►
From YouTube: Kubernetes Community Meeting 20181011
Description
We have PUBLIC and RECORDED weekly meeting every Thursday at 5pm UTC.
See this page for more information: https://github.com/kubernetes/community/blob/master/events/community-meeting.md
A
By
everyone
welcome
to
October
11th
edition
of
our
Thursday
kubernetes
community
meeting.
My
name
is
Paris
Pittman
and
I
work
at
Google,
I
do
community
stuffs
or
guru
Nettie's,
and
today
we
have
a
full
agenda
of
our
regular
shenanigans
that
includes
release
updates
graphs,
all
kinds
of
fun
stuff.
First
things.
First,
though,
if
you
are
not
speaking,
please
remember
to
mute
and
also
please
be
excellent
to
each
other
as
well.
A
B
B
All
right
as
the
screen
good
and
everyone's
here,
yep
you're,
good,
okay,
all
right
thanks
again
for
the
thing,
I'll
show
our
work,
so
the
container
images.
This
was
a
piece
of
work
that
started
off
in
IBM
and
we
are
working
well.
The
community,
especially
the
folks
from
OCI
and
container
D,
get
this
integrated
and
into
canadian
kubernetes,
so
I
believe
also
Stephan
and
her
show
who
the
mean
if
the
mental
cells
or
the
call.
So
if
you
do.
C
B
B
So
the
main
idea
of
encrypting
containers,
as
the
name
describes,
is
we
want
to
be
able
to
encrypt
the
image
contents.
The
use
cases
you
we
are
thinking
about
a
sensitive
code,
so
this
would
be
the
case
of
things
like,
if
instance
of
this
would
be
trading
our
pardons.
You
know
a
lot
of
banks
and
financial
entities,
one
to
keep
a
garden
secret.
B
Another
case
that
we
are
handling
is
also
a
case
where
we
have
a
untrusted
or
compromised
registry.
So
if
the
registry
is
owned
by
a
body
or
within
an
organization
at
the
registry
shared
by
multiple
teams
and
as
very
stiff
information
in
the
images-
and
this
can
be
used
so
that
we
can
distress
the
registry,
we
have
additional
thought
experiments
about
use.
Cases
such
as
and
forcing
dual
fencing
features
like
that:
treating
use
of
a
TPM,
malicious
and
some
sort
of
crypto
device.
B
So
the
proposal
is
fairly
simple,
so
over
here
we
have
the
original
OCR
proposal,
OCI
image,
and
what
we're
doing
is
we're
doing
the
airbase
encryption
so
over
here
the
changes
as
you
can
see.
Usually
we
have
the
files
and
we
tied
gzip
them.
We
are
adding
this
additional
step
to
perform
the
encryption,
so
the
changes
here
are
really
the
media
type.
We're
adding
has
a
plus
e
NC
for
encryption
and
we
are
also
having
a
bunch
of
keys.
So
now
these
are
not
the
key
starting
to
decrypt.
B
B
So
the
main
idea
around
the
encryption
is
so
first
we
need
to
perform
the
sender
encryption.
So
we
take
the
data
and
we
do
a
s
in
our
case
we're
using
GCM,
which
has
all
integrity
checking
also.
So
what
we
do
is
we
end
up
with
an
encrypted
block,
and
so
this
will
be
the
layer
data
itself
and
what
we
want
to
do
is
we
want
to
say
when
we
encrypt
an
image,
we
say
we
wanted
to
be
decrypted
by
certain
recipients
or
entities.
B
B
Okay,
so
the
flow
of
how
we
see
this
being
used,
so,
let's
say
we
wanna
click
encrypt
imagery
user,
a
so
we
have
used
use
a
we
have
user
is
public
key.
When
we
do
a
dollar
bill,
we
say
we
want
to
encrypt
this
for
user
a
now.
This
could
be
any
arbitrary
number
of
public
keys
or
any
number
of
recipients.
So
we
upload
the
image
as
well
as
the
keys
into
the
registry,
and
what
we're
doing
is
now.
We
have
to
run
this
be
able
to
decrypt.
B
B
Okay,
so
let's
do
a
demo.
B
B
B
B
B
We
create
a
pod
and
then
so.
This
is
anger
that
image
and
we
have
the
image
Lucifer.
We
add
in
this
private
key
that
we've
created,
of
course.
Ideally
what
we
could
do
is
have
this
image.
Encryption
secrets
be
kind
of
tied
through
the
service
account
like
image,
blue
sequins
off,
and
that
way
there
should
be
transparent
to
the
user.
B
All
right,
so
what
we
have
here
is
we
have
added
a
facility
and
container
D
to
look
at
the
information
about
the
image.
So
you
can
see
that
all
of
this
nginx
image
tree
there
is,
and
they
are
encrypted,
with
PGP
keys
with
the
key
idea
but
yeah.
So
this
this
helps
our
runtime
to
detect
how
we
are
going
to
actually
perform
the
decryption
on
the
image.
So
it's
possible
to
have
multiple
keys
so
that,
let's
say
I
could
encrypt
an
image
for
two
different
parties
and
they
may
not
use
the
same
protocol.
B
F
B
That's
a
good
question,
so
Dan
says
yes,
it's
we
ended
up
in
the
discussion
which
got
a
lot
more
complicated
than
we
hoped
it
would
be.
So
the
idea
we
had
over
there
is
he
has
signed
like
some
kind
of
so
two
alternatives,
so
one
of
which
is,
if
you
could
directly
interface
with
a
key
management
solution,
you
could
distribute,
distribute
the
keys.
That
way.
A
A
C
G
So
113
is
talking
along
underway.
We
started
enhancement
collection,
this
Monday.
So
as
of
now,
we
have
37
issues
in
the
features
ripple.
I
have
a
link
to
them
there,
so
a
call
for
the
sake
owner,
sig
leads
and
feature
owners.
Please
please
help
us
and
keeping
the
issues
up
to
date.
The
labels
a
kind
priority
and
say,
if
it's
not
there
and
also,
if
you
could
Kendrick
or
enhancement,
lead,
he
might
have
left,
he
should
have
left
a
note
on
almost
all
the
issues
asking
for
what
spending
in
terms
of
code
tests
and
dogs.
G
G
We
luckily
there
are
not
too
many
issues,
but
there
are
a
few
chronic
ones
that
have
been
plaguing
us
a
while
now.
So
if
you
have
any
issues
as
I'm
to
your
sake,
please
take
it
as
priority
and
please
get
it
triaged
/
someone
to
work
on
resolving
it
and
we
will
reach
out
to
you
or
to
the
safe
more
frequently
if
those
issues
prolong
during
the
release.
In
other
announcements,
after
our
112
retro,
we
added
a
couple
of
more
take
a
couple
of
more
alpha
and
RC
bills
to
the
release
schedule
itself.
G
A
Thank
you
very
much
for
your
update.
All
right
next
up
is
our
gorgeous
graph
of
the
week.
Josh
I
am
going
to
share
my
screen
and
Josh
has
some
country
and
time
zone
stats
for
us
that
are
neat
all
right.
Let
me
start
sharing
my
screen
here
and
then
Josh
is
up
all
right.
Can
everybody
see
my
screen
Josh?
Is
this
the
right
chart.
H
H
H
H
So
our
second
graph,
which
is
more
sort
of
immediately
useful
to
sig
leads,
is
contributors
by
timezone.
You
know,
and
again
you
can
select
any
number
of
different
metrics
do
this
from
it's
a
really
pretty
sort
of
heat
map
graph
in
order
to
get
the
in
order
to
get
the
we
go
to
the
platform.
This
is
build
a
graph
on
ax
in
order
to
get
the
graph
on
a
heat
map
to
work.
H
We
have
to
render
the
time
zones
as
numbers,
and
so
that's
your
time
zone
column
down
the
left
side
from
plus
13
to
minus
10.
For
those
of
you,
not
you,
so
the
numbers,
minus
seven,
is
usually
the
west
coast
of
the
US
daylight
savings
time
enters
into
it
plus
three
is
I,
think
Central,
European
Time,
so
the
so
you've
got
that
there
now,
where
this
actually
becomes
useful,
is
if
you
want
to
click
on
that.
Second
link.
H
H
The
and
actually,
unlike
a
lot
of
other
SIG's,
we
actually
have
people.
It
looks
like
Cygnet
working
most
of
the
activity
goes
between
plus
3
to
minus
5,
which
is
Eastern
time
zone
no
central
time
zone
with
with
a
real
focus
on
Eastern
time
zone
in
Central,
European
Time.
So
that's
a
good
argument
for
if
sig
networking
was
changing
the
time,
the
weekly
meeting
then
having
it
at
9:00
a.m.
Eastern
Standard
Time,
which
is
a
little
early
for
folks
on
the
west
coast.
H
I
H
Hey
well
guess:
I,
don't
realize
you're
going
to
be
on
this
call.
Speaking
of
time
zones
yeah
the
anyway.
So
that's
that's
a
chart.
That's
a
little
bit
more
immediately.
Useful
I
mean
obviously
take
it
in
a
caveat
because
people
use
the
vpns,
people
have
moved
other
things
happen
to
make
I
to
make
this
data
a
little
fuzzy.
A
C
C
We
are
letting
that
bake
for
the
the
next
cycle,
get
some
implementations
of
that,
and
hopefully
we'll
move
to
promote
that
probably
in
114
would
be
my
guess:
we've
also
got
pod
readiness,
plus
plus,
or
what
we're
calling
readiness
bless
bless
as
an
alpha
feature.
This
is
an
extension
to
the
idea
of
pod
readiness
that
allows
you
to
kind
of
pull
in
systems
external
to
the
pod
in
terms
of
defining
what
a
pod
readiness
is.
C
C
C&Amp;I
bandwidth
shaping
so
for
a
very
long
time.
We've
had
kind
of
experimental
annotations
to
allow
traffic
control
using
kisi
the
cube
net,
and
we
have
extended
that
support
to
CI.
So
now
those
same
annotations
should
work,
whether
or
not
you're
using
cube
net
or
your
favorite
CNI
plugin
there's
also
been
joined,
effort
with
C
and
I
to
add
a
kind
of
reference
plugin
for
implementing
that.
C
C
There's
also
the
network
plumbing
working
group,
which
is
a
sub
so
group
of
Signet
work,
which
has
been
focused
on
defining
a
kind
of
extensions
based
specification
for
allowing
multiple
networks
to
be
attached
to
pods.
So
this
is
a
feature
that
is
I'm
useful
in
some
some
sectors
like
like
nfe,
and
we
are
trying
to
find
a
way
to
do
this
outside
of
the
core
kubernetes
api.
C
C
We're
also
looking
to
agree
a
cap
for
node
local
DNS
cache.
So
this
is
something
that
we
have
been
hearing
for
a
while
and
we
think
we'll
provide
a
bunch
of
improvements,
including
DNS
lookup
performance,
so
there's
a
link
there
to
the
Kip.
It's
currently
quite
active
and
our
goal
is
to
get
that
agreed
in
the
cycle
for
ipv6
and
we
currently
have
single
stack
support.
So
you
can
run
your
cluster
in
either
ipv4
or
ipv6
mode.
C
C
So
we've
identified
that
you
know
there
are
some
potentially
software
areas
and
our
definition
of
conformance
and
networking,
so
we're
trying
to
get
an
effort
underway
to
define
those
and
do
an
audit
of
what
we
consider
networking
conformance
and
those
looking
in
DOS,
where
we're
trying
to
get
our
cube,
rocks
implementation
at
the
GA
and
passing
the
current
set
of
conformance
tests.
A.
C
Couple
other
notable
things
so
we've
got
our
Charter
under
way,
so
there's
a
PR
for
that
and
we
are
working
through
putting
some
finishing
touches
on
it
and
getting
that
in,
and
we
recently
add
some
added
some
owners
to
the
services
and
routes
controller
from
seed
cloud
provider.
Since
that's
kind
of
a
area
of
shared
ownership.
A
H
So
I
the
Shanghai
new
contributors
workshop
is
at
this
point
booked
up.
We
have
the
maximum
number
of
people
that
we
want
to
accept.
Initially,
tomorrow
we
will
have
a
forum
going
up
to
join
a
waiting
list.
We
are
going
to
ask
people
to
confirm
I'm,
expecting
a
certain
number
of
people
to
drop
out
because
they
weren't
really
clear
what
was
involved
in
the
new
contributor
workshop,
so
yeah.
Anyone
listening
to
this
is
in
Shanghai
or
is
going
to
Shanghai
wanted
to
join
the
new
contributor
workshop
and
didn't
get
in.
H
Please
do
join
the
waiting
list,
because
I
expect
that
we'll
be
accepting
at
least
some
people
from
the
waiting
list.
I'm.
Sorry,
we
can't
accept
everybody,
but
this
is
our
first
time
doing
the
new
contributor
work
travel
to
different
languages
and
we
wanted
to
limit
it
to
100
attendees
because
we
don't
want
to
kill
ourselves.
The
I
related
to
that
I
also
wanted
to
mention
that
we
are
going
to
have
more
Chinese
language,
community,
goodness
ready.
H
One
is
the
Seon
dev,
Channel
and
slack
because
I
believe
already
operational,
and
so
people
can
join
that
if
they
want
to
discuss
contributing
to
kubernetes
in
Chinese
II,
and
we
will
soon
have
a
Chinese
language
section
of
discuss.
Kubernetes
that
I
oh
that's,
waiting
on
a
couple
on
translation
of
a
code
of
conduct
and
a
couple
of
things
before
that
goes
live.
F
So
this
is
gonna
be
on
the
Monday.
Before
cube
con,
we
are
running
starting
to
run
low
on
ticket.
So
if
you
haven't
registered
yet
the
link
that
I've
put
in
the
notes
there,
you
can
click
through
there
for
the
RSVP
form
and
you
should
be
able
to
see
the
draft
schedule
of
what
we
have
as
far
as
an
agenda
for
that
day.
If
you
have
any
issues,
please
contact
us
and
we
can
try
to
sort
it.
A
F
Next
week
on
Wednesday,
unfortunately,
we
have
two
members
that
are
traveling,
so
I
could
use
some
help.
So
if
you
want
to
help
me
help
us
answer
user
questions
about
kubernetes
I
need
two
volunteers
in
the
European
timezone
and
two
European
or
two
volunteers
for
the
US
West
Coast
time
zone.
Please
ping
me
on
slack
or
hit
me
up
on
chat
if
you
can
help
us
out.
Thank
you.
A
Awesome
and
then
yep.
If
anybody
wants
to
watch
past
episodes
of
office
hours,
they
are
on
YouTube
and
feel
free
to
just
go
subscribe
to
communities
community
to
see
different
videos
that
we
post,
I
guess
I'll
take
the
next
one
doesn't
have
a
name
next
to
it,
but
I
know
you're
can't
make
the
call
today
the
CN
CF
Awards
nominations
are
open
for
different
things.
Like
chop,
wood
carry
water,
I,
think
it's
like
top
committer
things
along
those
lines.
There
is
a
link
in
the
agenda,
doc
I
believe
that's
gonna
be
recognized
in
Seattle.
A
Only
not
Shanghai,
but
I
know
everybody
on
this
call
knows
an
awesome
member
of
the
community.
Please
PLEASE
recognize
them,
and
this
is
one
of
the
ways
that
we
do
so
also.
We
recognize
folks
in
the
shoutouts
Channel
and
slack.
Please
start
to
recognize
folks
in
the
community.
That
would
be
great.
These
are
super
easy
ways
to
do
so
as
well.
A
Next
item
is
meet
our
contributors.
This
is
a
once
a
month,
youtube
program
that
we
put
on
it
happens
at
2
p.m.
and
8
p.m.
UTC.
It's
the
quickest
and
easiest
way
to
mentor
folks.
If
you
are
saying
that
you
do
not
have
the
time
to
do
so,
I
would
challenge
that
and
say
that
you
do
I'm
sure
you
have
one
hour
this
year
to
come
on
this
program
and
answer
Q&A
from
people
who
are
currently
upstream
contributing
or
would
like
to
get
started.
A
The
steering
committee
has
one
of
those
slots
monthly
as
an
ask
me
anything
type
session.
So
you
can
ask
some
questions
about
governance,
how
they
got
to
where
they
are,
and
things
like
that
so
super
helpful
session
stuffing
was
on
one
of
them
and
did
a
super
quick
code
based
tour
for
for
the
API.
The
clip
of
the
show
is
actually
in
the
agenda
so
encourage
you
to
watch
it.
It's
pretty
much.
A
Our
most
watched
most
watched
show
yet
so
we
definitely
have
a
lot
of
information
that
flows
through
that
as
well,
and
that's
the
meet
our
contributor
slack
channel.
If
you
would
like
more
details
about
that,
then
shout
outs,
my
favorite
part
of
the
week
at
least,
and
again
these
are
powered
from
the
shout
outs
channel
on
slack.
First,
one
up
is
from
me
Cola
shoutouts,
to
Mesa
for
reorganizing
the
cube
control
codebase.
The
pull
request
link
is
in
there.
A
They
think
that
this
thing
that
this
change
improves
the
contributor
experience
now
I
spend
less
time
waiting
for
tests
and
coverage
report
when
I
want
to
chat
when
I
want
to
check
only
specific
cube
control
commands
significant
productivity
boost
for
me,
and
hopefully
other
people.
That's
awesome,
shoutout!
Thank
you
for
that.
In
the
Neill
Utley
says:
Big
Ups
actually
nope,
that
was
from
Lee.
That
was
me
I.
Remember.
Lee
gave
a
big
ups
to
Neil
it
for
putting
in
so
much
hard
work
to
keep
the
flurry
of
CID
cluster
lifecycle
work
organized
thank
to
you.
A
H
But
Matt
Hicks
gave
a
shout
out
to
Paris
doing
every
contributor,
even
the
ones
that
live
far
from
the
valley,
which
Josh
just
proved.
We
have
a
few
and
work
on
kubernetes
on
their
free
time.
Again
you
have
a
few
of
those
people
too.
It
feels
so
good
to
be
part
of
this
community
and
I
cannot
agree
with
that.
Shout
out
strongly
enough.
Thank
you
and
happy
Thursday
all
right.
Bye-Bye.