
each
one
of
those
steps,
I'd
love
to
bubble
it
up
and
make
it
slightly
more.
Generic
right.
K
Okay,
okay,
because
my
experience
with
customers
is
that
they
feel
the
town
is
really
imposing
in
terms
of
overflow
and
yeah
they're.
Sometimes
what's
really
ready
for
it.
So
it
would
be
great
to
have
a
process
that
does
nothing
to
tell
and
maybe
another
one
that
does
and
maybe
mature
towards
home
step
by
step.
J
A
J
J
So
that's
number
one
number
two
please
dive
into
the
document
help
me
make
it.
You
know
again
similar
to
that
Cooper
Nettie's
the
hard
way.
What
are
the
steps
that
we
feel
like
are
the
right
things
here
if
there
are
spots
where
it
feels
like
well,
you
know
this
is
your
starting
to
let
implementation
details
lead
through,
let's,
let's
pop
try
and
pop
those
out
as
quickly
as
you
can
and
then,
as
as
we
go
through
this
process
as
a
you
know,
both
now
and
next
into.
J
You
know
that
a
community
meeting
where
I'd
like
to
talk
about
this,
please
raise
your
hand
and
we'll
form
an
email
list
or
something
similar
and
potentially
get
together.
Some
conversation
around
this
I
know
there
are
a
number
of
different
solutions
out
there
right
now
that
might
be
pretty
close
to
what
we're
looking
for
and
I'm.
Okay,
even
just
picking
up
one
of
those-
that's
perfectly
okay
as
well
as
long
as
you
have
the
supported
documentation
and
it's
easy
to
set
up
through
Hellman
and
other
things.
J
So
my
my
next
step
would
be:
let's
collect
the
people
who
actually
care
about
this.
Let's
get
everyone's
opinions
in
the
doc.
Look
at
a
minimum,
those
that
are
in
Berlin
for
cube
con
meetup
talk
about
this,
but
one
sweet
we've
gone
through
the
community
once
everyone
feels
like
okay,
I
have
a
rough
back
on
what
this
thing
looks
like
I'd
love
to
start
their
being
up
work,
and
you
know
CC
wants
to
take
on
left.
A
A
Okay,
great
so
I
know,
mondays
are
always
hard,
but
this
one
was
especially
hard
because
of
the
time
change,
so
I
appreciate
y'all
clicking.
What's
up
with
us,
for
these
two
important
discussion,
I'll
send
out
an
email
with
the
announcements
that
we
had
at
the
beginning
of
of
this
conversation
and
we'll
see
you
next
week.