►
From YouTube: Kubernetes sig-aws 20190222
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone,
it
is
Friday
February,
27th
I
am
your
host.
This
is
the
gate
of
Eos
I.
Am
your
host
and
moderator
facilitator
I,
just
in
Santa,
Barbara
I
work
at
Google
a
reminder.
This
meeting
is
being
recorded
and
will
you
put
on
the
internet
and
please
be
mindful
of
our
code
of
conduct.
We
have
a
couple
of
things
on
the
agenda.
Excitingly.
A
We
have
a
demo
of
the
ada
bus
service
operator
from
chris
hein,
which
we'll
get
to
in
just
a
second
I
just
want
to
do
a
quick
up
at
the
agenda
in
a
link
in
the
chat.
Rather,
if
people
do
want
to
add
things
to
that,
please
do
so.
I
just
want
to
add
a
quick
couple
of
service
announcement,
which
is
we
do
have
our
AWS
ete
testing,
the
kubernetes
a
to
us
e
to
e
testing
back
up
again.
A
So
thank
you
to
everyone
that
made
it
happen
at
AWS
and
and
we're
also
made
that
happen
really
appreciate
it.
And
so
yes,
we
are
back
in
business
in
terms
of
merging
lots
of
PRS
into
everything
and
I
think
we
are
going
to
make
as
I
understand
it.
We're
gonna
make
the
tests
we're
not
going
to
have
them
run
on
every
PR,
but
we
are
gonna,
have
them
run
after
every
merge
is
I,
think
the
current
goal
and
and
they
will
be
made
blocking
so
that
in
theory,
they're
released.
We
might
happen
with
that.
A
B
Operator
yeah,
absolutely
so,
for
those
of
you
that
don't
know
the
ADA
be
of
service
operator,
its
goals
are
to
make
it
easier
to
actually
manage
AWS
infrastructure
using
community
series
as
it
currently
stands.
The
projects
in
an
alpha
state
was
released
in
October
of
last
year
and
we've
been
pretty
much
just
working
on
adding
new
features
to
it.
I'll
show
you
a
quick
run-through
of
where
it
is
today
and
then
I'll
talk
about
where
it's
gonna
be
pretty
soon
see.
If
I
can
get
my
screen
coming
up.
B
Can
you
see
my
ID
awesome
so
currently
what
you
can
actually
do
with
the
ADA
be
of
service
operator?
Is
it
manages
multiple
CRD
types?
So
if
we
do
okay,
yet
here
are
these
you
can
see
in
here
the
current
version
of
it
manages
confirmation,
templates,
DynamoDB,
ECR
repository
ElastiCache
instances.
The
eni
configs
is
standard
in
unique
s
cluster,
and
then
we
have
the
s3
buckets.
B
Sns
subscriptions
topics
and
queues,
and
the
goals
here
are
really
to
get
down
to
the
lowest
level
of
AWS
constructs
so
that
it's
very
similar
to
the
way
that
we
build
kubernetes
in
itself.
So
you
can
reference
other
resources
by
their
actual
kubernetes
names
instead
of
referencing
things
like
AR
n,
so
I'm
really
abstract
away
the
the
the
more
underlying
details
of
AWS
infrastructure
and
in
this
example,
what
I
have
is
a
sample
application
and
it's
three
different.
Three
different
manifests
all
in
one
single
file
and
it's
really
simple.
So
we
basically
have
a
dynamodb.
B
We
have
a
service
and
then
we
have
a
deployment
and
the
DynamoDB
resource
is
the
CRT
that
we're
gonna
actually
be
deploying
and
behind
the
scenes,
what
happens?
Is
we
need
to
play
this?
The
operators
listening
for
those
C
or
D
types,
and
we
automatically
provision
a
CloudFormation
template
which
goes
and
creates
the
resource
for
you,
which
also
gives
us
a
nice
way
of
actually
handling,
updates
and
updates
of
that
stack
as
well
long
term
I
want
to
integrate
some
of
our
our
drift
functionality
that
we
added
into
CloudFormation.
B
So
we
can
actually
keep
bi-directional
and
keep
everything
in
sync.
Now
the
service
is
just
standard
load,
balancer,
I've,
already
provisioned
that,
because
it'll
take
a
couple
of
seconds
or
a
couple
of
minutes
actually
come
up
and
be
alive,
and
the
last
thing
is
just
a
very,
very
basic
application
going
application
that
is
referencing
a
specific
key
map
config
map
and
that
config
map,
as
you
notice,
isn't
actually
in
this
manifest
it's
actually
created
by
the
operator,
so
that
we
can
have
a
very
lightweight
dependency
dependency
tree
between
CR
DS
and
the
pods.
B
B
Technically,
as
the
scheduler
look
we'll
be
looking
for
the
actual
config
map
and
then
after
that,
the
actual
resource
gets
provisioned
in
AWS
I
get
a
notification
using
an
SQL,
cue
and
I
will
actually
flip
over,
go
and
grab
the
outputs
on
the
CloudFormation
template
and
write
those
to
the
config
map,
then
allowing
the
pod
to
boot.
So
you
never
have
an
application
in
a
state
where
it's
constantly
restarting
while
trying
to
connect
to
a
data
store.
B
And
while
this
processes,
what
we
can
actually
do
is
I
have
a
full
update
life
cycle,
so
you
can
say
ax
dynamo,
oh
yeah,
W
and
you
can
actually
see
the
events
as
they
come
through.
So
this
create
in
progress
looks
very
similar
to
anybody.
That's
worked
with
confirmation
of
a
floor.
That's
just
the
status
coming
directly
from
CloudFormation,
as
well
as
the
stack
ID
and
the
status
that's
actually
being
reported.
So
we
can
basically
just
sit
here
and
watch
this
process,
but
I'm
gonna
flip
over
and
show
the
pod
as
well.
B
And
you'll
see
that
that's
in
a
creek
container,
config
error
state
so
going
back
to
here,
I'll
wait.
So
it
looks
like
that.
Actually,
just
flipped
over
to
create
complete
so
now
I
can
actually
say:
go
look
for
the
config
Maps,
okay,
okay,
cm
and
now
you'll
see
that
there's
config
map
in
there
and
if
we
go
and
get
the
pods
again,
we
should
see
that
the
pod
came
up
and
it's
a
running
state
and
the
load
balancer
that
I
provisioned
beforehand.
It
wasn't
routing
well
eventually
after
it
finally
goes
through
its
full
cycle
there.
B
It's
really
basic
so
like
the
this
application
is
just
a
really
simple
implementation
of
it.
There's
ways
that
we
can
use
this
and
I
have
another
demo
that
actually
goes
into
deploying
an
s3
bucket
as
a
static
website,
so
you'd
never
have
to
actually
do
a
static
file
store.
You
go
and
actually
deploy
a
static,
s3
bucket
as
a
website.
You
use
a
kubernetes
job
to
then
hydrate
that,
with
with
like
HTML
pages,
you
can
configure
those
to
connect
directly
and
like
these
load
balancers
that
you're
you're
connecting
together
and
it
creates
this.
B
A
That's
an
awesome
demo,
just
FYI,
we
couldn't
see
the
website
at
the
end,
but
I
presume
it
said
hello
world
or
something
like
that
is
we're
just
looking
at
the
IDE,
but
that
is
that
is
really
cool.
I
have
I,
don't
know.
If
anyone
else
has
any
questions.
I
have
one
question
behind
there.
We
are
sorry
about
that.
A
There
we
go
very
cool
I,
have
one
question
which
is
config
Maps,
and
should
we
try
to
make
it
I
guess
I
guess
it
was
quite
so
I
liked
the
way
that
that
the
conflict
map
meant
that
the
pod
that
didn't
start
until
the
config
back
was
ready,
but
it
is
a
bit
of
a
pain
to
have
to
like
refer
to
some
other
objects
and
I'm
wondering
if
we
should
make
it
possible
to
refer
to,
like
your
your
CRD
itself.
We'll
see
are
the
instance
of
this
here
of
yourself,
yeah.
A
It's
definitely
worth
thinking
about
I
think
it
might
be
a
API
Machinery
question
it's
more
like
is
this
gonna
be
a
common
use
case
that,
like
happens
a
lot
and
should
we
should,
we
think
about
it,
but
it
I
did
actually
I
think
we
would
lose
the
great
thing
you
have
there
where
it
doesn't.
The
pod
is
in
that
that
state
I'd
never
seen
before
container
something
created,
fake
error,
yeah.
That
was
great
okay
surface.
The
error
nicely.
That
was
awesome.
B
It
isn't
interesting,
it's
an
interesting
state
because
you
can
also
because
we
also
have
it
so
that
it
can
do
that
with
secrets
as
well,
so
pretty
much
any
of
those
any
of
those
kind
of
referenceable
resources
Oh.
What
I
didn't
also
talk
about
was
where
it's
going.
This
is.
This
is
also
a
big
thing
for
right
now,
I'm
heavy
until
development
of
this
time.
She
can
share
my
screen
again
because
I
have
something
to
show
here
what
I've
been
doing.
Is
we
have
a?
Can
you
see
cloud?
Nine
again
quote:
we
can
yes,.
A
B
Okay,
so
what
I've
been
working
on
currently
is
actually
going
back
in
code
generating
all
of
our
CloudFormation
resources.
So
we
have
a
public
cloud
formation,
spec
that
loops
through
every
single
resource,
and
it
pretty
much
describes
how
the
cloud
formation
templates
look
like,
and
so
what
I've
done
is
I've
gone
through
and
I
actually
have
all
of
the
series
generated
for
it,
which
gets
really
crazy.
B
So
this
is
gonna,
be
a
really
interesting
case,
long-term
to
figure
out
how
C
or
D
is
actually
scale,
because
it's
about
three
hundred
and
forty
five
different
resources
all
being
exposed,
and
so
the
new
version
of
this
is-
is
getting
a
lot
of
new
features.
So
I
was
mentioning
that
we
have
new
ways
of
actually
referencing
objects.
What
I've
done
is
I've
modeled
it
after
the
way
that
we
do
config
Maps.
So,
for
example,
in
this
resource,
this
is
a
API
gateway
account
specifically
and
in
the
API
gateway
accounts.
B
You
have
a
cloud
watch
role
that
you
usually
would
reference
by
an
AR
n,
but
what
I've
done
is
I've
made
it
so
that
you
can
pass
in
manually
an
air
and
representing
the
the
physical
resource
that
you've
created
outside
of
this
or
what
we
have
is
we
have
cloud
watch
rolled
references
and
those
represent
similar
to
what
we
do
with
config
maps,
where
you'll
pass
in
a
name
and
a
name
space,
and
it's
going
to
be
able
to
find
the
actual
resource
based
on
the
outputs
of
those
stacks
and
you'll.
See
in
here.
B
Just
in
this
seared
DS
list
you'll
see
we
have
like
all
of
the
different
kind
of
group
names
and
then
under
each
one
of
them,
there's
anywhere
from
1
to
22
resources
for
each
individual
type.
So
I've
been
really
I've
been
really
interested
in
seeing
where
this
is
gonna
go
from
a
scalability
perspective
on
the
actual
API
server.
Have
you
have
you
tried
loading
them
and
what
happened
loading
them
is
fine.
I
haven't
tried,
putting
any
pressure
on
it
and
I.
B
Don't
have
the
actually
like
the
operator
code
is
what
I'm
working
on
pretty
much
today
through
next
week,
yeah
so
for
right
now,
when
you
load
them
in
it's
nothing,
no
big
issues,
you
can
go
and
create
resources
against
it.
It's
not
a
problem.
It's
not
that
slow
listing
them
is
quite
slow,
though.
So,
if
you
do
like
get
C
or
DS,
it
takes
a
probably
about
15
seconds
to
load
all
of
them.
That's
the
price.
No
one
I
want
it.
I
want
to
dive
more
into
that
and
see
what
what's
going
on.
B
I'm
yeah
absolutely
sure
it's
something
like
that
and
I
think
this
is
a
good
test,
because,
with
all
the
conversations
that
we
had
it
like
keep
gone
ma
about
getting
moving
core
functionality
out
of
tree
I
think
this
is
a
good
use
case
where
it's
like.
Let's
put
a
lot
of
pressure
on,
you
found
those
CDs
we
can
handle
and.
A
B
Treating
CloudFormation
that's
like
a
pseudo
scheduler
and
then
every
single,
the
actual
update
lifecycle,
happens
because
I
every
single
resource
has
a
an
SMS
topic
and
then
I
have
sqs
subscribing
to
those
and
every
single
event
goes
through
that
that
that
queue
system
and
so
in
kubernetes.
If
you
do
keep
cuddled
get
or
queue
cuddle
of
get
events
on
a
specific
resource.
You
can
actually
see
all
of
the
individual
stack
events
as
well,
so
you
never
have
to
go
through
and
load
up.
The
AWS
console.
B
B
A
Awesome
we're
looking
forward
to
that.
That's
that's
really
great.
Thank
you.
Thanks
Chris
I
think
we
have
a
proposed
demo
from
Alex
10th
infer
in
our
backlog,
which
I'm
guessing
he
wants
to
demo
the
or
he
or
she
I
guess.
I
wants
to
know
with
the
aid
of
us
either.
Eks
cluster
controller
looks
like
it's
open
sourced
from
AWS
labs
on
github,
so
I
guess.
We
will
schedule
that
for
next
for
two
weeks,
unless
anyone
has
anything
else,
they
propose
instead
he's
going
on
vacation.
A
Maybe
later,
but
yes
at
least
you
add
things
that
you
would
like
to
demo
like
that
wonderful
demo
I'm
not
sure
what
will
live
up
to
that,
but
that
was
that
was
a
great
way
to
go,
started
thanks,
Chris
and
add
demos
to
the
backlog.
Anything
relating
to
a
divorce
is
great.
Thank
you.
So
much
and
all
right.
We
have
three
more
items
on
the
agenda.
We
have
node
named
as
the
internal
idea
instead
of
the
internal
IP,
and
then
we
have
an
issue.
C
Mike
yeah
I'm
submitting
to
G
sock
projects
I
wanted
to
see
if
anybody
has
any
ideas,
as
we
discussed
last
time
forcing
it
up.
Yes,
any
missing
feature
that
you
want
to
propose,
but
I
have
two
ideas
on
the
testing
side
of
things
and
for
existing
sub
projects,
and
also
the
I
am
authenticator.
Some
pieces
are
missing
there,
so
I
will
be
submitting
ug
some
apps
today.
The
last
date
is
today:
I
just
wanted
to
see.
If
anyone
else
has
any
ideas.
A
C
So
it's
an
internship
opportunity
for
other
people.
You
get
the
opportunity
to
mentor
these
interns
as
well,
but
if
you
guys
have
any
ideas
by
end
of
day,
just
send
me
the
thought
of
what
you
could
do
or
what
could
be
an
idea
that
we
could
offer
and
the
other
thing
was
I
gave
a
community
update
yesterday
on
all
of
the
projects
that
will
go
out
and
1.14.
C
A
Right,
thank
you
machine
guess,
I,
I,
totally
spaced
and
forgot
that
me.
Thank
you,
sir.
Thank
you
alright
and
then,
like
initially
and
then
the
item
no
I
skipped
over
because
I
sensed
it
might
be
a
little
longer,
is
a
discussion
about
Mike.
Do
you
want?
Do
you
want
to
kick
us
off
on
this
one
yeah
looking.
D
Looking
at
the
issue
that
you
listed,
it
might
be
a
different
issue.
The
one
that
was
raised
I
think
two
weeks
ago
now
was
the
cloud
provider
has
some
some
strong
assumptions
about
the
nodes
that
it
finds,
use
the
private
DNS
name
in
the
AWS
content
in
the
address
API,
as
assigned
by
the
VP
C's
internal
DHCP
server,
which
totally
breaks
people's
workflow
when
they're
running,
like
private
custom,
DHCP
option
sets
where
they're
assigning
different
DNS
servers
and
then
are
getting
different
host
names
than
what
the
VP
see
gave
them
or
RSI
or
manually
overriding.
A
Think
it's
not
related.
Yes,
I
think
there
is
supposed
to
be
code
in
there
they're
supposed
to
look
at
the
DHCP
options
and
deal
with
it,
but
I,
don't
know
whether
it's
certainly
overriding
the
node
name
directly
will
will
cause
us
to
fail.
The
okay,
sir,
come
on
sorry.
Sorry
go
ahead,
we're
just
gonna,
say
the
original
original
reason
why
this
was
there
is
because
the
node
name
had
to
be
routable
anyway
in
the
like
long
time
ago.
A
Guess,
there's
there's
like
two
steps
right,
there's
the
I:
let
users
run
the
instanceid
instead,
which
actually
might
be
easier
and
then
there's
we
don't
care
about
the
node
name
at
all.
We
can
actually
just
go
and
like
like
look
at
the
like
figure
it
out
from
the
node
object,
which
has
the
instance
ID
baked
into
it.
I
think
theory
could
have.
A
Let's
do
a
look
at,
but
yeah
so
like
I
did
I
did
one
PR
where
I
changed
one
of
the
methods
that
I
knew
to
be
tricky
just
for
a
sort
of
discussion
of
this
issue
where,
if
we
wanted
to
pass
a
node
object
around
to
the
problem,
the
biggest
barrier
is
the
persistent
volume
controller
which
runs
on
the
master
and
talks
in
terms
of
nodes,
and
you
can
see
that
it's
it's
bad,
but
it's
not
that
bad,
it's
not
as
bad
as
I.
Remember
it
being
so,
we
could.
A
D
Yeah
I
think
from
from
a
making
it
more
bulletproof
on
our
side
in
on
the
side
of
the
cloud
provider.
I
mean
the
instance
idea
is
the
best
thing
for
us
to
use,
but
passing
the
node
object
is
probably
the
right
code
interface
to
do
it
I
just
poked
at
the
code
a
little
bit
more
and
it
does
use
the
node
registration.
The
node
controller
side
of
that
also
needs
that
private
DNS
name
so
I
kind
of
have
to
clean
up
that,
but
I
think
you're
I.
A
A
A
Don't
think
it
would
be
supported
to
use
an
arbitrary
node
name
on
on
GCE
either,
but
it's
sort
of
less
of
a
big
less
of
a
concern.
I
guess,
because
the
node
name
is
a
or
the
name
of
an
instance
is
a
primary
concept
on
GCP.
Where
is
on
AWS?
It
is
more
flexible,
I
guess,
you'd
say,
and
it's
just
a
tag
right.
You
have
that
instance
ID,
and
then
you
have
tags
for
whatever
you
want
and
that.
D
C
A
My
guess
is,
it
would
be
the
same
thing
as
I
did
where
in
particular
like
PVCs
would
would
break
because
they
refer
to
the
node
name.
They
pass
that
in
and
they
say
mount
this
volume
on
this
node
name
and
the
GCE
cloud
provider
would
go
and
try
to
resolve
that
node
name
with
an
instance
lookup
and
it
would
be
like
I,
don't
know
what
this
node
a
miss.
My
guess.
E
D
You
don't
the
problem
as
exists
today
is
if
you,
if
you're
using
anything
except
the
default,
V
PC
configuration,
then
you
break
those
private
dns
names,
the
cubelet
detects
the
host
damage
you've
overridden.
It
cannot
do
the
describe
instance
called
AWS,
because
it
assume
it
tries
to
use
that
as
the
private
dns
name,
that
AWS
wants.
The
one
on
AWS
disagrees
with
the
one
that
you've
overridden.
So
it
does
break
everything.
That's
the
same
for
entry
and
out
a
tree.
D
The
short
term
solution,
if
you
run
into
this
problem
that
I
did
end
up,
testing
is,
if
you
start
the
cubelet
with
the
node,
the
node
name,
overwritten
I
forget
the
exact
name
of
the
flag,
but
it
might
be
like
node
override
and
also
the
node
IP
overridden
to
the
primary
IP
of
the
instance.
Everything
just
works,
it's
an
ugly
hack
and
you
have
to
do
it
on
the
the
cloud
controller
manager.
You
have
to
do
on
the
API
server.
C
D
A
D
A
One
of
the
things
that
I'm
not
sure
how
this
interacts
with
is
there
is
a
move
to
not
trust
the
not
not
not
trust
the
qiblah
but
minimize
the
security
trust
in
the
cubelet
and
so
not
allow
the
cubelets
to
have
specified
taints,
for
example,
and
I,
don't
know
whether
we
would
allow
the
cubit
to
specify
its
instanceid
or
its
name
or
anything
in
future
I'm
gonna
guess
we
would
but
I
I,
don't
know.
So.
That's
that's
TBD,
I
guess
now.
D
A
A
D
D
A
Think
if
there's,
if
there's
particular
context
in
any
issue
that
is
important
not
to
lose,
which
I
I
don't
think
I'll
be
the
case
here
is
if
that
is
the
case
for
like
some
of
those
weird
like
bugs
where
something
doesn't
behave
right,
but
in
this
sort
of
case
I
think
we
pretty
much
understand
it
and
we
can
close
and
put
a
like
crea
number
of
that
issue
close
it
link
them
and
be
like.
If
you
have
any
context,
you
think
it's
important,
please
do
copy
it
over
sweet.
Thank
you,
Mike.
A
All
right.
We
have
another
item,
our
agenda,
trying
the
it
sounds:
scary,
undocumented,
EBS
volume,
ID
format,.
E
Yeah,
so
rush
of
undocumented
is
a
best
way,
but
at
least
this
is
some
problematic
idea.
I
noticed
during
CSI
migration,
because
I
brought
up
up
in
the
sixth
Orage,
but
seems
because
of
this
whole
driver
essence
gonna
be
come
out
of
tree
and
actually
I
Castle
s
attention
from
the
six
storage
and
also
got
some
comments
from
Yamaha
moans
on
the
issue.
So
I
want
to
bring
up
on
sick
in
the
rest
to
see
if
you
guys
hanging,
have
any
opinions
on
this.
Basically,
it's
like
for
the
volume
persistent
volume.
E
There
are
two
ways
we
can
specify
the
volume
ID
one
is
using
a
tradition
like
EBS
volume
ideas.
It
is
and
other
ways
like
prefix
with
AWS
called
Karma,
slash
things
like
that,
which
is
from
Parramatta
key
in
the
sense
that
it's
going
to
be
interpreted
as
a
pass
on
a
file
system.
So
that's
actually
their
actual
directory
is
gonna,
be
created
like
there's
gonna,
be
a
SS
directory
which
gonna
be
created
under
the
couplet
plugging
like
a
parent
directory
somewhere,
which
is
sounds
scary
and
I,
wanted
to
know.
E
What's
the
history
about
this,
why
this
is
being
created
this
way,
I
just
haven't
seen
this
happening
other
drivers
and
also,
as
they
are
named
people
using
it
or
like
how
do
you
guys
think
close
the
door
more
like
cuz
front
of
migration
perspective
I
talked
to
David
seems
that's
not
at
least
from
his
point
of
view.
That's
another
concern
for
migration,
so
I
think
that's
something
we
need
to
make
a
decision
on
the
cicada,
a
double
side.
A
As
I
recall,
there
was
a
reason
why
we
cared
about
the
zone
I
think
back
in
the
day,
and
so
that's
why
this
syntax
is
designed
to
be
able
to
get
the
zone
in
there.
I
don't
remember
the
details.
I
will
have
a
look
at
the
issue.
It
yeah
CSI
migration
is
definitely
going
to
be
challenged
like
it's
a
big
topic
and
yeah.
This
I
would
I
can't
imagine
anyone
who's
using
it,
but
we
have
to
maintain
compatibility,
I.
Think
I
will
I
will
read
the
issue.
I,
don't
think.
E
That's
the
tricky
part
actually
like
at
least
given
my
testing
without
its
own.
Just
that
idea
itself
works
for
just
because
of
the
dynamic
provisioning
actually
taking
this
so
long
as
a
default
format.
So
ever
ever
uses
dynamic,
provisioning
gonna
be
getting
to
this
issue
and
I'm
speaking
of
the
actual
kubernetes
upgrade
I'm
running
how
hard
people
usually
doing
this
couplet
upgrade
as
it
like.
There
can
keep
those
volumes
around
by
just
killing
the
couplets,
and
it's
been
out
the
new
version
which
sounds
hacky
or
just
if
they
can
drain
the
notes
along
with
volume.
E
A
E
A
Yeah
in
terms
of
the
what
the
community
can
open
source
community
has
done.
Most
of
our
I
think
all
of
our
ete
testing
does
upgrades
by
replacing
the
nodes
entirely.
I
don't
we
don't
do
any.
As
far
as
I
know,
we
don't
do
any
in
place
upgrades
of
cubelet.
I
don't
think
we
do
any
in
place
upgrades
that
he
didn't
like
the
control
plan.