►
From YouTube: Kubernetes sig-aws 20190125
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone:
this
is
sig
AWS,
it
is
Friday
January,
25th,
2019
I,
am
your
facilitator.
Justin
Santa
Barbara
I
work
at
Google
a
reminder.
This
meeting
is
being
recorded
and
will
be
put
on
the
Internet.
Please
be
mindful
of
that
and
also
respect
our
code
of
conduct
and
be
a
good
person.
We
there
is
an
agenda.
I
have
pasted
the
link
in
chat.
I
will
be
pasted
it
for
anyone
joining
late.
A
If
you
do
have
anything,
you
would
like
to
talk
about,
please
add
it
to
the
agenda,
so
we
can
be
sure
to
get
to
it.
It
looks
like
we
don't
have
that
much
on
there,
so
we
should
be
okay.
If
you
would
like
to
put
your
name
in
the
attending
list,
so
people
can
figure
out
who
you
are
when
they
read
about
us
words
that
would
be
wonderful
and
otherwise
I
suggest
we
dive
right
into
the
agenda.
B
B
We
use
Cuba
and
me
and
artists
coming
group,
so
I
created
a
more
it's
lingo
that
used
a
shiny
new
former
to
watch
for
new
nodes
and
where
on
your
nose,
joins
based
on
the
format
of
the
ec2
tags
that
we
passed
through
from
the
autoscaler
today's
issue.
We
forward
then
has
a
change
or
label.
So
the
format
looks
like
this.
One
and
I
see
two
tags:
Wernicke's
the
breast
label
label
from
equal
CI
will
become
a
component
is
label.
That's
like
this
one
same
for
teens.
B
So
in
this
way,
being
physically
easily
create
complex
topology
in
our
class
were
just
Java
handing
or
removing
auto
scaling
group.
So
I
know
it
is
exist
in
some
place.
Has
a
code
or
not
I
I
find
it
useful
and
maybe
I'm
trying
to
pretend
if
I
can
share
it
in
some
place
or
how
I
can
open
it?
Everyone,
if
it
looks
feasible.
A
Yeah
that
I
mean
Amex
and
a
wonderful
vision.
Thank
you
for
the
presentation.
They
looks
wonderful
in
toys.
It's
a
yeah
I
was
slightly
worried
what
you
said
with
your
presentation.
That
was
gonna
be
a
really
long
PowerPoint.
But
yes,
that
was
the
perfect
presentation
just
showing
you're
talking
about
so
that's
great.
Thank
you.
I
know
that
this
has
actually
come
up
a
couple
of
times
in
the
past,
where
people
have
talked
about
mapping
labels
on
sorry,
ec2
labels
automatically
onto
their
nodes,
I
think
I.
A
Think
the
general
consensus
has
been
that
we
don't
necessarily
undo
that
for
like
automatically
for
every
label
but
I,
and
can
we
do
it
as
a
controller
and
can
we
understand
the
use
case,
I
think
what
you've
done
sounds
great
I
guess
if
you
want
to
talk
about
some
of
the
limitations
of
that
approach,
because
I
know
I
know
of
one
right
right
off
the
bat
right
and
I.
But
why
don't
you
tell
us
what
those
are
and
yeah.
B
I
mean
what
we
are
using
it
just
for
a
few
weeks.
So
it's
not
really.
We
didn't
come
up
with
a
big
limitation.
We
are
just
using
Federation
and
not
selector,
to
have
a
subgroup
of
nodes
like
CI
nodes
that
will
take
loans
from
our
CI
or
other
stuff
from
frontline
that
we
get
in
the
public,
traffic
and
stuff.
So
for
four
days
they
are
working
great.
But
the
fact
that
you
have
we
have
a
kind
of
grammar
that
if
it
doesn't
match
it,
doesn't
get
forwarded,
clean.
A
Yeah
I
mean,
is
it
a
problem?
The
one
I
was
worried
about
was
there's
sort
of
a
race
right
between
which
is
probably
fine
for
labels,
but
more
for
the
that
the
taints
on
the
node
right,
if,
if
a
node
should
be
tainted
and
comes
up
without
the
tank,
I
will
come
up
without
the
taint
and
if,
if
your
controller
doesn't
get
in
before
the
note
goes
ready,
which
honestly
you
have
a
fair
bit
of
time
anyway.
But
there
is,
there
is
a
race.
There
is
a
window
there
like.
A
If
your
controller
was
down
I,
don't
know
if
that's
an
issue,
I
actual,
so
there
one
of
the
things
you're
using
comedian.
There
are
other
tools
which
will
attach
those
labels
for
you.
When
the
cubelet
comes
up,
cubit
has
some
flags
cops.
Has
it
I
don't
know
if
Kaos
is
a
Christa's
yeah,
it
does
go
nodding
and
that's
nice
because
it
solves
the
race
it.
A
But
my
understanding
is
we're
trying
to
move
that
out
of
cubelet
anyway,
because
from
a
security
point
of
view,
nodes
shouldn't
be
defining
their
own
shouldn't
have
permissions
to
find
their
labels
into
the
finder
teams.
The
theory
being,
if
you
escaped
from
a
pod
or
we're
able
to
impersonate
the
cubelet
and
change
your
your
labels,
you
could
steer
workloads
to
yourself,
so
in
general,
we're
trying
to
make
it
that
that
isn't
the
case,
and
that
would
put
it
into
a
controller
like
the
one
you've
done
here.
I
I
think
this
would
be
great.
A
Yeah
I,
don't
know
the
full
status
of
this
I
think
we
do
need
a
controller
like
the
one
you've
done
and
it
may
overlap
or
tie
nicely
in
with
some
of
the
work
on
on
cube
root
labels
I
can
reach
out
to
Mike.
Denise
is
probably
the
person
who
I
know
is
working
on
this
aspect
of
security
and
pulling
out
we're.
A
Adding
adding
labels
to
nodes
in
a
secure
way
and
I
can
see
whether
he
what
the
status
is
if
it
ends
up
being
cloud
specific
I
think
this
would
be
a
natural
sub
project
for
the
sake
to
have
some
small
controller
or
or
you
can
just
publish
it.
You
know
in
your
own
repo,
but
if
you
wanted
to
make
it
official
yeah.
B
I
mean
I'm
yeah
I'm,
jumping
in
the
skull
sharing
this
information,
because
that,
right
now
it's
in
our
it's
just
a
ten
slice
of
code.
So
there's
no
really
point
for
me
to
have
a
project
that
just
does
that.
So
I
was
looking
for
a
place
where
to
put
that.
So
if
you
can
figure
out,
if
it
would
be
a
case
just
you
know
and
I'm
happy
yeah.
A
C
A
And
if
other
people
are
gonna
jump
in
there
or
say
anything
but
yeah
I
think
so
I
think
I
think
the
well.
Let's
figure
out
was
happening
with
the
cubelet,
the
the
long-term
devised
of
those
couplet
flags
and
whether
this
goes
into
whatever
the
replacement
is,
which
will
likely
be
some
sort
of
cloud
aware
controller
anyway,
but
honestly
I,
don't
know
if
there's
even
a
design
for
what
that
looks
like
yet,
but
this
could
evolve
to
be
that
thing
or
we
can
put
that
this
functionality
into
that
thing.
A
A
A
The
next
item
is
also
Mike.
He's
also
he's
so
we'll
come
back
to
that.
One
I
had
a
quick
or
hopefully
a
quick
question
which
is
like
one
of
the
things
I'm
trying
to
figure
out
is
sort
of
how
people
are
using
cops
and
using
AWS
and
using
all
these
tools
and
which
bits
of
the
which
pieces
that
we've
built
people
are
actually
using
and
I.
A
A
D
A
E
So
yeah
so
there's
a
PR
out
I
just
wanted
to
raise
awareness
here
for
everybody
for
custom,
endpoint
support
and
I
kind
of
wanted
to
just
see.
If
you
knew
Justin
do
we
need
to
get
it?
You
know
that
with
114
they
want
to
kept
for
everything.
It
seems
like
a
small
enough
feature.
I,
don't
know
that
this
really
requires
a
kept.
It's
in
addition
to
the
cloud
configuration
to
just
be
able
to
say,
I
want
to
use
this
EPC
custom
endpoint
for
AWS
services,
yeah.
A
E
I'll
give
the
background
here
so
basically
like
when
you
in
just
normal
commercial
AWS,
when
you
you
talk
to
a
ASG
or
ECG
or
Yale
B
or
whatever
you
talk
to
a
public
endpoint
right.
So
if
you're
in,
even
if
you're
in
a
V
PC
when
you
communicate
with
an
AWS
API
call
your
going
to
the
public
internet
AWS,
has
this
private
link
feature
for
basically
dropping
in
and
endpoint
within
your
B
PC?
So
whenever
you
talk
to
AWS
ap
service
ap,
is
it
doesn't
go
over
the
public
Internet,
it's
local
to
your
V
PC?
E
So
that's
what
this
feature
really
supports.
It's
intended
like
it
can
be.
It
can
work
just
fine
in
commercial
regions
like
that
everyone's
familiar
with,
but
then
there's
also
like
B
as
the
PR
stated,
these
the
government
regions
that
habeas
operates.
So
this
would
help
support
that
that
they
don't
have
outside
internet
connectivity.
E
So
but
that's
I,
think
the
primary
reason
for
this
PR,
but
it
also
if
for
anyone,
who's
operating
in
a
kubernetes
cluster
in
AWS.
If
they
want
to
turn
on
these
custom
end
points,
then
kubernetes
doesn't
have
to
go
over
the
internet
doctor
east
to
LBAs.
She
all
these
things.
So
it's
it's
I
think
it's
a
good
PR!
There's
a
few
last
changes
we're
working
out
on
it,
but
yeah
I,
I,
just
didn't
know
if
you
thought
that
that
warranted
a
kept
or
if
we
could
get
that
in
for
one
fourteen
in.
A
E
E
A
that
would
be
I
mean
you
go
yeah
exactly.
That
would
be
the
kind
of
thing
to
support.
I
mean
just
selfishly
like
if
I
was
developing
an
AWS
service
that
I
needed
the
cloud
provider
to
talk
to,
and
it
wasn't
the
public
facing
service
that
everyone
knows
was
a
public
endpoint.
That
would
be
another
reason
to
use
that.
So
that's
not
almost
anyone's
use
case
but
my
own,
but
that
will
help
support.
A
E
B
A
Just
I'll
just
tag
you
on
it,
but
go
ahead:
yeah
yeah!
It
doesn't
need
to
be
very
long
ago.
I
think
like
just
just
explaining
what
that,
what
it
is
that,
like
cough
cloud,
doesn't
work
whatever.
They
are
government
secret
cloud,
I,
think
I
don't
have
like
public
endpoints
and
even
in
any
region
you
can
set
up
a
private
link
and
the
point
I
think
that
would
be
that's
basically,
and
we
should
support
that
and
we
have
this
mechanism.
That
is
our
first
sort
of
advanced
use
cases
at
some
stage.
A
B
A
E
A
E
E
That's
not
so
that's
where
it.
The
cubelet
might
need
to
be
updated
not
in
this
PR,
but
at
some
point
to
support
this
because
say
you
want
pcr
images
in
different
regions.
If
you
want
private
endpoints
for
those
different
regions,
it's
not
going
to
be
just
for
it.
Entries
in
your
config
file
is
going
to
be.
However
many
you
won,
so
people
use
not
using
ECR
Oh,
totally
yep.
A
A
There
is
an
effort
to
sort
of
do
small
cat
or
to
have
caps
to
track
everything,
and
it
is
more
overhead,
but
it
is
probably
worth
it
and
the
hope
is
that
the
thing
that
goes
into
the
cap
this
usually
goes
into
the
cap
ends.
Anything
goes
into.
The
docks,
I
think
is,
is
the
ideal
endpoint,
okay,
great
yep,
wonderful,
that's
exciting,
and
then
we
have
a
hopefully
on
contentious
request
from
from
you,
Micah
I,
Can,
Has
kind
of
connect.
This
reviewer
I
am
generally
in
favor
for
people
that
don't
know,
wait.
E
A
Guess
every
people
don't
know
there
is
a
owners
file
for
the
AWS
well
for
all
the
directories
or
almost
all
the
directories
Newbern
Eddie's,
that
determines
who
has
the
joy
of
being
responsible
for
code
reviews
and
for
approving
those
code
changes
Micah
has
been
a
code
reviewer
for
10
months.
That
was
longer
but
sounds
right
and
has
contributed
code
most
notably
for
an
lb
or
lb
v.
A
2
I
think
we
I
think
you
meet
the
requirements
for
being
an
approver
and
I
think
I'm,
certainly
in
favor
of
you
beating,
approver
I,
don't
know
if
anyone
has
any
feelings
otherwise,
but
otherwise
I
will
like
it
in
there
and
and
say
welcome
and
thank
you.
But
if
anyone
wants
to
object,
this
would
be
a
great
time.
I
can't
imagine
anyone
yes
and
for
anyone
that
wants
to
follow
in
the
illustrious
footsteps
of
Micah,
you
can
become
a
reviewer.
The
way
to
do
that
is
to
the
easiest
way
to
do.