►
From YouTube: Kubernetes sig-aws 20190322
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone:
it
is
Friday
March
22nd.
This
is
Mary
signal
us
our
bi-weekly
meeting
I.
Am
your
moderator
or
facilitator.
Just
in
Santa
Barbara
I
work
at
Google.
We
have
a
fairly
light
agenda
for
the
day
we
have
a
demo
from
Alex
and
extension,
and
a
discussion
of
the
single
US
or
the
ADA
was
encryption
provider.
If
you
do
have
other
things
you
would
like
to
discuss,
please
do
add
them
onto
the
agenda,
so
we
can
get
to
them.
Otherwise,
I
propose.
We
go
straight
into
the
agenda
into
the
demo.
Thanks
20
figure,
sauce
yeah.
B
Sounds
great,
can
you
hear
me?
We
can't
good
stuff
yeah.
So,
thanks
for
thanks
for
having
me
I'm
excited
to
demonstrate
a
pretty
simple
controller
that
my
team
put
together
around
provisioning
eks
clusters
across
accounts
in
AWS.
We
had
a
specific
problem
that,
because
we're
leveraging,
eks
and
eks
has
certain
API
is
disabled,
namely
the
alpha
api's,
and
all
that
we
couldn't
play
with
super
cool
things
like
the
cluster
API
at
Federation,
v2
and
all
that
kind
of
stuff.
B
So
we
had
to
or
we
decided
that
we
would
build
sort
of
a
pseudo,
a
pseudo
Pervis
re,
a
pseudo
Federation
controller,
and
then
we
would
eventually
loop
back
in
with
the
special
interest
groups
when
it
came
to
what
the
community's
going
towards
for
Federation
and
all
that.
So
without
further
ado.
Let
me
go
ahead
and
share
my
screen.
A
B
Cool
good
stuff,
okay,
so
I
just
brought
the
project
here,
so
you
can
see
where
it
lives
in
github.
It
is
open
source
and
you
can
use
it
today.
I
don't
know
if
I
would
suggest
using
it
on
any
production
environment
right
now,
although
we
are,
but
we
are
actively
developing
it
currently.
So,
if
you
see
me,
we
have
a
bunch
of
issues
and
stuff
in
there.
B
I
was
going
to
take
this
opportunity
as
well
to
plug
our
VPN
controller,
as
well
as
our
API
gateway
controller
as
well,
but
I
won't
distract
you
too
much
with
those
two
things
right
now
so
anyways.
So
that's
where
it
lives.
I
know
just
as
a
side.
I
know
that
there
are
other
projects
like
Gardner
and
the
cluster
API
provider
for
AWS,
as
well
as
the
Federation
of
YouTube,
but
this
is
not
trying
to
solve.
Those
problems
is
really
just
the
purpose-built
controller
for
our
own
stuff.
So
let
me
see
here:
I've
got
a
there.
B
It
is
so
I
actually
put
together
a
video
of
this
working.
Basically,
what
we've
done
is
we've
modeled
and
basically
eks
cluster
and
node
groups
as
custom
resources.
We've
also
done
a
little
bit
of
Federation
work
with
some
core
api's
inside
of
kubernetes,
so
deployments
sorry
resources
as
deployment
services,
config
Maps,
just
stuff
that
we
needed
to
be
able
to
actually
deploy
as
federated
resources
across.
However
many
clusters
we
were,
we
were
provisioning
and
that's
again,
sort
of
just
stopgap
until
Federation
becomes
more
stable
inside
it's
like
weird.
B
So
here
we
go
so
the
first
thing
I'm
displaying
here.
Actually
that's
started
a
little
early.
So
the
first
thing
here
is
the
custom
resource
which
models
an
eks
cluster
you'll,
see
the
account
ID
that
we
want
to
provision
a
new
cluster
in
the
region
that
we
wanted
to
ploy
it
to
the
cross
account
role
name.
B
So
this
is
actually
I
am
rolled
in
the
child,
account
that
the
controller
will
and
assume
we're
actually
using
cubed
I
am
under
the
hood
right
now
for
that
stuff,
but
once
you
KS
actually
moved
to
something
else,
we'll
probably
adopt
that
the
control
plane.
These
are
the
configuration
details
for
the
control
plane.
So
right
now
you
can
specify
fittings
like
the
VCC
side
or
block
the
subnet
siders
and
then
the
cluster
name,
which
will
end
up
showing
up
in
your
console
over
or
CLI
if
your
to
list
clusters
and
then
the
node
groups.
B
So
each
of
this
is
this
is
a
list
of
which
it
ends
up
being
their
own
custom
resources.
So
we've
modeled
node
groups
as
well,
and
so
you
can
do
certain,
there's
certain
configuration
here
again.
This
was
sort
of
like
on
as
we
needed
basis.
We
built
this
stuff
in
so
being
able
to
specify
I
am
policies
for
your
worker
groups
and
being
able
to
name
them
as
well.
I'm
just
going
to
quickly
show
the
deployment
and
the
what
the
video
just
run
here.
All
quick.
B
And
it's
like
using
ScreenFlow
and
just
like
my
I,
was
like
I
wonder
how
much
I'm
gonna
be
talking
while
I'm
doing
this
so
alright.
So
this
is
actually
the
deployment
resource
which
is
basically
just
a
vanilla
deployment.
That's
wrapped
in
our
own
custom
resource
which
we
can
specify
the
cluster.
We
want
to
deploy
it
to
the
name
that
it
eventually
gets
in
the
child
cluster
and
all
that
and
then
the
last
one
here
is
the
service
you're,
all
just
that's!
For
you
a
little
bit.
B
B
If
you,
if
you're
familiar
with
that,
it's
a
pretty
cool
project,
makes
writing
controllers
fairly
straightforward,
and
it
just
shows
me:
I
just
show
that
I
have
the
CRD
applied
to
the
cluster
or
my
kin,
federated
control,
plane
and
then
I
apply
those
resources
and
then
basically
what
I
do
is
I
show
that
it's
the
cluster
is
now
applied
and
I
get
the
resource
and
I
show
here
at
the
bottom
status
is
creating
control,
plane
and
I.
Do
some
fancy
GQ
stuff?
B
Here
we
go
so
standing
up
in
eks
clusters,
I'm
sure
you
guys
are
aware
of
or
if
you've
done
it
yourself
takes
a
little
while
takes
roughly
15
minutes
or
so
so.
What
this
does
is
actually
uses
cloud
formation
under
the
hood,
but
it
spins
up
an
entirely
new
VPC.
It
sets
up
all
your
networking.
It
employs
that
uks
cluster
and
then
it's
it
actually
goes
through
each
of
those
node
groups
and
the
node
groups
are
in
themselves
conformation
stacks,
so
I'll
just
sort
of
fast-forward
here.
B
So
it
gives
you
that
status,
so
the
first
status
was
creating
control
plane.
Then
it's
creating
node
groups
when
it's
complete
I
actually
do
a
little
bit
of
eye
magic
here,
I'm
assuming
the
role
that
created
that
cluster
it
created
cluster
and
then
I'm,
assuming
the
role
of
the
of
the
child
of
the
child
account
it's
all
actually
in
the
same
account
right
now,
but
don't
worry
about
that
stuff.
Hopefully
our
readme
is
straightforward
enough
that
you
can
figure
it
out.
B
If
you
end
up
playing
with
this
yourself,
I
then
update
I,
basically
grab
a
cube,
config
and
then
I
watch
all
the
resources
just
to
show
that
that
stuff
actually
stood
up.
So
if
we
do
this
all
that
stuff
and
then,
if
I
scroll
forward
a
bit
here,
we
go
so
that
shows
the
and
I
realized
after
I
made.
This
video
I
was
like
it's
really
kind
of
hard
to
tell
that.
This
is
actually
like
a
second
EK
house
cluster,
but
that
you
can
try
I,
don't
want
to
take
up
too
much
time.
B
So
I've
already
talked
a
lot,
so
I'd
be
happy
to
to
discuss
more
of
this
stuff
in
slack.
If
you
guys
have
questions
after
today,
but
yeah.
So
this
shows
that
all
that's
up
and
running
I
actually
grabbed
the
host
name
here
and
I
just
pop
it
in
my
browser
to
show
you
the
nginx
is
running
just
it's
a
pretty
a
pretty
standard,
demo,
I
think
and
then
I
show
at
the
end
here.
B
I
actually
delete
all
the
eks
clusters
that
are
in
the
parent
control
plane,
and
there
is
a
finalizar
attached
to
this,
so
it
actually
waits
until
all
the
stacks
are
cleaned
up
and
you'll
see
over.
On
the
right
hand,
side
we
have
deleting
control
plane
and
so
it'll
stay
in
that
status
until
the
all.
This
decks
have
been
removed,
which
includes
the
DPC
internetworking
and
all
that
and
then
once
that's
complete,
it
will
well.
It
actually
look
timed
out
there,
but
then
it
will
show
that
it's
deleted
and
you'll
see
on
the
right-hand
side.
B
You
can't
find
things,
so
it's
all
done.
So
that's
pretty
much.
It
I
think
the
one
takeaway
from
here
is
that
we
are
really
just
using
this
as
like
an
e
KS
cluster
provisioning
tool.
For
now
we
have
some
federated
resources,
but
we
intentionally
separated
those
out
into
their
own
controllers,
because
we
eventually
want
to
loop
back
into
what
the
community
is
actually
doing
for
provisioning
and
Federation
and
all
that
kind
of
stuff.
So
yeah,
that's
it
I'm
sure,
and
that
was
a
whirlwind
demo.
Are
there
any.
A
That
was
a
great
demo.
I
definitely
have
a
couple
of
questions.
I
want
to
give
other
people
a
time
if
they,
if
there
are
people
that
have
them
under
trying
to
go
into
the
right
view,
so
I
can
see
everybody
s
off
with
one
and
then
hopefully
someone
else
will
jump
in
so
we
were
creating
on
our
first
when
we
were
first
doing
it.
We
were
on
any
K
s
cluster
and
then
we
created
another
cluster,
but
we
did
have
an
e
KS
cluster.
B
B
So
right
now
we
are
just
provisioning
and
deploying
those
those
services
to
the
child
clusters.
There
is
no
like
single
entry
point
that
is
load
balancing
across
them.
It's
really
just
to
to
limit
blast
radius
for
for
deployed
applications
whatever
it
is,
so
the
Federation
v2
effort
and
other
Federation
efforts
are
much
more
like
how
do
we
balance
Acrobat
workloads
across
multiple
clusters?
Ours
is
really
just
like.
How
do
we
deploy
applications
from
a
central
location
out
to
n
number
of
service
accounts
still.
C
Some
things
about
this
that
are
interesting
to
me,
I
mean
requiring
a
cluster
to
build.
The
other
clusters
might
be
a
deal
breaker
there,
but
if
I
want
to
follow
up
and
ask
some
questions
about
this
offline,
your
your
Alex
Hanson
in
the
coudé
slack
right,
yep,
okay,
I'll
ping-
you
there!
If
I,
have
questions
great.
B
D
A
Awesome.
Thank
you
alright.
Well
for
no
other
questions
for
Alex
and
we
can.
We
should
move
on
to
the
next
item
on
our
agenda.
The
next
item
is
Dan
Sexton
and
Seth
Pollak
and
discussion
about
testing
and
releasing
of
the
a
device
encryption
provider
I
feel
like
this
is
gonna.
Be
me
apologizing
a
lot,
but
please
please
go
ahead.
A
E
A
Yeah,
that's
great,
yes,
I
have
to
publish
it,
I
think
Seth
using
a
PR.
The
cops
which
is
gonna
be
one
way
to
get
it
under
testing,
but
I
haven't
had
the
chance
to.
We
have
another
chance
to
get
that
into
the
into
the
cops
yet
so
I
apologize
for
that.
There
is
good
news
there
is.
There
is
a
working
group
Cates
in
front
which
is
spinning
up
repos
so
that
there
will
be
a
nice
official
place
to
push
your
images.
A
The
how
to
do
testing
remains
hard,
particularly
for
things
that
interact
with
a
diverse
resources.
I
will
endeavor
to
circle
back
to
your
PR
Seth
I
apologize
again,
and
we
can
try
to
get
that
under
into
cops.
I
don't
know
if
there
are
other
tools
that
we
could
try
to
integrate
it
with
in
terms
of
IDI
type
testing.
If
that's
what
you're
looking
for.
D
I
think
if
we
can
just
get
some
kind
of
process
where
we
can
start
tagging
and
posting
released,
binaries
I
figured
out.
You
know
basically
mounting
the
socket
if
I'm
able
to
run
it
at
the
system
level
into
the
API
server.
I
can
use
it.
It's
just
getting
everything
stood
up,
so
we
can
cut
and
post
earliest
binaries
similar
to
some
of
the
other
projects.
A
A
There
was
supposed
to
be
a
demo
over
the
promoter
this
week
in
the
working
group
working
group,
Cates,
infra
I-
think
yet
people
weren't
able
to
attend
in
general
that
meeting
so
I
think
we
punted
it
for
another
two
weeks,
but
then
I
think
there
will
be
a
process
for
promoting
images
out
of
your
staging
bucket
into
production.
Buckets.
A
A
A
E
A
D
A
Site
car
container
and
they
do
recommend
doing
a
binary.
We.
There
is
also
a
parallel
effort
in
the
same
working
group
gates,
infra
to
produce
buckets
for
storage
of
non
image
artifacts,
and
that
is
probably
about
about
two
weeks
behind
the
other
effort
or
two
to
four
weeks.
Behind
the
other
efforts
so
similar
sort
of
process,
there
will
be
a
staging
bucket
and
there
will
be
a
promoter
process.
A
So
if
I
think,
the
right
course
of
action
would
be
will
definitely
start
the
process
of
getting
the
staging
buckets
for
for
the
images
which
feels
like
the
more
natural
path
or
the
more
obvious
path.
If
cube
ATM,
and
if
you
don't
mind
that
if
you
reach
out
to
cube
ATM
on
a
github
issue
or
on
Zack
and
see
whether
they
would
recommend
us
have
a
mechanism
for
a
sidecar
pod
or
whether
they
would
much
prefer
a
binary.
If
they
do
prefer
a
binary,
we
can
start
that
bucket
rolling
as
well.
I
guess,
I
figured.