►
From YouTube: Kubernetes - AWS Provider - Meeting 20200320
Description
Recording of the AWS Provider subproject meeting held on 20200320
A
Hello,
everybody,
this
is
the
bi-weekly
provider
aws
meeting
today
is
march
20th
2020..
I
am
your
moderator
facilitator
for
the
day.
Just
in
santa
barbara,
I
work
at
google
a
reminder.
This
meeting
is
being
recorded
and
will
be
put
on
the
internet.
The
link
to
the
agenda
is
in
the
chat
and
we
do
have
two
items
on
the
agenda.
Thank
you.
Nick,
please
do
add
items
to
the
agenda.
A
Please
add
your
name
if
you'd
like
to,
though
everyone
here
has,
I
did
it
actually
for
you
guys,
and
otherwise
let's
go
to
the
agenda
and
nick.
Do
you
want
to
bring
up
well
the
two
issues?
I
guess.
B
Yeah,
so
we
don't
have
to
do
like
a
super
detailed
review
here.
I
just
want
in
general
some
some
eyes
on
this,
and
then
I
had
a
specific
question
about
the
first
one,
but
I'll
just
kind
of
talk
through
what
they
are.
So
the
first
issue,
84
9
26,
is.
B
So
basically,
this
is
a
when
you
set
up
a
service
in
a
very
specific
way,
so
I've
so
far
replicated
this
on
the
the
version
very
old
version.
So
I'm
gonna
after
this
meeting,
I'm
gonna
try
to
do
it
on
master
just
to
make
sure
it's
still
relevant,
but
I
think
it
is
just
kind
of
glancing
at
the
code
that
is
still
in
the
master
branch.
But
it's
when
you
set
up
a
service
with
extra
security
groups,
you
have
one
extra
security
group
and
extra
security
groups.
B
You
have
load
balancer
source
ranges
set
up.
So
then
the
service
will
create
a
security
group
for
the
load
bouncer,
and
it
also
has
extra
security
groups
which
will
attach
you
have
say
one
in
there,
which
will
attach
to
the
load
bouncer
and
the
core
of
the
problem,
at
least
when
this,
at
least
in
112.
B
Again,
I
gotta
confirm
this
in
much
newer
version,
but
for
the
problem
there
is
that
the
order
of
the
security
groups
is,
you
know
when,
when
you
query
it
from
the
aws
api,
sometimes
you
get
the
extra
security
group
first.
Sometimes
you
get
the
other
one
first
and
we
have
some
code
that,
for
example,
you'll
get
a
warning
in
this
old
version.
B
If
you
have
multiple
security
groups
attached
to
your
load
bouncer,
and
so
it
just
parts
of
the
code
where
it's
passing
security
groups
and
and
trying
to,
for
example,
when
it
adds
ingress
rules
into
the
node
into
the
node
security
group.
B
Like
the
the
order
matters
there
and
it's
it.
Sometimes
it's
just
using
the
first
security
group
and
doing
some
comparisons
there,
and
so
it's
it
seems
like.
We
need
better
support
for
multiple,
multiple
security
groups
and
justin.
Maybe
you
can
confirm
if
if
this
has
actually
been
worked
on
in
recent
versions,
but
most
of
the
code
that
I
was
looking
at
was
still
there
so.
A
My
knowledge
it
has
not,
and-
and
yes
I
think
I
don't
want
to
say
working
as
intended,
but
like
the
intent
of
that
warning
message
was
because
we
were
assuming.
There
was
only
one
security
group
and
we
therefore
took
the
first
actually
take
the
last
one.
It
looks
like,
but
whatever
and.
A
A
The
warning
is
flagging
up
that
yeah
the
code
is
insufficient,
and
so
yes,
we
do
likely
need
some
way
to
guarantee
that
we
we
choose
our
the
the
kubernetes
security
group
as
the
the
one
that
we
are
managing
when
we
are
managing
one
so,
for
example,
like
to
exclude
the
additional
security
groups.
A
B
Yeah
yeah,
I'm
not
I'll
I'll,
take
I'm
going
to
try
to
after
I
confirm
it's
still
an
issue,
I'm
going
to
try
to
propose
a
fix
for
it,
but.
A
A
I
would
assume
that
extra
security
groups
are
not
going
to
be
tagged
with
an
own
direction,
but
maybe
that's
not
true,
but
we
could
tag
it
with
a
new
one,
like
the
one
to
say
like
this
is
the
one
that
we
actually
are
are
managing
in
the
I
guess,
aws
cloud
provider,
or
we
might
want
to
make
that
more
specific,
like
the
service
controller,
but
whatever
whatever
we.
We
could
tag
it
with
an
additional
tag.
Saying
like
this
one.
B
Weird
thing
that
we
do
here
is
or
sorry
the
the
weird
thing
about
this
setup
in
the
issue
is
that
they've
used
their
node
security
group
or
the
instance
security
group
in
the
extra
security
groups.
So
there's
a
if
that
one
gets.
If
that
one
gets
chosen
as
the
one.
So
you
it
does
this
kind
of
comparison
between
the
load,
balancer
security
group
and
the
node
security
group
and
sees
it's
the
same
and
then
it
just
doesn't
do
anything.
B
But
at
other
times
when
the
order
is
switched
and
the
node
security
group
and
the
second,
then
it
does
add
the
rule
to
the
node
security
group.
So
maybe
we
should
just
find
that
case.
If,
if
you
I
mean
do
we
want
to
outlaw
that
case
or
that
could
break.
A
It's
not
clear
to
me
why
they're
doing
it,
I
can
read
through
the
issue
yeah.
I
I
feel
like.
We
should
probably
just
make
sure
first
that
we,
when
normal
extra
security
groups,
are
applied,
that
we
don't
like
pick
them
up
either
we
don't
get
confused
and
then
like
the
whole
like.
But
what,
if
you
use
the
node
security
group
as
the
extra
security?
What
if
you
just
load
balance
a
security
group
or
what,
if
you
use
the
the
kubernetes
one?
What
if
you
go
and
annotate
it
back
like?
A
B
A
Yeah,
I
think,
that's
fair.
I
I
think
that
the
yeah,
the
intent
is
that
we
can't
protect
against
everything,
but
we
can
certainly
make
it
that,
if
we're
able
to
get
the
logs
that
it
is
highlighted
very
clearly
something
very
naughty
has
happened.
But,
yes,
I
think
like
there
is
clearly
a
bug
here
which
is
like
we
never
anticipated
in
that
loop
that
they
that
was
highlighted
by
giannetto
in
the
issue
we
never
anticipated.
A
B
Cool
the
other
one
was
just
it's
an
issue
that
I
think
I
just
want
your
review
on
it
at
some
point,
so
I
just
wanted
to
bring
it
up
again.
You
probably
will
remember
it.
It's
the
the
health
check.
A
A
B
We
did
yeah
and
that's.
He
said
he
would
do
it.
He
did
respond
to
the
issue,
so
I
can
ping
him
again
and
just
kind
of.
B
A
Clear:
it's
not
that
we
want
like
more
test
coverage
and
like
it's,
that
we
just
it's
a
little
like
yeah,
there's
some
definite
like
combinations
of
cases
where
we
need
to
like
make
sure
that
we
have
it
all
pulled
through
and
having
the
tests
will
help
us
review
that
and
see
that
it's
done
right,
right,
yeah,
okay,
cool!
That's
all!
For
me!
Wonderful!
Thank
you!
A
I
don't
know
if
anyone
else
has
any
other
topics
on
the
agenda.
I
haven't
seen
whether
anyone
added
anything.
Oh
yes,
peter
you
added
one
or
two,
maybe.
C
Yeah
one
one
that
stems
off
of
another:
basically
the
alb
ingress
controller.
There's
like
a
v2.
C
You
know
version
that
supports
grouping
ingresses
so
that
you
can
have
multiple
ingress
resources
represented
by
one
alb,
which
is
useful
across
name
spaces,
and
that
has
been
implemented
in
this
v2
branch
for
a
while
now,
but
it's
never.
There
hasn't
been
a
release,
a
v2
release.
So
it's
been
quite
a
few
months.
So
I'm
just
curious
what
the
status
of
that
is.
If
we
could
move
it
along.
B
Yeah,
I'm
gonna
talk
to
my
co-worker,
who
goes
by
moon
fish.
His
name
is
yang,
he's
the
guy
who
works
on
the
lb
ingress
controller,
I'll,
see
what
the
deal
is
and
if
there's
gonna
be
a
release
soon,
and
I
can
kind
of
poke
him
see
if
we
can
get
that
to
happen.
The
other
thing
is
that
I
was
gonna.
Mention
is
the
authenticator
issue
that
you
were
running
into
last
week.
I
know
I
I
talked
to
my
co-worker
and
he
was
gonna
look
into
it.
He
was
working
on
a
pull
request.
B
I
think
I
think
yeah
we
saw
or
you're
involved
in
that.
I
think
I
was
supposed
to
review
it,
but
I
haven't
yet.
Are
you
on
top
of
that
or
yeah?
The
pull
request
looks.
B
Right
now
so
I'll
see
what
I
can
do,
but
it
might
be
another
week
or
so
before
we
can
actually
get
it
merged,
but
and
then
I
didn't
get
a
chance
to
clarify
anything
about
the
e
e
t
e
tests
with
china
and
govcloud.
If
you
want
to
just
like
remind
me
what
exactly
like,
are
you
were
you
interested
in
that
for
cloud
provider
tests
or
something
else.
C
That
was
for
cops
specifically
there's
areas
of
code
where
we
kind
of
assemble
arms
or
do
things
using
features
that
aren't
supported
in
certain
partitions
like
route
53.
I
think
govcloud
recently
added
support
for
route53,
but
you
can't
use
alias
records,
so
that
was
an
interesting
edge
case.
We
ran
into
so
it'd
be
nice
to
be
able
to
test
these
sorts
of
things
ahead
of
time,
yeah
and
then
I,
I
guess,
unrelated
to
e
to
e.
C
I
know
that
we
have
like
amis,
that
we
publish
in
every
region,
but
we
don't
publish
them
in
govcloud,
so
it'd
be
nice
to
kind
of
expand
support
for
that
as.
A
Thank
you.
That
means
I
was
not
muted
before
I
guess
about
whatever
the
the
issue
you
actually
linked
on
the
as
aws
alb
ingress
controller.
It
does
look
like
moonfish
said
that
he
he
will
be
back
on
to
continue
v2ga
shortly.
So
that's
some
good
news.
There.
A
A
Okay,
I
think
that
the
third
item
on
the
agenda
is
the
one
we
just
discussed
about
ede
testing
in
china
and
or
govcloud
yeah.
It's
also
for
the
images
are
also
there's
a
sub
project
of
a
sig
cloud
provider
called
image
builder,
which
is
also
spinning
up
and
will
also
be
publishing
images.
A
Maybe
publishing
images
certainly
heading
in
that
direction.
So
great,
that's
the
end
of
our
agenda.
I
I
don't
know
of
anything
else.
Is
there
anything
else?
A
Otherwise,
I
wish
everyone
a
very
happy
weekend:
stay
safe
and
healthy
and
see
everybody
in
two
weeks
and
nick
do
let
us
know
if
there
are
demos
or
peter
that
you
want
to
do
sounds
good.