►
From YouTube: Kubernetes - AWS Provider - Meeting 20200626
Description
Recording of the AWS Provider subproject meeting held on 20200626
A
Hello,
everybody
today
is
friday
june
26th.
This
is
the
aws
cloud
provider
meeting
by
the
team
meeting.
I
am
your
moderator,
associator
justin
sung
oprah.
I
work
with
google.
Okay
reminder:
this
meeting
is
being
recorded
on
the
internet
that
I
I
am
pasting
a
link
in
the
chat
to
our
agenda,
which
is
currently
relatively
empty.
So
please
do
feel
free
to
add
your
name
or
any
items
you
want
to
get
to
on
that
and
we'll
be
sure
to
do
that.
B
B
Foreign,
hello
hi,
so
I
was
supposed
to
demo
class
api
aws,
but
done
that
a
few
times
now
in
previous,
so
one
of
them
repeat
over
old
material
for
one
of
the
things
we've
been
talking
about
is
ways
to
test
the
external
provider
and
maybe
using
cluster
api
to
test
that.
So
we
were
having
conformance
errors
in
the
cluster
api
provided
aws
repos.
B
So
I
started
rewriting
some
of
that
conformance
to
use
a
new
test
framework
that
was
developed
by
mainly
fabrizio
into
cluster
lifecycle,
and
it
wraps
a
lot
of
the
sort
of
things,
the
most
common
sort
of
test
scenarios
and
I
sort
of
extended
that
to
also
handle
cube
tests
so
I'll
just
go
through
how
that
works
briefly
and
then
show
you
what
the
output
is,
and
we
can
I'm
going
to
move
this
to
cluster
api
properly.
So
it's
reusable
by
the
other
providers.
B
A
B
Yeah,
so
in
our
class
api
repo,
we
have
a
test
and
it's
sitting
in
this
e2e
new.
First
of
all,
the
main
thing
you
do
is
you
provide
a
configuration
file,
and
this
says
what
images
are
going
to
be
used
to
bring
up
the
cluster,
so
we're
going
to
use
cluster
api
2a36
for
the
purposes
of
testing
class
api
provider
aws.
We
actually
generate
an
image
and
then
inject
it.
So
the
way
the
test
framework
works
is
it
brings
up
a
kind.
B
Cluster
injects
images
into
that
kind
cluster.
So
if
you've
got
any
local
images
that
you
haven't
really
pushed
to
an
external
repo,
you
can
sort
of
rewrite
them
on
the
fly.
So
that's
useful
when,
when
you're
just
making
changes
code,
you
just
want
to
see
what
the
impact
is.
Then
the
test
framework
can
load
them
in.
It
does
string
replacements
on
the
manifest
for
the
deployments.
So
we
turned
off
the
leader
election
just
to
save
a
bit
of
time
changed
the
metrics,
so
it's
globally
readable.
B
B
Is
each
provider
provides
templates
and
the
templates
basically
allow
you
to
do
string
substitution
in
them?
So
this
defines
what
the
cluster
is
going
to
basically
look
like
and
then
we
add
some
extra
variables
in
the
test
suite
to
say
how
many
machines
it's
gonna
use,
so
we're
gonna
use
five
machines.
B
This
bit
here
is
saying
we're
gonna
start
with
a
118
to
aws
ami
and
we
also
add
some
of
the
scripts.
The
injection
that's
been
used
to
inject
the
latest
ci
release
of
kubernetes.
So
that's
where
it
looks
up
the
latest,
ci
artifacts
and
then
downloads
from
the
google
bucket
the
that
version
and
make
sure
it's
present
before
plus
the
api
brings
up
the
cluster,
which
is
using
cube
adm
underneath
and
in
terms
of
the
test
suite
itself.
B
B
We
there's
there's
utilities
to
run
up
the
cloud
formation
templates
that
you
need
to
use
that
support
the
cloud
provider.
Integration
and
cluster
api-
I
we've
added
some
stuff.
We
need
some
changes
in
infrastructure,
but
we.
What
we
have
right
now
is
the
ability
to
use
aws
session
manager
to
open
up
a
shell
on
the
machines
and
run
arbitrary
commands
that
we
can
output
to
files.
B
B
You
can
say
where
that
cni
path
where,
where
that
many
manifest
should
be
that
gets
loaded
in
you,
can
instruct
it
how
long
you're
going
to
wait
for
the
cluster
to
come
up
and
then
finally,
we
can't
remember:
oh
yes,
this
is
the
bit
that
I'm
going
to
put
into
cluster.
Is
this
cube
test
framework?
So
you
start
off
by
just
giving
it
a
new
configuration.
B
Configuration
so
cube
test
will
accept
the
yaml
file,
so
we
just
pass
that
in
as
well.
So
you
can
use
different
configurations
if
you
want
to
do
different
bits
of
testing
and
then
it
essentially
just
wrapper
around
it.
It
constructs
the
command
line
to
run
cubetest
and
creates
a
report
directory
in
terms
of
what
you
get
back.
You
get
this
artifacts
directory
in
it.
You
have
all
of
the
controller
logs
from
cluster
api
and
metrics
from
them.
B
You
get
the
logs
for
each
command.
That
was
run
on
every
ec2
instance.
This
is
where,
if
you
have
ssm
session
manager,
support
on
your
account,
if
it
doesn't
it's
just
not
going
to
appear
or
it
will
write
an
error
file
and
that's
currently
what's
happening
in
power
at
the
moment-
a
list
of
all
the
resources
on
the
kind
cluster
and
the
cloud
formation
template
that
was
applied,
the
e2e
config
that
was
created.
So
one
of
the
things
that
the
cube
test
bit
does.
A
A
Very
cool,
the
other
question
I
had
is:
are
you
doing
any
testing
other
than
the
like
kubernetes
e
to
e
testing
like?
Have
you
figured
out
a
way?
This
is
what
I
keep
struggling
with.
Have
you
figured
out
a
way
to
run
your
own
tests
like
I'm,
it's
very
difficult,
or
it's
not
even
easy
to
do
within
group
tests,
but
maybe
because
of
the
way
you're
wrapping
things
you
have
a
way
to
do
so.
B
B
So
we
do
have
a
bunch
of
tests
around
that
as
well,
and
it's
just
metal
constructing
you
can
get
a
the
test
framework,
can
give
you
a
proxy
to
the
created
cluster,
and
so
that
will
give
you
a
client
set
for
you
to
go
and
do
it
gives
you
a
cube
config
essentially,
so
it
gives
you
the
config
of
the
class
that's
created,
and
then
you
can
do
whatever
you
like,
and
you
can
use
the
aws
api
separately
within
your
your
test
to
do
test
other
bits
and
pieces.
So
yeah,
that's
the
idea.
A
A
All
right
well,
thank
you.
Thank
you
that
was
hi
nick.
I
didn't
see
you,
there
switch
views
all
right.
Well,
thank
you.
Dear.
Let's
see,
if
we
have
anything
else
on
the
agenda,
it
doesn't
okay,
anyone's
added
anything
to
the
agenda.
So
what
I
propose
we
do
is
we
go
through
a
little
bit
of
the
backlog
of
what
has
happened
over
the
last
two
weeks
and
any
issues
that
are
sort
of
on
the
back
burner?
A
A
C
A
Yeah,
okay,
all
right,
we
don't
necessarily
need
to
let's,
let's
go
that
way,
then,
let's
we
can
do
this
pre-triage,
we'll
just
scan
through
them.
Definitely
this
aws
credential
provider
causes
twenty
tens.
Ten
to
twenty
seconds.
Hang
up
is
definitely
interesting
that
one,
I
think,
is
well
known
and
not
even
output
flooded,
that
seems
fine
or
like
not
critical
and
then
yeah.
A
C
Yeah
I
mean
I,
I
don't
have
a
lot
of
context
on
it.
I
know
that
it
came
up
in
some
channels,
but
basically
because
the
cubelet
does
more
like
the
dynamic
loading
of
the
credential
provider.
So
like
it
doesn't
matter
what
you
said
as
a
cloud
provider
or
anything
it
it
loads,
the
credential
provider
based
on.
C
A
Yes,
so
it
looks
like
from
this
logs.
It
looks
like
it's
it's
in
in
between
three
and
four
here
or
oh
yeah,
three
in
between
three
and
four
here
sorry,
I
was
like
what
happened
to
four
in
between
three
and
four
so
specifically
on
this
getting
the
credentials
which
I
assume
is
actually
like
pulling
the
metadata
service.
I
presume.
C
C
C
C
A
C
C
D
Go
ahead
nick,
I
was
just
gonna
say
so,
like
the
the
credential,
the
providers
themselves
aren't
changing
much,
it's
just
how
they
get
called.
That's
changing.
So
there's
like
a
you
know.
It
allows
you
to
actually
separate
that
code
out
have
a
config
file
which
tells
you
which
providers
you
have
which
binaries
you
have
locally.
C
Yeah,
I
think
someone
just
needs
to
take
this
and
just
figure
out
like
why
it's
why
it's
hanging
up
like
I
don't
think
we
need
to
figure
out
why
the
credentials
don't
work,
because
that
probably
an
environment,
specific
problem,
but
someone
should
follow
up
and
see
like
okay,
like
if
it's
erroring
their
does
the
cubic
code
need
to
change
or
there's
a
provider
code.
You
can
change
so
that
it's
not
hanging
up
the
entire
keyboard.
I
think
that's
the
thing
we
need
to
resolve.
First.
A
A
C
A
A
C
A
C
A
C
C
A
C
A
A
A
B
A
So
nick,
if
you
asked
mike
to
look
at
it,
michael
micah
looked
at
it
yep
I
did
cool
there.
We
go.
That's
good
news
of
course.
Now
apa
machinery
is
gonna,
get
a
lot
of
weight,
but
yes,
you
can
now
just
redirect
them
to
api
machinery,
and
I
will
I
will
see
whether
we
can
close
this
previous
one
because
it
looks
like
we
probably
can.
C
Yeah-
and
I
I
think
that's
why
now
that
I
think
about
it,
I
think
this
is
why
I
might
be
getting
like
more
pings
about
the
removing
the
validation
for
the
mixed
protocol,
because
this
pr
merged
and
so
people
want
to
use
nlbs
with
both
protocols.
But
then
the
api
server
is
blocking
that.
So
that
explains
it.
A
Okay,
well,
live
and
learn.
I
did
not
know
that.
Okay,
so
that's
good
news.
Should
we
have
a
look,
I
guess,
as
we
come
to
feature
freeze,
maybe
we
should
look
at
other
prs
that
are
like
maybe
ready
to
merge
and
would
otherwise
miss
freeze,
I'm
just
trying
to
find
the
oh.
I
guess
we
don't
tag
them
for
aws.
So
let's
do
this.
A
A
A
Open
them
and
we
can
go
through
and
say
like.
Are
you
happy
to
close
type
thing?
That's
nothing
to
do
with
aws.
I
don't
think
support
private
ips
for
aws
and
obs.
That
sounds
like
is,
let
me
guess,
that's
just
another
annotation,
but
we'll
see
implement
lifecycle,
tcp
hook.
I
don't
think
that's
us
external
registry
cloud,
credential
provider
extraction.
It
sounds
like
we're
less
keen
on
that.
Oh
wait!
Nick.
What
did
you
this?
Is
you
nick.
D
A
D
B
D
Reconsidered
that
I
still
am
skeptical,
I'm
finishing
up
some
some
stuff
that
will
probably
take
a
little
bit
longer
so
anyway,
I
don't.
I
don't
know
me
and
andrew
had
talked
about
it
and
we
had
said,
like
you
know,
if
either
one
of
us
has
time
to
pick
it
up
before
our
code
freeze
than
we
would
otherwise
I'm
going
to
definitely
pick
it
up
at
the
start
of
next
cycle.
D
A
It's
not
really.
I
I
mean
it's
more
just
like
just
like
you
know,
you,
like.
The
pressure
is
on
to
fix
things
faster
right.
I
hope
no
one
actually
gets
angry
yeah.
Okay,
that
was
one
on
the
second
page.
Now
it
looks
like
they
are
not,
as
I
opened
a
couple
that
might
be
relevant
okay,
so
let
us
see
if
we
can
burn
some
of
these
down.
A
C
Oh,
you
know,
I
wasn't
saying
that
we
should
merge
this,
but
I
think
this
is
something
that
we
should
start
noodling
in
our
brains
and
thinking
about
it's
one
of
those
things
where,
like
once,
you
emerge
and
you
release
it,
you're
stuck
with
it
and
maybe
we
don't
wanna.
You
wanna,
really
think
about
what
we
want.
The
node
address
semantics
to
be
for
single
stack,
v6
and
tool
stack.
D
A
Yeah,
it
sounds
like
what
this
is
saying
is
if
it's,
if
it's
only
ipv6,
that's
available
like
to
use
that.
That
seems
pretty
reason.
If,
if
that's
what
he's
saying
what
our
phillips
is
saying,
what
right
yeah
ryan,
what
what
are
phillips
is
saying,
then
that
seems
reasonable,
but
yeah.
We
should
certainly
think
about
it,
because
it
then
opens
up
the
question
of
of
dual
stack
right.
A
A
A
A
This
one
we
think
we
can
hopefully
detube
or
close
private
ips
for
aws
nlbs
prs
but
specific
static,
private
private
ipv4
address
from
creating
a
service
background
data
nlp.
In
addition
to
the
support
existing
support
for
elastic
ips.
But
for
internal
and
hobbies,
and
it's
an
annotation
which
probably
we
could
have
all
guessed
and.
E
A
It
sounds
like
it
has
to
go
into
a
different
field
like
maybe
it's
a
do.
You
think
it
has
to
go
into
this
field.
Maybe
that's
what
I
was
sort
of
imagining
was
the
sort
of
problem,
I'm
not
sure,
okay,
but
you
mean
that
we
previously
added
a
pr
to
map
arbitrary
elastic
ips
via
a
similar
annotation,
which
I.
E
E
E
B
A
Right
there,
too,
is
it
this
this
yeah
yeah.
I
mean
it's
a
great
question
like
I'm,
assuming
that,
like
you,
have
to
specify
the
one
in
the
one
field
and
the
other
in
the
other
field,
which
is
why
this
person
did
the
pr,
but
we
should
at
least
verify
that
is
true
got
it,
because
it
is
possible
that
that
that
this
person,
d.a
cohen,
wrote
oh.
E
A
A
I'm
also
not
sure
if
it
gets
reconciled
correctly,
so
we'll
have
to
have
a
look
at
that
like
if
you
change
them,
what
happens
all
right?
Let's
keep
going
the
well.
We
talked
about
this
one
nick
right,
you
probably
are
not
going
to
put
it
in
now.
I
don't
know
if
there's
any
thing
we
want
to
discuss
on
this,
one
looks
like
it's
probably
being
discussed
in
the
cloud
provider
extraction.
D
C
A
There's
a
there's
a
bunch
of
holidays
in
between
or
like
four
of
those
days
or
holidays,
or
at
least
for
googlers.
I
don't
know
how
many
other
people
get,
but
yes,
there's
a
there's,
a
big
holiday
that
knocks
out
a
bunch
of
those
days
which
might
actually
be
an
opportunity,
depending
on
how
you
feel
about
holidays.
A
The
the
okay,
the
next
one
on
that
I
sort
of
pulled
up
on
the
hot
list,
was
fixing
an
extra
security
group
removal
from
the
aws
load
balancers.
I
think
we
talked
about
some
before.
I
think
I
promised
have
a
look
at
it
before
and
I
will
endeavor
to
have
looked
at
it
again.
It
feels
like
this
is
a
bug
and
we
should
do
that
this
one
I
opened
just
because
I
thought
it
was
weird,
but
it
looks
like
it's
going
to
be
gce
specific.
So
it's
fine.
A
C
A
A
Okay,
thank
you.
Should
we
upgrade
our
aws
sdk?
We
probably
should
there
are
probably
at
this
was
may
27th,
so
I
suspect
we
should
probably
do
another
update
even
after
this
yeah,
it's
on
one
foot,
1.32
dot,
something
no
yeah.
Well,
it's
just
the
it's
the
regions
that
I
think
is
sort
of
the
biggest
challenge.
It'd
be
nice
to
not
have
that
dependency
it's,
but
we're
not
going
to
fix
it
in
this
release.
So.
A
There
very
much
is
a
described
regions
and
describe
availability
sounds
call
on
aws
and
you
recently
added
describe
instance.
I
don't
remember
the
word
but
like
describe
instance
types,
and
I
know
it's
always
awkward
to
know
whether
something's
internal
or
external,
so
yes,
that
was
recently
added,
so
that's
also
there,
which
is
also
great.
A
I
think
the
problem
might
be
around
like
which
region
do
you
query
to
find
out
the
regions
which
is
a
little
bit
of
a
mess
so,
but
we
might
be
able
to
square
that
by
like
asking
the
metadata
service
what
the
region
is
and
going
from
there,
but
I
think
the
problem
is
like
I.
I
don't
think
you
can
go
from
a
region
to
to
the
end
point
purely
like
if
you've.
A
A
Yeah
anyway,
so
we
can
probably
update
this
one.
We
can
probably
merge
this
one
and
then
I
appreciate
very
much
that
this
person
has
given
us
the
script
to
do
this
in
future,
because
we
will
likely
we
may
want
to
go
to
132.
But
if
someone
has
done
the
work
to
do
this,
then
we
should
probably
like
get
this
in.
A
A
C
C
A
Tricky
because
look
for
my
first
glance
at
this,
at
least
it
looks
like
we
just
see
that
there
are
two
little
bouncers
with
the
right
name,
and
then
we
delete
the
one
which
is
the
wrong
one,
and
that
strikes
me
as
like
that
would
have
been
tolerated
before
and
now
we're
going
to
delete
the
note
balancer.
So,
although
it
seems
incredibly
unlikely,
it
seems
risky,
the
alternative
might
be
to
observe
the
delete
event
and
do
a
sort
of
best
effort
deletion
or
to
observe
the
change
and
do
a
best
effort
tradition
at
that
time.
C
Yeah
and
in
general
we
don't
watch
events
for
the
low
balancer
and
service.
We
it's
like
a
one-way
reconcile
right
so,
like
I
don't
think
we
should
try
to
be
smart
about
like
reconciling
the
the
cap.
The
cloud
state
back
into
the
surface
state
should
just
be
like
service
state
to
lb
and
keep
it
that
way.
For
now,.
A
And
I
guess
the
workaround
here
would
be
to
change
your
service
from
type.
Oh,
I
see,
you're
working
on
would
be
to
change
your
service
to
from
like
type
load,
balancer
to
type
node
port
or
something
and
then
go
back
and
then
like
then
switch.
But
I
guess
the
point
is:
if
you
do
it,
if
you
do
it
just
by
changing
the
annotation,
maybe
you
don't
have
down
time,
maybe
or
certainly
you're-
certainly
you're
guaranteed
downtime
by
changing
it
to
no
port,
where
you're
not
guaranteed
down
time.
In
this
regard,.
D
A
D
A
C
And
this
is
why
I
would
like
to
work.
I
think
it'd
be
great,
just
throwing
ideas
up
there.
We
should
start.
We
should
just
cut
a
new
version
of
the
cloud
provider
and
start
from
scratch
and,
like
just
rebuild
all
these
assumptions
on
a
like
a
youtube
provider.
That's
at
a
tree
but
topic
for
a
different
day.
A
Now,
okay,
I'll
look
at
the
this
one
as
well.
I
mean
it
seems
like
a
very
valid
and
important
thing
that
if
we
could
magically
fix
it,
we
should
fix
it,
but
if
we
have
to
make
sure
that
it's
worth
the
risk
as
it
were,
I
I
don't.
I
can't
think
of
any
way
to
surface
this
information
other
than
like.
Could
we
somehow
like
give
people
a
hint
like
it
looks
like
you've
done
this?
Would
you
like
to
do
this.
A
A
Yeah
I
mean
I
was
suggesting
that
we
wouldn't
delete
the
old
we
wouldn't
manually.
We
wouldn't
automatically
delete
the
wrong
one,
we
would
just
say:
hey,
there's
a
dangling
elb
or
I
guess
nlb.
I
guess
it
can
go
both
ways,
but
there's
a
dangling
elbv1
and
you
might
want
to
delete
it
once
the
traffic
has
flowed
over
or
whatever
whatever
it
is.
A
All
right,
I
suspect,
we're
not
get
that
in
before
the
future.
Freeze
how
about
that
this
one
we
talked
about
earlier.
Oh,
I
think
we've
actually
gone
back
to
my
earlier
tabs,
all
right.
So
this
one
again
again,
this
one
was
a
test
which
I
think
is
probably
a
dupe.
The
hangout
which
we
talked
about
earlier
and
the
the
pr
which
may
or
may
not
have
introduced
that
and
a
probably
unrelated
issue
in
csi.
Okay.
A
Would
anyone
like
in
particular
to
so
I'll
just
flip
through
these?
If
anyone
wants
to
and
then
we'll
call
it
time,
because
it's
more
or
less
done
but
like
if
anyone
wants
to
like
take
ownership
of
any
of
these,
I'm
going
to
flip
through
them
one
more
time,
and
please
shout
when
not
on
mute,
and
I
will
stop
so
adding
ipv6
addresses
for
node
addresses.
A
A
Yeah
well,
when
we
can,
let's
nick
you
are
already
on
the
ball
for
that
one,
this
one
I
think
I
was
going
to
have
a
look
at.
I
am
going
to
have
a
look
at.
I
think,
maybe
nick
you
were
also
going
to
have
a
look
at
it,
but
this
one
is
just
interest
to
me.
I
will
do
this
one.
I
don't
think
any
of
these
people.
A
A
D
A
A
A
Oh
you
shouldn't
have
dropped
the
I
you're
too
web
web
2.0,
okay,
cool,
that's
it
all
right!
I
don't
know.
If
anyone
else
has
any
other
topics
they
want
to
bring
up
or
discuss.
I
don't
have
the
agenda
open
right
now,
so
I
don't
know
if
anyone
else
has
that
anything,
but
otherwise
let
me
stop
sharing.
Otherwise.
Thank
you
very
much
to
everybody
and
we
will
see
everyone
in
two
weeks:
yeah.
It
is
not
a
holiday.
So
yes,
happy
friday.
Thank.