►
From YouTube: Kubernetes sig-aws 20181214
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello:
everyone:
it
is
Friday
December,
14th
2018.
This
is
Sig
AWS
our
bi-weekly
meeting
I.
Am
your
moderator,
facilitator,
Justin,
Santa,
Barbara
I
work
at
Google.
There
is
a
link
to
the
agenda
in
the
calendar
invite
and
in
the
chat.
If
you
would
like
to
talk
about
anything,
that's
not
on
the
agenda.
Please
do
add
it.
It's
great.
That
way.
A
We
can
see
what
what
you
can
be
sure
to
reach
everything
and
if
you
would
like
to
feel
free
to
add
your
name
to
the
attendees
list,
so
that
everyone
sort
of
knows
who
you
are
and
can
correlate
names
to
people
and
a
reminder
that
this
meeting
is
recorded
and
will
be
put
on
the
internet
in
due
course
I
I
do
expect.
This
is
going
to
be
a
fairly
light
agenda
and
attendance,
given
that
most
koukin
ended
last
night,
so
mostly
for
traveling
or
generally
probably
coop
conned
out
so
I.
A
But
when
I'm
a
one
item
on
the
agenda,
which
was
if
it's
handy
for
people
I,
can
give,
we
gave
a
cig
a
diverse
update.
I
can
give
a
two-minute
version
of
that
or
a
longer
version
of
that,
but
I
give
it
to
you
in
a
version
of
that,
and
we
can
do
questions
and
it
looks
like
mica
has
accidentally
put
AWS
I
am
Authenticator
update
on
there,
which
will
be
wonderful
to
hear
because
we
were
a
little
bit
light
in
our
680
press
update
on
that
front.
A
A
If
people
want
to
just
it
would
prefer
to
just
sort
of
go
at
their
own
pace
in
the
video
will
be
posted
I,
don't
know
if
anyone
has
any
objection
or
well
looks
like
actually
most
people
here
might
have
been
there
on
Wednesday,
so
maybe
I
will
give
a
1-minute
summary
just
to
give
us
something
to
sort
of
kick
off
any
questions
which
is
I.
Think
the
big
thing
we
talked
about
was
a
lot
of
progress
in
CIWS,
but
almost
entirely
happening
outside
of
kaykai
I.
A
A
There
is
the
alb
ingress
controller,
the
CSI
driver,
the
cloud
external
cloud
provider,
there's
a
lot
of
testing
efforts,
I'm
actually
looking
through
the
sides,
the
a
device
encryption
provider,
the
aid
of
the
I
am
Authenticator
and
a
cluster
API
implementation
for
AWS,
as
well
as
ETS
cuddle
happening
as
well,
and
there
are
test
results
being
reported
in
test
grid
which
has
been
done
by
AWS
I.
Believe
so.
Thank
you
for
that.
A
I
will
put
a
representative
link
in
the
chat,
but
we
I
think
we're
sort
of
doing
better
at
following
processes,
we're
doing
more
keps
and
being
more
rigorous
about
the
project
management
which
I
don't
see
an
issue
here,
but
that's
mostly
'she's
hard
work.
So
thank
you
can
issue
for
that
and
it's
great
to
see
the
test
results
going
into
desperate.
So
a
time
happening
most
the
outside
of
kaykai
kubernetes
kubernetes,
the
sort
of
primary
mono
repo
I
mean
tension
is
obviously
break
it
up,
and
we
have
lots
of.
A
A
Next
agenda
item
then,
yes,
I,
the
the
video
will
be
posted,
I,
don't
know
exactly
when,
but
I
presume
within
the
next
week
or
two
weeks
or
let's
say
by
the
beginning
of
next
year,
would
be
my
guess.
And
yes,
it's
a
compromise
was
good
this
year,
lots
of
so
much
to
do
and
I
have
a
lot
of
videos
to
watch
myself.
B
Yeah
cubone
was
great.
There
were
so
many
times
where
there
were
like
four
talks
that
I
wanted
to
go
to,
concurrent
that
were
running
concurrently
and
so
I'm
gonna
have
to
catch
up
on
a
lot
of
videos,
see
I
wanted
to
give
kind
of
a
community
update,
and
this
SIG
just
about
what
we're
sort
of
thinking
through
and
working
through
I
know.
There
was
a
kept
earlier
kind
of
around.
I
am
off
for
pods
and
most
all
those
approaches
so
far
have
just
been
really
metadata,
based
using
ec2,
metadata
or
proxy
or.
B
Overriding
it,
and
so
we'll
have
a
blog
post
about
this
soon,
but
we've
been
talking
with
a
lot
of
members
of
the
community
with
sig
off
as
well
working
with
them
on
on
our
approach
for
this
and
sort
I'll
kind
of
give
a
high-level
overview
is
basically
we
want
to
use.
The
new
projected
service
account
token
feature
which
gives
basically
kubernetes
gives
out
an
oid
seat
up
to
your
pod
and
that's
used
instead
of
using
a
serve.
This
type
of
service
account
token
against
the
kubernetes
api.
B
So
we'll
have
a
lot
more
details
about
that
soon,
but
like
what
the
sort
of
the
the
tech
flow
be
like,
the
the
workflow
behind
that
is,
and
then
what
the
user
interaction
story
isn't
everything
but
and
well
again.
I'll
have
a
cap
about
that
too.
There's
actually
really
good
conversations.
We
had
with
the
Google
folks
at
keep
on
working
on
this
feature,
because
there's
similar
interest
in
doing
sort
of
the
same
kind
of
thing
for
them.
B
So
if
we
can
take
AWS
and
and
the
Google
folks
can
get
on
the
same
train
about
this,
it
would
set.
It
really
could
set
a
really
nice
standard
for
sort
of
the
clouds
in
general
that
we're
just
off
flow
in
general,
where,
if
you
want
a
pod
to
get
credential
to
some
other
system,
whether
it
could
be
vault,
it
could
be
something
else
doing
a
very
similar
flow
so
more
about
that
later,
but
just
wanted
to
kind
of
see
the
communities.
This
is
known
as
something
that
we're
working
on
and
investing.
A
That
is
an
exciting
update.
I
am
I'm
happy
to
have
to
hear
it
and
to
hear
that
you
are
working
with
Google
I
might
like
who
I
think
you're
doing
some
cool
stuff,
so
I'm
glad
we're
sort
of
trying
to
get
all
everyone
on
the
same
page
because
it
is,
it
is
a
little
new,
and
so
we
don't
want
to
all
like
have
a
different
approach.
I
think,
but
right,
my
my
understanding
is
it
basically
lets
the
AWS
api's
trust,
kubernetes
service
accounts
mode.
B
B,
so
that's
how
I
would
that's
that's
right?
Yeah
I
did
have
to
have
a
specific
audience
binding
for
for
AWS,
but
yes,
that's
how
it
would
work,
and
the
other
note
about
this
is
that
the
the
SDKs,
the
AWS
SDKs,
would
be
updated
with
this
new,
basically
off
mechanisms
to
say,
here's,
the
role
I
want
here's.
This
service
account
file
assume
this
role
with
this
web
identity.
It's
just
if
you
want
to
look
it
up.
It's
a
STS,
API
assume
role
with
web
identity,
so
you
can
kind
of
look
more
there.
B
Well,
this
superseded
the
need
for
something
like
cooed.
I
am
yep.
This
would
totally
replace
cute.
I
am
Kay,
I
am
all
those,
so
you
would
that
the
right
now,
the
the
difficult
part
with
those
is
that
you
have
to
sort
of
have
a
trusted
process
in
your
cluster,
whether
it's
your
node
or
okay.
I
am
like
a
control
process,
and
with
this
yeah
you
wouldn't
have
to
you
could
once
this
is
totally
rolled
out,
you
could
essentially
have
an
untrusted.
A
node
with
only
would
even
know,
I
am
credentials
or
no
I
am
permissions.
B
We'll
put
it
that
way,
yeah
and
the
other
side
to
note
about
this
is
that
the
trust
is
different
than
in
okay.
I
am
I,
am
instead
of
annotating
your
pod
with
here's.
The
role
I
want
to
see
him
in
just
implicitly
trusting
that
that's
pod
has
permission
there
yet
at
the
IE.
The
AWS
I
am
trust
policy
on
the
role
to
save
this
service.
Account
on
this
cluster
can
assume
the
role
Wow.
A
B
Yeah
will
do
we'll
definitely
have
a
blog
post
and
we'll
probably
have
a
kept
too,
because
that
way
we
can
sort
of
have
a
community
place
to
align
around
this
I
was
originally
started,
thinking
that
that
might
be
a
Sega
WS
kept,
because
that
we
don't
want
this
to
just
be
for
eks.
We
want
this
to
also
be
if
you're
running
cops
or
your
own
cluster.
A
B
Yeah,
the
the
only
the
place
I
would
see
for
a
Sega
double
us
project
would
be
around
the
AWS
specific
API,
and
so
specifically,
it's
getting
a
little
more
into
it,
but
with
Oh
IDC
you
have
RSA
or
ECDSA
keys
that
are
signing
keys
and
right
now,
most
people
probably
never
rotate.
Their
service
account
key,
but
these
o
IDC
keys
are
does
not
like
for
these
particular
service.
B
Account
volumes
are
designed
to
sort
of
be
rotated,
and
so
I
could
see
there
being
a
a
rotation
sort
of
helper
project
that
helps
rotate
the
keys
on
for
the
API
server,
but
also
you
would
need
a
you
need
to
expose
those
keys
to
SCS.
Somehow
you
need
adjacent
end
point.
The
SCS
can
access
to
say
here's
the
RSA
keys
for
this
cluster,
so
that
could
be
a
it
could
be
a
secured
area
as
it
could
be
to
Gogh,
but
yeah.
A
B
It
depends
on
sort
of
the
holiday
right,
Wolcott
usual,
but
I'd
like
to
get
that
out
sooner
than
later,
wonderful,
yep,
yeah,
and
if
you
have
it,
if
anyone
has
any
feedback,
please,
like,
let
me
know,
I'd
love
to
talk
through
it
and
there's
been
questions
about
like
cross
account
role
assumption,
because
a
lot
of
people
do
that
with
ki
an
or
qg
I
am
so
we're
so
for
working
through
what
that
would
look
like,
but
yeah.
Please
feel
free
to
reach
out
to
me.