►
From YouTube: Kubernetes Community Meeting 20170720
Description
We have PUBLIC and RECORDED weekly video meetings every Thursday at 10am US Pacific Time.
https://docs.google.com/document/d/1VQDIAB0OqiSjIHI8AWMvSdceWhnz56jNpZrLs6o7NJY
Demo kube-bench; Release updates; SIG Storage; SIG Service Catalog
A
Yeah,
all
right
cool
all
right,
welcome
everybody
to
the
July
20th
edition
of
the
communities
community
call
I'm,
Doug,
Davis
ma
am
going
to
be
moderating
today.
This
call
is
being
recorded
so
be
on
your
best
behaviour.
Let's
see
the
agenda,
a
link
is
in
the
chat
if
you're
interested
it's
all
in
there
and
let's
see
first
up
on
the
agenda
I
believe
we
have
Liz
who's
going
to
be
doing
a
demo
for
us
today.
Right.
B
So
yeah,
my
name
is
Liz.
My
son
from
active
security
and
I
wanted
to
share
a
little
tool
that
we've
built
called
choose
bench,
and
so
this
is
an
implementation
of
the
scroll
to
the
beginning,
the
CIF
Center
for
Internet
Security
to
Banaras
benchmarks.
So
the
C
is
published
a
number
of
benchmarks
and
guidance,
basically
to
help
people
with
best
practices
for
securing
their
deployments
and
they've
published
we're.
Now
on
the
second
version
of
a
benchmark
for
communities.
B
They
did
one
a
couple
of
months
ago
and
they've
just
released
an
update
for
and
1.7
within
the
last
couple
of
weeks
and
at
this
benchmark.
Basically,
if
I
find
a
one
of
the
meat
on
it,
it's
full
of
these
and
kind
of
tests
that
allows
somebody
to
kind
of
verify
whether
or
not
they're
adhering
to
the
best
practices
that
they
advise.
So,
for
example,
in
this
one,
randomly
you'd
be
looking
to
see
whether
keep
API
server
was
running
and
if
it
was,
but
it
didn't
have.
The
basic
cost
file
argument
specified.
B
What
we've
done
with
the
key
bench
is
automate
all
these
different
tests,
because
there
are
hundreds
and
hundreds
and
hundreds
of
them,
while
it's
about
200
pages
of
doctrine,
into
a
a
go
application.
So
before
demonstrated
I'll
just
show
you
quickly
that
we
had
these
config
files
and
the
tests
are
divided
into
testing
is
run
on
every
now
tested
run
on
the
master
and
test
that
you'd
run
on
a
unload
in
a
federated
deployment,
and
all
of
the
tests
are
configured
as
younger
files.
B
So
it's
needed
to
update
as
the
benchmarks
get
updated
and
as
everything
evolves
and
then,
if
I
move
to
my
kid,
unless
is
made
and
should
be
able
to
just
run
this
I'm
going
to
run
the
pack
and
the
master
test
really
doesn't
take
very
long
at
all,
we'll
see
something
passed.
Some
of
them
are
failed,
got
a
few
warnings
and.
B
Eventually,
I
get
some
color-coded
guidance
and
I
also
get
a
list
of
sort
of
room
mediations,
which
is
really
advice
on
what
to
do
to
comply
with
the
best
practices
and
another
thing
that
you
can
do
this
is
you
can
have
Jason
outputs
and
so
that
it's
easier
to
automate
run
this
across
a
lot
of
nodes
and
checking
that
the
results
are
what
you're,
hoping
for
and
ID
is
there
anything
else
I
wanted
to.
You
know
the
last
thing
I
wanted
to
mention.
B
So
if
I
just
look
at
the
config
file
we've,
we
now
got
this
configurable,
so
you
can
set
up
different
and
file
locations
and
binary
families,
so
I
think
if
you've
got
yeah
hypercube,
and
so
we
can
check
for
the
right
and
buying
these
according
to
which
kind
of
deployment
we've
got
and
that's
pretty
much
it.
It's
open
source,
it's
on
github.
We
love
feedback
with
love
people
to
medicine
in
particular,
and
if
we're
kind
of
missing
any
farm
locations-
or
you
know
if
the
configuration
is
basically
wrong-
we'd
love
to
hear
that's
pretty
much.
A
C
B
E
A
A
D
Anybody
in
the
cig
release
can
help
with
that,
and
you
can
go
to
the
cig
release
channel
in
slack
or
hit
the
mailing
list,
which
is
also
linked
below
in
the
notes.
So
the
volunteers
needed
our
testing
lead,
bug
tracking
Doc's
pest
manager,
which
is
a
Google
specific
role
and
a
marketing
role
that
is
being
developed
as
part
of
this
release.
So
those
things
are
all
really
important
and
necessary
for
the
the
1.8
release
cycle
and
we
need
help
so
Caleb
anything.
You
want
to
add
to
that.
D
No,
thank
you.
I
read
at
all,
okay,
great
all
right,
so
the
other
aspect
of
this
is
we're
finalizing
the
release
schedule
so,
one
to
a
date
tomorrow,
there's
a
sort
of
interstitial
meeting
with
cig
release
where
we're
going
to
talk
through
the
pull
request
the
Garrett
had
for
the
one
that
scheduled
and
gotten
a
lot
of
good
commentary
on
that.
Please
feel
free
to
add
your
thoughts
to
the
pull
request.
D
If
there's
something
that
you'd
like
considered
it
as
part
of
the
1.8
release
timeline
and
we'll
definitely
take
that
into
consideration
tomorrow
as
part
of
the
finalization
and
again
the
the
release.
What
we're
trying
to
avoid
as
part
of
the
feedback
from
the
retro
is
making
changes
mid,
release
cycle
that
might
be
difficult
to
keep
track
of
so
we're
trying
to
get
a
lot
of
stuff
done
upfront
as
much
as
possible
and
I
think
I
I'm,
not
sure
if
you've
always
here,
but
you
know
you
want,
talked
about
the
really
stolen.
F
Here
great
before
killer
brief
update
for
me,
whereas
a
lot
of
a
training,
soda
comin
and
we
can
clean
the
stage
work,
here's
a
feature
all
now
absolutely
welcome
to
submit
your
features
to
the
featured
scruple
and
don't
forget
that
the
deadline
is
coming.
It
will
happen
in
two
weeks.
So
please
finalize
your
feature,
feature
proposal
before
the
deadline
and
submit
them
to
the
Future
circum
little
for
me,
I.
E
Just
reiterate:
Jace's
requests
for
volunteers
on
the
releasing
for
those
of
you
who
have,
especially
for
those
of
you
who
have
lamented
that
google
staff
this
and
google
doesn't
give
transparency
and
has
not
made
it
easy
for
people
to
take
these
roles.
We
are
trying
very
hard
to
and
we
are
trying
to
work
with
you
all
to
make
this
a
broader
release
team
and
make
it
they
get.
Actually
a
kubernetes
community
led
release.
E
A
E
E
D
G
H
Yep,
this
is
on
here
from
the
storage
sink.
To
give
a
quick
recap
of
what
we
worked
on
in
1.7.
There
was
a
new
volume
plug-in
that
was
introduced
entry
and
we
had
a
couple
of
alpha
features:
go
in
one
around
local
storage,
which
makes
available
storage
local
to
a
particular
machine.
So
far,
a
storage
has
four
persistent
storage
has
been
network
attached.
Storage
is
a
big
feature
and
the
second
feature
was
around
adding
capacity.
H
Isolation
around
the
storage
that
we
take
from
the
machine
for
things
like
the
overlay
for
an
image
logs
things
like
that.
So
both
those
features
got
started
and
had
some
features.
Some
sub
features
going
for
alpha
in
the
last
quarter.
Both
of
them
are
being
worked
on
as
part
of
the
1.8
release.
Another
big
feature
that
we're
working
on
is
the
container
storage
interface.
We
have
a
big
push
to
get
volume
plugins
out
of
tree
part
of
the
plug
ability
and
extensibility
goals
for
kubernetes.
The
path
for
towards
that
is
the
container
storage
interface.
H
That's
aspect
that
we're
trying
to
get
a
broader
agreement
amongst
other
cluster
orchestration
systems
so
that
a
single
volume
plug-in
can
work
across
multiple
cluster
orchestration
systems.
The
goal
there
for
this
quarter
is
to
come
up
with
an
implementation,
design
doc
for
kubernetes
and
some
prototyping
and
beyond
that.
We
also
aim
to
expose
volumes
as
block
devices.
H
That's
an
alpha
feature
for
1.8
and
we
have
a
spreadsheet
that
all
pasting
where
we
track
a
bunch
of
other
features
which
are
smaller
one
big
change
for
1.8,
is
that
we
are
no
longer
accepting
any
new
entry
volume
plugins.
We
are
redirecting
folks
to
the
existing
out
of
tree
flex
volume
volume
drivers.
We
understand
that
there
are
some
sharp
edges
to
using
flex
volumes,
we're
working
this
quarter
to
try
to
remove
some
of
those
mainly
around
the
difficulty
in
deploying
a
flex
volume
driver
on
kubernetes.
H
A
A
The
thing
we're
running
into,
though,
is
as
we're
starting
to
play
with
the
seed
catalog
in
real
environments
and
the
conditional
use
cases
that
are
popping
up
and
as
in
particular
as
we
do
things
like
use
it
with
other
components
and
group
entities
like
the
API
aggregation,
we're
finding
that
we're
running
into
some
design
issues
that
we
need
to
go
back
and
modify
some
stuff,
nothing
very
large,
but
enough
that
it's
sort
of
slowing
us
down,
but
that's
all
goodness
it
means
they
know.
A
People
are
trying
to
use
this
stuff
and
finding
things
and
I
find
it
useful.
So
that's
all
goodness,
but
just
some
interesting
examples
of
things
they're
running
into
things
like
once.
We
turn
on
API
aggregation,
we're
finding
that
we're
having
resource
naming
conflicts,
I'm
sort
of
sample.
We
had
something
called
binding,
but
Khorasan
called
binding,
so
no
issues
there.
We
need
some
clarification
on
how
to
use
secrets
for
things
other
than
injecting
in
the
pod.
A
So
you
need
to
work
very
closely
with
the
cig
off
work
team
on
that
one,
and
in
particular
we
doing
a
little
bit
of
redesigning
of
our
resources
to
make
it
a
little
more
flexible
because
as
we're
coming
up
with
new
use
cases,
people
are
going
to
people
are
identifying
different
ways.
They
wants
to
leverage
some
of
the
rivers
catalog
credentials
that
are
getting
injected
into
the
system
and
they're
they're
using
them
in
ways
that
we
hadn't
really
thought
about
it
before,
and
so
we
need
to
ask
more
flex,
though,.
A
So
we
are
obviously
fitting
our
all
of
our
our
work
and
feedback
on
the
specification
back
to
the
open
source
broker
workgroup
and
so
we're
making
changes
to
that
specification
as
we
go
along
and
that
seemed
to
be
going
really
really
well
and
as
and
a
flipside
of
that
is
we're
also
a
testbed
for
the
new
stuff.
That's
going
into
the
specification
itself
because
things
aren't
allowed
to
go
into
the
spec
until
these
one
platform
supports
it,
so
we're
returning
to
one
of
those
platforms.
A
A
E
A
A
very
quiet
group
today,
all
right
so
announcements,
just
one
on
there
is
six
seventh
on
there.
You
go
so
k8s
dot.
Reviews
is
live
very
hard
to
read
with
all
those
little
cursors
in
there,
but
I
have
the
right,
URL
go,
go,
take
a
look
at
it
and
you
can
every
time
I
go,
look
at
it.
I!
Keep
it
remind
myself.
I've
got
to
come
back
here.
More
often,
it's
really
really
useful
for
keeping
track
of
all
your
PRS
that
are
spread
out
across
diverse
components
and
complete
the
status
of
them.
E
J
You
go,
I
have
a
quick
question,
oh
yeah,
but
somebody
could
just
answer
for
me
who
would
be
in
charge
of
official
expiration
policy
on
kubernetes
on
kubernetes
versions?
I've
been
trolling,
the
states
trying
to
find
out
of
Cygnus
will
be
for
the
Sun.
Nobody
seems
to
oh
yeah.
J
G
For
what
it's
worth
Josh,
but
I
think
that
Robert
Bailey
and
myself
both
agreed
that
this
is
the
thing
that
crosses
multiple
SIG's
and
is
worth
raising
to
the
governance
board
in
there,
because
it's
unclear
which
six
should
actually
own
this.
But
we
all
collected
three.
The
dock
is
very
deep
inside
of
the
kubernetes
community,
repo
in
the
directory
called
design
proposals.
It's
weird
that
we
keep
having
to
refer
to
that
as
our
supported
official
policy.
Honoring
and,
firstly,
not
in
beer,
is.
J
E
J
I
All
right,
but
but
yeah
just
I
want
one
last
point
about
this
is
currently
the
release.
Sig
owns
has
positions
for
all
of
the
branch
managers
and
things
so
the
current
support
definitions,
as
we
support
three
releases,
the
structure
of
the
positions
in
the
teens
and
sig
Reese
are
based
on
that.
So
can't
change
the
official
number
of
supported
versions
without
a
deficient
switch
again.
You
know
we'll
need
to
find
people
adult
at
minimum.
There
are
a
few
like
versions
to
you
and
thinking
like
that.
Yeah.