►
From YouTube: Kubernetes Community Meeting 20170622
Description
We have PUBLIC and RECORDED weekly video meetings every Thursday at 10am US Pacific Time.
https://docs.google.com/document/d/1VQDIAB0OqiSjIHI8AWMvSdceWhnz56jNpZrLs6o7NJY
Demo - Using “system containers” to install Kubernetes; Release update 1.8, 1.7, 1.6; SIG Auth, SIG Cluster Ops; SIG Network; Steering Committee update
A
B
Hello
and
welcome
to
the
June
22nd
2017
kubernetes
community
Meetup
I-
am
your
host
today
have
Rob
personal
with
rockin.
This
is
part
of
a
rotating
duty
that
we
take
and
we
are
always
looking
for
people
to
help
out
on
moderating
procession,
taking
notes
and
providing
other
services
to
keep
us
at
a
community
forum
as
if
you,
if
you
are
in
the
meeting,
live
and
then
your
thank
you
for
joining
us.
B
We
do
record
these
meetings
and
there
is
a
YouTube
channel,
so
people
who
want
to
participate
by
remote
should
be
directed
to
the
channel
to
catch
up
on
past
meetings.
We
also
take
excellent
live
notes
and
there
is
a
youtube
there's,
a
Google
page
that
has
all
of
the
notes
there
live
and
the
community
is
welcome
to
participate
in
that
process
without
further
ado
and
to
keep
us
keep
us
running
smoothly.
I'll
go
ahead
and
kick
off
the
meeting
Jace's.
Our
is
our
primary
note-taker.
Of
course.
B
C
All
right,
that's
sure,
yeah
all
right
so
just
know
just
by
way
of
quick
introduction.
Thanks
for
having
me
my
work
for
Red,
Hat
and
I
work
on
that
project,
atomic,
which
is
like
an
umbrella
project,
so
lots
of
different
containerization
stuff,
including
a
lot
of
kubernetes
things
and
them,
and
so
a
big
part
of
that
I
work
on
Fedora
Thomas,
instead
of
atomic,
which
are
the
versions
of
those
distres
they're
optimized
for
running
containers
and
then
kubernetes
is
the
orchestration
in
the
choice
that
we
just
sort
of
stress
for
both
of
those.
C
So
they
accomplish
uses
illustrate
to
the
system
software
and
it
makes
the
images
images
are
more
or
less
immutable.
You
can.
You
can
modify
them,
but
that's
getting
outside
the
syllabus
but
mean
were
you
run?
You
know
your
applications
or
anything
to
run
on,
there's
your
containers
and
stuff
that
it
will
run
well
as
you
can,
as
we
bit
into
the
image
and
so
kubernetes
and
complementary
components,
I
get
to
be
in
flannel
and
storage,
clients
or
cluster.
C
So
we
want
to
use
the
kubernetes
attended,
our
system
level,
our
bake
advantage,
but
we've
been
working
to
get
those
out
of
the
image
to
make
it
more
flexible
and
to
being
on
different
buildings
and
also,
if
you
don't
need
some
of
the
teachers,
it's
better
to
have
a
smaller
image.
So
we
can't
over
this
thing
because
it
can
be
tough
to
run
certain
things
in
docker
containers,
certain
system
components,
the
Canopus
system
container
space,
which
is
basically
it's
a
doctor
container,
which
metro
files
in
it.
C
Instead
of
being
what
about
a
doctor,
daemon
which
run
for
NT,
which
managed
by
sis,
would
be
so,
you
can
use
it
as
a
drop-in
replacement
for
a
lot
of
things,
and
so
one
of
those
things
one
of
the
early
things
that
we
did
was
to
FTP
in
flannel,
and
you
know,
plan
only
to
modify
the
director
configuration
you
get
doctor
set
up
to
use
flannel
and
flannels
not
going
the
doctor
won't
start
so
to
learn
that
in
doctor
was
a
little
bit
chicken-and-egg
there.
So
systems
in
system
containers.
C
We
don't
need
doctor
for
them,
and
so
we
do
consider
on
that.
So
this
just
is
an
example
of
a
system
container.
This
atomic
is
a
command
that
one
does
a
lot
of
the
contains
with
it
so
mitosis,
but
one
of
them
you
can
install
two
types
of
containers,
so
this
is
install
systems
for
the
face.
One
container,
the
system
package
thing
is
kind
of
a
moved
it.
C
Basically,
if
you
need
to
add
new
files
to
the
hosts
the
way
they're
working
on
it
is
that
you
can
create
an
RPM
that
just
has
those
added
files,
and
then
I
mentioned
that
the
image
is
a
mutable
beacon
layer
of
package
design
there
anyway,
that
I
had
that
turned
off
here.
So
instead
of
doing
that,
just
copy
the
file
for
the
host
and
so
I
think
more
in
the
future.
That
would
be
an
option
tip
if
you
want
to
manage
that.
C
Vrp
and
they'll
be
able
to
do
that
with
this
system
package
argument,
and
then
we
get
a
name,
you
can
call
it
anything.
You
can
have
like
five
different
fcd,
so
some
containers
running
together
with
different
names,
I
call
it
sed.
So
it's
just
a
drop-in
replacement
and
then
it's
just
a
regular
doctor
container
here
so
I
had
already
pulled
it,
so
it
this
would
be
faster.
Basically,
it
puts
the
files
in
place
and
then
it
creates
a
big
unit
file
and
we
can
just
start
it
up,
and
you
know
there.
It
is
running.
C
You
can
this
is
sort
of
interesting,
interesting
thing,
you're
running
the
container
in
so
in
order
to
access,
you
have
to
be
controlled
binary
inside
the
container
or
to
run
anything
else.
You
can
do
this.
One
see
exact
thing,
but
I
already
did
this
earlier
as
well
generators,
but
anyway,
you
can
see,
but
I
also
did
this.
In
this
case,
as
part
of
I
mentioned,
you
can
copy
things
out
of
the
host
part
of
the
installation
process
and
I
put
it.
C
I
drop
the
that
binary
into
user
local
bin,
which,
on
an
atomic
system
that
is
a
writable
location,
it's
actually
that
actually
lives
at
bomb
user,
willful
and
so
have
because
I'm
using
to
preventable
scripts,
for
instance,
and
in
a
which
expect
that
equity
control
to
be
there
to
do
the
configuration.
So
that
was
a
tweak
that
I
made
to
the
package
to
make
sure
that's
available
so
and
another
here
actually
I
have.
C
It
will
go
through
and
basically
with
all
the
kubernetes
components.
They'll
do
this
similar
kind
of
man
to
just
install
this
new
component
for
FTD
flannel
and
all
the
kubernetes
components
based
on
you
know.
So
if
it's
a
player
to
be
an
STD
server,
a
master
or
mode.
So
you
see
here,
these
are
all
running
in
containers.
C
The
natural
component
there's
no
docker
containers
running
and
we
have
this
atomic
containers
command,
and
you
can
see
here
that
sed
flannel
and
the
kubernetes
master
components
are
running
in
the
seventies
one
c1
times,
Jesus
running
system,
trailers
right
now
and
then
it's
a
similar
thing
on
this
side.
I
have
a
bunch
of
I.
Have
some
containers
running
docker
is
running
the
containers
that
I'm
running
with
kubernetes
to
see
what
gets
populated,
I.
C
C
You
can
see
so
a
bunch
we're
running
a
docker
and
then
at
the
bottom
here
we've
got
flannel.
If
you
blink,
you
proxy
are
running
it's
just
in
two
days.
It
is
kind
of
cool
too,
because
on
tential
s,
the
images
of
version
proven
eighties
that
we
had
baked
in
is
a
little
bit
older.
It's
coming
from
what
well
has
upstream
and
I'm
running
a
the
correct
stable,
because
that
we
have
had
in
rawhide
in
a
big,
successful
skaters
on
on
rawhide.
C
C
I
wanted
to
do
it
with
a
system
container,
so
I
made
a
container
and
again
same
command,
although
I
guess
I
didn't
I,
didn't
I
said:
I
need
the
system
package
bit
because
they
didn't
add
anything
well
hear
much
about
that,
but
so
I
just
installed
the
system
container,
and
then
this
is
from
urinates
premise.
Just
like
how
you
dookied
ADM,
you
know
on
a
regular
system.
You
I
guess
one
difference,
I'll
point
out
at
that.
C
C
C
Obviously
some
kind
of
disk
and
so
I
think
one
thing
to
be
worked
out
and
really
I
would
like
to
see
a
package,
but
that
would
that
cross-platform
issue
was
something
that
I
had
been,
maybe
with
a
dozen
so
I'm
just
doing
the
this
is
just
setting
up
flannel
and
then
setting
up
a
guest
instance.
You
can
see,
we've
got
the
pubs,
we're
getting
ready
to
run
some
more
running
some
we're
getting
later
on
it
again.
We
do
the
atomic
containers.
C
Yes,
and
this
time
you
know
most
of
kubernetes.
This
time
is
running
a
docker,
but
just
the
qiblah
bit
is
running
in
just
regular.
Fluency
gives
us
sophisticated
bit
and
then
all
the
rest
of
it
is
so
it's
one
of
the
things
I
like
about
doing.
These
is
that,
rather,
rather
than
just
say,
your
container
is
privileged
or
not
privileged,
and
you
go
in,
and
you
say
these
are
exactly
the
capabilities
that
I'm
going
to
get
it.
These
are
the
namespaces
over
using.
C
Another
thing
is
on
my
master
here
and
on
this
TV
ATM
thing:
the
cube,
ATM
and
the
to
control
those
are
coming
from
the
container
and
you
can
either
you
can
do
some
link
inside
like
use
your
local
or
you
can
make
a
look
script
that
does
that
run
the
exact
man,
so
it
kind
of
gives
you
you
get
to
run
things
and
containers.
They
give
you
more
rpm
package
life
experience
and
then
it
could
just
feel
other
things.
C
There's
a
doctor
container
efficient
container,
so
you
can
learn
docker
in
the
scope
itself
and
then
there's
the
prior
runtime
for
turbidities
will
work
in
a
system
container
of
that
as
well
and
and
these
containers
I
did
by
basically
King
other
examples
and
copying
them
and
changing
things,
but
recently,
there's
convicted
as
a
build
tool.
Now
make
it
easier
to
make
system,
containers
and
I'll
put
a
link
for
that
in
the
chat
after
I
get
through
with
that.
But
that's
just
my
demo
of
any
questions.
I
can
take
up.
Take
those.
D
D
D
E
Sarah
we're
doing
fine.
So
far
we
have
next
up.
You
have
an
extra
12,
Oh
terrible
Oh,
an
issue
mostly
journey
to
the
upgrade
pack
senior
and
the
Federation
as
a
senior
and
under
some
freaky
cat,
but
besides
the
upgrade
an
evaluation
hat.
So
yes
also,
we
also
believe
mostly
is
cockeyed
flicky
past,
and
so
yesterday
the
Anaconda
meeting
we
asked
every
represent
in
from
the
other,
fake
group
and
reading
has
any
signal
should
be
blocked
up
release
at
this
moment,
and
we
missing
signal
transcript.
E
We
need
a
bigger
skin
in
here
and
this
legal
monitoring
and
a
bigger
our
instrumentation,
so
I
read
other
people
actually
have
the
represented
there
yesterday
and
no
protein
signal,
and
then
we
also
have
like
the
couple
has
the
trail
open
pending
PR
mark
for
for
the
one
point
SEMA
and
visual
editor,
and
there
is
in
yesterday
for
now
meeting
we
decided
be
proud
of
phase
one
Center
for
PCR.
She
is
merged
so
I.
E
Today,
this
morning
and
autumn
salty
eyes,
merger
and
branch
may
not
be
the
fastest
boredom
outside
early,
and
then
we
are
going
to
leave
the
coda
pretty
anemic,
but
before
he
needs
the
country's
secure
is
the
one
things
we
want
to
along
here
and
there's
an
email
will
open
up.
We
are
going
to
company
makes.
The
magnitude
is
unreadable
about
less
than
one
hour,
because
there's
the
one
piece
API
secretary
will
touch
more
than
more
than
$100
continued
violence
or
maybe
I
I
think
even
number
walk.
E
A
pivot
and
then
we
emerged,
so
we
are
going
to
make
that
is
resume,
then
all
Pentecost.
Otherwise
you
can
carefully
base
and
couldn't
merge
that
step
yeah.
So
we
have
h
company
210
down
guerrilla
some
with
you
and
make
that
is
going
through
then
put
back
the
72
so
welcome
to
before
we
take
any
action,
recognition
to
email
out
to
make
sure
it
and
we
have
so
unique
I
need
a
girl.
E
Is
the
Skype,
your
first
of
intended
for
consumers
schedule
yesterday
and
it's
kind
of
seems
because
we
decided
waiting
for
more
stronger
signal
from
hydration
pack
and
up
in
Pennsylvania,
so
so
so
make
someone
to
kind
of
meet
for
the
Africa,
which
you
have
the
bunch
of
the
old
conditions.
And
so
we
closed
the
sofa
last
week's
recalls
and
result
9
operational
issues
and
from
105
to
1.0
upgraded
rescue.
E
We
decided
the
best
friend
pastor
should
receive
and
thematically
cater
for
upgrading
this
Africa
Somalia
and
we
first
you
can
be
issue
waiting
for
the
response
and
for
100
too
enticing
upgraded,
as
you
have
released
three
tester
and
escape
of
Texas
and
winking
for
six
six
Renwick
resolution.
So
the
top
issue
based
amount
open
issue
for
upgrade
and
it
is
a
space
or
Stratocaster
and
we
need
to
understand-
because
in
this
moment
we
don't
have
the
full
and
ascend
box
here
figure,
yet
so
mental
condition
without
to
give
the
feedback
a
flattering
announcement.
E
I
have
some
competing
right
now,
among
all
the
twenty
six
feature.
Without
the
document
we
are
got,
the
response
or
open
Tia
expect
the
dentistry,
our
still
waiting
for
that
appear
when
against
India
admonition,
another
one
is
increased,
secretion
laxity
and
the
third
one
has
a
foresight,
the
earthquake.
So
we
permit
to
hold
all
the
owners
stock
owner
and
accept
the
APA
application.
We
couldn't
hold
him
and
say:
oh
he's,
working
on
the
P
I
this
moment.
E
B
B
What
Jason
one
great
demo
one
comment
for
everybody
is:
we
do
maintain
a
list
of
demos
at
the
top
of
the
the
documents,
if
you're
interested
in
being
one
of
our
future
demos,
there's
three
scheduled
for
potentially,
but
please
get
your
your
name
and
demo
concept
on
the
list
for
future.
So
done,
Thank,
You
Philip!
B
G
G
It's
gone
up
yet
again,
and
you
know
for
those
of
you
who
are
logged
in
much
later
than
you
should
be
early
mornings
and
like
late
nights,
yeah
someone
goes
wrote,
go,
go
Don,
I
would
love
to
put
that
in
big
big
lit
and
neon
lights
in
the
sky
and
skywriting
it's
not
just
on,
but
it's
it's
amazing.
That's
all
I
got
okay.
H
A
call
out
last
week,
I
announced
one
six
five
and
then
right
after
that
meeting
I
was
informed
on
a
security
issue.
So
we
put
out
one
six
six,
the
next
day
after
that.
So
the
two
issues
to
look
at
if
you
use
as
your
club
provider
and
check
the
release
notes
and
also
if
you
use
the
Google
load,
balancer
ingress
check
early
stops.
B
H
F
On
some
things,
going
on
during
the
lasting
release
meeting,
we
came
up
with
a
way
to
give
prove
the
process
I
like
to
focus
here.
One
is
for
trimming
cat
ownership
throughout
the
development
cycle.
If
we
can
do
this,
then
when
it
times
sometimes
new
code,
question
code
freeze,
we
should
all
be
in
a
much
more
relaxed
and
state
and
and
that's
largely
situated
around
stake
and
drive
for
them.
The
other
is
issue
management
and
providing
automation
around
this.
F
We
found
that
a
lot
of
what's
being
done
here,
it
can
be
automated
by
auditing,
is
just
a
human
kind
of
paying
people,
and
some
disadvantage
is
having
a
human
do.
It
are
it's
hard
to
be
totally
consistent
across
every
issue
and
every
release
with
how
we
use
labels
and
how
we
expect
folks
to
add
their
system
on
stone.
So
by
having
a
bot
one
we
can
like.
Have
it
always
comment
if
all
the
instructions
make
it.
F
D
B
E
B
I
I
So
I
figured
that
this
would
be
a
good
time
because
of
the
1-7
stuff
to
go
or
a
little
bit
about
what
is
sort
of
that.
What
features
got
in
to
one
seven
that
sell
and
other
guy
says,
take
off
so
the
first
one
I'd
like
to
talk
about
is
the
couplet
TLS
boots,
no
major
rotation.
So
what
already
exists
in
kubernetes
prior
to
one
seven
and
it's
work-
that's
been
ongoing.
Is
this
certificate
API
in
kubernetes?
I
I
You
have
approvers
that
are
essentially
out
of
tree
that
might
look
at
information
about
like
the
foundation
right
or
something
and
then
come
through
and
improve
or
deny
those
certificate
signing
request,
and
then
something
eventually
will
come
along
and
sign
the
CSR
and
allows
the
nodes
to
bootstrap
credentials
into
the
cluster.
Over
this
release
we
moved
the
couplets
initial
CSR
flow
out
of
elephant.
I
So
that's
now
stable
feature
flags
that
were
standing
behind
for
the
couplet
and
in
addition,
we
introduced
some
new
functionality
into
the
Google
it
to
have
it
automatically
rotate
its
client
and
server
sorts.
So,
after
its
initial
initial
credentials,
the
couplet
sort
of
works
on
its
own
and
we'll
be
able
to
rotate
the
server
try,
answering
sorts
that
exists,
that
work
was
done
by
primarily
by
Mike
Denise
and
Jacob
Simpson
of
Google.
I
The
second
one
I
want
to
talk
about
is
a
pair
of
features,
a
note
authorizer
an
admission
plugin.
This
was
contributed
by
Jordan,
Leggett,
Red
Hat,
and
what
this
is
is
prior
to
1,
7
and
prior
to
this
feature,
couplets
sort
of
have
the
ability
to
read
any
resource
that
they
could
potentially
need
to
access.
So
an
example
of
this
is
secrets.
Couplet
credentials
have
historically
in
kubernetes,
been
allowed
to
read
any
secret
in
the
system.
I
This
is
obviously
really
bad,
because
if
somebody
compromised
as
a
node
and
gets
your
Google
credentials,
they
can
dump
a
lot
of
data
in
the
kubernetes
api,
that's
potentially
very
sensitive.
So
what
this
change
did
was
it
allows
the
API
server
to
restrict
the
type
of
things
like
the
blips
can
request
so
before
couplets
have
the
ability
to
read
any
secrets
on
the
system
and
afterwards,
if
you
turn
on
and
enable
this
authorizer
an
admission
plugin
the
couplets
that
can
only
read
secrets
that
they
would
need
to
run
pods
that
are
scheduled
to
them.
I
So
if
I
am
a
couplet
and
I
have
credentials
and
I'm
trying
to
read
a
secret
that
is
not
associated
with
the
pot,
that's
scheduled
for
me.
I
will
not
be
able
to
perform
that
action,
so
compromising
a
node
no
longer
really
needs
compromising
the
entire
cluster.
So
that
is
with
a
new
feature
added.
A
caveat
of
that
is
that
it
requires
couplets
to
be
given
unique
credentials.
I
It's
a
pending
sort
of
kubernetes
itself,
sort
of
is
relatively
unaffiliated
about
how
you
bootstrap
credentials
or
assign
potentials
the
individual
notes,
and
so
it's
sort
of
up
to
the
administrator
to
ensure
that
Googlers
are
giving
you
credentials.
This
pair
is
pretty
well
with
the
TLS
good
stuffing
work,
because
that
will
enable
that
feature
and
allow
good
lips
to
have
DNA
credentials.
I
The
third
item
is
the
API
server
audit
logging,
so,
in
previous
release,
the
an
audit
log
was
introduced
to
the
API
server
that
would
spit
out
data
about
every
single
request.
That's
database.
This
is
a
very
convenient
thing
for
if
you
want
to
go
and
debug
something
or
if
you
need
to
have
a
log
of
the
events
that
happens
in
your
system,
you
want
to
go
in
on
it,
something
so
stock
and
see
what
pack
happened
over
this
release.
I
That
work
is
continued
and
we
have
been
improving
the
amount
of
information
that
is
supplied
to
this
other
look.
We
have
left
Edmonds
be
able
to
filter
the
actual
events
that
get
sent.
So
there
are
a
lot
of
uninteresting
ones
that
cause
a
lot
of
traffic
like
to
proxy
watching
endpoints
or
something,
and
we
want
to
be
able
to
filter
and
Edmonds,
will
not
be
able
to
filter
that
out
of
that,
other
lot
of
things-
that's
not
relevant
to
me,
or
they
can
say,
I
only
care
about
events
in
the
food
system
database.
I
This
also
added
in
one
seven
will
allow
you
to
hook
up
a
web
hook
to
this.
So
the
couplet
sorry,
the
API
server-
has
configuration
for
a
web
book
that
will
allow
it
to
send
a
structured,
JSON
format,
instruction
JSON
format,
this
audit
log
to
a
remote
service,
and
the
idea
is
that
external
systems
can
consume
this
North
data
make
it
searchable
in
some
way.
That
is
not
just
a
file
at
disk
that
you
go
and
write
a
red
X
for
and
get
a
hot
wait.
I
Finally,
a
the
news
feature
and
another
new
feature
for
1:7
and
the
last
one
we'll
be
covering
here
today
is
encryption
at
rest,
so
this
was
contributed
by
a
late
employment
of
Red,
Hat,
red
castle
of
and
selection
sharam
I'm,
so
is
I'm
pronouncing
that
wrong.
I've
not
heard
that
actually
spoken,
but
those
two
are
of
Google,
and
the
idea
is
that
the
API
server
can
be
configured
to
encrypt
the
resources
for
some
arbitrary
resource
before
putting
it
in
sed
or
kind
of
resource,
at
least
and
very
obvious
use
of
this
is
for
secrets.
I
So
what
you
will
be
able
to
do
in
one
eleven
as
an
Elfa
feature,
is
you
will
able
to
provide
a
configuration
file
to
your
api
server
that
specifies
symmetric
encryption
keys
for
to
use
and,
as
your
data
goes
through,
the
api
server?
So
as
I
use
the
secret
API
is
that
kubernetes
exposes
the
api
server
will
encrypt
those
before
sending
it
into
ftp.
I
So
if
you
have
to
somehow
get
on
the
machine
that
epic
is
using
and
read
the
database,
the
raw
database,
you
will
see
chug
and
not
be
able
to
actually
do
the
secrets
so
yeah.
So
there
was
a
bit
of
other
work
done,
but
those
would
be
the
top
ones
that
I
wanted
to
highlight
here.
I,
don't
know
what
the
best
way,
if
I,
just
keeping
the
link
spin,
it
works
there
or
or
not.
But
if
there
are
any
questions,
I'd
be
happy
to
take
them.
B
I
The
sing-off
meetings
are
bi-weekly
on
on
Wednesdays.
We
will
not
be
meeting
I,
think
we've
been
a
few
days,
deck
Wednesday
and
if
you
come
to
the
stegall's
black
channel
at
the
top,
we'll
link
to
the
meeting
notes
which
have
exact
ways
of
participating
and
what
the
times
are
and
what
they
are
getting
and
like
what
zoom,
I
don't
say.
Hot
black
gentle
is
a
good
question.
I
K
J
B
I
Secrets
are
still
kept
in,
so
seekers
are
so
part
of
this
system.
This
encrypt
occurring
space
of
systems
or
source
data
secrets.
We
are
there's
a
long
document
in
some
of
the
sick
off
meeting
notes
about
getting
secrets
to
external
stores,
like
bolts
and
other
protocols,
that
sort
of
allow
other
systems
to
manage
secrets
that
is
I
will
drop,
that
link
in
and
that's
on.
I
B
I'll
do
a
plug
for
cig
cluster
ops.
In
the
meantime,
we
talked
about
this
last
week,
but
we
didn't
have
any.
We
didn't
take
any
time
out
of
the
agenda,
so
Jason
Jason
I,
who
co-chair
cluster
ops,
are
looking
for
people
to
tell
operator
stories
both
potential
operators.
So
last,
at
the
last
meeting
we
had
about
30
minutes
of
discussion
about
cluster
design
for
somebody
who's
interested
spinning
up
cluster.
K
K
So
I
mean
some
of
those
higher-level
issues
which
were
being
discussed,
but
you
know
those
are
moving
more
towards
the
Google
Group
Angeles,
as
opposed
to
spending
a
lot
of
time
in
our
calls
discussing
those
for
now.
So
with
that
in
mind,
you
know
talking
about
within
seven
release.
We
have
two
things
that
we
got
him
in.
One
of
the
big
ones
was
no
policy
which
is
now
GA
that
finally
landed.
K
We
had
a
little
bit
of
a
scramble
a
couple
weeks
ago,
where
we
needed
to
redo
part
of
it
to
satisfy
something
that
I
think
Clayton
brought
up
around
future
maintainability,
but
got
that
and
that
should
be
in.
We
have
a
number
of
implementations
live
in
various
Network
plugins
right
now,
and
so
that's
something
with
people
can
check
out
in
the
one
seven
release
so
yay
for
us,
I
guess
finally
getting
that
policy,
the
GA
after
probably
about
a
year
and
then
of
course
the
second
one.
K
There
is
another
feature:
the
GCD
cloud
providers
are
second
preservation
and
that
got
in
as
well.
So
a
two
features,
not
a
ton,
but
you
know
we
were
working
on
some
other
stuff
in
parallel
in
the
last
two
meetings,
or
so
we
formed
a
q6
working
group
and
there
are
a
number
of
open
PRS
about
that
which
are
currently
under
review
and
being
discussed
mostly
right
now,
they're
focused
on
getting
cubelet
to
just
be
able
to
register
with
the
API
server
using
ipv6.
K
We
haven't
yet
gotten
to
the
point
of
actually
allowing
pods
to
have
ipv6
addresses
and
passing
them
back
into
booth.
But
that's
one
of
the
next
steps
were
just
trying
right
now
to
be
able
to
enable
ipv6
communication
between
qulet
and
some
of
the
API
server
and
other
components
on
the
network
plug
inside
as
well.
Ipv6
for
CNI
should
be
supported
and
available.
It's
just
the
qiblah
doesn't
do
anything
with
those
addresses.
K
I
sure
has
some
issues
as
well,
and
AWS
has
some
limitations,
so
the
problem
is
and
can't
adequately
test
ipv6
on
any
of
the
current
public
cloud
infrastructures.
So
what
the
working
group
is
looking
into
is
trying
to
run
minimal
tests,
using
kind
of
like
a
doctor
and
doctor
scheme,
where
essentially
in
one
VM,
you
just
run
docker
containers
for
masters
and
node
and
those
docker
containers
inside
themselves
with
run
cublas,
API
server,
controller
master
controller,
etc,
and
then
on
the
nodes.
K
You
actually
run
a
nested
docker
container
and
stacker
and
docker
for
the
pods,
and
that's
worked
out
very
well
for
a
lot
of
the
testing.
We
do
in
right
as
OpenShift
products.
If
we
need
to
do
network
testing
quickly,
that's
what
we
use
and
so
maybe
bringing
that
over
the
kubernetes
for
the
ipv6
testing
will
work
because
we
can
kind
of
bypass
some
Nakata's
infrastructure
and
then,
of
course,
we
are
still
working
on
multi
network.
K
That's
going
a
little
bit
more
slowly
due
to
some
refocus,
but
more
use
cases
keep
popping
up,
and
so
we're
still
be
working
through
some
of
that
and
we're
probably
going
to
go.
Instead
of
me,
more
formalized
proposal
for
now,
people
are
going
to
test
using
things
like
party
resources
and
annotations,
and
just
try
to
feel.
D
J
K
K
K
Conversations
we've
sort
of
decided
to
go,
look
at
some
of
the
other
stuff
and
then
when
we
looked
into
Azure
and
I'm,
not
entirely
sure
about
AWS.
Yet
we
found
that
those
would
not
as
we
couldn't
what
would
be
required
for.
Ipv6
testing
was
not
supported
by
those
clouds,
but
I
mean
I
guess
we
could
put
together
a
doc,
but
at
this
point,
I
think
we're
going
to
try
to
go
forward
with
the
doctor
and
doctor
stuff
for
now
and
see
what
we
get
with
that.
But
they.
B
K
Not
just
a
test
issue,
because
if
we
can't
test
it
with
ipv6
in
these
cloud
providers
and
them
pretty
much
assuming
that
we
can
use
it
to
those
cloud
providers,
one
of
the
options
is
to
create
an
overlay.
So
you
know,
obviously
we
do
an
overlay
that
would
be
a
previous
two
capable
inside
the
overlay,
but
we
use
ipv4.
That
would
be
something
like
the
X
land
or
genève,
and
that
would
be
workable,
but
that's
a
lot
more
infrastructure
at
this
point
that
we
necessarily
want
to
set
up.
So
that
would
be
the
forward
path.
B
C
B
K
Public
cloud,
obviously,
is
not
the
only
deployment
scenario
for
kubernetes,
specifically,
you
know
made
at
Red
Hat.
We
have
quite
a
few
customers
who
are
running
OpenShift
and
hence
communities
in
private
cloud,
and
there
are
also
other
places
that
have
less
well-known
public
clouds
that
want
to
support
ipv6
as
well.
So
it
I
think
that's
those
are
some
of
the
larger
drivers
there.
Another.
L
Things
there
is
that
if
we
did
have
ipv6
support
with
each
node,
getting
a
subnet,
then
essentially
all
of
our
issues
around
having
installed
virtual
networks
and
all
that
stuff
disappears
right,
because
we
essentially
can
route
directly
to
pause
without
having
to
do
special
stuff,
it
would
be
a
beautiful
world
would
live
in
any
kind
of
chicken
in
it.
Okay,.
G
J
K
Mean
I
think
I
mean
we're
OpenShift
a
lot
of
the
stuff
that
we're
doing
for
testing
and
see
I
actually
still
runs
on
AWS,
and
we
are
not
doing
for
openshift
ipv6
yet,
but
I
think
the
path
forward,
they're
the
easiest
path
forward
to
reuse,
some
of
the
existing
cluster
infrastructure,
and
so
just
logistical
set
up
that
we
all
have
on
some
of
the
public
clouds,
probably
end
up
being
over
life
that
might
be
easier
actually
than
trying
to
rustle
up
some
other.
You
know
kind
of
private
infrastructure.
It
does
nativist
welcome
people
reading
here.
G
B
Time
there
you
go
I
just
wanted
no
mute,
comm,
so
Sofia
there's
a
husband
company
called
packet.
That
I
believe
is
trying
to
help
sell
some
of
this,
and
they
do
have
ipv6
v6
support
and
it
shows
entirely
right.
There's
a
lot,
a
lot
of
other
providers
who
do
do
support
ipv6,
and
so
it
is
a
relevant
conversation
and,
and
we
were
running,
we
were
running
ahead
of
time
and
then
we
just
had
this
nice
deep
discussion.
B
So
great
questions
on
that
I
was
going
to
ask
for
an
update
on
the
steering
committee
and
Sarah
had
offered
to
do
that.
And
then,
if
you
have
additional
announcements,
we
have
another
item
on
item
1,
8,
release
team
as
a
question
and
then,
if
you
have
announcements,
try
and
sneak
a
couple
in-
please
add
them.
If
you
want
to
speak
so
we
know
we
know
to
budget
time,
for
it.
Sarah.
D
My
update
is
fairly
short
because
you
all
made
comments,
and
we
closed
comments
towards
the
end
of
last
week
on
the
documents
that
this
record,
it's
community
created
around
generating
a
steering
committee,
and
it
is
now
an
action
item
on
subscribe,
Committee
to
set
a
meeting
go
through
and
make
a
second
draft
of
the
steering
committee
charter
and
an
actual
timeline
to
voting.
So
when
our
nominations
do,
when
are
we
going
to
vote?
Who,
who
is
of
standing
in
the
communities?
We
have
to
generate?
Also
a
list
for
that
I
believe
actually
Joe?
D
D
D
D
A
D
D
D
D
B
A
A
B
Sexually,
do
we
have
community
and
outfits
I'm
not
watching
the
channel,
to
see
if
we
do
additional
I'm
going
to
pause,
while
people
think
if
they
have
any
all
right,
so
I'm
going
to
start
wrapping
up?
We
want
people
to
rotate
responsibilities
for
these
meetings,
so
you
do
not
need
a
buttery
radio
voice
to
host
and
moderate,
be.