►
From YouTube: Kubernetes kops office hours 20200731
Description
Recording of the kops office hours meeting held on 20200731
A
Hello,
everybody
today
is
friday
july
31st.
This
is
the
cops
office
hours.
I
am
your
moderator,
facilitator,
justin,
santa
barbara.
I
work
at
google
a
reminder.
This
meeting
is
being
recorded
and
will
be
put
on
the
internet
and
to
please
be
mindful
of
our
code
of
conduct,
which
is
essentially
to
be
a
good
person
and
in
particular,
as
we
have
a
lot
of
items
on
the
agenda
to
please
add
items
to
the
agenda
and
we'll
try
to
follow
them.
Try
follow
that
agenda.
A
I
did
paste
up
paste
a
link
to
the
agenda
in
the
chat.
So
if
you
do
have
items,
please
just
put
them
on
there
and
it
can
be
very
helpful
for
people
watching
the
youtube
video
to
put
your
name
on
the
attendees
list,
if
you
feel
like
doing
so.
A
A
I
don't
know
if
other
people
did,
but
I
thought
like
it'd,
be
good
to
call
them
out
and
say
what
we
where
they
were
and
that
might
that
might
take
care
of
some
of
the
other
ones
or
it
might
be
a
good
introduction
to
some
other
ones,
because
I
think
some
of
them
are
not
resolved.
But
I
will
go
through
mine
and
if
anyone
else
has
any
others,
please
do
add
them
on
the
list
and
we
can
go
through
those.
A
But
I
did
manage
to
do
the
119
0
alpha
2
release
in
the
nick
of
time.
So
this
morning,
a
couple
of
hours
ago,
and
that
was
built
using
our
new
release
process,
which
I
did
send
a
pr
for
the
hands-off
or
lights
off
release
process,
and
so
those
binaries
are
being
built
by
the
pro
trusted
cluster,
which
calls
into
google
cloud
build.
And
I
guess
technically
those
binaries
did
go
through
my
machine.
I
think
maybe
we
could
make
it
that
they
don't
even
have
to
do
that.
A
But
people
can
validate
the
sha's
by
looking
at
the
promotion
artifacts
and
the
image
promoter
promotion
assuming
it
or
when
it
happens.
Will
be
automatic,
I
don't
actually
haven't
yet
and
then
the
the
binary
artifact
promotion
will
in
future
be
automatic,
but
it's
not
yet
automatic
automated,
but
it's
described
by
an
automated
the
automated
manifest
which
we
will
be
using.
So
the
process
is
a
little
complicated
right
now
because
of
sort
of
having
to
maintain
both
systems.
But
it's
I
think
we
can
start
to
see
it.
A
The
biggest
unresolved
pain
point
is
the
need
to
tag,
and
I
was
trying
to
think
of
that.
If
anyone
has
any
nice
ideas
about
ways
to
I
mean
we
can't
pull
request
a
tag
directly,
but
I
don't
know
if
we
could
pull
request
a
file
which
creates
a
tag
using
a
bot
or
something
like
that.
If
anyone
has
seen
anything
like
that,
please
let
me
know
or
speak
up
or
comment
somewhere.
A
All
right
there
was
a
peter,
I
think
you
were
doing
the
119
bump
and
I
think
there
was
a
there
was
an
issue
with
logger
and
we
managed
to
get
a
compatibility
fix
merged
into
that
which
fixed,
I
guess
I
will
strike
through
the
blocker
and
replace
which
was
the
slash
and
that
will
just
be
a
blocker.
So
now
there's
another
blocker
on
api
machinery.
It
looks
like
do
you
want
to
talk
about
that
or
not.
B
A
A
B
A
Some
additional
eyes,
I
can
certainly
have
a
look
as
well,
and
another
action
item
was
the
some
of
our
ci
jobs.
We're
not
some
of
our
new
ci
jobs,
we're
not
working.
These
are
the
ones
that
we're
actually
gonna
work
towards
being
able
to
test
some
of
the
older,
not
older,
some
of
the
release
branches
so
that
we
could
get
those
under
more
of
our
e
to
e
have
greater
ed
coverage
on
those
release
branches.
A
We
have
great
coverage,
I'd,
say
on
the
master
branch
and
less
great
coverage
on
the
older
branches,
and
so
this
is
doing
that
and
that
merged-
and
I
think
this
morning
peter
did
you
approve
that
I
can't
remember
who
proved
it
but
yeah.
So
I
added
sorry.
Mikey
proves
it.
A
Thank
you
mike
the
I
added
118
to
our
grid,
and
so
we
should
have
that
one
cops
118
in
the
permutation
set
of
permutations
that
are
going
to
be
tested
and
we'll
see
how
that
goes,
and
oh
yeah,
the
naming.
Oh
sorry,
there's
a
lot
here,
the
naming
of
manifests.
I
spoke
to
brought
up
the
state
cluster
lifecycle
in
our
meeting.
A
There
is
a
pattern
in
the
kk
repository
that
is
followed,
which
is
effectively
name
dash
architecture,
so
cube
api,
coupe,
dash
api
server,
dash,
amd64
and
then
the
tag
they
there
is
also
a
cube
api
server
and
then
just
the
tag,
multi,
multi
or
fat
manifest
sometimes
called
or
multi-arch
manifest.
I
haven't
found
where
that's
actually
created
yet,
at
least
for
the
case
of
cube
api
server.
A
C
So
I
did
something
for
hcd
manager.
I
added
a
small
change
to
your
pr
that
does
exactly
that
for
docker
hub
when
you
push
something
it
automatically
creates
the
repo.
If
there's
none.
A
We
don't
need
to
pre-create
that
we
might
create
one
level
up,
I
think,
but
so,
for
example,
with
gcrio
you,
your
your
top
level,
is
your
gcp
project
that
has
to
be
pre-created,
anything
you
can
with
gcr
you
can,
it
seems
like
they
all
have
different
rules
with
gcr.
You
can
go
as
deep
as
you
want.
You
can
necessarily
as
you
want,
and
they
don't
have
to
be
appreciated.
A
It's
okay
for
the,
so
I
looked
at
this
topic
because
I
also
went
down
this
path.
I
think
the
way
people
work
around
it
is:
they
use
the
static
distrelus
where
everything
is
like.
There
are
no
binaries
in
the
static
distro
list.
There
are
no
libraries
rather
than
using
the
c
one.
I
think
it
is
which
includes
lipsy,
which
would
be
our
specific.
I
think,
static,
still.
A
Yes,
but
certificates,
that
is
not
a
the
certificate
package
should
I
don't
know,
I
assumed
the
certificate
anyway.
Yes,
the
that's.
What
other
people
have
done
and
also
kk
has
produced.
I
think
it's
called
go.
Runner
go
dash,
runner
where
they
do
have
a
they
use
that
as
the
base
for
other
ones,
and
that
I
think
it's
for
other
reasons
around
logging,
but
we
can
look
at
reusing
their
image
or
building
an
equivalent.
C
A
View,
I
think
you
are
holding
yourself
to
a
higher
standard
than
everyone
else
is,
so
I
think
it's.
A
C
A
C
C
Which
I
think
it
still
needs
the
docker
back
end,
which
is
annoying,
but
there
is
a
manifest
tool
created
by
one
of
the
guys
that
contributes
to
docker
and
container
d,
and
I
seen
it
used
in
various
projects
like
calico,
for
example.
C
A
Yeah,
it's
also
occurred
to
me.
I
can
bring
up
with
the
working
group,
kate
infra,
who
do
this
promoter
bot
the
promoter
robot
that
actually
copies
this
we'll
copy
these
images
from
our
staging
gcr
into
case.gcr.o.
I
can
ask
them
how
they
are,
whether
they
support
these
manifests
and
how
they
are
thinking
about
it.
It
might
be
that
we
do
it
at
that
level
and
it
might
be
that
they
have
to
do
some
work
there,
but
maybe
we
can
also
get
I
like
the
the
the
challenge
that
I
saw.
A
The
challenge
that
I
encountered
personally
with
the
docker
approach
was
that
you
have
to
push
the
images
first
before
you
can
use
docker
manifest.
It
seemed
yes.
A
Yeah
but
that's
a
little
awkward
for
like
the
whole
like
hands-off
process.
So
that's
why
I
was
like.
Maybe
the
working
group
gates
infra
has
a
an
idea
there,
so
I
can
ask
well
we
have.
C
To
push
anyway,
the
images
in
their
dash
architecture
repos,
so
that's
not
really
a
huge
thing.
We
just
have
to
run
the
command
for
manifest
last
but
yeah.
That's.
I
saw
something
about
the
promoter
in
nginx
ingress.
C
A
That's
a
great
need.
Thank
you
for
that.
Yeah
that'd
be
great,
thank
you
and
then
the
the
oh
someone
please
pasted
a
link
which
is
great.
Thank
you,
which
I
presume
is
going
to
be
to
how
it
is
done.
Yes,
I
couldn't
find
how
it's
done
for
like
cube.
Api
server
was
what
I
was
sort
of
looking
for.
A
I
found
it
for
a
go
runner
and
for
a
couple
of
other
random
ones,
but
like
I
could
not
find
cube
api
server,
which
was
surprising
to
me
and
that's
why
I
was
wondering
it
was
done
as
part
of
the
release
process.
C
For
discussing
what
flag
to
disable
a
certain
task,
I
just
created
it.
So
if
anyone
wants
to
provide
some
feedback,
the
main
issues
was
ntp
service.
Some
people
don't
want
to
install
what
we
want
and
the
easiest
thing
would
be
to
just
have
a
flag
like
skip
install
is
in
docker
to
disable
it,
but
for
me,
skip
install
is
not
really
great
flag,
so
maybe
we
can
standardize
on
some
name
that
we
can
use
for
this,
and
maybe
some
other.
C
A
Okay,
that's
great
thanks.
Are
there
any
other
action
items
last
time
or
we
can
go
into
the
new
items?
Discussion
section.
A
All
right,
let's
go
in
hackman,
you
had
the
first
one,
which
I
was,
I
think
to
approve
the
cops
maintainers.
I
did
you
shamed
me
into
doing
so.
Okay,
thank
you!
D
About
node
yeah,
so
I
have
a
pr
out
which
changes
the
way
that
cops
controller
labels
are
nodes,
takes
it
from
the
cloud
labels.
However,
some
of
the
labels
we
have
for
nodes
have
empty
values,
so
it
needs
to
revert
9519
since
that
broke
cloud.
Labels
with
empty.
D
Values,
so
I
don't
know
how
to
get
that
move
forward.
A
I
don't
have
a
ton
of
context
here,
I'm
trying
to
open
the
pr's.
I
don't
know.
If
yeah
could
we
skip
the
ones
with
them
like?
Can
we
skip
ones
with
empty
values
instead
of
what
I'm
gonna
ring?
Yeah
yeah?
That's
I.
D
Then
we
wouldn't
have
them
labeled,
okay
and
those
are
kind
of
key
ones.
Yeah
there's,
apparently
a
a
database
is
working
on
a
fix,
but
I
think
until
we
get
the
fix,
we
should
probably
take
out
9519.
A
Me
dude,
sorry,
that's
great
peter
to
say
thank
you.
Thank
you
for
that
did
did
9519
ship
in
no
cool.
D
Okay,
so
the
next
one
is,
I
want
to
reduce
the
lifetime
of
the
exported
cubic
credentials
from
87
600
hours
to
18..
D
A
Yeah
I
mean
like
yes,
it
would.
Is
it
a
toolbox
command?
What
is
it
would
be?
Oh
yeah,
probably
a
toolbox
command
like
effectively
once
we
go
down
to
18
hours,
we're
effectively
already
dependent
on
cops
being
installed
at
that
point
anyway,
we
could
probably
have
like
if
we
ended
up.
If
we
did
this
and
and
it
was
widespread,
we
could
end
up
having
like
a
a
smaller
command,
that
we
could
optionally
ship.
But
excuse
me
shared
code.
A
The
I
think
it's
unrelated,
but
the
I
have
noticed
that
the
some
of
the
workflows
are
harder
now
that
we
don't
export
good
company
by
default.
I
think
that
was
a
surprise
to
me,
but
that
is
not
related
to
what
you're
proposing
here
right,
you're
essentially
saying
we
would,
we
would
just
make
it
safer
to
export
cube
conflict.
I.
B
A
B
No,
that
was
accidental,
sorry.
A
D
C
So
I
I
also
think
that
the
principle
is
okay.
I
am
not
really
sure
about
the
duration,
so
the
way
the
pr
is
written
seems
pretty
good.
Someone
that
wants
a
different
thing
can
find
other
ways.
I'm
not
sure
that
18
hours
as
the
default
is
okay.
C
E
I
agree
my
biggest
issue
is
the
time
if
that
were
configurable,
I
would
feel
a
lot.
C
C
But
if
I'm
just
starting
with
cops,
I
may
find
it
more
annoying
to
stay
and
decide
how
many
thousand
hours
I
want
to
put
that's
the
reality.
A
beginner
would
say
one
thousand
or
something
hours
there.
E
I
mean
you
could
easily
switch
it
so
that
it's
configurable
to
the
current
number
and
then
we
can
decide
in
another
pr
what
we
actually
reduce
it
down.
To
that
I
mean
that
could
be
one
way
to
break
it
down
right.
B
E
A
If
we,
if
we
had
the
credential
helper,
what
what
would
we
do
in
terms
of
the
durations
like
if
you
did
and
did
not
use
that
credential
helper.
A
Well,
I
mean
yeah
with
the
credential
helper
can
go,
I
mean
my
my
expectation
is:
if
you
had
a
credential
helper,
we
would
go
like
it.
Wouldn't
the
only
way
you
would
notice
that
your
credentials
had
expired
would
be
that
it
would
take
a
little
longer
to
do
a
coupe
cuddle
command.
That
assumes.
C
A
A
D
A
We
we
sort
of
get
that
that
seems
nice
right,
I
don't
know,
but
yes,
we
could
go
pretty
low
is
what
I
is.
What
I'm
thinking
we
can
debate
the
nuances
there
yeah.
I
guess
the
question
is:
if.
A
B
A
Okay
and
then,
and
then
we
can
decide
next
time
does
that
work?
Okay.
I
also
think
if
you
wanted
to
put
it
in,
like
I
think
we
talked,
I
don't
know
whether
it's
in
this
pr
or
a
different
pr,
if
you
wanted
to
put
it
in
the
cops
configuration
file,
I
think
that
would
be
like
perfect,
so
that
then
you
could
go
down
as
low
as
you
wanted
to,
but
I
think
it's
also
a
valid
thing
to
do
to.
I
don't
want
to
not
have
the
discussion
about
reducing
that
duration.
A
A
Okay,
cool
yeah,
the
I
think
the
one
thing
I
wanted
to
ask
was
the
oidc
setup
I
guess
would
be,
or
someone
mentioned
using
oidc
as
their
like
here.
A
I
don't
know
if
we
should
like,
if
we're
building
up
a
plug-in
that
can
enable
the
admin
credential
to
be
rotated,
so
this
would
essentially
be
your
coupe
config.
I
don't
know
if
everyone
has
used
gke
or
one
of
the
other
providers
that
does
this,
but
your
coop
config
has
an
exact
entry
and
it
would
have
it's
basically
a
a
command
that
is
executed
in
order
to
get
the
token.
A
I
think
that
that
is
then
passed,
and
so
that
command
can
do
anything
and
it
basically
caches
a
token
with
an
expiration
time
and
produces
it
back
on
demand,
and
so
your
experience
is
basically
you.
You
have
a
short-lived
token
on
disk
and
whatever
security,
your
your
command
uses,
is
what
determines
the
like
the
vulnerability
or
otherwise
of
your
config.
A
I
guess
I
guess
my
question
is
like
how
does
that
match
or
mesh
with
what
people
do
with
oidc
and
admin
credentials
and
like
it
feels
like
there
are
three
things
going
on
there's
this
plug-in
notion,
there's
this
reduction
of
duration
and
there's
the
config
not
being
exported
by
default
and
like
maybe
we
can
make
them
all.
Maybe
they
are
all
interrelated.
A
Does
that
match
with
how
other
people
are
the
people
using
oidc
or
other
providers
like
the
aws?
I
am
one
and
does
that
match
with
how
people
are
doing
things.
E
Yeah
we
use
oidc
for
everything
except
for
free
class,
but
we
use
that
that
initial
credential
to
bootstrap
additional
parts
of
it.
A
Okay,
well,
I
which
I'm
going
to
try
writing
a
credential
helper,
see
how
hard
it
is
and
like
see
if
we
can,
like
generally
make
the
auth
experience
better
like
in
general,
like
I
think
underpinning.
This
is
a
general
dissatisfaction
with
the
idea
that,
like
there's
this
admin,
coupe
config,
which
is
sitting
in
a
file
that
even
18
hours,
is
too
long
for
some
people
like
for
some
people.
It
sounds
like
the
duration
is
like
as
long
as
it
takes
to
run,
the
coop
cuddle
apply
immediately
afterwards
or
something
like
that
right.
A
A
great
setup
in
general,
but
we
also
I
don't
know
if
there's
a
what
what
off
system
authentication
system
are
people
using?
Is
it
generally
oidc
or
otherwise
rydc?
Is
anyone
not
using
lidc.
A
A
But
you
don't
present
you
still
you
so
you
do.
You
do
an
ldap
exchange
and
then
you
get
a
token
from
something
or
how
does
that.
D
A
That
will
vend
a
kubernetes
yeah
a
kubernetes
token
and
it's
a
private
custom
developed
thing:
that's
yeah!
Okay,
that's
a
nice
thing!
I
like
that.
A
D
A
You
have
the
source
code,
but
yes,
that's
a
cool
idea
as
well
the
ssh
thing
anyway
yeah.
Yes,
I
I'm
going
to
write
a
small
credential.
Hopefully
I'm
going
to
resist
the
urge
to
write
an
entire
auth
system,
but
the
yeah
understanding
what
people
are
using
are
are
people
using
the
aws.
I
am
authenticator,
which
I
believe
some
people
are
yeah.
Okay,.
A
And
john,
your
token
is
a
jwt
token
right,
you're
you're
not
setting
up
oidc
from
the
one
of
the
kubernetes
yeah.
I
think
it's
jbp
yeah
yeah.
I.
A
Exactly
but
yeah
I'm
much
rather
that's
fair,
but
yes,
the
but
yeah
so
either
oidc,
im,
authenticator
or
a
token
that
is
generated
by
some
out
of
bound
process
out
of
banned
process.
A
Okay,
thank
you
for
that.
That's
helpful!
All
right!
I
will
look
at
that.
I
will
do
an
ai
for
next
time
and
we
will
review
the
ai
at
the
beginning
of
the
next
meeting.
D
Okay,
so
pr
for
rotating
the
service
account
training
key.
So
this
adds
two
new
keys.
A
next
and
a
previous
for
the
service,
account
key
and
try
to
figure
out
how
to
move
that
one
forward,
because
we
currently
have
this
concept
of
sub
keys
but
they're.
I
think
they're
date
stamped
or
numbered,
and
it's
can't
tell
which
one's
which.
A
A
I
think
that
was
my
feedback
is
like.
Could
we.
A
Could
we
add
some
field
to
give
you
what
you're
looking
for.
D
A
Whatever
it
is,
keystore
or
the
other
one,
that's
named
yes,
yes,
I
think
I
think
that
was
intended
to
be
deliberate.
That
might
be
a
misdesign
in
that
like
it
was
supposed
to
just
like
give
you
the
right
one,
but
perhaps
that
is
a
misdesign.
D
So
yeah
I
could
add
an
id
and
then
extend
that
api
so
that
you
can
ask
for
a
particular
one.
C
A
A
shock
to
see
the
shop
you
know
like
this,
whatever
the
word
is
to
see
it
like
a
suggestion
that
it
was
not
perfect,
but
it
was
like
that
we
wanted
to
do
names
again.
I
think
there
were
challenges
with
using
like
lists
and
things,
but
I
think
we've
overcome
them
and.
D
A
E
A
That
thank
you
that
would
make
me
very
happy
and
it
would,
it
would
certainly
make
make
my
like
I'd,
certainly
be
very
like
understanding
of
how
that
worked
more
and
I'd
better
understand
how
that
works.
That
would
be
wonderful
to
see,
and
then,
if
it
doesn't
work,
we
can
just
be
like
yeah.
John
is
right.
Okay,.
F
It's
me
thanks
thanks
for
picking
up
this.
Yes,
this
is
pretty
old
like
the
time
dirt.
I
believe
2018
so
really
like
two
years
old.
It
was
left
aside.
I
believe,
because
there
were
other
different,
I
priorities.
F
F
Sure
sure,
just
there
was
a
discussion
there
you
pushed
there
there.
I
believe
there
was
a
decision
to
to
take.
If
we
won,
I
don't
I
don't
recall
now.
Can
you.
A
Yes,
I
think
I
think
I
was
a
little
wondering
whether
we
were
going
to
change
behavior
on
people,
which
I
think
it's.
I
think
I
was
suggesting
that
it
would
be
okay
as
long
as
we
did
it
on
a
on
a
major
major
minor
release,
boundary
ie,
120
or
something
and
put
a
clear
release.
Now
I
think,
that's
reasonable.
A
F
Yes,
yes,
definitely
well.
Actually
the
use
case
is
exactly
the
one
that
you
depicted.
You
were
describing
vpn
tool
is
exactly
this.
The
same
one
is
pretty
simple:
we
like
to
spin
up
by
the
guard
the
tail
scale
whatever
into
the
past.
You
know
so
basically
ppm
tooling,.
A
Yes,
I
think
you
know,
the
other
option
is
that
you
can
create
a
specialized
node
pool
to
do
so,
and
do
it
in
like
more
in
kubernetes,
which
could
be
better
in
some
ways
could
be
worse
in
some
ways.
But
yes,
I
don't,
I
think,
that's
I
think.
If
you
wanted
to
do
it,
I
don't
think
we
should
block
it.
I
think
the
other
one
is
like
ssh.
F
A
Yeah,
that's
a
cryptophobia
has
signed
the
cla.
So
that's
fine
to
do
you
don't
have
to
start
again.
Oh
okay,.
C
There
were
some
tasks
in
well
in
the
cloud
part
that
were
blocking.
For
example,
the
nat
gateway
was
having
a
message
saying
that
it
would
take
a
cup
to
five
minutes.
Based
on
my
chat
with
john
in
a
pr
I
removed
that
we
added
something
like
try
again
later
error,
so
that
doesn't
print
a
warning.
C
It
just
keeps
the
task
and
tries
again
in
10
seconds
this
reduced
drastically
the
time
for
the
not
gateway
scenario,
but
I'm
not
sure
if
it
breaks
anything
at
some
point,
so
wanted
people
to
be
aware
that
some
of
the
tasks
don't
wait
for
for
it,
something
to
be
created
it
just
skips
over
and
when
that
resource
is
ready.
C
A
Okay,
sorry,
yes,
I
think
that
the
two
questions
I
would
have
is
do
we
know
why
we
did
it
like.
A
C
Don't
remember
what
the
other
stuff
is
and
not
gateway
where
you
want
to
create
a
dependent
resource,
and
you
just
get
an
error,
so
you
can
either
wait
for
it
to
be
ready
or
ignore
it
and
try
again
later.
C
A
Excellent
explanation.
Thank
you.
Yes,
that
makes
a
ton
of
sense.
So
there's
there's
like
there's
an
intermediate
stage
before
the
full
readiness
stage
and
we
only
have
to
wait
for
the
first
one.
But
yes,
that
makes
a
ton
of
sense
and
you
added
some
form
of
non-terminal
error
to
the
current
return.
C
It
wasn't
terminal
in
the
past
either
it
just
retries
for
10
minutes.
The
problem
was
that
I
don't
want
to
let's
say:
pollute
the
output
with
errors
that
later
come
in
chat
like
we
have
one,
that's
pretty
much
very
often
once
every
week
or
two
weeks.
Why
isn't
the
cni
not
ready
on
nodes
people,
look
at
protocol
blogs
and
see
that
protocube
is
waiting
for
cni
to
be
initialized
and
they
think
that's
actually
the
error
that's
preventing
their
cluster
from
coming
up.
A
Okay,
cool.
Thank
you
yeah,
that's
great!
That
sounds
like
great
and
thank
you
for
calling
attention
to
it,
because
yeah.
A
Worth
watching,
but
it
sounds
like
it
makes
a
ton
of
sense
we're
getting
some
well,
I
think
yeah.
Okay,
obviously
we're
getting
a
feedback
loop,
but
I
think
I
will
just
be
sure
to
mute
in
between
next
item
on
the
agenda.
Sorry,
I've
actually
lost
the
agenda.
Next
item
on
the
agenda
is
peter
on
rfc.
B
On
average,
so
right
now
we
use
a
pte
runner
called
cubetest.
That's
in
the
testing
for
repo
the
owners
of
that
have
declared
that
it's
in
maintenance
mode
and
accepting
bug
fixes
only
they
have
a
cube
test
two
also
in
test
infra,
and
I'm
wondering
if
we
should
reevaluate
how
we're
doing
our
vte
test
so
that
we
can
add
additional
functionality
like
testing,
rolling
updates
or
upgrades
or
other
stuff
that
I
mentioned
in
the
issue.
So
if
anyone
has
any
opinions
about
that,
it'd
be
great
to
hear
them.
A
A
I
don't
think
we
should
take
on
the
ownership
of
cubetest
just
yet.
So
we
should
start
yeah,
okay
good,
but
I
will
certainly
review
this
issue.
I
think
it's
like
I
did
do
something
with
jupiter
in
the
past.
I
don't
know
whether
it's
the
right
answer
or
not,
it
didn't
feel.
Like
I
don't
know,
I
could
also
bring
that
up
a
little
bit
more
and
get
that
into
a
more
runnable
state
we
don't
have
to
have.
A
We
can
try
one
or
two
things
if
we
want
and
see
how
we
feel,
but
I
I
do
like
the
very
much
the
the
meta
idea
of
getting
a
at
least
one
test
going.
That
is,
it
lives
in
the
cops,
repo
and
test
a
scenario-
that's
not
necessarily
covered.
Otherwise
that
sounds
great.
D
Not
familiar
with
jupiter,
I
just
like
to
know
what
it
gives
us.
You
know
to
pick
up
a
desperate
language
framework,
but.
A
Yes,
the
my
thoughts,
so
the
idea
of
the.
A
A
It
also
meant
that
the
output
you
got
so
you
can
run
a
jupiter
notebook
and
the
output
you
get
is
the
same
as
if
you
had
run
it
directly,
and
so
you
can
sort
of
move
between
the
two
worlds
and,
if
you're,
if
you
do
it
a
little
bit
carefully,
you
can
have
it
be
that
you
take
a
notebook
that
is
an
execution
of
a
test,
run
re-run.
A
It
locally,
tweak,
it
and
sort
of
like
say
like
understand
what
happened
and
like
maybe
fix
it,
or
you
know
that
sort
of
thing,
so
that
was
sort
of
what
I
was
going
for.
It
was
sort
of
trying
to
understand
the
output
from
coop
test
is,
is
very
difficult
and
it's
like
a
different
workflow
to
fix
a
test
than
it
is
to
write
a
test
and
understand
like
it
was
like
a
more
homogeneous
workflow.
But
I
haven't
pursued
a
lot
myself
and
I'm
not
sure
I've
convinced
myself,
but
that's
what
I
was
going.
A
A
I
think
there
would
be
a
lot
of
advantages,
also
from
doing
a
go
doing
tests
and
go
without
the
the
full
jinko
jinko
framework
and
some
of
the
frameworks,
that's
in
that's
currently
in
our
ed
test.
Stuff,
has
certainly
built
up
over
the
years
to
the
point
where
it's
not
necessarily
particularly
easy
to
understand,
and
you
would
get
many
of
those
those
advantages
by
just
having
the
test
be
like
go
test
runnable.
A
So
if
you
can
go
test
like,
I
think
it's
a
good
test
just
go
test,
but
not
test
run.
If
you
can
just
run
the
go
test
rather
than
having
to
do
a
whole
bunch
of
compilation
of
an
eddy
thing
that
you
then
run
a
certain
way,
I
feel
like
we'd,
have
some
of
the
advantages
that
I
just
described
there
without
having
to
switch.
B
The
next
item
was
me:
it's
been
a
long
time
since
I've
last
shown
this
at
office
hours,
but
I
updated
our
release
delay
graph
for
our
most
recent
feud
liners.
So
you
can
see
that
we're
improving.
A
We
are
indeed
that
looks
good.
The
alpha
delay
has
gone
negative.
That's
funny
like
I
think,
that's
what
we
wanted
right.
We
wanted
the
alpha
delta
delay
to
be.
We
wanted
alphas
to
be
available
at
release
time
or
yeah.
We
wanted
alpha
zero
beta
to
be
available
at
release
time
and
then
stable
to
be
when
it
is
stable.
The
the
119
kubernetes
release
is
looking
like.
It
may
have
some
a
longer
period
until
it
achieves
stability.
There
are
a
couple
of
things
that
are
looming
like
they
did
a
very.
A
They
did
a
very
recent
update
to
kubernetes
one
sorry
to
go
115,
which
also
includes
a
certificate,
a
new
certificate
validation
thing.
So
we're
going
to
deal
with
that.
Essentially,
the
cn
common
name
field
is
no
longer
accepted
as
a
host
name
or
perhaps
every
round
the
hostname.
C
A
No
longer
match
against
the
cn
field,
it
has
to
be
in
the
subject:
subject's
alternate
names
which
apparently
is
technically
to
spec,
but
not
reality
or
well
sure
not
reality.
Today,
anyway,
I
yeah
the
we
might.
We
might
put
up
a
new
record
on
the
stable
delay
for
119
we'll
see,
but,
yes,
we
can
at
least
get
a
beta
out.
D
Either
turn
that
118
line
blue,
that's
a
great
topic
are
we
is
that
actually
our
next
topic.
A
A
Yeah,
I
I
I
think
I
said
I
was
gonna.
Do
it
last
time
and
didn't
actually
do
it?
I
don't
know
if
there
are
any
blockers
that
anyone
is
aware
of.
Otherwise
I
think
it
is
time
this
one
will
be
yeah
the
last
of
the
old
release
process
as
it
were.
Well,
unless
we
decided,
I
don't
like
the
release
process,
but
it
is.
This
will
be
on
the
old
release
process.
C
C
So
I
said
that
I
would
like
to
leave
the
decision
to
you.
If
you
think
that's
okay
or
not,
oh,
it
will
be
just
in
the
patch
release,
but
I
don't.
C
Insist,
so
that's
all
that
I
know
for
118
remaining.
Everything
else
is
so
I
think
there
was
an
open
pr
right.
Yeah
you
can
just
I'm
just
going
to
find
a
link
to
it.
Yeah
he's
the
only
one
remaining
in
one.
D
Feel
I
think
the
risk
has
been
managed
as
well
as
it
can
it's
just
do
we
want
to
take
it
the
day
before.
D
C
Yes,
I
think
so
in
your
tests
in
the
grid,
right
and-
and
I
think
your
tests,
but
yes,
but
yes,
oh,
I
think,
actually
I
think
the
network
plug-in
ones
run
against
118
anyway.
C
A
C
Behavior
you
mean
in
118
or
119.
C
A
The
the
I
think
we
have
x,
we
have
excellent
test
coverage
in
cops,
so
the
we.
C
A
Group,
you,
you
said
you
asked
about
119
versus
118.
Is
there?
Is
there
a
different
behavior
in
one
in
190?
It's
just
not
there
right
or
how
does
it
work
in
190?
It's
not.
There
master.
A
A
So
this
applies
to
canal
and
flannel
in
back
and
oh
sorry,
just
reading
this,
it
applies
to
canal
or
flannel
in
the
exxon
mode
yep.
How
do
people
that
use
this
one
of
those
two
options
feel
about?
C
Okay,
so
I
know
that
at
some
point
kashif
asked
me
to
remove
it.
C
A
I'd
feel
more
comfortable
if
there
was
an
override
like
if
the
users,
because
we
don't
really
have
an
override
of
any
sort.
I
don't
necessarily
want
to
do
another
another
flag,
but,
like
I
don't
know
a
little
bit
too
much.
A
C
Let's,
anyway,
let's
discuss
about
the
rest
of
118,
if
you're
confident
about
this,
we
can
just
close
it
or
I
don't
know
edit
for
one
at
some
point,
but
anyway,
anyone
any
objections
about
118
being
released
or
thoughts.
A
A
C
C
A
So
yes,
if
you're,
okay
with
us,
not
merging
it
and
and
we
can
add
a
flag
if
we
need
it
that
makes
sense
to
me
in
terms
of
getting
the
release
out
and
not
taking
on
the
risk.
Is
that
is
that
what
you're
saying?
Yes,
that's
perfect,
I
I
would
be
most
comfortable
with
that.
I
I
sounds
like
other
people
would
be
as
well
yeah
cool,
thank
you
and
thank
you
for
doing
the
pr,
even
though,
and
and
for
being
like
you
know,
accepting
that
we
might
not
want
to
emerge
yeah
10
minutes
about
it.
A
No,
but
it's
good
because,
like
it's
an
important
decision-
and
I
think
it's
good-
I
think
it's
it's
actually
interesting
about
like
next
time.
This
happens.
We
should
think
about
how
we
are
going
to
next
time.
There
is
a
workaround
that
we
expect
to
go
away.
We
should
think
about
how
we're
going
to
get
rid
of
the
work
around
as
it
were
right
like
we
should
maybe
make
people
opt
into.
I
don't
know
if
we
well.
We
need
to
think
about
that
anyway,
so
I
think
that's
a
good,
maybe.