►
From YouTube: Kubernetes - AWS Provider - Meeting 20200221
Description
Recording of the AWS Provider subproject meeting held on 20200221
A
Hello,
everybody:
this
is
sig
aws
office
hours
or
the
bi-weekly
meeting
or
provider
aws.
I
am
your
host
moderator,
facilitator,
justin,
santa
barbara.
I
work
at
google
a
reminder.
This
meeting
is
being
recorded
and
will
be
put
on
the
internet
and
to
be
mindful
please
avail
of
our
kubernetes
code
of
conduct,
which
essentially
boils
down
to
being
a
good
person.
I
have
pasted
a
link
to
the
agenda
in
the
chat.
I
will
replace
it
right
there.
We
do
have
two
items
on
the
agenda,
but
nothing
else
on
the
agenda.
A
Please
do
feel
free
to
add
your
name
in
the
attendees
section.
If
you
would
like
to
it
can
be
helpful
for
people
watching
the
video
at
a
later
date
and
if
there
are
topics
that
you
would
like
to
discuss,
please
add
them
at
the
bottom
of
the
agenda.
Yes,
I'm
sure
we'll
get
through
our
agenda,
but
then
we
can
be
sure
we
don't
forget.
A
B
Yeah,
so
I
figured
I'd
just
bring
this
up
in
the
meeting
since
we've
been
chatting
about
it
a
little
bit
so
the
background
is,
there
exists,
a
cncf
testing
account
that
is
used
for
I
think
it's.
It
might
only
be
periodic
jobs
right
now,
for
is
that
true,
that's
true!
Yes,
okay,
so
it
it
does
run
periodic
jobs
and.
B
B
I
think
it's
something
related
to
ipv6
and
he
also
wants
to
add
some
sort
of
jobs
to
a
testing
account.
I
guess
now
I
have
two
options.
I
could
add
them
to
the
cncf
account
or
I
could
add
them
to.
Apparently
we
have
this
other
internal
account
which
the
pros
of
the
internal
account
are.
I
don't
have
to
worry
about
the
the
funding,
but
the
cons
are
that
only
amazon
employees
have
access
to
it.
So,
ideally,
I
think
the
cncf
account
would
be
better.
B
A
Yeah
I
just
wanna,
like
the
the
cncf
account
is,
is
actually
funded
by
amazon
as
well.
So
thank
you
to
y'all
for
that.
The
so
it's
not
like
it's
not
like
cincinnati
is
shelling
out,
as
it
were,
and
from
that
point
of
view,
as
long
as
as
long
as
amazon
is
willing
to
continue
funding
the
cncf
account,
I
don't
think
they
would
like
mind
having
more
money
go
like
more
spend
there.
A
I
think
the
spend
is
actually
pretty
low
right
now
anyway,
because
we've
turned
off
most
of
the
pre-submit,
so
it's
I
didn't
make
it
clear,
but,
like
cops,
does
run
on
every
pr
they
run
on
amazon.
So
there
is
precedent
for
non-kk
repos
to
to
run
on
every
pr,
and
that
seems
to
work.
Fine,
the
we
have
some
tips
and
cops
which
we
can
share
with
you
about
like
not
running
head
tip
of
of
kk.
A
We
just
created
a
whole
new
set
of
sub-accounts
under
the
cncf
account,
I'm
probably
mangling
my
words,
but
that
are
dedicated
for
testing.
As
long
as
we
get
the
okay
from
the
cncf,
I
think
we
can
create
more
of
that
nature.
I
don't
know.
Actually
we
might
just
be
able
to
continue
to
share
those
same
that
same
set
of
getting
a
lot
of
noise
from
your
mic.
Thanks.
A
Sorry,
we
don't
want
to
share
that
same
set
of
10
accounts.
I
think
it's
10
accounts
like
share
that
pool
with
other
jobs
running
on
prowl.
I
actually
don't
know
if
we
can
not
share
them,
but
so
I
think
you
can
certainly
use
those
before
we
just
give
a
heads
up
to
the
kappa
folk
in
case
they
are
concerned,
but
it
seems
pretty
reasonable
to
reuse
those
accounts,
and
I
actually
don't
know
if
we
can
not
reuse
those
accounts,
we
should
probably
just
check
with
cncf
and
then.
A
Finally,
there
is
a
move
to
put
more
of
this
under
open
and
transparent
cncf
management
in
the
kubernetes
working
group.
Kate's
infras,
which
is
has
a
get
repo
called
github.com
kubernetes
kate's
dot
io,
which
is
perhaps
a
little
confusing,
but
that's
what
it
is-
and
I
did
not.
I
created
the
the
10
accounts
under
using
a
bash
script,
but
I
I
spoke
to
them
on
wednesday
around
their
weekly
bi-weekly
meeting
about
putting
those
scripts.
A
What
we
should
do
about
those
scripts,
whether
we
should
like
keep
it
off
the
books
or
whether
we
should
like
put
it
in
the
management
in
there
in
their
repo,
and
we
agreed
that
we
should
actually
just
put
it
in
their
repo
so
that
it
will
be
transparent
and
like
there's
no
reason
to
as
long
as
we
don't
commit
the
keys.
There's
no
reason
to
to
hide
it.
So
we're
not
gonna,
give
it
the
keys
to
it,
but
we'll
commit
the
scripts
that
produce
the
accounts
that
produce
the
keys.
B
A
10
is
big,
but
not
too
big,
and
the
reason
was
that
cops
and
kk
originally
would
was
able
to
share
an
aws
account,
and
I
think
still
does
so.
There
is
there
was.
There
is
like
one
like
shared
editors
account
where
a
bunch
of
tests
would
run
and
has
very
high
quota,
and
it
relied
on
the
installation
tools
that
ran
in
there
being
cooperative
with
other
tests
that
rank
concurrently.
A
A
You
check
out
a
project
for
the
duration
of
your
test
and
you
give
it
back
when
you're
done
and
a
it's
called
a
janitor
runs
and
basically
like
nukes
anything
that's
left
over
when
you're
done
in
theory.
So
it's
pretty
it's
a
nice
design,
I
think
and
yeah,
and
so
there
are
10
accounts
so
that
we
can
run
up
to
10
jobs
in
parallel
across
the
entirety
of
the
fleet.
As.
B
A
A
A
Yeah,
there's
a
there's
a
the
tool
that
implements
it
is
called
boss,
gauss
b-o-s-k-o-s
and
that's
in
test
infra,
and
there
is
a
it
has
a
very
simple
rest
interface
and
it's
a
fairly
simple
service
in
that
it
like
basically
keeps
the
state
of
whether
of
those
10
projects
and
whether
they
are
leased
to
a
test
or
not.
And
like
will
eventually
like
time
out
your
lease
and
reclaim
it
and
do
that
sort
of
stuff.
But
you
basically
make
a
rest
request
and
you
get
back
the.
A
A
A
A
Yes,
I
so,
as
I
was,
I
was
going
to
have
a
look
at
this.
I
don't
know
whether
I
didn't
see
a
way
to
say
like
I
want
this
set
of
accounts
versus
this
other
set
of
accounts
like,
in
other
words,
isolation.
I
don't
know
whether
we
need
that
need
need.
The
one
thing
we
do
probably
want
is
like
if
you're
gonna
start
touching
a
new
resource
which
we're
not
cleaning
up,
we
probably
should
make
sure
that
the
janitor
correct
the
generator
is
the
recycling
thing,
the
janitor
correctly
like
recycles
that
new
resource.
C
A
Yeah
we
we
could
check
out
a
region
of
account,
but
the
the
way
it's
built,
the
way
the
boss,
aws
account
pool
works.
You
check
out
a
whole
account,
I
think
cops
doesn't
even
use
the
boscos
pool.
I
think
it
actually
just
has
a
single
shared
account,
and
so
that's
why
we
randomize
our
regions
and
things
like
that,
and
so
we
could
try
to
look
at
using
boschos.
A
If
we
wanted
to
in
cops,
I
yeah,
but
I
I
I
it
used
to
be
harder
to
create
sub-accounts,
I'm
not
even
sure
they
existed
when
we
first
started
or
I
don't.
I
don't
remember,
but
so
that's
why
we
ran
in
regions
and
we
ran
sometimes
in
the
same
region.
The
it's
now
relatively
easy
to
create
sub-accounts
apparently
there's
a
limit,
but
I
haven't
hit
it
yet.
A
A
So
so
next
steps,
I
guess,
are
I
don't
even
know
if
we
need
permission
we
should
just
check
with.
We
should
look,
have
a
look
at
that
script
and
see
if
it's
possible
to
have
a
separate
pool
and
assuming
it's
not
possible
to
have
a
separate
pool.
We
should
just
like
check
with
cap.
If
they
mind
you
sharing
the
same
pool
which
they
shouldn't
do.
A
C
Other
than
that
yep
sounds
good,
it'd
be
nice.
If
project
maintainers
had
like
read
access
to
the
aws
accounts,
I
know
I've
had
to
troubleshoot
some
of
the
we
had.
When
I
was
setting
up
the
vpc
cni
provider
end-to-end
tests,
there
were
lingering
resources
that
were
preventing
the
next
test
from
starting
up
correctly.
I
was
having
a
very.
C
A
The
the
sub
accounts
are
very
disposable
as
it
were
like
it
doesn't
really
matter
too
much
about
what
happens
in
them.
So
I
I
think
we
certainly
could
give
read
access
to
those
sub
accounts.
I
think
in
the
main
account
we
have
to
look
a
little
bit
more
closely
at
what's
going
on
in
there,
but
we
could
do
that.
B
A
I
am,
I
am
going
to
send
a
pr
to
the
working
group
kids
info,
which
will
include
the
scripts.
I've
been
using
to
create
those
accounts,
and
I
think
the
intent
is
that
that
group
will
essentially
like
take
on
questions
of
governance
and
management,
and
that
sort
of
thing
I
don't
know
if
you
have
any
particular
concerns
that
you
want
to
pre-address.
A
But
I
mean
there's
like
there's,
there's
two
things
right,
there's
the
mechanics
of
like
how
do
we
actually
create
these
accounts
and
then
there's
like
who
should
be
allowed
to
ask
for
a
new
account
that
sort
of
stuff-
and
I
think
that
the
sort
of
like
rules
is
is
probably
like
working
through
kate
feels
like
the
forum
for
that,
and
I
think
the
scripts
are.
I
have
some
crappy
scripts
and
we
can
put
them
upload,
upload
them
and
you
can
rip
them
apart.
B
A
That,
like
you
know,
was
done
as
a
one-off
here
and
one
up
there
and
no
one's
quite
sure
like
which
project
is
it
in
who
actually
has
access
and
all
this.
So
there
is
there's
actually
some
great
stuff
going
on
in
that
reboot.
So
far,
only
for
gcp,
but
it
there
are,
like,
I
think,
they're
starting
to
use
more
terraform.
A
A
A
A
I
think
that's,
I
think
that
makes
sense,
and
then
in
theory,
you
can
just
like
send
figure
it
out
with
like
how
to
run
a
pro
figure.
The
proud
job
that
does
this
and
peter
has
a
lot
of
experience
here,
and
I
think
kappa
has
experience
as
well
so
like
how
to
do
a
proud
job
that
uses
these
credentials,
and
you
know
re,
recycle,
some
of
the
scripts
from
kappa
and
some
of
the
proud
jobs.
A
So
yeah,
so
then,
I
think
the
path
there
is
like
first
step
is.
I
should
get
the
the
ten
accounts
that
were
these
ten
kappa
accounts
and
at
least
mentioned
in
their
repo,
and
then
we
can
like
start
to
go
from
there
and
sort
of
try
to
get
more
and
more
under
management.
I
think
I
think
big
great
topics
bring
up
in
their
bi-weekly
meeting.
They
just
met
on
wednesday,
so
it's
the
next
meeting
will
be
in
12
days.
A
B
A
B
B
So
I
just
reviewed
it
this
past
week
and
it's
adding
so
when
load
balancers
are
created,
we
we
create
a
health
check
for
them,
and
the
old
behavior
was
to
basically
pick
a
health
check
port
at
random,
and
the
idea
is
that
there
might
be
cases
where
you
want
to
kind
of
intelligently
pick
the
port
that
probably
is
ssl
for
an
ssl
health
check,
so
paste
the
pull
request
in
the
group
chat.
Do
we
actually
do
random
by
the
way?
B
B
So
it's
a
little
bit
confusing,
but
maybe
that
made
sense
made
some
sense,
I'm
wondering
if
it
wouldn't,
instead
of
using
this
back
in
protocol
annotation,
which
I
believe
has
other
side
effects,
I'm
not
sure
exactly
what
they
are.
What
if
we
just
had
it,
two
annotations
one
for
health
check,
port
and
one
for
health
check
protocol
is
that.
A
A
I
guess
in
particular
we
have
to
be
careful
about
like
it's
a
behavioral
change
and
it's
okay
to
make
a
behavioral
change
if
the
previous
behavior
was
completely
broken
right.
So
if,
as
long
as
we're
only
break
as
long
as
we're
only
changing
the
behavior
for
people
that
would
have
had
non-working
configurations
before,
then
that
seems
fine
but
yeah
when
we're
looking
at
like.
So
I
like
your
idea,
because
it
can't,
if
you're,
adding
an
annotation,
you
can't
break
someone's
like
there's
nobody
it
doesn't.
B
A
For
example,
api
server,
typically
401s
returns
a
401
and
an
http
request
and
uses
a
self-signed
insert,
and
so
both
of
those
things
would
cause
respectively,
a
htc,
a
naive,
http,
health
check
and
ssl
health
check
to
fail.
If
I
recall
correctly,
like
I,
don't
think
with
my
universe,
elbs
you
can
say
like
accept
the
401
as
being
healthy.
B
B
A
B
B
A
B
A
Yeah
that'd
be
great.
I
think
that
worked
really
well
uniform
one
worked
really
well
at
the
last
kubecon
in
san
diego,
in
my
opinion,
and
so
I
think
we
didn't
do
one
for
cigarettes
who
did
one
for
a
different
sub
project,
but
I
think
I
think
it
was
great
and
I
think
yeah
we
should
try
to
arrange
that.
I
guess
probably
during
the
main
week,
would
be
better
than
during
the
like
the
first
day.