►
From YouTube: Kubernetes SIG Azure meeting 10 18 2017
Description
A
Hello,
everybody
welcome
to
sake
Asher
for
Wednesday,
October,
eighteenth
2017,
I'm,
your
moderator,
Jason,
Mars
I
am
the
communities
and
basa
door
for
Microsoft,
and
we
have
a
light
meeting
today.
So
we
may
not
even
get
through
the
agenda,
but
if
you
want
to
see
the
agenda
after
the
fact
and
notes
it's
available
at
bit,
dot
least
less
safe
measure.
So
you
know
one
thing
we
were
just
talking
about
before
the
recording
started
was
documentation
specific
to
Azure
permissions
model
and
how
do
we
provision
least
privilege
clusters?
A
B
Yeah
so
first
I
was
wondering
if
you
know
about
the
the
signature
model
and
obviously
we
do
have
that
ability.
So
then
the
next
question
is:
if
anyone
has
any
documentation,
related
gardening
to
what
kind
of
privileges
or
needed
to
do
what
type
of
functions,
if
they
do,
maybe
kicking
off
an
effort
to
get
all
that
consolidated
into
some
form
of
documentation
which
would
kind
of
flow
nicely
into
Doc's
for
Azure,
when
it
does
the
out
of
cloud
provider,
move
route
of
tree
provider,
move.
A
B
A
Our
back
is
always
feels
like
the
on
the
edge
of
disaster,
yeah,
okay
cool.
So
unfortunately,
Cal
is
not
here
to
talk
about
the
key
ball
integration,
but
he
did
message
me
privately
earlier
in
the
week
said
that
it
was
delayed,
but
there
were
some
predicates
that
were
done
in
terms
of
the
the
ACS
engine
part,
so
that
is
basically
teed
up
to
get
done,
but
we
don't
know
exactly
what
the
delivery
date
on
that
will
be
cloud
provider.
Breakout
right
now
is
is
a
little
bit
stalled.
A
We
might
need
to
touch
base
with
the
team
in
Beijing
and
find
out
what
what
is
being
done
there
and
to
get
a
get
an
update
to
you
all
the
work
is
already
sort
of
SPECT.
So
if
anybody
is
feeling
like
they
need
into
that,
there's
certainly
nothing
to
prevent
anybody
from
doing
that,
because
right
now
I,
don't
think
there's
any
work
happening
on
the
side.
So
if,
if
if
we
spend
up
some
work
around
that,
that
would
be
I
think
really
helpful.
A
B
They're,
certainly
not
gonna,
be
any
pressure
for
1-9
to
be
moving
anything
out
of
tree
yeah,
they're
kind
of
looking
at
probably
GCE
taking
biting
the
bullet
and
being
the
first
try
to
move
out
as
a
example,
and
that
is
obviously
ongoing.
I
notice
that
there's
still
stuff
that
needs
to
be
resolved,
but
how
to
even
do
this
stuff
out
of
tree
yeah.
A
That's
I
mean
so
I
feel
like
Siddhartha
was
the
guy
who
sort
of
kicked
this
off,
and
then
you
know,
got
the
ball
rolling
he's
you
know
started
his
own
company
now
and
he
sort
of
off
doing
other
things
and
I
think
that
it's
you
know
it's
one
of
those
things
with
open
source.
You
get
some
of
these
sort
of
a
champion
of
something
and
they
run
with
it
and
then,
if
they
drop
the
ball,
it's
sort
of
like
you
know,
which
is
fun
I
mean
they
shouldn't
have
to
you
know.
B
There
is
a
meeting
later
today:
okay,
that's
kind
of
working
group,
that's
kind
of
managing
that
you
know
I've
been
going
to
that
meeting
as
well,
and
that's
kind
of
what
I'm
saying
that
there
there's
still
unknowns
and
some
issues
to
be
resolved,
especially
as
I
said
our
on
storage.
So
it
is
still
moving
forward.
It
did
get
stalled.
B
It
is
moving
forward,
but
and
I
kind
of
mentioned
this
in
the
last
meeting
that
you
know
that
they
they
kind
of
needed
to
work
on
updating
the
status
and
the
message
to
lease
the
cloud
providers
on
what
the
goals
and
strategy
is
currently.
So
it
is
moving
forward
and
they
are
just
saying:
hey
we're
gonna,
we're
not
asking
anybody
to
do
anything
until
we
have
at
least
one
or
two
in
trout
include
entry
providers
that
have
moved
out
that
can
be
used
as
examples
right.
B
A
I
mean
important
yeah
that'd,
be
super
helpful,
fantastic.
Thank
you.
Let's
see
so,
okay,
so
then
yeah
well
we'll
touch
base
on
that
in
a
couple
weeks,
a
little
more,
then
you
see
Accenture
and
I.
Don't
know
if
anybody
on
the
call
has
an
update
about
what's
up
with
ACS
engine
I
do
have
an
update
here
about
conformance
testing.
If
nobody's
going
to
talk
about
AC,
essential.
A
Okay,
ACO
syndrome
not
happening
so
I,
the
conformance
testing.
So,
as
you
all
may
know,
I'm
the
CN
CF
has
been
working
on
essentially
creating
a
conformance
program.
That
is
a
way
of
saying
you
know
your
kubernetes
cluster
is
is
at
least
alignment
with
the
base
standards
that
we've
that
we
asked
for
in
terms
of
capabilities
that
one
could
call
it
kubernetes.
A
The
reason
for
this
is
that
what
they're
trying
to
avoid
is
some
you
know
spurious
cloud
popping
up
somewhere
and
saying:
hey
we're
cloud
communities
and
basically
it's
a
fork
or
it's
some.
You
know,
like
you,
have
half
done
way
of
doing
it,
just
to
try
and
cash
in
and
ingestion
on,
the
kubernetes
name
or
whatnot
yeah.
A
So
it
also
allows
cloud
providers
to
establish
a
baseline
of
functionality.
So
if,
if
you
know
I
have
my
company
and
I
have
my
workloads
and
I
want
to
be
multi
cloud
or
I
want
to
easily
pour
my
workloads
between
gka
and
Azure,
then
I
can
do
that.
So
it's
really
insurance
the
community
as
well.
So
it's
protecting
communities,
the
name
and
it's
also
providing
some
insurance
to
to
customers
that
your
workload
should
work
just
fine
on
a
cloud
that
says
that
they're
they're
conforming.
A
So
one
of
the
things
that
was
in
the
conformance
test
was
a
can
I
reached
the
internet
test
and
that
was
done
via
an
ICMP
ping
which,
as
you
know,
if
you're
in
the
system's
wrong
ICMP
is
probably
the
least
countable
protocol
that
you
can
expect
in
any
kind
of
production,
environment
and
as
you're,
just
as
a
general
rule,
does
not
provide
ICMP
traffic
across
general
nuts.
So
when
this,
when
ACS
engine
was
spinning
up
lagunes
cluster,
it
was
not
passing
the
performance
test
on
that
one
test.
A
A
C
C
It
okay
perfect,
because
I
need
to
do
that.
Actually,
today,
just
a
quick
question
is:
we
still
haven't
resolved
the
issue
around
upgrading
an
existing
like
1.75
cost
at
the
1.8.
It's
basically
tear
down
and
rebuild
correct
right
now.
That
is
true,
as
we
don't
know,
did
you
support
or
anything
like
that
right,
right
and.
A
A
It
is
a
pain,
you
know
that
they
I
mean
I'm,
sure
you've
got
the
messaging
totally
under
control,
but
it
is
a
day.
That's
actually
a
compelling
business
case
to
say
that
you
have
enough
disaster
recovery,
fungibility
on
your
workloads
that
you
can
completely
turn
down
your
production,
vermin,
Rhian,
restart
it
somewhere
else.
That's
it.
That's
at
least
a
compelling
recovery
case.
Yeah
I
mean
because
we're
just
using
because
volumes
right.
Oh.
C
A
C
C
You
know
right
now,
it's
manageable,
because
we
only
have
really
on
predominant
cluster
as
we
get
our
new
geo
locations.
We're
gonna
spin
up
separate
clusters
because
of
data
so
venturi
and
although
some
issues
right
we'll
have
the
messing
in
different
geographical
locations
and
then
it
becomes
within
expanding
the
issue
of
trying
to
upgrade.
Now,
instead
of
one
cluster
managed,
we
got
three
or
grade
right
yeah.
That
is.
C
A
C
To
yeah
some
of
the
I
go
to
do
a
PR
back
on
the
is
your
community
secrets
bolts,
because
some
of
that
wasn't
correct
and
the
other
one
that
I
hit
was
admin.
You
windows
so
I'm
running
a
hybrid
cluster,
both
windows,
nodes
and
Linux
nodes,
because
we
have
to
support
legacy
net
full
applications
as
well
as
our
more
cord
on
their
core
and
other
go
based
applications.
C
C
We
had
a
security
review
yesterday
with
our
security,
IT
GE
and
security
team
yesterday,
at
the
whole,
how
we
set
up
a
cluster
and
one
of
the
big
things
that
probably
and
I
haven't
seen
a
lot
of
information
about
it
like
they
use.
Forensic
tools
like
encase
and
stuff
like
that
and
getting
integration
into
the
kubernetes
cluster
is
one
that
we're
working
with
them
right
now.
A
You
know
one
thing
I
would
point
them
to
is
that
the
CIS
standards
around
communities
are
seem
pretty
sane
and
good,
and
that
gives
a
practical
framework
for
working
against
and
I
believe
somebody
came
up
with
a
scanning
tool
that
actually
will
tell
you
what
things
in
the
CIS
hardening
standards
are
not
present,
so
that
would
be
I
would
highly
recommend.
Looking
at
that.
A
Pretty
cool
yeah,
that's
you
know.
Actually
that's
that's
one
of
those
things
that
is
a
huge
hallmark
of
when
you're
getting
into
the
enterprise
realm
and
I.
Think
this
was.
You
know
surprising
that
there
wasn't
a
bigger
deal
made
about
this
recover
Nettie's,
because
if
you
have
a
CIS
hardening
standard
around
it,
then
it
basically
means
that
enterprises
of
any
size
can
and
can
adopt
the
technology
and
have
a
ought
it
framework.
Because
I'm
tell
that's
in
place,
you
have
no
way
of
knowing
what
is
or
isn't
compliant,
so
they.
A
A
good
place
to
start
I
think
it's
pretty
much
the
most
of
it.
Yet.
Okay,
all
right!
Thank
you
appreciate
that
yeah
absolutely
another
another
recommendation,
I
have
is
there's
a
product
called
twist.
Lock,
that's
a
IND,
clustered
container
scanner
and
essentially
is
a
is
a
way
of
determining.
If
your
base
image
that
you're
building
containers
from
has
any
vulnerabilities
in
it,
it
also
allows
you
to
do
a
scanning
pass
before
anything
goes
through
your
CI
CD
pipeline.
A
So
essentially
you
can
have
it
say
that
if
it
doesn't
pass,
you
know
a
check
like
it.
For
some
reason,
somebody
has
turned
on
SSH
and
a
container
or
done
something
that
you
don't
permit.
It
will
actually
send
a
hook
back
to
your
CI
CD
engine
and
stop
the
deployment.
So
it's
not
just
it's
a
really
will.
C
Be
we
need
a
customized
with
CI
l,
CI
C
DS
dominations
mm-hmm,
so
we
actually
do
end
up
a
slave
and
do
the
whole
deployment
and
everything
testing
on
that
through
jenkins,
and
then
we
tear
it
down.
We
have
it
for
linux
running
well
now,
but
we
know
it's
we're
still
working
on.
Some
of
the
me
gets
keep
CTL
on
to
the
slave
and
on
the
windows
and
all
that
yeah.
A
That's
a
little
more
challenging
for
sure.
Okay,
cool,
okay!
Well,
that's
exciting
all
right!
Well
then,
let's
go
through
we'll
wrap
up
the
agenda
here
didn't
know.
Prs
and
flight
release
updates.
One
nine
release
team
has
formed,
so
our
release
lee
this
time
around
is
anthony.
Yeah
from
google
release
lead
backup
as
myself,
so
I'll
still
be
deep
in
the
trenches
of
one
nine
1.82
we're
expecting.
Hopefully,
this
week,
I
anticipate,
maybe
Thursday.
Tomorrow
is
a
possibility
and.