►
From YouTube: Kubernetes - AWS Provider - Meeting 20200529
Description
Recording of the AWS Provider subproject meeting held on 20200529
A
Hello,
everybody
today
is
friday,
may
29th.
This
is
the
cloud
provider
aws
bi-weekly
meeting.
I
am
your
moderator
facilitator.
Just
in
santa
barbara,
I
work
at
google
a
reminder.
This
meeting
is
being
recorded
and
will
be
put
on
the
internet
on
youtube
shortly
and
to
therefore
please
be
mindful
of
our
code
of
conduct,
which
essentially
is
to
be
a
good
person.
We
don't
have
too
many
people
here
today,
so
we
probably
don't
need
it,
but
please
do
raise
your
hand
if
it
gets
contentious.
A
A
Two
weeks
ago
we
also
had
a
discussion
about
labels
and
it's
another.
One
came
up
in
sort
of
cops,
but
it's
really
an
atom
from
pusher
that
handles
spot
termination,
notifications
and
it
expects
a
label
on
the
nodes
which
it
should
apply
to.
I'm
not
sure
this
is
actually
needed
in
that.
There
are
also
other
notifications
that
apply
to
non-spot
instances,
but
I
think
the
challenge
was
that
the
pusher
annotation
was
a
node
role
which
is
controversial.
A
It
isn't
scoped
to
kubernetes,
sorry,
it
doesn't
scope
to
aws
in
any
way,
and
so
I
was
wondering
whether
we
wanted
to
try
to
figure
out
a
better
or
a
more
aws
specific
label
that
that
we
could
sort
of
agree
on.
I
feel
like
this
might
be
a
better
topic
for
a
cloud
provider,
the
state
cloud
provider
like
overall
meeting,
because
then
we
could
try
to
establish
some
hierarchy
and
say:
aws
gets
this
and
gcp
gets
this
type
thing.
A
But
I
don't
know
if
anyone
had
any
initial
thoughts,
but
otherwise
I
was
going
to
go
to
sync
cloud
provider
on
wednesday
and
propose
some
something
along
those
lines.
B
Yeah
we
had
our
meeting
this
week,
so
it'd
be
the
ones
after,
but
my
initial
I
mean
I
I
don't
I
didn't.
I
don't
know
how
pusho
works
and
how
small
termination
happens.
So
I
I
don't,
I
can't
say
much,
but
my
initial
gut
feeling
would
be.
If
it's
a
aws
specific
behavior,
then
it
should
be
an
aws,
specific
label
or
annotation
unless
we're,
unless,
like
all
the
other
providers,
are
saying
like.
Oh,
we
have
the
same
kind
of
use
case,
so
maybe
we
do
need.
B
We
there's
a
use
case
for
like
a
kubernetes
space
label,.
A
Yeah
and
two
weeks
ago
it
came
up
with,
I
think,
machine
type
and
machine
family,
where
it's
even
more
like
so
spot
is
you
know
most
people
have
some
most
clouds
have
some
notion
of
spot
or
preemptable
instances,
but
the
machine
types,
everyone
everyone
seems
to
have
a
notion
of
machine
type,
but
the
values
aren't
comparable.
So
it's
it
is
it's
going
to
be
a
fun
one.
I
think,
to
discuss
there.
A
B
Yeah
sounds
good,
I
mean
like
my
feeling
is
like
if
you
don't
want
to
be
blocked,
then
or
like,
if
you
don't
want
to
go
through,
like
people
like
fighting
with
people
to
allow
this
kind
of
thing,
then
probably
just
that,
but
I
do
see
like
a
really
valid
use
case
for
using
the
node
role
label.
So
I
mean,
like
I
think
it's
worth
having
that
discussion
for
sure.
A
Yeah
I
mean
I
I
feel
like
we,
we
don't
have
to
block
people
from
setting
the
node
role
I
feel
like.
We
should
avoid
requiring
people
to
set
the
node
role
so
and
pusher
doesn't
even
the
pusher
termination
handler
doesn't
even
require
it.
It's
just
like
it's
the
default
value
so
yeah.
B
Yes,
so
at
the
bottom,
I
linked
to
the
actual
doc
site
that
nick
and
I
set
up.
It
is
literally
like
it's
blank
like
it
just
says.
B
Like
the
you
know,
kubernetes
aws
provider
has
no
content,
and
so
I
had
opened
a
pr
that
kind
of
outlines
the
most
basic
kind
of
layout
of
the
doc
site
that
we
can
start
with,
and
then
we
can
maybe
create
an
issue
or
do
a
call
for
help
to
see
if
folks
are
willing
to
like
take
parts
of
exceptions
of
the
doc
site
and
and
open
prs
to
help
us
put
that
together.
So
I
think
yeah
it'd
be
great.
A
Yeah
that
looks
really
good
and
the
other
one
which
occurred
to
me
is
the
cloud
config.
I
think
it's
cloud
configurable
or
cufflink
config
ini.
I
don't
even
know
what
it's
an
image.
A
That's
that
I
hate
that
I
just
don't
know.
If
we,
I
don't
even
know
we
should
document
it,
but
I
mean
I
feel
like
we
should
document
it,
but
like
carefully
describe
that
it
is
advanced
and
like
yeah
sort
of.
But
yes,
but
I
think
this
looks
really
good
that
I
imagine
the
service
is
gonna,
be
the
biggest
one.
B
Yeah
and
definitely
like
documenting
some
of
the
gotchas,
with
like
private
host
names
and
all
that
stuff,
so
yeah,
okay,
so
yeah,
please
take
a
look
at
the
pr
and
provide
feedback
on
just
like
yeah,
again,
like
mainly
just
asking
for
like
what
what
this
the
headers
of
the
website
should
be.
B
Okay-
and
I
have
the
next
item
too,
so
I
can
go
over
that
quickly.
I
had
merged
a
pr
the
other
week
on
the
staging
project
to
so
that
we
can
have
an
official
gcr
image
repo
for
the
external
cloud
provider.
So
I'm
going
to
work
with
nick
to
set
up
a
pipeline
that
pushes
a
tagged
release
on
the
external
cloud
provider
repository
to
an
image
and
then
we'll
update
the
sample
manifest.
We
have
to
deploy
the
auditory
provider,
I'm
using
that.
A
That
sounds
really
great.
Is
it?
Is
it
going
to
be
a?
Is
it
going
to
be
a
a
pro
or
gcb
type
job,
or
what
is
what
do
you
think
you
have
in
terms
of
the
mechanics.
B
It'll
probably
be
a
proud
job,
just
because
you
know
it
works
and
we
all
like.
We
have
references
to
cetera,
but
we
may
I'm
working
with
nick,
because
there
may
be
a
case
where
we
want
to
push
both
the
gcr
image.
And
you
see
our
image
that
the
folks
at
eks
manage.
So
we
need
to
figure
out
what
that
might
look
like.
A
That
would
be
awesome.
Yeah
I
mean,
I
think
we
wearing
the
work
group
kits
in
I've
been
sort
of
involved
in
some
of
that,
and
I
think
that
the
intention
was
always
that
at
least
the
promotion
should
be
able
to
target.
A
I
don't
know
whether
it's
important
that
isn't
implemented,
but
we
need
like.
I
think
it
was
certainly
like
a
designed
in
the
back
people's
minds
as
they
were
designing
it,
and
so,
if
it's
that
the
promotion
at
least
would
be
able
to
promote
to
ecr
and
other
repos
and
registries
and
similarly
on
binary
artifacts
that
would
be
able
to
promote
to
gcs
and
s3
and
other
equipment
storage.
That's
really
good.
A
A
And
dear,
did
you
want
to
mention
you
put
in
chat
about
the
importance
of
documenting
the
indie
file?
Sounds
like
a
battle
of
scar.
D
Yeah,
it's
just
because
people
can
set
passwords
with
different
characters;
it
turns
out
in
yeah,
so
you
can't
encode
that
correctly
bad
things
happen,
at
least
on
the
vsphere
provider.
B
Yeah
gets
interesting
because,
like
in
the
in
the
aws
provider,
like
you,
don't
technically
need
the
ini
file
like
you
can
get
things
working
without
it
as
long
as
you
configure
like
the
tags
and
everything
correctly,
whereas
with
vsphere
like
it's
a
hard
requirement
because
of
the
credentials
so
that'll
be
interesting
to.
A
I
actually
think
you
do
you,
you
are
able,
if
you,
if
you're
as
you
are
one
of
the
owners,
I
think
you
can
push
to
staging
using
your
she's.
Your
gmail
account.
Oh
okay,
if
you
log
in
that's
my.
A
A
D
A
A
Let's
see,
let's
see
what
we
got,
that's
not
a
bad
idea.
Let
me
I
will
try
to
present.
A
I
believe
you
can
see
the
kk
repo.
A
Can
you
see
that
kkk,
yes,
yep,
okay,
good,
all
right,
we,
I
don't
know
what
query
we
normally
use,
but
I
think
we
normally
use
something
like
this
nick.
You
can
keep
me
honest
here
or
I
don't
know.
If
nick
you
would
rather
drive
this
as
you've
done
this
in
the
past.
E
Go
ahead,
yeah,
either
recently
updated
or
kind
of
switch
off
created
like
the
most
common
stock
was
recently
updated,
but
I
think
recently
there's.
B
A
A
That
doesn't
feel
like
they
are
all
getting
labeled.
If
the
most
recent
one
was
22
days
ago,
okay,
I
will
flick
back
to
the
the
overly
broad
one,
so
we
can
sort
of
try
to
make
sure
that
they
get
okay.
I
guess
we
should
go
from
okay,
actually
there's
a
gap,
so
here
we
go
so
if
we
go
from,
I
guess
anything
newer
than
a
let's
look
at
this
one,
because
it
looks
interesting
and
then
we
can
work
our
way
up.
A
A
It
certainly
doesn't
it
looks
legitimate
on
scanning
and
it
looks
non-trivial,
so
I
will
leave
it
open.
I
don't
know
if
we
want
to
do
anything
other
than
that,
I
think
labeling
is
a
good
start.
Okay,
next
one
up,
node
port
service
creation
e
to
e
test
relies
on
insecure
class
configuration.
That
sounds
more
like
a
testing
issue.
So
that's
fine
or
not
really
an
aws
thing.
Aws
doesn't
support
local
zone
availability
zones.
D
Nick,
what's
you
can
create
zones
which
are
like
city
specific?
We
we
need
to
bump
the
sdk
at
the
very
least,
then
there's
probably
some
other
bits
and
pieces.
I
don't
know.
F
A
A
A
Let's
try
a
different
one
and
come
back
to
that
one:
okay,
just
a
bad
one.
Let's
just
try
reopening
it
again.
A
Okay,
there
we
are
here,
it
comes
all
right,
advance
releases,
local
zones
and
we
probably
just
need
to
update
the
sdk
and
easy
to
region,
oh
because
they
have
a
different
format.
A
Yeah,
yes,
I
think
that'd
be
that'd,
be
great
to
fix
yeah,
I'm
just
trying
to
think
whether
there's
anything
other
we
anything
more.
We
need
to
do
beyond
like
updating
the
the
region
inference
I
mean
it
is
still
a
zone.
It's
just
a
more
localized
zone.
Is
that
fair.
A
E
A
Bump
it,
but
it's
since
it's
actively
worked
on.
Oh
in
fact,
there
is
a
pull
request.
Yes,
perfect,
all
right!
Well,
I
will
have
a
look
at
that
pull
request
I'll
make
sure
I'm
assigned
to
it.
A
Everyone's
assigned
to
it,
you're
assigned
to
it
as
well:
nick,
okay,
the
next
one
on
the
list
was
this
read-only
nfs
based
pv
pvc
allowing
writes
to
the
file
system?
A
Okay,
I
don't
know
if
this
is
data
specific
in
any
way,
it
doesn't
look
like
it.
So
that
sounds
fine.
I
don't
know
where
even
it
was
appeared,
oh
it's
on
either
s
okay,
so
that
is
not
our
plugin,
that
it's
correctly
labeled
and
I
will
close
it
out
or
close
the
tab.
A
Next,
one
pod,
with
huge
pages,
get
stuck
in
state
terminating
state
on
deletion,
doesn't
sound
like
an
aws
issue,
again,
probably
just
running
on
aws
yeah
or
maybe
not
even
running
an
address.
So
that's
not
even
an
issue
not
able
to
use
the
desired
security
group
when
can
when
creating
load
balancer
from
kubernetes.
A
A
Install
tool
is
blank.
Let's,
I
cannot
read
that
there
we
go
the
error
revoking.
A
Okay,
that's
a
little
weird!
It
might
well
be
a
tagging
issue
or
something
I
suspect,
oh
because
it's
internal.
E
E
A
A
Actually
wasn't
that
was
that,
and
that
was
just
an
internal
limit,
so
that
does
feel
surprising.
All
right
services
should
be
able
to
preserve
udp
traffic
when
something
this
sounds
like
pure
networking.
Nothing
to
do
with
aws,
probably.
A
Yeah
or
not,
on
the
surface
abs,
multiple
low
bouncers
in
the
same
cluster
compete
with
each
other.
A
A
Can't
access
service
port
that
doesn't
sound
like
an
aws
issue.
That
sounds
like
a
docs
issue.
A
9080,
but
can't
access,
80
90.,
it's
making
me
read
very
carefully.
Let's
see
they
are.
A
Can't
access
sort
of
support,
hpa
with
external
metrics
scales
incorrectly,
doesn't
sound
like
adidas
again,
but
we
will
just
have
a
quick
little
look.
Yes,.
A
Nothing
really
to
do
with
aws
per
se
as
far
as
we
can
tell
based
on
this
on
the
surface
and
it's
a
scientist
skating.
So
that's
good.
A
Okay,
sorry,
my
machine
is
being
a
little
slow
at
times.
I
should
beef
up
my
streaming
machine
pods
on
unreachable
cubelets
are
deleted,
not
evicted
really
doesn't
sound
like
aws,
but
we
can
click
through.
A
Yeah
just
appears
to
be
only
that
it's
running
on
aws,
but
not
an
aws
issue.
A
Cubelet
should
handle
node
shutdown,
that's
amusing,
so
actually
I'm
going
to
so.
This
is
related
very
related
to
the
initial
topic
that
we
had
around
these
labels
and
hooks,
and
I
know
there
are-
I
was
actually
looking
at
this
with
a
cops
contributor
this
week.
There
are
a
large
number
of
these
hook
providers.
I
guess
you'd
call
them.
A
He
dropped
then
I'll.
Do
it
yeah
just
go
for
it.
I
mean,
I
think
I
think
there
are
two
things
right
there's
when
we
get
a
shutdown
request,
we
should
do
the
best
thing
we
can,
which
would
be
a
node
issue
and
there's
this
sort
of
behavior
when,
like
apparently
gce
or
aws,
give
us
notifications
that
things
are
going
to
like
a
30
second
or
two
minute
warning.
A
Okay,
yeah,
it's
on
eight
of
us.
A
But
it
looks
like
a
storage
issue
and
it
is
tagged
as
such,
so
at
least
on
the
surface,
although
yeah
it
doesn't
seem
to
be,
there's
no
accusation
that
it
is
aws
so
specific.
So
we
can
leave
that
as
it
is
he's
also
on
my
team,
so
I
think
he
would
have
tagged
it
with
provider
aws
if
it
was
awesome,
great
and
so
now,
if
we
want
to,
we
can
have
a
quick
look
at
labeled
issues,
labeled
aws
that
are
recently
updated
and
see.
A
If
there's
anything,
we
think
is
problematic,
skipping
the
one
two
three
that
we
just
went
through
aws
friendly
elb
names.
I
feel
like
we
discussed
that
a
lot
I
don't
know,
there's
lots.
Do
we
want.
F
A
Okay,
the
external
traffic
policy.
Local
on
aws,
does
not
work
if
the
dhcp
of
the
vh
of
vpc
is
not
set
exactly
to
this,
that
is
surprising,
like
in
a
triage.
We
don't
answer,
we
need
to
address
them
all.
It
feels
like
that's
progressing.
C
C
Good
but
it's
been
open
for
a
year
and
code
freeze
is
coming
up
according
to
a
recent
comment,
so
I
figured
it'd
be
worth
bumping
or
something.
A
Yeah
last
time
we
looked
at
this,
I
think
there
was
it
was
well.
I
was
gonna
say
last
time
we
looked
at
it,
it
was
maybe
not
ready
to
merge
and
that
we
thought
there
might
be
a
conflict,
but
it
looks
like
that
might
have
been
fixed,
so
I
will
yeah
that
that
map
is
what
was
missing
before.
I
think
I
will
certainly
have
a
look
at
this
nick.
Do
you
want
to
look
at
this
as
well.
E
A
Five
assignees:
that's
a
lot
nick
nick,
were
you
yeah
thanks
peter
for
calling
attention
that
one
nick
were
you
about
to
say
something
about
the
a
lot
of
them
being
about
nlb
labels
or
what
we
gonna
say.
E
I
was
just
gonna
say
that
I
recognize
like
these
few
here
from
last
time,
but
that
doesn't
mean
we
shouldn't
take
another
look
at
them.
Looks
like
they're,
recently
updated
in
the
last
few
days.
A
lot
of
them
yeah.
Is
that
one
we
should
start
with
you
think
or.
E
F
A
A
Okay,
so
yeah,
that's
that's
waiting
on
input.
So
that's
the
right
place.
E
Can
you
check
elb
security
group
not
cleaned
up
when
extra
specified?
Yes,
I
remember
that
one.
A
All
right,
so
I
think
we've
talked
about
this
one
before
so.
Let's
go
to
the
bottom
and
see
why
it
I've
got
a
me
too
who's
assigned
this
moon
fish
is
assigned
this.
A
A
Yeah
I'm
also
interested
in
this,
but
I'm
not
trying
to
have
time
in
these
two
weeks.
So,
but
if
you
see
anything
interesting
in
there,
let
me
let
me
know
if
you
find,
if
you
get
time
to
have
a
look
at
it
cool
yeah.
Thank
you.
A
Let's
see
any
other
ones
that
we
think
are
why
don't
we
focus
on
the
bugs?
How
about
that?
That's
a
label
kind
of.
A
These
are
the
ones
we're
seeing
our
own
shadow
here.
Okay,
so
we
have
this
external
traffic
policy
local
on
dhcp.
Should
we
see
why
that
got
pinged,
because
that.
A
Okay,
so
I
feel
like
that's
in
a
good
state
right
now.
I
can
have
a
look
at
this.
It
sounds
like
there
is
a
resolution,
so.
E
A
A
A
Seems
like,
and
then
we
can
like
get
into
eks
and
kappa,
maybe
yeah,
it's
a
pretty.
It's
a
pretty
rare
combination.
So
actually
is
this:
what
is
this?
What
cluster
is
this?
This
is
a
it
is
a
cop
cluster,
see
I'll
take
a
look
or
the
rig.
The
op
was
a
cops
cluster.
That
sounds
like
it's
on
other
other
providers
as
well
hostname
override
ignored
when
cloud
provider
is
specified.
We
are
pretty
sure
that
I'm
pretty
sure
we've
seen
this
a
lot.
It's
just
true.
A
Yeah
I'd
like
I'd
love
to
fix
this
at
some
stage.
This
is
the
whole
like
you're
not
allowed
to.
The
name
of
the
node
has
to
be
the
private
dns
name
which
we'd
love
to
fix,
but
got
stuck
on
storage.
In
my
vertical
correctly
last
time,
the
storage
controller
uses
node
name
instead
of
using
the
node.
A
So
it
was
actually
happened
there.
Oh
yeah,
someone
removed
the
label,
so
that's
good.
We
could
freeze
it
now.
You've
taught
me
the
trick.
E
A
Or
yeah,
so
my
understanding
is,
if
you
try
to
pass
a
hostname
up,
this
fly
called
hostname
override,
actually
should
be
known,
node
name
overwrite.
You
can
pass
it
to
cubelet
and
elsewhere.
You
can
change
the
name
of
the
node
that
cubelet
will
create
if
you're
specifying
a
cloud
provider.
Apparently
this
doesn't
work
and
in
particular
it
doesn't
work
on
cloudwriter
aws,
the
reason
it
doesn't
work
on
cloud
provider
aws.
A
Well,
the
we
can't
support
it
on
cloud
provider
aws,
because
unless
you
register
with
the
correct
your
node
with
the
correct
name,
it's
not
gonna,
like
the
aws
cloud
provider,
is
gonna
not
be
able
to
reconcile
your
nodes
to
your
ac2
instances
because
it
matches
them
on
private
dns
name.
Therefore,
yes,
we
do
not
support
it.
A
It
is
ignored
because
if
we
were
to
accept
to
listen,
it
would
be
bad
if,
if
we
can
change
the
aws
cloud
provider
to
take
as
input
always
a
v1
node
instead
of
a
string,
node
name,
then
on
the
on
the
node
object.
First
of
all,
that's
a
good
change
anyway,
because
the
node
name
is
not
a
real
identifier
like
it
can
be
recycled
and
it
is.
A
Yes,
yes,
taking
in
the
note
on
on
the
note
object,
there
is
the
instance
id
anyway,
so
it
it
also
means
we
don't
have
to
do
a
translation,
because
we
we
have
the
node
the
instance
id
right
there.
A
We
could
try
to
maintain
our
own
mapping,
but
the
fear
is
that
the
like,
if
our
mapping
got
out
of
sync,
it
would
be
bad,
so
yeah,
the
the
the
short
answer
is
change
all
the
cloud
provider
interfaces
to
take
v1
nodes
and
then
we
can
no
longer
require
the
private
dns
name,
and
then
we
can
allow
you
to
set
whatever
name
you
want
for
the
nodes,
every
whatever
different
name.
You
want
for
the
nodes,
and
then
we
can
acknowledge
the
hostname
overwrite
flag.
A
It's
less
less
bad
than
it
sounds
like
it's
actually
fairly
mechanical.
We
just
haven't
done
it.
I
think
it's
because
it
crosses
six.
I
guess
that's
another
one
to
bring
up
in
cloud
provider
in
two
weeks
is
like.
I
saw
an
email
around
a
proposal
for
an
instances,
v2
interface,
that
might
be
a
good
one
to
put
in
there.
A
A
Do
one
more
and
then
we
can,
let's
you
want
to
pick
a
a
doozy.
A
A
Nick
this
one
sounds
really
bad.
Actually
incorrect
could
be
deletes
the
wrong
security
group,
so,
let's
find
out
how
incorrect
it
is,
and
this
can
be
a
good
one
to
end
on.
I
think,
if
my
poor
little
laptop.
A
Someone
did
it
with
a
ipad
the
other
day,
so
maybe
I
should
try
that.
A
E
I
actually
did
a
bunch
of
investigation
into
this
one
and
I
was
able
to
reproduce
a
very
similar
issue,
but
not
their
exact
issue,
but
it
looks
like
this
person
says
they
have
a
patch
for
it.
So
we
might
need
to
look
at
that.
A
Yes,
okay,
oh
and
there's
a
pr
now
from
what
I
presume
is
alberto,
but.
E
A
Yeah
we
actually,
we
should
probably
look
at
the
prs
that
are
open.
It's
not
tagged
with
aws,
that's
okay,.
A
Yeah,
I
think
I'll
go
through
some
prs
as
well
see
if
any
are
as
we're
coming
out
to
future
free
see
if
any
error
tagged
aws,
but
not
sorry,
I'm
not
tagged
out
of
us,
but
you
know
try
to
find
a
name
with
prs
that
should
go
in
for
feature-free,
so
that
we
can
hopefully
close
out
some
of
those
issues.
That
way.
That
would
be
an
easier
way
to
do.
It.
E
Awesome
I'm
going
to
have
to
take
off
but
see
you
guys
great
singing.
A
Nick
should
we
call
it
time
at
this
point
cool
all
right.
Well,
thank
you.
Everyone!
Everyone
gets
a
bit
of
time
back
and
I
wish
everyone
a
very
happy
friday
and
a
very
happy
weekend.