►
From YouTube: Kubernetes Community Meeting 20190725
Description
We have PUBLIC and RECORDED weekly meeting every Thursday at 10am PT
See: https://github.com/kubernetes/community/blob/master/events/community-meeting.md for more details.
A
Ten
people
all
right
welcome
everybody
today,
as
July
25th
2019,
welcome
to
your
weekly
kubernetes
community
meeting,
a
bunch
of
bad
luck
with
gopher
con
and
the
open
source
summit
happening.
However,
we
are
gonna,
have
a
demo
and
some
updates
today.
First,
we're
gonna
have
a
demo
with
from
Gareth
who's.
Gonna
show
us
OPA,
then
Guinevere
is
gonna,
give
us
the
release,
update
and
then
SiC
testing
is
going
to
give
an
update,
both
say
p.m.
and
say
the
instrumentation
will
go
at
a
later
time
due
to
scheduling
conflicts.
A
As
with
all
of
our
kubernetes
meetings,
the
code
of
conduct
is
in
effect,
so
please
be
excellent
to
each
other
and
everything
you
say
during
this
meeting
is
being
live
stream
and
recorded
on
to
youtube.
So
please
be
mindful
of
that.
If
you
are
not
speaking,
we're
gonna
ask
you
to
please
double
check
that
you
are
muted
and
with
that
Gareth
you've
got
ten
minutes.
Take
it
away.
Okay,.
B
Hopefully,
folks
can
see
a
large
blue
screen
with
a
company
logo.
People
are
saying
they
can
do.
I
will
get
on
so
I'm
gonna
talk
about
busy
unit
testing
humanities
configuration.
It
turns
out
that
collectively,
we've
all
read
an
awful
lot
of
committees,
configs
and
whether
in
llamo,
our
other
flavors
and
knowing
what
not
just
knowing
that
they're
gonna
apply
correctly
on
communities,
but
knowing
that
there
are
Dearing,
two
policies
that
we
set
is
sort
of
I
think
a
problem.
B
You
often
have
some
sort
of
continuous
integrate
in
deployment
systems
and
you've
got
your
clusters
and
open
policy
agent.
Most
of
the
use
cases
so
far
have
been
in
that
latter
bit
they've
been
in
the
cluster
authorization,
control
or
gatekeeping
clusters.
So
there's
a
number
of
different
places
where
this
is
already
integrated
into
Sto
actually
has
an
adaptor,
and
that,
if
you
want
to
write
policies
around
this,
your
manifest
you
can
do
that
in
OPA,
initio
and
Seth
have
a
similar
thing.
B
Around
storage
gatekeeper
is
a
project
under
the
open
policy
agent
project,
so
one
of
the
CNCs
projects,
specifically
as
an
admission
controller
for
kubernetes.
Again
all
of
these
operate
in
a
world
where
it's
on
the
cluster
protecting
stuff.
That's
really
good.
If
you
haven't
had
a
look
at
those
use
cases,
you
should
do
I'm
going
to
talk
about
something
slightly
different
I
tend
to
obsess
it
over
developer
tools
and
getting
things
happening
earlier
in
the
sort
of
cycle
and
confessed
came
about
from
me.
B
I
want
to
use
it
like
I
would
do
a
unit
testing
framework
and
I
want
to
put
that
in
my
continuous
integration
system
to
give
me
and
team
members
fast
feedback,
so
I
had
a
bunch
of
time
and
hacked
on
contest
ahead
of
Barcelona
coupe
con,
and
did
it
hook
right
there
types
of
people
and
have
been
hacking
on
it
ever
since,
so
this
is
really
only
since
May
time
and
more
recently,
a
number
of
other
people
have
come
along.
So
there's
now
a
number
of
other
active
contributors.
B
The
last
few
weeks
have
seen
loads
of
new
features
and
a
few
new
releases
and
well
this
at
a
simple
level
gives
us
is
Wow.
Take
Akuma.
These
configuration
file
take
any
of
your
many
many
kubernetes
config
files,
this
one's
minimal,
but
yours
might
be
in
other
things.
Ultimately
they're
going
to
compile
down
to
the
same
data
structure.
B
Open
policy
agent
allows
us
to
write
policies
in
this
language,
Rieger
language,
so
obviously
new
programming,
language
new
to
lots,
people
they're
like
what
does
that
actually
mean
so
I'm
taking
this
policy?
What
we're
saying
here
is,
let's
deny
any
input
which
is
of
kind
deployment,
so
input
is
also
a
that
data
structure
that
we
fed
in
and
what
deployment
is
the
committee's
deployment
and
and
we've
also
got
this
long
string
of
I,
don't
want
anything
which
has
the
runners
runners
non-root
to
be
true
and
I've
got
a
message.
B
They're
just
containers
must
not
run
as
weak.
Again.
That's
just
me
saying.
Oh
when
this
policy
like
trips,
this
is
the
message
I
want.
This
is
the
string
I
want
to
return
back,
so
we
can
see.
What's
going
on
and
all
contest
does
is
provides
you
with
a
really
simple
single
binary
or
packaged
app
to
run
against
those
files.
So
a
contest
test
point
at
your
config
files,
pointing
at
a
directory
of
config
files.
B
Ultimately,
you
might
use
you
might
be
generating
those
files
and
you
can
pass
them
in
as
standard
in
and
we'll
give
you.
Ultimately,
it's
like
a
unit
testing
framework
and
we'll
give
you
the
messages
back
for
policies
that
fail
and
we'll
give
you
status
codes
based
on
the
failures
and
I'll
say
as
well
like
the
obviously.
This
is
useful,
hopefully
in
the
context
of
communities,
there's
an
awful
lot
of
kubernetes
configs.
It's
also
really
useful
in
the
context
of
actually
any
arbitrary
configuration
and
contest,
isn't
particular
neither's
open
policy
agent.
B
So
actually,
if
you've
got
arbitrary
jason
documents
and
then
well,
you
can
write
policies
against
those
if
you've
got
other
ini
files
or
llaman
files
or
q
files
or
tamil
files,
we're
adding
more
passes
all
the
time.
Ini,
z,
master
q
came
a
few
days
ago.
The
idea
here
is
a
generic
way
of
writing
utterly
policy
testing
against
configuration
files
there's
a
lot
of
examples
in
the
repo
from
simple
to
more
complicated
Q
at
these
ones.
B
B
I
can
create
my
own
little
mini
language,
so
here
I'm
importing
a
community's
library
and
rather
than
that
sort
of
implementation,
specific
parts
and
really
getting
into
the
weeds
I've
created
my
own
little
DSL
communities
is
deployment,
I'm
a
fan
of
the
application
labels
and,
but
actually
getting
people
to
add
them
can
sometimes
be
tricky.
A
nice
nudge
would
be
writing
a
test
to
ensure
you
do
so
so
these
are
documented
as
part
of
the
humanities,
documentation
and
I've
written
them
all
out
in
Rego.
B
Perfect
timing,
because
I
have
one
slide
which
simply
says
if
this
sounds
interesting
come
and
have
a
play
with
it,
you
can
download
it
from
github
or
get
involved
if
this
sounds
interesting
and
as
of
today
as
well.
Thanks
to
the
open
policy
agent
folks,
we've
got
a
contest
channel
on
the
open
policy,
agent,
slack
and
so
join
us
there
at
all.
All.
A
A
C
C
A
A
D
It
so
I'm
gonna
share.
My
screen.
I
am
very
open
to
interruptions
for
questions
as
we
go
through
this
okay.
So
it's
the
community
of
the
interstate
testing,
eventually
one
day
I
will
run
out
of
this
is
fine
memes
to
share
with
you
all,
but
our
mascot
continues
to
live
on.
This
is
sort
of
the
state
of
testing
within
this
community.
D
Today
we
have
become
the
fire
and
we
feel
like
we
are
surrounded
by
a
bunch
of
fun
little
puppies
and
dogs,
so
state
testing
is
responsible
for
a
lot
of
the
infrastructure
related
to
running
tests
and
making
test
results
actionable
across
the
project.
You
don't
write
your
tests
for
you.
You
know
how
your
stuff
works
better
than
the
small
team
that
we
are,
but
we
want
to
empower
you
to
be
more
effective
with
your
tests,
so
I'm
going
to
roll
through
a
number
of
sub
projects
that
we
do
and
we'll
go
from
there.
D
So
the
first
sub
project-
some
of
you
may
be
aware
of-
is
kind
or
kubernetes
and
docker,
so
kind
now
has
support
for
ipv6
and,
as
far
as
I
know,
is
the
first
implementation
of
kubernetes
that
is
almost
asterisk,
passing
conformance.
We
have
one
test:
that's
not
quite
working
and
we're
so
PR
out
to
fix
that,
but
soon
it
will
be
the
only
ipv6
implementation
of
kubernetes,
that's
known,
to
pass
conformance,
at
least
as
far
as
we're
aware
up
on
this.
D
You
know
test
grade
that
anybody
can
contribute
results
to
it's
gotten,
just
ridiculously
faster,
been
the
elder
and
James
Nunnally
sort
of
optimized
a
lot
for
speed.
So
the
builds
are
fully
reproducible.
It
starts
up
faster,
it's
got
better
support
for
image,
side
loading
and
it's
just
a
little
bit
more
configurable.
D
Looking
ahead,
you
know
we're
still
really
aggressively
figuring
out
the
road
to
1.0
for
kind,
which
means
as
much
attention
as
it
is
getting
and
as
much
as
everybody
enjoys
it.
We
do
need
to
make
sure
that
it
doesn't
necessarily
support.
Everybody's
needs
out
of
the
gate
that
we
remain
focused
and
on
scope
for
what
it
takes
to
get
kind
to
1.0.
D
D
D
Prowl
is
the
thing
that's
like
if
this
then
that
for
the
entire
for
github
and
runs
the
CI
for
most
of
the
project,
we
it
also
supports
reading
information
from
other
CI
systems
that
some
of
you
use
like
Travis
or
circle
or
shippable,
or,
if
you're,
really
in
that
position
jenkins.
Like
you
know,
we
will
just
sort
of
pay
attention
to
the
information
that's
posted
to
PRS,
but
we
also
support
a
lot
of
fun
ways
to
run
jobs
against
PRS
steve
Kuznets
off,
and
I
really
I'm
sorry.
I
don't
know
how
to
pronounce
the
name.
D
So
just
there's
think
you
have
a
username.
I've
spent
a
good
chunk
of
time,
creating
a
brand
new
dashboard
for
Crowl,
which
is
sort
of
going
to
help
us
better
understand
at
like
a
component
level.
At
a
you
know,
the
business
metrics
level
like
how
healthy
is
proud
itself.
This
is
really
useful
to
anybody
out
there
who
is
running
their
own,
proud
installation.
I
know
there
are
a
number
of
you
out
there,
OpenShift
Jets
TAC,
FEMA
project,
so
on
and
so
forth.
D
There
are
a
couple
proud
plugins.
Some
of
you
have
seen
the
one
that
just
most
recently
merged
is
something
written
by
Nikita,
which
will
automatically
apply
a
milestone
to
your
pull
request
when
it
emerges.
I
think
people
on
the
release
team
will
be
really
happy
about
this,
and
people
who
are
just
out
in
the
real
world
will
be
happy
about
this
when
they
stumble
upon
a
pull
request
in
Google,
and
they
see
that
it's
been
merged
if
they
want
to
understand,
but
which
release
did
this
make
it
into?
D
This
will
be
taken
care
of
by
the
bots
going
forward.
We
could
definitely
use
some
help
if
somebody
wants
to
like
write
some
amazing
scripting
to
go
back
and
retroactively
Lee
figure
out
for
all
the
pull
requests
that
have
merged
what
milestones.
This
should
be
in
totally
happy
to
help
you
script,
that
cut
on
the
to
apply
that
we're
trying
it
in
on
one
repo
and
eventually
we'll
look
to
have
it
rolled
out
on
a
bunch
of
repos.
It's
the
sort
of
thing
where
you
kind
of
configure
it
yourself.
D
For
highlighting
problems
isn't
super
smart,
some
other
things
as
diva
Kuznetsov's
sort
of
has
made
prowl
a
lot
more
interoperable
with
Bugzilla.
We
here
on
the
kubernetes
project,
mostly
care
about
how
prowl
interacts
with
github
and
its
issues
and
stuff,
but
it
does
interact
with
other
systems.
I
know
we
have
support
for
sort
of
Gerrit
as
well
and
auxilary,
and
we
also
sort
of
have
beta
support
for
Tecton
pipelines
being
one
of
the
bats
in
the.
D
If
this
than
that
that
is
proud,
you
know
proud
when
it
wants
to
kick
off
a
job
can
do
so.
What
we
sort
of
prefer
here
in
the
kubernetes
project
is
kicking
off
a
job
as
a
kubernetes
pods
back,
but
it
in
the
battle
days.
It
also
used
to
be
able
to
talk
to
Jenkins
and
kick
off
a
job
by
name,
and
it
can
also
create
build
CR
DS
if
you're
familiar
with
that
from
K
native,
and
it
can
also
kick
off
tacked
on
pipelines.
I'm
calling.
C
D
There
are
a
lot
of
PRS
to
the
config
over
here,
not
as
many
PRS
to
the
code
over
here
and
it'd
be
helpful
to
maybe
separate
those
out
so
there's
an
issue
if
you
want
to
help
us
do
that,
we're
also
just
this
close
to
allowing
people
to
trigger
reruns
on
Prout.
So
if
I
were
to
go
to
prowl
I'm
gonna
make
the
mistake
of
doing
this
live.
So
this
is
Dec
right.
D
This
shows
the
status
of
all
of
the
jobs
that
are
currently
running
right
now,
I'm
gonna
go
down
and
find
one
that
failed
I'm
going
to
click
the
rerun
button.
I
can't
see
the
thing
here:
okay,
so
the
rerun
button
doesn't
yet
exist,
but
soon
it
will
and
I
will
be
able
to
click
a
button
here
and
automatically
trigger
a
job
so
that,
ideally
people
can
stop
asking
us
to
or
the
on-call
person
to
run
jobs
for
them.
D
This
is
all
in
the
name
of
better
empowering
self-service,
empowering
the
community
to
help
itself
after
Barry
will
be
working
on
sort
of
remote
spyglass
lenses.
So,
like
I
said,
spyglass
is
the
thing
that
displays
your
results.
It's
actually
configured
to
display
like
lenses
for
different
files.
So
what
I
was
linking
to
earlier
was
the
wins
for
log
lines,
but
we
also
have
lenses
for
j-unit
files
lenses
for
code
coverage.
The
catch
is
that
all
of
those
have
to
live
entry
alongside
the
proud
codebase
right.
D
So
here's
like
the
j-unit
lens,
which
shows
me
a
little
bit
more
about
what
we
parsed
out
of
j-unit.
So
much
like
Crowl
supports
out
of
tree
plugins
using
the
external
plugins
mechanism,
where
we
talked
to
be
a
HTTP,
we're
looking
to
do
the
same
thing
with
spyglass
so
that
we
can
sort
of
federated
the
development
here.
Finally,
the
only
cap
that
we're
aware
of
but
is
not
relevant
to
the
release
teams,
feature
freeze.
At
the
moment
it
was
just
sort
of
a
really
gnarly.
Discussion
was
a
kept
about
enabling
in
repo
config.
D
Your
repo
and
like
that
way,
you
can
focus
on
that
repo
might
not
be
used
to
the
way
this
project
operates.
Where
we
have
this
external
repo
over
here,
we
have
config
for
all
185
repos
across
the
project,
and
we
do
want
to
enable
that,
like
smaller,
more
intimate
use
case,
but
it's
tangled
up
with
a
lot
of
the
assumptions
and
expectations
that
we
have
about
how
to
enforce
conventions
across
the
project,
especially
those
that
might
require
security,
so
al-rahman,
is,
is
working
on
pushing
forward
on
this.
D
D
These
turn
these
into
a
road
map,
the
most
effective
way
to
help
turn
this
into
a
road
map
is
to
help
us
get
people
to
work
companies,
but
helping
us
understand
what
is
most
important,
also
a
good
way
to
help
out
and
then
help
us
unit
test
prowl.
This
is
one
of
our
good
first
issues,
where
we
sort
of
identified
a
number
of
proud
components
and
flags
that
need
to
be
unit
tested.
So
we
just
got
a
nice
checklist
here.
That's
prioritized
test
in
for
stuff
in
general.
D
I
will
start
to
go
faster
because
I've
definitely
been
talking
for
more
than
10
minutes.
We
have
a
utility
that
lets.
You
run
go
test
bench
and
turn
that
into
J
unit
XML
results
which,
when
most
of
our
tools
understand,
you
saw
me
email,
kubernetes
to
have
a
while
ago
about
how
Catherine's
sort
of
helped
automate
the
test.
D
Infra
roll
out
of
the
release
team
using
these
three
tools,
which
many
of
which
are
based
on
crown
job
annotations
and
he's
probably
talking
about
Ron
chase
sort
of
using
that
to
move
some
of
those
annotations
into
your
job
files,
so
that
again,
better
self
service.
You
can
sort
of
merge
your
changes
a
little
bit
faster,
we've
improved
our
Doc's
greatly.
D
You
can
click
those
things
to
go,
see
them
we're
looking
to
support
better
local
testing
of
proud
jobs,
so
just
sort
of
trying
to
jam
as
many
things
together
as
possible
by
using
both
kind
and
a
number
of
proud
utilities.
Together,
you
can
actually
sort
of
just
spin
up
your
own
local
instance
of
proud
ish
and
run
everything
that
you
need
to
to
test
out
that
your
end-to-end,
proud
job
works,
better
locally,
expect
to
see
more
of
that
and
a
demo
of
that
at
the
next
state
testing
meeting.
D
So
you
can
merge
those
changes
faster
and
we're
looking
to
measure
and
display
unit
test
code
coverage
for
kubernetes
communities,
I
much
like
Gareth
feel
like
the
sooner
we
can
get
test
results,
the
the
faster
you
can
get
them
the
more
effective
they
will
be
I
feel
this
is
an
area
that
the
project
is
currently
lacking
for
help
wanted.
Our
triage
tool
works.
Super
great
Gregg
triage
is
Joe
doc
aids.
D
That
is
slash
triage,
it's
actually
driven
by
a
proud
job
that
runs
every
twenty
to
thirty
minutes
or
so,
and
there's
a
Python
script,
that
sort
of
parses
out
all
of
our
test
results
and
displays
these
things.
The
speed
with
which
this
dashboard
updates
is
limited
by
the
speed
with
which
that
job
runs
it's
right
in
Python
right
now
it
could
be
written
and
go
and
probably
go
significantly
faster
and
help
you
identify
that
much
sooner,
if
you're
PR
did
actually
fix
the
problem.
D
Let's
see
some
of
you
like
to
use
our
labels.
Thank
you.
Labels
handle
thing
to
adjust
labels
across
your
repos,
again,
we'd
love
to
shard
that
up
in
the
same
way,
we've
done
with
other
files
and
also
we
are
well
aware
that
Python
two
is
coming
to
the
end
of
its
life.
At
the
end
of
this
year,
Travis
Clark
has
sort
of
helped
convert
some
of
the
scripts
from
Python
to
Python
3.
If
this
is
something
you
know
how
to
do
or
care
deeply
about
totally
come
help
us
out.
D
Finally,
the
testing
common
sub
project
is
the
sub
project,
that's
sort
of
about
how
do
we
like
make?
You
know
testing
frameworks
that
are
easy
to
use
to
help
you
to
sort
of
better
write
your
tests
and
so
we're
looking
at
this,
and
so
a
couple
of
things
we've
done
here
are
to
take
the
40
or
so
images
that
are
involved
in
kubernetes
end-to-end
tests
and
really
reduce
that
down
to
one
image
as
much
as
possible.
D
A
did
to
support
performance
there's
been
a
lot
of
work
and
untangling
the
massive
e
to
the
framework
package
and
to
different
things
for
easier
bending.
We
really
are
getting
to
the
point
where
people
can
vendor
e
to
e
frame
framework
package
to
write
their
own
end-to-end
tests
out
tree
and
we're
also
looking
to
maybe
find
something
other
than
the
e
to
e
framework
to
write
a
better
end
and
test
faster.
You
know
we
sort
of
chose
ginkgo
back
way
back
when
because
it
was
kind
of
the
only
thing
that
existed.
D
A
number
of
BDD
frameworks
have
since
sort
of
evolved,
and
it
may
be
that
one
of
those
looks
better
or
maybe
there's
something
we
could
write
for
scratch.
That
would
help
us
Help
Wanted.
If
you
may
be
aware
of
the
component
config
thing
which
is
sort
of
the
effort
to
remove
the
use
of
the
hundreds
and
hundreds
of
flags,
we
use
to
configure
our
various
kubernetes
components
and
turn
those
into
API
resources.
D
D
At
the
moment
we
are
helping
with
the
container
an
image
promoter
which
some
of
you
are
using
by
pushing
sub-project
artifacts
like
container
images
into
staging
repos,
and
then
this
is
responsible
for
pushing
us
to
a
place
like
GC,
KD
cRIO,
and
we're
also
looking
to
enable
you
know
community
support
for
the
testing
for
on-call
role
that
is
currently
staffed
by
myself
and
a
couple
of
my
teammates
one
more
thing.
We
are
in
fact
open
sourcing
test
grid.
D
I
didn't
quite
have
the
plans
laid
down
right
before
this
presentation,
but
this
would
be
the
count,
the
issue
to
come
check
out.
If
you
want
to
learn
more
about
like
what
our
plans
are,
the
order
in
which
we're
rolling
this
out
and
how
you
could
help
us
with
this
I
love
test
grid.
It's
amazing
there's
nothing
else
out
there
like
it,
I'm
really
excited
to
see
more
of
them.
How
you
can
contribute
to
this
sig,
so
we
usually
have
met
historically
1
p.m.
D
D
If
it's
just
this
test
in
this
one,
someone
it's
9:40
finally,
where
to
find
us
Eric,
fada,
myself
and
critic
and
burger
Steve-
gives
nests
off
and
Timothy
Sinclair
are
the
chairs?
Here's
our
home
page
here
the
slack
channels
for
all
sub
projects?
Here's
the
mailing
list,
I'm
done
talks
so
much
I'm.
So
sorry,
any.
A
Thank
errand
for
only
taking
ten
of
his
errand
minutes.
Okay,
any
questions
are
sick
testing
before
we
move
on
and
close
this
out,
okay,
so
that
beautiful
shirt
Erin
all
right,
some
quick
announcements,
don't
forget
about
the
API
deprecations
coming
in
when
that
16
I've
left
that
link
there.
Just
a
pro
tip
those
of
you
I
know
it's
only
July,
but
you
might
want
to
start
to
pay
attention
about
booking
your
travel
for
hotels,
sig,
instrumentation
storage,
docks
and
the
product
security
committee
will
be
given
the
updates
next
week,
as
I
said
before.
A
Also
there's
a
call
for
help.
If
you
want
to
host
this
meeting,
that's
exactly
what
I'm
doing
just
basically
read
the
agenda.
Please
ping,
and
let
me
know
we
always
want
to
get
new
faces
up
here
and
give
people
a
chance
to
do
something
for
the
community
some
shoutouts
for
this
week.
What
this
is
as
a
channel
on
the
kubernetes
slack
hash
shout
out.
If
you
see
someone
going
above
and
beyond,
the
call
of
duty
feel
free
to
just
thank
them
in
that
channel
and
we'll
read
that
off
during
this
community
meeting.