►
From YouTube: Kubernetes sig-aws 20180323
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
The
first
item
that
I
put
on
the
agenda
is
that
a
couple
of
weeks
ago,
well,
four
weeks
ago
and
two
weeks
ago,
we
talked
about
the
a
diversity
encryption
provider,
which
is
our
first
sake,
hosted
I.
Think
that's
the
word
or
sync
project.
So
one
of
the
replacements
for
the
incubator
is
that
SIG's
are
able
to
have
projects
under
their
scope
or
in
their
scope,
and
our
first
one
is
the
encryption
provider
which
implements
an
API
in
API
server
to
encrypt
secrets
at
rest
and
NCD,
and
we
have
a
project
up
and
running.
A
I,
don't
think
we're
ready
to
make
a
guarantee
that
it's
stable,
as
in
like
we're,
never
going
to
change
the
format
on
disk,
but
it
looks
like
it
works
and
hopefully
you
know
we
will
be
able
to
make
that
guarantee
pretty
soon
and
the
we
want
to
get
out
of
ET
testing
I
think
is
the
is
the
big
thing
before
we
can
say.
Yes,
this.
This
is
ready
for
people
to
use.
But
yes,
if
you
want
to
contribute
of
that,
obviously
the
link
is
in
the
in
the
minutes,
and
contributions
are
very
welcome
and
huge.
B
You
just
want
to
go
for
something
Justin,
Seth
or
whoever's
doing
the
testing.
Definitely
ping
me
if
you
can't
get
a
hold
of
Justin,
because
I
think
I
understand
how
we
can
get
under
UT
pretty
well,
since
I've
been
messing
around
with
a
bunch
of
it
so
and
Justin
I
know
how
busy
you
are
so
just
want
to
offer
that
up.
A
And
then
we
have,
we
have
a
couple
of
items
that
came
up
on
the
cig:
a
diverse
mailing
list
which
I
guess
we
haven't
talked
about
I,
think
I.
Think
I
will
do
them
out
of
order.
The
first
one
is
the
ownership
of
the
AWS
EBS
CSI
driver.
So
I,
don't
honestly
know
a
whole
lot
about
this,
but
my
understanding
is
that
we're
moving
to
more
of
a
provider
interface
for
storage
as
as
well
as
or
similar
to
what
we
have
for
networking.
A
So
CSI
is
I,
guess
the
cni
drivers,
but
for
storage
and
I
guess
the
question
was
sent
by
yes,
one
who's
more
on
the
Lewis
I
think
it
was
Louise.
Who
is
pretty
more
on
the
storage
side,
now
wondering
whether
you
know
whether
the
AWS
EB
SCSI
drivers
are
owned
by
CBS
or
owned
by
six
storage.
I,
don't
know
if
anyone
has
a
particularly
strong
for
you
I
would
guess.
A
C
A
I'm
energy
C,
but
we're
GCP
I
should
say
but
I
think
I.
Think
as
I
said,
we
would
like
to
participate
in
that,
but
I
don't
think
we
have
any
particular
need
to
own,
but
if
they,
if
they
want
to
so
no
I,
don't
think
with
an
objection.
Let
me
get.
If
anyone
disagrees
with
that,
then
let
me
know
or
speak
up
cool.
A
The
next
item
on
the
agenda
is
so
if
we
assume
any
device
encryption
provider
is
rolling
forwards
and
is
our
good
sort
of
first
non-controversial
project.
Another
thing
from
the
mailing
list
is
that
we
had
two
proposals:
I,
don't
know
what
the
word
is:
I
guess
like
incubate,
but
to
add,
as
our
one
of
our
next
hope
projects
cig
projects,
the
alb
ingress
controllers
and
the
complexity
here
is
that
there
are
2
LB,
rest
controllers
that
are
out
there
in
the
field.
A
There
is
one
from
I
guess
that
I
put
the
core
OS
Ticket
Master
one
and
there's
one
from
Salado,
and
my
impression
is
that
they
are
pretty
different.
I
think
this
is
a
lando
one,
for
example,
uses
CloudFormation
I,
think
the
ticketmasters,
but
may
might
have
more
complete
support.
I
think
the
the
core
OS
one
is
a
more
the
Corsican
master.
A
One
is
Evan
work,
straightforward
implementation,
I,
you
doesn't
use
confirmation,
but
it
might
not
have
this
complete
support
might
be
my
summary
I
don't
want
to
offend
anyone
and
I,
don't
know
how
as
a
cig,
we
want
to
think
about
that.
There
is
a
reason
we
started
with
the
aus
encryption
cutter
because
it
was
going
to
avoid
a
lot
of
these
issues.
It's
sort
of
non-controversial
and
purely
additive,
but
I,
don't
know
what.
A
Whether
anyone
has
any
view
about
I
guess:
I
guess
are
three
options
or
four
options:
are
we
incubate
or
we
accept
in
one
we
accept
in
both
we
accept
in
neither
we
accept
or,
and
we
or
we
accept
in
sort
of
what
we
do
with
DNS,
where
we
say
like
come
together
and
build
it
again.
Like
pulling
the
code
that
you
guys
can
agree
on
and
and
sort
of
build
a
combined
one
that
works
for
everyone,
I
guess
those
are
our
options.
C
So
what
I
can
spare
from
from
our
side
is?
We
are
looking
at
both
the
controllers
right
now
and
doing
an
evaluation
and
well
I
do
plan
to
share
the
evaluation
notes
from
our
site
to
the
same
so
that
we
can.
We
can
make
a
call
whether
it's
it's
one
or
is
it
going
to
be
both
investigative
use
umbrella,
so
I.
C
A
I
think
that
would
be
good
I
think
you
know
having
a
relatively
and
partial
evaluator
would
be
I.
Couldn't
thank
you,
I
think,
yeah,
I,
honestly,
I,
don't
know
what
the
what
the
right
answer
is
in
terms
of
how
we
do
this
I
think
what
we
did
with
external
DNS
was
a
good
thing.
Mm-Hmm
in
it.
In
theory,
it
works
for
everyone,
although,
like
that
project
is
still
like
ongoing
and
like
mostly
on
my
side
like
we
haven't,
really
got
integrated
with
cops
yet
so
that's
something
I
want
to
do
there,
and
that
is.
A
It
is
a
challenge
to
like
find
time
to
support
a
third
project
right.
The
end,
that's
one
problem.
Another
idea
that
I
had
that
came
up
was
another
alternative.
Cig
project
would
be
that
we
do
sort
of
have
a
need
to
terminate
a
note.
That's
not
ready
for
more
than
a
certain
amount
of
time.
So,
if
a
note
is
stuck
it
not
ready
on
the
cloud,
you
typically
want
to
terminate
it,
which
can
be
that
nice
drain
and
terminate
or
some
sort
of
policy
for
what
you
do
as
of
1-9
I.
A
So
they
we
really
do
need
some
controller
that
comes
in
and
will
terminate
instances
asks
for
a
certain
amount
of
time,
and
it
obviously
should
be.
It's
not
me
for
everyone,
but
it
should
be
the
default
policy.
In
my
opinion
and
I,
don't
know
whether
the
I
don't
know
what's
out
there,
that
does
this
I
thought
that
GCE
had
something
similar,
but
I
was
trying
to
find
it
and
couldn't
immediately
find
the
link.
That's
another
error
thing:
I
thought
it
might
be
another
uncontroversial
cig
project
that
is
also
well
defined
in
scope.
A
I,
don't
know
if
anyone
has
any
other
suggestions.
I
want
to
try
to
keep
the
bowl
moving
on
like
getting
a
lot
of
these
projects
going
so
that
we
are
we're
in
a
good
shape,
and
we
have
we
sort
of
avoid
the
situation
where
we
have
multiple
I
think
the
problem
is,
if
we
don't,
if
we
don't
incubate
them
within
the
sig,
in
one
well-defined
place
the
end
up
with
multiple,
and
then
we
have
a
bigger
problem
in
terms
of
unifying
them.
D
I'll
say
something
real,
quick,
Justin,
the
your
idea,
the
node
problem,
detector
kind
of
dead,
no
thing.
We
would
use
that
all
the
time
we
don't
get
it
as
frequently
as
we
used
to
previously.
We
were
on
core
OS
and
we
saw
some
more
node
specific
issues
at
that
point,
but
you
know
using
using
the
Debian
setup
from
cops.
You
know
we
don't
run
into
that
as
much,
but
I
would
love
that
occasionally
very
rarely
we
get
that,
but
yeah
I
would
I
would
help
out
in
that
area
too.
Wonderful.
A
A
E
For
it
go
for
it
so
I
figured,
you
know,
maybe
I'll
just
introduce
myself.
My
background
is
in
specifically
key
management
and
identity,
not
limited
to
that.
But
you
know
basically
I'm
a
you
know:
I'm
a
micro
service
architect.
E
You
know
my
my
background
and
key
management
is,
you
know
somewhat
somewhat
tailored
to
depend.
You
know
defense
applications,
but
now
I've.
You
know
now
I'm
curious
as
to
what
type
of
identity
providers
exists
and
overall
y'all
not
interested
in
replicating
work
done
by
Google
in
particular,
they
acquired
Apogee,
which
was
a
gateway
product.
E
The
philosophy
that
they
use
in
ur,
Google
tech
meetups,
which
are
local
to
DC,
is
largely.
They
believe
that
the
world
should
develop
rest
interfaces
and
they
should
also
you
know,
develop
the
rest
interfaces.
Just
you
know
without
any
identity
or
access
or
encryption.
So
the
philosophy
really
is,
you
know,
you
know,
have
app
developers,
you
know,
develop
their
breasts
servers
and
then,
and
then
the
thought
and
I
don't
know
the
answer
to
this
is
perhaps
you
know,
acquiring
a
gateway.
E
You
know
products
like
an
Apogee,
you
know-
or
perhaps
you
know,
integrating
with
with
vault
or
some
other
provider
has
been
somewhat
the
ongoing
issue
right,
so
they
right
now.
The
issue
is
the
offerings
are
somewhat
confusing
the
marketplaces
somewhat
crowded
and
when
I
worked
at
Comcast,
the
solution
that
we
had
at
least
400
off
and
login
from
web
for
Xfinity
was
we.
We
used
ping
identity
with
ping
federer
with
sam'l
tokens
so
for
web.
That
was
really
the
solution.
With
a
tomcat
after
running,
you
know
running
on
crab,
not
running
in
Amazon.
E
The
the
question
the
architectural
question
is:
if
I
met,
any
providers
exist
and
they
don't
want
to
share
their
credentials
in
the
public
cloud.
What
federated
service
is
available
for
gateway
from
Amazon
and
and
maybe
Amazon
has
a
gateway
instead
of
Google's
Apogee
integration
with
thing
or
maybe
we
don't
want
pain,
maybe
even
want
vault,
plus
plus
Amazon
I,
am
with
mobile
hub.
A
Yeah
I
think
I
think
that's
a
great
topic.
I
think
that
the
I
think
there
are
two
there's
I.
Think
there's
also
like
two
facets
to
that,
or
at
least
two
facets
like
there's,
there's
I,
guess,
authentication
to
the
kubernetes
api
and
there's
also
authentication
to
applications
running
on
kubernetes
I'm.
Calling
authentication
is
that
yeah
I
didn't
see,
dealing
with
communities,
applications
and
I.
A
Think
my
understanding
is
that
any
of
us
have
products
for
both
I
am
and
Gateway
something
I'm
gonna
put
fair
warning:
I'm
gonna
put
you
guys
always
bought
in
a
second
and
I.
Don't
know
if
AWS
anyone
from
teammate
West
wants
to
talk
about
I
believe
that
there's
some
integration
coming
with
I
am
and
the
communities
API
I,
don't
know
what
that
something
source
or
what
the
state
of
that
is
and
I
think
another
potential
I
don't
believe.
There
is
currently
an
integration
with
the
ADA
vs.
F
There
is
we
freakiest
we're
doing.
In
addition,
I
am
for
authentication
communities
API
as
far
as
services
running
on
readies
I.
Don't
know
that
there's
any
more
specific
integration
than
that
and
I
personally
can't
speak
to
more
we're
talk
about
Federation
of
different
identity
providers
and
I.
Don't
know
what
other
integration
there
is
there
so
I'm,
not
that
hopeful,
I
guess.
A
C
We
are
actually
working
on
making
our
changes
that
we
made
to
1/9
out
into
the
open
source,
but
the
thing
is
that
is
gonna
be
a
transient
thing
given
that,
given
that
110
has
external
Authenticator
support
right
now,
right
so
said,
that's
going
to
be
the
ongoing
kubernetes
best
way
of
having
I
am
ossification
as
well.
Does
that
make
sense?
Is
this
for
the
going
server
that
you
wrote?
C
No,
so
this
is
far
so
via
today
in
eks,
we
have
modified
version
of
communities
to
support.
I
am
right,
so
we
are
in
the
process
of
open
sourcing
that
as
well.
But
the
thing
is
this
is
going
to
be
transient.
The
110
is
going
to
have
external
Authenticator
plugin
in
the
client
girl
package,
so
which
means
that
you'd
be
able
to
bring
in
anything
in
during
the
the
help
us
aww
Authenticator.
Does
that
make
sense,
yeah.
E
C
E
My
perspective,
if
I'm
building
I,
don't
know,
let's
say
a
hello
world
server
and
I've
got
an
Android
and
all
I
want
to
do
is
connect.
And
let's
say
you
know,
my
my
login
is
Joe
and
my
password
is
password
right.
Then
then,
based
on
that,
you
know,
if
I
use,
let's
say,
AWS
mobile
hub
right
with
kognito.
E
Let's
say
right:
it's
not
clear
to
me
how
I
linked
up
with
Cognito
and
how
my
credential,
Joe
plus
password,
is
stored
right
so
that
you
know
that
login
plus
password,
you
know,
I'm
wondering
where
is
it
stored
and
I
could
I
could
obviously
invest
a
lot.
You
know
a
time
into
vault
and
store
Joe
plus
password
in
a
vault
bank,
but
but
I'd
like
to
have
an
AWS
service
like
kognito,
plus
vault
or
kognito,
plus.
Maybe
your
server
right,
your
your
secret
keeper
right.
C
E
Had
a
particular
slant
from
a
mobile
perspective,
having
done
integration
on
Android
and
and
I
have
done
some
social
authentication
with
Facebook.
Specifically,
we
can
probably
talk
offline
I've
done
some
work
and
I've
actually
got
a
patent
pending
from
Verizon
okay.
So
so,
while
this
may
be,
it's
very
early
on
scope
of
this,
but
I
haven't
interested
okay,
I'll
reach
out
to
you
and
I'll.
Just
put
my
my
email
address
here,
so
you
can
reach
out
to
me.
We
can
set
up
a
call.
Alright.
A
Thanks
guys
and
the
the
external
provider
for
for
the
AWS
I
am
integration.
The
external
my
authentic
ater
is
that
you
know
I
think
if
you
wanted
to
put
that
under
they
used
to
get
miss
umbrella,
I
I
think
that
would
be
a
good
one
to
propose
for
there
and
I
could
see
that
one
being
one
that
would
be
great
in
under
that
umbrella.
If
that's
something
you
wanted
to
do,
but
no
need
to
commit
at
the
current
time.
B
So
Bob
Bob
wisest
in
here
so
I'm
not
sure
how
much
how
far
this
conversation
is
going
to
go.
But
there
was
about
two
months
ago
there's
conversation
about
replacing
the
Debian
image
that
the
cig
owns
with
Amazon
Linux
image,
and
there
was
some
fob
needed
to
do
some
follow-up
internally
as
rar
and
Bryce.
Have
you
heard
any
news
about
that.
B
B
The
gentleman
that
were
just
speaking
each
one
there's
two
gentlemen,
that
we're
speaking
the
guy
with
the
fish
is
Chris
love
and
the
to
another
in
a
conference
room
or
a
to
the
US
and
there's
edge
var
Chris
love
got
it:
okay,
yep
cool
yeah,
any
idea
when
we
wanted
to
set
up
a
call
about
that.
Like
what
I
mean,
let
me
ask
it
better
way.
When
would
you
like
me
to
bug
you
again
about
this
question
a.
G
A
B
I
need
to
understand
I
need
in
an
image.
Hey
go
use
this
crest
to
start
off
with
there's
a
recommendation
from
AWS
I.
Think
I
have
eks
in
my
account
now,
which
would
simply
allow
me
to
piggyback
the
eks
image
as
I
can
look
at
the
ami
name
for
that.
But
do
you
guys
have
a
common
name
for
the
AKS
image?
Oh.
B
B
A
D
A
It
to
have
a
consistent
name
or
tag
or
something
across
regions,
because
it
makes
it
much
easier
for
users,
but
I
can
I
can
share
with
you
what
we
did
on
like
some
of
the
ones
that
work
well
and
some
of
the
ones
worked
less
well,
if
that's
useful.
If
well,
let
me
do
that.
If
it's
wrong
I
presume
you
guys,
did
it
correctly?
To
be
honest,.
A
E
E
G
G
G
E
C
A
Yeah
I
I
mean
what
the
the
user
facing
thing,
though,
is
like
today
on
on
Google
container
engine
on
GCE,
you
sign
name
once
you've
activated
your
Google
Cloud
account.
You
have
credentials
on
your
local
machine,
you're
able
to
access
code
using
those
same
credentials,
and
the
crazy
API
understands
who
you
are.
E
Okay,
okay!
Well,
we
could
take
this
offline,
I'm
kind
of
experimenting
and
I'm
new
here,
I'm
a
little
bit
handicapped,
I!
Don't
I
don't
want
to
have
eks
preview
access
so
so
right
now,
I
can
only
run
kubernetes
it
locally
on
Mac,
but
you
know:
I've
been
trying
to
get
my
head
wrapped
around
this.
This
Apache
gateway
I,
really
don't
like
Google
Appaji,
so
I'm
hoping
to
have
an
Amazon.
You
know
ecosystem,
so
my
goal:
how
this
would
be
just
to
get
rid
of
Apogee
and
forget
about
them.