►
From YouTube: SIG Azure community meeting 20180124
Description
A
If
you
want
to
follow
along
after
the
fact,
the
agenda
and
notes
are
available
at
bit
that
lis
/I
sig
azure,
and
you
can
look
there
and
see
what
the
how
come
in
this
meeting
was.
Basically
what
we're
gonna
do
is
just
run
through
really
quickly
what
the
work
in
flight
is
and
talk
about.
If
there's
anything
that
we
see
is
a
risk
for
r110
cadence
and
go
from
there.
A
So
without
further
ado,
if
you
could
sign
into
the
agenda,
that
would
be
great,
so
I'm
gonna
paste
a
link
to
that
in
chat,
so
you've
got
it
handy,
but
go
ahead
and
put
your
name
and
company
there
and
we'll
make
sure
that
you
are
represented,
and
so
without
further
ado.
Let's
talk
about
our
110
priorities,
so
I
I
want
to
give
a
big
shout
out
to
Cal.
Thank
you
so
much
for
running
the
the
prioritization
planning.
When
that
happened
last
time
unfortunately
had
a
really
surf
Amalie
crisis.
A
At
the
same
time,
so
I
wasn't
able
to
make
it
and
I
do
sincerely
appreciate
your
help,
getting
that
organized
so
from
that
list.
Basically,
if
you
look
in
the
agenda,
we
have
a
list
here,
that's
based
on
priority,
so
the
P
zeros
are
first
P
1
P
2
's.
So
what
I'd
like
to
do
is
just
kind
of
go
down
the
p0
list
here
to
start
and
see
if
there's
anything
that
we
have
to
update
Cal
I
know
you
have
workers
in
your
house,
so
it
might
be
kind
of
noisy
there.
Do
you
feel?
B
Yeah,
so
let
me
go
through
this,
so
as
your
kms,
the
work
is
started.
This
is
the
G
RPC
implementation,
not
entry,
work
is
started
and
we're
on
track
to
deliver
on
110
I
do
believe
with
the
level
a
lot
earlier
than
end
of
Feb,
which
is
the
time
that
that
cutoff
for
click
code,
freeze
and
stuff,
like
that,
so
it's
on
track,
I
should
I
think
by
next
iteration.
We
should
have
at
least
a
basic
basic
code
running
for
kms.
This
is
using
agile,
key
volt.
B
B
B
Is
a
bit
stagnant
right
now,
it's
slower
than
what
I
what
I,
what
I
expect
it
to
be?
However,
I?
Let's
not
change
the
fact
that
it's
not
it's
not
gonna
make
it
on
110.
It
will
make
it
to
Antoine
10,
maybe
just
a
little
bit
late,
more
working
hours
or
at
the
end
and
so
on
the
abbe
gateway.
So
the
idea
is
to
have
as
an
application
gateway
as
an
English
controller.
This
is
a
stagnant
actually
and
stop
moving
and
we're
looking
for
help
for
help.
C
C
A
C
B
B
The
traffic
is
terminated
at
the
edge
gateway
and
then
another
set
of
traffic
flows
into
that's
a
basic
feature
of
Gateway
and,
as
you
said,
a
lot
of
people
are
interested
in
this
for
security
compliance
is
have
in
mind.
How
would
you
look
like
is,
from
a
cop,
honest
perspective,
as
you
will
create
an
English
resource,
that's
the
use
case
of
type
as
a
gateway
and
on
it
it
in
some
way,
and
then
the
the
this
will
created
that
this
will
be
created
for
you,
similar
how
the
the
nginx
work.
C
B
The
basic
idea:
that's
the
basic
use
case
we
have
in
mind
that's
strike
from
as
your
point
of
view
and
described
from
Copernicus
point
of
view.
At
the
end
of
the
day,
there
will
be
an
app
gateway
and
resource
group
running
in
your
V
net
right
there
would
be
some.
Obviously
when
we
talk
design,
there
will
be
some
ideas
around,
because
the
app
gateway
the
dedicated
is
quite
expensive.
B
A
B
So
the
way
I
see
it
based
on
my
interactions
with
customers,
partners,
users
and
everybody-
is
trying
to
use
the
copper
nets
on
address
the
we
like
highly
strick
compliant
regulatory
environments
such
as
banks,
financial
institutions
and
so
on.
This
is
the
typical
request
from
security
people.
Security
teams
to
devs
is
terminate
the
traffic.
All
the
traffic
needs
to
be
terminated
and
I.
Think
I
did
way.
Delivers
this
quite
nicely.
So
we'll
see.
B
Okay,
v13
provided
at
the
last
time
I
described
this
I
went
through
it
and
I
said
what
we
have
right
now
is
a
job
that
synchronized
the
entry
provider
wrap
it
up
in
an
it
separate,
executable
in
and
out
of
three
provider.
The
only
reason
the
code,
the
code
is
there
right
now,
it's
known
as
your
user
username.
A
An
update
for
that
too,
and
that's
that
it
looks
like
we're.
Gonna
have
a
top-level
kubernetes
repo
for
this
instead,
so
we're
gonna
have
we're
gonna,
have
the
ability
to
bypass
all
the
legal
crap
and
also
inherit
the
CN
CF
CLA,
and
also
all
the
automation
from
prowl
and
tide
and
whatnot.
So
we
basically
are
gonna,
have
a
tremendous
leg
up
to
make
this
happen
faster
and
more
efficiently
and
also
continue
with
contributors
working
on
this.
In
the
same
way,
they
do
Corcoran
Eddy's.
So
that's
really
good
news.
Yes,.
A
B
A
B
A
B
B
Alright,
so
moving
forward
the
agile
disk
encryption
still
in
design
phase
right,
the
idea
is
to
support
encryption
for
your
discs
when
you
mount
them
on
on
notes.
Right
what's
happening,
is
that
the
basic
plan
we
have
in
mind
is:
there
will
be
a
key
vault
anyway,
with
every
copper
Ness
cluster
on
edge
as
your
keyboard
for
secret
management
for
kms.
So
we
are
won't
use
this
key
vault
for
discs
as
well.
I
cannot
really
tell
if
it
will
make
it
up
to
110
or
110
X,
but
it's
moving.
B
Maybe
next
time
I'll
have
more
update
answers
explicit
MSI.
This
is,
let
me
walk
through
what
explicit
MSI
is
today
when,
when
you
use
copper
nets
as
coconuts
on
adjure,
you
have
the
choice
of
using
either
a
service
principle
or
something
called
MSI
a
service
principle.
As
you
go,
and
you
create
similar
to
surface
account
feature
you
create
a
service
account,
you
give
it
a
user
name
and
you
give
it
a
password,
and
then
you
go
have
this
username
and
password
as
a
file
configured
and
every
agile.
B
No
time
message:
every
edge
of
coconut
hold
on
master
this
works,
but,
as
you
can
tell
it's,
not
exactly
the
best
way
to
go
to
do
things
so
agile
has
this
feature
called
MSI,
which
is
managed
service
identity
where
each
node
gets
an
identity,
and
then
you
can
grant
access
to
this
identity
on
Azure
resources,
just
Papapa
such
as
arm
and
so
on.
This
again
works
really
well,
but
you
have
identity
per
node
which
really
interesting
because,
right
now
we
have
to
grant
every
single
node.
B
You
have
a
float
cluster
that
goes
up
and
down
scale
up
the
skin
down.
This
is
not
gonna
be
easy
to
operate.
The
new
iteration
of
this
is
something
called
explicit
MSI,
where
you
can
group
the
entire
cluster
or
parts
of
the
cluster.
If
you
were,
if
you
want
into
an
identity
that
identity
becomes
what
you
grant
access
to
or
revoke
access
to
this
is
this.
Work
has
been
stored,
distorted
and
it's
on
track
for
110.
B
C
The
next
one
question
one
question
like
this
is
my
size:
staff
is
going
to
work
like
all
always
Shura
staff,
or
is
it
going
to
work
only
for
like
you?
Yes,
because,
like
we
haven't
the
biggest
problem
today,
we
have
like
one
in
u.s..
Everything
cooks
works
and
we
go
to
Germany.
Our
peaches
doesn't
work
or
doesn't
exist
at
all.
I
just
give
you
is
like
this
msi
stuff
is
like
global
everywhere,
or
is
it
just
you
and.
B
B
Your
question
so
as
you
as
a
cloud
is
separated
to
what
we
call
as
your
cloud
or
sovereign
clouds,
as
your
cloud
is
what
you
get
basically
everywhere:
north
Europe
West
Europe
the
data
centers.
We
have
US
Canada,
result
and
all
of
these
places,
and
then
there
is
discovering
clouds
for
a
lot
of
reasons.
We're
not
gonna
go
into
why
we
have
them,
but
they
are
clouds
that
are
not
directly
managed
by
Microsoft
right.
Those
are
the
clouds
in
US
government,
the
one
in
Germany,
the
one
in
China
are
the
three
main
main
ones.
B
A
B
About
about
as
your
clock
will
they
be
in
hazard,
sovereign
clouds?
Yes,
they
will
be
about.
They
will
take
more
time.
The
reason
behind
that
is
that
along
go
to
private
process,
can
I
tell
you
when
or
there
like
a
rough
difference
between
let's
say
on
January.
First
I
deployed
it
on
the
close.
The
feature
on
Azure
cloud
should
I
expect
it
by
February.
First
I
cannot
really
say
that,
because
it
depends
on
the
future
and
the
infrastructure,
you
choose
I'm.
B
That
particular
reasons
we
don't
remove
feature.
This
is
one
of
the
reasons
we
do
that.
Keep
that
in
mind
we
don't
remove
features
out
of
the
cloud
provider,
so
the
service
principle.
They
still
support
it,
for
you
to
use
for,
for
sovereign
clouds
on
tell
the
newer
feature
hits
the
cloud
you're
interested
in
such
as
Germany
cloud
makes
sense.
Yeah.
C
But
again,
like
my
concern,
is
like
I
know,
like
my
security,
guys,
ready
to
freak
out
that
we
have
fun
on
disk
like
all
this
serious
principles
and
they
like
I'm,
we
keeping
them
intact
for
now,
but
they
will
like
soon
like
freak
out
like
Hilton.
Oh,
you
have
on
every
cortical
shell,
which
brings
about
for
like
holy.
Do
stuff
like
this
is
their
concern,
understood.
B
B
A
D
Wanna
mention
that
we
are
there's
a
statement,
work
being
submitted
from
cloudBees
I
think
this
is
doing.
Actually
we
do
in
order
to
start
adding
tests
for
mainland
kubernetes
that
run
worthy.
We
run
the
end-to-end
tests
on
Azure
and
we're
crossing
me
doing
this
for
Windows.
So,
though,
probably
will
probably
start
coming
into
this
meeting
as
well
as
the
sink
testing
meeting
and
giving
updates
around
that.
So
there's
some
movement
happening
there,
cool.
A
D
So
the
whole
the
statement
of
work
has
that
as
part
of
the
acceptance
criteria,
so
it
will
run
through
just
like
the
GCE
test
do
now
or
g
KH
s
or
sorry,
HS
do
and
and
all
that
that'll
be
published
the
same
way
and
part
of
the
things
I'm
gonna
help
work
on
is
also
being
able
to
make
sure
these
are
run
easily
Rumble
locally
right.
Just
like
the
ACS
agent
tests
are,
and
things
like.
That's
their
customers
in
didn't.
Take
advantage
of
using
these
as
like
a
diagnostic
tool,
potentially.
D
D
D
B
D
And
yeah,
so
when
it
so
when
the
so
right,
when
you
have
the
ingress
controller,
creates
a
automatically
creates
the
public
IP
with
the
load
balancer
right,
you
want
to
be
able
to
sign
a
DNS
label
to
that
IP.
There's
there's
a
PR
and
I
couldn't
find
it
on
the
call
here,
but
there's
a
PR
that
enables
the
DNS
label
for
services,
but
but
for
ingresses,
I
didn't
see,
I
didn't,
say:
I'm.
E
D
D
B
D
B
D
B
E
Yeah
David
as
part
of
your
as
part
of
your
Ingrid
appointment,
you
should
be
deploying
a
service
object
like
an
ingress
itself,
doesn't
get
an
IP.
Those
are
just
random,
pods
running
so
there's
a
service
there,
that's
substracting
the
the
ingress
to
the
ingress
controller,
which
you
should
just
be
able
to
put
your.
A
D
That's
nice
with
that
is
to
have
the
attached
to
the
Traffic
Manager,
because
then
that
allows
I
mean
that's
one
option
right,
so
you
could
you
could
throw
the
Traffic
Manager
use
the
public
IP,
which
requires
DNS
label
and
then
that
way
that
provides
a
mechanism
for
testing
and
production.
It
also
provides
a
mechanism
for
a
kind
of
gradual
roll-off
of
individual
clusters.
B
D
C
B
In
order
for
you
to,
there
are
three
things
you
need.
You
need
ingress
deployment,
you
need
an
English
resource
object
and
you
need
a
service.
Yeah
controller
needs
to
have
a
DNS
table
that
will
give
you
one
DNS
table
for
any
IP
or
any
route
exposed
by
this
English
controller.
If
you
need
different
FQ
the
ends
assigned
to
the
same
English
controller,
then
you
need
to
deploy
external
DNS,
the
equivalent
project
which
have
as
your
support
and
it's
actually
quite
stable
and
assigned
add
de
niƱas,
a
notation
or
Arcadian
annotation
on
your
languages.