►
From YouTube: SIG Cloud Provider 2022-08-31
Description
Agenda: https://docs.google.com/document/d/1OZE-ub-v6B8y-GuaWejL-vU_f9jsjBbrim4LtTfxssw/
[dmoiseev] Introduce well-known tag for exclude subnets within a auto-discovery procedure for ELB backed services
https://github.com/kubernetes/cloud-provider-aws/issues/442
[jyotimahapatra] As a cluster operator I don’t have a mechanism to shift leadership away from an impacted AZ. https://github.com/kubernetes/kubernetes/issues/111899
[bridgetkromhout] https://github.com/kubernetes/kubernetes/pull/108095 - looking for more feedback/replies so we can get this resolved
B
Okay
welcome
everyone
today
is
August
31st
2022,
and
this
is
the
Sig
cloud
provider
community
meeting.
We
follow
the
kubernetes
Sig
Community
guidelines,
which
essentially
means
raise
your
hand.
If
you
want
to
talk-
and
you
know
please
tweet
out
each
other
as
you
would
expect
to
be
treated
or
explicitly-
please
be
kind
to
each
other.
B
All
righty,
so,
let's
see
normally
we
go
through
triage
at
the
beginning
of
these
meetings,
but
as
we
are
running
in
kind
of
a
limited
capacity
today,
I
think
we'll
we'll
come
back
to
triage
at
the
end.
If
we
have
time
we
do
have
a
couple
agenda
items
today,
so
I
guess
we'll
go
through
the
sub
project
updates
to
begin
with,
and
it
doesn't
look
like
there
are
any
recorded
currently
are
there
any?
Would
anyone
like
to
make
a
sub-project
update
that
isn't
already
on
the
on
the
agenda.
B
C
Yep,
so
here
you
could
see
the
link
under
GitHub
issue,
which
I
created
a
couple
of
weeks
ago
already,
and
that's
about
design
discussion
of
possible
like
labels
to
exclude
load
balancers
from
Auto
Discovery
Logic
on
AWS.
So
the
issue
which
we
have
faced
within
Red
Hat
was
basically
about
that
new
availability
zones
which
jws
was
introduced,
namely
wavelength
zones
that
far
Edge
zones
and
so
on,
and
these
zones
have
a
limited
capacity,
not
not
capacity
but
limited
capabilities
in
terms
of
which
load
balancers.
C
We
could
use
so
and
we
faced
quite
a
lot
of
issues
because
Cloud
controller
manager
tries
to
attach
machines
to
load
balancers
which
are
not
intended
to
like
use
in
these
zones.
So
here
I
just
want
to
I.
Don't
know
ask
about
what
people
thinking
about
that
design,
which
I
propose
how
I
can
proceed
with
that?
Further
will
I
need
to
prepare
some
enhancement
documents
yeah.
These
kind
of
things
so
basically
want
to
have
some
feedback
on
on
the
thingy.
So.
A
C
B
C
C
That's
for
mixed
clusters,
specifically.
So,
for
example,
we
have
an
existing
clusters
and
we
want
to
add,
like
sublins
and
virtual
machines
within
like
wavelength
Zone,
and
if
we
have
that
kubernetes
IO
slash
cluster
cluster
ID
tag
on
this
entities
like
subnets
and
the
virtual
machines,
so
the
CCM
would
try
to
attach
this
to
existing
load
balancers
so
which
breaks
Cloud,
control
and
manager.
Effectivoice.
C
D
D
C
C
No
I
here
I
mean
that
auto
Discovery
logic,
which
we
have
within
Cloud
controller
manager,
which
looks
at
which
looks
at
tags
so
it'll
be
taxed
on
on
that,
so
it
would
be
attached
if
it
marked
as
like
kubernetes
dot
IO
cluster
with
cluster
ID.
It
would
be
attached
so
if
we
could
specify
explicitly
that
we
do
not
want
to
attach
these
concrete
subnets
there's
a
lot
balancer.
That
would
solve
at
least.
D
D
B
A
D
B
D
B
B
F
Hi
guys
this
is
my
first
time
in
this
meeting
so
hi
my
name
is
and
I
work
with
Nick
and
Kishore,
and
all
the
other
AWS
guys
there,
like
cluster
operator,
manage
a
lot
of
clusters,
look
at
issues
that
arise
from
them
and
with
Cloud
providers.
One
of
the
given
things
is
in
AC
outage
could
happen
so
I
wanted
to
I
have
thoughts
about
that
when
these
things
happen
most
times.
These
are
Byzantine
problems.
F
We
can't
handle
them
well
and
one
of
the
things
that
happened
last
time
was
the
CCM
controller
was
able
to
establish
the
lilies
because
hcd
connectivity
was
not
broken,
but
the
leader
which
held
the
lease
was
not
able
to
connect
to
the
Internet.
So,
even
though
there
was
a
leader
for
CCM,
it
was
not
very
useful
and
CCM
makes
so
many
calls
and
there
are
heuristics
to
say
how
how
to
kill
CCM
process.
F
If
I
see
these
patterns
of
failure,
because,
let's
say
SPS
like
IAM,
fails
or
elb
calls
failed
or
just
DNS
fails:
Anything
Could
Happen.
My
proposal
here
was
that
we
make
something
that
a
cluster
operator
can
hit
a
crd
or
something
of
that
sort,
and
the
leader
election
mechanism
looks
at
that
and
weighs
away
kind
of.
But
apart
from
that,
the
proposal
I
wanted
to
just
hear
out
because
other
platforms
are
here.
F
How
would
it
how
do
they
think
about
this
problem
of
zonal
outage
and
partition
notes
where
leagues
is
able
to
get
established,
but
the
thing
cannot
really
work
and
it's
really
not
for
CCM.
Certainly,
but
CCM
is
where
it's
a
compass
component
and
when
I
went
to
API
Machinery,
they
said
that
you
could
Implement
a
live.
Z
and
Lively
could
fail,
that's
great,
but
for
CCM
I
don't
know
how
to
implement
a
good
live
Z
that
could
fail
on
like
zonal
outages,
so
yeah,
that's
the
context.
I
can
answer
more
questions.
E
F
G
F
We
have
like
two
or
three
hcd,
sorry,
two
or
three
Master
instances.
I
can
apply
the
crd
reliably
through
any
master
and
because
the
bad
Master
can
still
come
to
HD,
it
will
know
well
I
have
to
relinquish.
This
is
only
relevant
when
HDD
connectivity
is
present.
If
hcd
compute
is
not
present,
it's
a
mood
point
because
it's
easily
broken
things
are
good.
This
is
only
when
a
master
could
still
talk
to
hcd
but
can
not
connect
to
anyone
else.
A
B
If
there's
a
zonal
outage,
and
you
have
a
you-
have
a
control
plane,
node
that
has
that
CD
on
it
and
obviously
it
can
communicate
with
itself,
but
like
would
it
lose
quorum
to
the
other
FCD
members
then
like,
if
you
had
a
crd
that
was
generated
in
one
place,
how
how
could
you
assure
that
it
got
propagated
to
the
rest
of
the
cluster
if,
like
especially
if
you're
at
your
control
plane
set
out?
You
know
across
zones
or
something
like
that
and
you
had
a
Zone
allowed.
G
We
already
know
that
the
leader
release
is
hold
by
the
last
remaining
instance,
so
it
kind
of
assumes
that
the
LCD
connectivity
is
still
there,
because
if
there
would
be
no
LCD
connectivity,
the
last
leader
would
lost
the
the
the
leader
on
the
instant
that
has
that
also
it
would
be
released
and
the
leader
would
jump
to
some
other
instance.
So
it
kind
of
assumes
that
we
have
this
LCD
connectivity,
yeah.
F
So
it's
not
actually
is
on
the
bat.
Node
actually
has
three
different
VM
setups
master
has
two
different
VMS
setup
and
they're
on
the
same
VPC,
so
the
partition
has
not
affected
them,
but
getting
into
the
node
working
any
function
out
of
the
node
to
connect
to
internet
is
not
working,
let's
say
so:
yeah
I
I
faced
probably
five
or
six
such
customer
issues
where
these
things
happen
over
like.
If
you
operate
like
some
thousands
of
clusters,
this
is
an
edge
case
and
even
1.1
percent
would
be
probably
in
hundreds.
F
F
Yeah
that
that
doesn't
work
yeah,
it's
probably
we
can
call
it
like
lease
dealing,
but
the
default
lease.
The
parameters
is
every
two
seconds.
It
tries
to
take
a
lease
for
next
15
seconds
so
and
it's
not
reliable
to
say
that
yeah
I
could
steal
the
lease
for
a
bit,
but
the
bad
note
could
still
take
the
lease
over
again.
It's
not
a
reliable
way.
F
G
B
F
Okay,
so
in
in
the
short
term,
the
way
I'm
thinking
is
I
could
still
Implement
a
live
CJ
which
I
control
and
I'll
I
can
look
at
this
object.
So,
instead
of
leader
election
object,
looking
at
it
and
doing
its
stuff,
I
can
still,
in
the
short
term,
look
at
it
from
the
live
Z,
but
I
have
to
implement
like
10
lives.
These
CCM
search
controller,
KCM
scheduler,
and
the
list
goes
on
and
it's
not
extensible
to
any
component
that
that's
out
there
right,
so
I
could
still
go.
A
Yeah
I
had
a
question
for
Josie
about
the
police's
like
yeah
I,
probably
should
wait
till
he
comes
back,
but
the
my
understanding
is.
Each
of
these
components
is
using
the
default
Cube
lease
algorithm,
and
so
they
need
access
to
a
working,
API
server
to
be
able
to
renew
their
lease.
If
there's
a
failure
in
their
networking,
then
they
won't
be
able
to
talk
to
the
API,
and
so
they
won't
be
able
to
renew
the
lease
at
which
point
they
should
give
up
and
normally
panic.
G
B
And
just
just
to
back
up
a
little
a
little
bit,
Jyoti
I
think
before
you
dropped
out.
You
were
talking
about
the
current
workaround
and,
if
I
understand
that
clearly
you're
creating
liveliness
probes
for
all
these
things,
yeah
and
I
think
we
missed.
We
missed
the
end
of
your
statement
there.
So
maybe,
if
you
could
just
kind
of
finish
your
thought,
yeah.
F
So
I'm
going
to
implement,
live,
Z
checks
for
many
components:
CCM
cert
controller
scheduler,
many
other
things
that
I
am
interested
in
as
an
operator.
What
I
I
think
is.
It
will
be
good
as
an
operator
if
I
hit
a
well-defined
label
or
pattern
create
a
crd
and
the
lease
object
of
all
leadership.
Election
based
components
could
benefit
from
that.
As
a
cloud
operator.
I
know
that
here's
the
time
for
the
next
one
hour
this
zone
is
bad.
F
So
any
anybody
who
is
a
team
who
is
using
the
cluster
I'm,
not
in
direct
contact
with
them,
I
just
created
a
cluster
for
them.
They
could
know
that
there
is
crd.
They
don't
have
to
do
that
themselves.
The
leader
election
controller
knows
about
that
and
turns
it
away.
Saying
I
should
not
be
the
leader
I'm
in
the
bad
Zone,
and
somebody
else
should
take
over
and
relinquishes
the
controls
and
never
takes
it.
There
could
be
TTL
safety
that
doesn't
happen
for
more
than
15
minutes.
B
Okay,
so
that
that
sounds
very
actionable
to
me
and
that
I'm
guessing
that
might
be
in
the
discussion
on
this
issue
here.
But
you
know
the
notion
of
being
able
to
say:
okay
I'm,
going
to
apply
this
label
that
describes
there'll,
be
a
zonal
outage
and
so
like
this
component
should
release
its
leadership
and
another
one
should
take
it.
That
is,
that
am
I
hearing
that
correct
yeah.
F
Okay
kind
of
that
and
this
third
controller,
which
is
not
an
AWS
vendor
thing,
it
could
take
benefit
from
that
and
move
away
to
a
different
component
right
controllers
in
as
your
gcp.
Anybody
writing
a
controller
could
use
this
mechanism
to
move
away.
Leadership
and
zones
are
a
thing
in
all:
Cloud
providers.
B
F
I'm,
looking
for
like
people
who
record
brainstorm
with
people
in
SRE,
Yorks
in
your
organizations,
I
could
take
contact.
I
could
reach
out
to
you.
Next
I
mean
people
on
this
call
to
see
who
I
could
talk
to
people
who
are
sres
might
be
dealing
with
customers.
They
might
be
seeing
one
of
issues
like
that
and
I'm.
F
Looking
for
contacts
to
to
see
how
how
Edge
case
is
this
if
it's
like,
because
this
is
not
really
a
edge
case-
I
mean
so
nuanced
that
we
don't
have
to
take
it
I'm,
all
okay
with
that,
but
I
do
want
to
like
talk
to
more
people,
so
I
could,
after
this
call
look
at
identity
list
reach
out
to
people
to
see.
They
could
put
me
in
touch
with
someone
who
could
be
interested
in
talking
about.
B
Yeah,
so
it
sounds
like
right
now.
This
is
kind
of
like
information
gathering
and
you're
trying
to
reach
out
and
meet
other
people.
So
unfortunately,
you
know
this
meeting,
although
it's
quite
large
today
we
have
a
lot
of
people.
Usually
this
meeting
is
kind
of
small
I
would
definitely
recommend
reaching
out
on
the
kubernetes
developer
list
to
see
if
others
have
run
into
this
and
yeah
just
start
to
expand
your
net
that
you're
looking
for
people
to
get
in
touch
with,
because
you're
I
mean
you're,
probably
right.
B
F
B
E
E
Do
we
have
yeah
if
you
scroll
down
to
the
bottom,
you'll
see
that
you
know
a
colleague
of
mine
wrote
back
to
Nick
and
then
it's
been
a
couple
of
weeks
and
like
this
is
when
we
were
trying
to
get
in,
and
you
know
it's
okay,
that
it
didn't
make
it
in
this
time,
but
I'm
sort
of
wondering,
of
course,
when
and
if
Nick
has
a
chance.
He
can
look
at
it
again.
E
E
B
A
B
E
B
E
I
kind
of
just
wanted
to
see
what
see
if
anyone
had
thoughts
about
it
and
then
also
maybe
bring
up
the
topic
of
I
hate
to
have
all
of
this
be
on
a
couple
of
people's
plates.
If
we
can
get
more
people
who
want
to
review
this
kind
of
PR
I'm,
not
sure
exactly
what
the
plan
is
for
moving
forward
on
that.
But
maybe
we
need
to
try
to
make
that
happen.
Yeah.
B
B
B
F
E
Mean
this
that
asks
you
to
solve
something.
This
is
so
much
like.
Yes,
exactly
what
what
Jay
is
saying
in
the
chat.
Please
go
ahead
and
unmute
and
mention
your
thoughts
there,
because
I
feel
like
this
is
where
we
need
to
give
people
a
chance
to
start
becoming
reviewers,
so
it
doesn't
get
stuck
on
just
a
couple.
People
yeah
when
Nick
and
Walter
are
here.
E
We
need
to
make
sure-
and
this
is
something
I've
seen
in
other
sigs
too,
is
like
making
sure
that
people
who
want
to
start
being
contributors
have
that
chance
to
up
level
and
become
you
know,
forces
to
reckon
with
in
this
community
and
especially
if
you
have
deep
understanding
of
one
specific
area,
and
you
want
to
start
applying
that
to
Mars
like
I'm
just
kind
of
looking
at
the
folks
who
are
very
informed.
Coming
to
this
call
and
thinking
you
could
be
the
reviewers.
B
Yeah
plus
one
to
that
idea,
I
think
you
know
everyone
who
is
here
representing
you
know
some
cloud
or
some
large
provider
or
something
like
that.
You
know:
ask
your
colleagues
ask
your
friends
internally,
who
are
also
working
on
these
projects.
You
know
this
is
a
great
opportunity
for
junior
developers
also
to
get
involved.
B
E
Awesome
and
then
yeah.
If
anyone
wants
to
take
a
look
at
that
long-standing,
but
hopefully
almost
resolved,
bug
that
I
have
a
colleague
reporting
there
be
thrilled
to
have
even
your
feedback
of
like
hey
the
stuff
that
you
are
trying
to
fix
here.
In
my
you
know,
especially
if
you
have
fresh
eyes
and
you
look
at
it
and
you
think
I
don't
know
if
this
does
fix
it
because
of
this.