►
From YouTube: Kubernetes kops office hours 20200828
Description
Recording of the kops office hours meeting held on 20200828
A
Hello,
everybody
today
is
friday,
august
28th.
I
am
your.
This
is
the
cops
office
hours.
I
am
your
moderator,
facilitator,
justin,
santa
barbara.
I
work
at
google
a
reminder
this
meeting
is
being
recorded,
will
be
put
on
the
internet
on
youtube
and
please
be
mindful
of
our
code
of
conduct,
which
boils
down
to
being
a
good
person.
We
do
have
a
fairly
full
agenda.
I
pasted
the
link
to
the
agenda
in
the
chat
in
zoom
here.
Please
do
feel
free
to
add
your
name
to
the
agenda.
A
A
A
Please,
yes,
yes,
we
we
have
a
review
action
items
from
last
time
section.
I
can
also
make
some
adjustments
or
try
to
make
some
adjustments
on
the
fly.
If
I
make
a
mistake,
please
call
me
on
it,
but
I
we
do
have
some
action
items
for
review
from
last
time.
Hackman.
I
believe
you
bravely
volunteered
last
time
to
attempt
a
release
and
you
are
going
to
update
us
on
the
status
of
such
said
release.
C
So,
first
of
all,
sorry,
if
I
didn't
wait
for
everyone
to
lgdm,
as
the
procedure
says,
but
being
an
alpha,
I
don't
think
that's
really
that
of
much
of
a
problem,
so
a
short
update,
short
version
managed
to
do
build
image
promotion,
even
the
github
draft.
It's
ready
with
the
release
note
and
everything
thanks.
D
C
A
It
it's
actually
because
I've
been
working
on
this
on
the
binary
promoter.
It
is
not
yet
the
non-image
promoter,
it
is
not
yet
there
and
yes,
I
do
have
the
it's
not
yet
automated,
and
I
am,
I
currently
have
permission
to
promote
it
manually.
I
will
lose
that
permission
once
we
get
it
working
in
an
automated
fashion,
but
yes,
I
will.
I
will
do
this.
C
C
A
C
C
A
A
For
that
cool
and
on
the
topic
of
the
the
requirements,
one
of
the
things
we
could
do
is
we
could
create
a
subdirectory
with
its
own
go
mod
and
we
could
basically
reference
the
the
tools
as
long
as
they're
go
tools
and
then
run
them
from
there.
So
we
would
have
a
known
version
of
the
tools
as
well
without
polluting
the
main.
The
main.
A
C
C
A
Hub
that
could
be
great
yes,
because,
like
the
the
reason,
these
the
reason
that
these
still
ex
so
we
got
to
get
rid
of
yeah.
The
reason
these
still
exist
is
because
we
haven't
yet
moved
the
canonical
location,
in
particular
from
the
cubot
v2
bucket
that
relies
on
the
binary
promoter,
but
yes
doing
the
image.
One
would
be
great,
so
it's
done.
C
A
C
F
G
Can
find
the
word
for
it
is
now
per
image,
but
it
counts.
Two
two
of
the
each
image
counts
for
two
things,
because
it's
it's
done
against
the
request
against
a
certain
endpoint.
There
is,
I
believe,
a
workaround
for
open
source
projects,
but
you
have
to
actively
get
in
touch
with
them.
I
can
find
out
from
someone
else.
I
know
the
email
address
to
get
in
touch.
C
A
E
I
think
sorry,
I
I
think
if,
if
we,
if
we're,
extending
the
backwards
support
and
also
if
there
is
probably
a
lot
of
people
that
won't
be
able
to
do
to
move
to
119
and
if
they
have
a
large
cluster
and
they
do
a
running
restart
for
any
reason,
a
security
batch
or
whatever
they
might
actually
get
into
troubles.
For
that.
A
C
A
C
The
list
of
artifacts
in
github
is
quite
big
and,
from
my
point
of
view,
it's
unnecessary
to
link
directly
images
or
even
node
up.
So
my
proposal
would
be
to
just
have
all
the
cops
binaries
with
hashes
plus
an
offline
package
that
someone
can
download
and
contains
everything.
So
it
will
be
much
less
messy.
A
A
Yeah,
sorry
it
should
it
should
work,
because
we
have
special
logic
to
detect
github
in
our
mirror
logic
and
rewrite
the
paths
whose
underscores
that's
how
much
we
wanted
this.
How
much
I
wanted
this
yeah,
then
I
guess
I
messed
it
up.
Okay
or
like
it
wasn't,
it
has
to
be
published,
of
course.
So
it's
it's
sort
of
you
never
know.
If
it's
going
to
work
until
it's
until
it's
up
there.
C
A
Right,
yes,
I
think
so
I
I
think
it
would
be
nice
if
we
had
a
second
like
in
the
long
term.
It
would
be
nice
if,
if
artifacts.kate
said,
I
o
was
bulletproof
and
reliable
and
we
didn't
have
to
do
this
and
we
could
have
clean
github
releases,
but
that's
why
we
have
these
binaries
and
they
get
to
release
right
now.
It's
a
second
mirror.
A
C
Cluster
members,
so
I
create
you,
said
to
create
an
issue
in
lcd
manager,
and
I
created
it
also,
I
think
at
some
point
we
will
have
to
cut
a
new
version.
There
is
one
fix
for
open
stack
and
there
will
be
also
the
multi-arch,
and
maybe
this
one.
If
someone
manages
to
work
on
it,
if
not,
but
anyway,
we
need
the
three
four
nine
hcd.
A
Right,
yes,
it's
some
version,
I
seem
to
recall
there
are
more
fixes
going
in
every
day,
but
yes,
anyway,
thank
you
for
creating
the
issue.
I
will.
I
have
not
apologize.
I
have
not
yet
had
a
chance
to
look
at
it.
We
should
update
to
the
latest
at
cd.
As
I
recall,
in
upstream
kubernetes,
there
was
some
debate
about
like
whether
we
were
we
were
waiting
for
a
fix
that
just
landed
or
something
like
that
to
do
with
permissions
file.
Permissions.
A
H
A
C
A
C
A
F
Well,
this
is
just
a
quick
update
from
last
week,
based
on
the
discussion
we
had
there.
We
did.
We
were
having
issues
with
the
service
accounts
that
the
gce
nodes
were
running
as
they
didn't
have
access
to
a
state
store
bucket
or
any
any
storage
that
so
we
were
having
trouble
granting
the
permissions
so
justin
suggested
to
create
that
bucket
inside
the
project
and
manage
to
manage
that
as
part
of
the
lifecycle
of
cubetest.
So
we
got
a
couple
prs
in
actually
got
some
changes.
F
We
actually
got
changes
into
cubetest,
which
was
awesome,
and
we
are
waiting
for
some
final
like
thumbs
up
and
some
tests
to.
Let's
see
if
hopefully
that
works,
if
it
doesn't
then
I'll
put
another
patch
in
that
will
just
set
the
permissions
on
the
bucket.
I
was
trying
to
avoid
doing
that,
but
otherwise
we
should
be.
We
think
we
may
be
able
to
get
this
going
again
for
real,
so
I
don't
need
any
anything
else
to
add
on
that.
That's
all
right!
A
F
A
F
C
C
C
A
Specifically
yeah,
I
don't
know
if
I
I
don't
know,
if
there's
anyone
in
that
camp,
anyone
that
is
still
doing
so,
I
I
don't
think
it's
unreasonable
at
this
time
to
say
like
we
should
not
backport
it
but
to
say,
like
cups,
119
does
not
support
this.
I
think.
That's
I
don't
know
we
haven't
actually
deprecated
it.
I
have
we
deprecated
calico
v2,
technically.
I
C
You
know
it's
just
one
111,
that's
it
the
manifest
stops
there.
So
there
is
a
manifest
from
from
kubernetes
112
that
uses
only
v3.
There
is
no
v2,
for
here.
Usually
running
cops
are
in
calico
itself
in
cops,
so,
but
we
have
a
fixed
calico
manifest
in
our
repo.
So
if
you
want
to
move
to
kubernetes
112,
you
have
to
switch
from
v2
to
v3.
A
A
If
we
feel
like
we
can
do
it
in
120,
maybe
that
maybe
that
keeps
lets
us
keep
our
our
deprecation
policy,
but
I
I
normally
have
the
person
arguing
for
deprecation
like
like.
We
should
be
like
careful
and
do
this,
but
in
this
case
I
feel
like
it's
so
so
on
the
edge
that
I
I
don't
know.
If
it's
I
don't
know,
if
it's
doing
anyone
a
service
to
encourage
them
to
keep
running
category
two.
B
C
C
A
A
A
C
A
C
A
Yeah
the
the
the
argument,
the
argument
that
I
would
make
there
is
we
have
enough
add-ons
in
cop's
tree
already
that
we
have
to
have
a
migration
path
that
works
well
and
so
having
the
having
the
add-on
in
the
tree
doesn't
cost
us
anything
and
it
it
helps
us
like
figure
out
what
that
manifest,
should
look
like
and
get
people
using
it.
So
I
don't
wanna,
I
don't
wanna
block.
I
don't
wanna
block
entry
add-ons
on
a
hopefully
imminent
cluster
add-on
solution.
A
So
I
have
the
next
topic,
which
is
the
discussion,
a
general
discussion
of
cluster
add-on
operators.
I
propose
that
we
defer
that
till
later,
because
there
looks
like
there's
some
sort
of
potentially
better
defined
topic,
so
shall
I
jump
unless
anyone
disagrees,
I'm
going
to
jump
to
mosh
about
gce
support.
I
I
So,
unfortunately,
as
far
as
like
go
knowledge
goes,
I
don't
have
that
much
to
actually
dive
into
the
code
and
like
find
the
bugs.
I
can
help
with
any
way
I
can.
Testing
is
something
I'm
willing
to
do
so
with
I
mean
well,
we
have
an
account
on
gce
and
we're
willing
to
try
and
help
out
with
anything
we
can
so
at
least
from
that
area.
I
F
A
F
Sorry
not
sure
what
that
is
much
better:
okay
in
any
event,
yeah,
so
we're
working
on
getting
the
testing
correct
first,
so
that
we
can
create
a
situation
that
looks
like
your
private
networking
so
that
we
can
have
that
captured
in
the
end
to
end
test,
so
that
we
don't
break
so
that
we
get
cops
working
for
gce
and
then
once
we
have
that
one.
You
can
make
sure
that.
I
We
lost
you
again
and
I
guess
my
last
question
about
it
would
be
so.
I
mentioned
an
issue
there
8626,
which
has
been
open
for
a
while
and
we
just
reopened
it.
Actually
it
was
closed.
Do
we
want
to
create
a
new
issue
and
like
centralize,
all
the
open
issues
we
can
see
there
or
do
we
just
want
to
use
this
one
and
continue
moving
forward
like,
but.
F
A
Yeah,
I'm
not
sure
if
anybody
can
hear
me
yeah,
we
can
hear
you,
I
think,
yeah,
it's
reasonable.
I
think
yeah
everyone's
workflows
are
different
and
whatever
yeah,
if
you're.
If
you
have
some
diamonds,
look
at
this,
then
if
that
would
help
you
then
that's
great.
I
also
want
to
make
gcp
work
better
with
cops.
So
obviously,
so
I'm
it's
just
a
matter
of
finding
all
the
time
but,
as
I
recall,
like
the
big
blockers
are
figuring
out
the
things
which
are
harder
to
change.
A
So,
in
other
words,
should
we
do
the
ip
aliases,
which
are
the
adios
equivalent?
Is
the
aws
vpc
cni?
Should
we
do
that
as
the
primary
mechanism,
or
should
we
use
the
routes
thing?
I
think
we
should
use
ip
aliases,
but
that's
like
that's
the
sort
of
thing
which
we
have
to
figure
out,
which
would
be
a
bit
like,
I
think,
even
with
gke.
A
There
is
no
way
to
switch
a
cluster
and
that's
what
we
want
to
figure
out
before
we
make
it
like
not
feature
flagged
anything
that
would
require
you
to
re-build
your
cluster.
We
want
to
decide
and
get
a
good
decision
on
if
you
have
insight
into
whether
we
should
use
what
gk
equals
ib
aliases
or
whether
we
should
use.
F
Yeah
we,
we
should
definitely
steer
ourselves
towards
going
the
the
alias
range.
The
secondary
ranges
that
sort
of
more
this
more
native,
gke
or
gce
networking
so
yeah
once
we,
I
think,
the
the
the
biggest
the
primary
obstacle
to
getting
this
getting
that
flag
off
is
getting
testing
working
and
getting
like
a
green
test.
F
A
B
A
A
B
A
A
A
Issue
probably
help,
I
think
doing
it
for
an
issue
just
doing
what
you
described
would
saying
what
you
just
would
probably
help
a
lot,
and
then
we
can,
if
we
do
one
of
them
first,
we
can
link
that
pr
to
that,
so
that
people
have
a
reference
of
what
it
looks
like.
Even
if
the
details
will
be
a
little
bit
different
on
each
cloud.
A
A
B
A
That's
true:
it's
it's
about
it's
about
the
volume
of
it's
about
it's
about,
having
a
way
to
keep
merging
changes
that
are
riskier
and
we
don't
necessarily
want
to
delay
the
119
so
like,
for
example,
if
we
were
to
introduce
cluster
api
which
like,
if
I
were
to,
if
I
were
to
somehow
get
get
that
into
shape
or
the
better
example
the
cluster
add-ons
pr
right.
This
is
a
like.
A
It's
not
going
to
it's
not
going
to
ship
in
the
119
time
frame
so
to
introduce
it
now
is
probably
just
additional
risk
like
if
we
wanted
to
clear
that
and
merge
it
somewhere,
it's
nice
to
have
the
the
two
branches
so
that
we
can
say.
Yes,
we
can
merge
this
it's
in
a
great
state,
but
we
don't
want
to
do
like
take
a
a
schedule
risk
on
the
119
release.
A
C
C
B
C
We're
not
ready
to
branch.
Now,
from
my
point
of
view,
the
arm
64
can
be
announced
also
for
worker
nodes.
For
now,
and
we
can
branch
the
beta,
let's
say
just
before
the
next
meeting.
Multi-Arch
images
can
be
done
easily
at
some
point
and
merged,
but
we
have
to
know
that
at
cd
manager,
it's
anyway
a
blocker,
and
we
would
have
to
do
something
about
it
and
also
don't
forget
about
hcd
manager
and
docker,
because
even
if
our
images
are
on
kubernetes
registry
at
cd
would
still
have
to
be
pulled
from
the
regular
docker.
A
B
F
F
F
I'm
not
sure
why
that's
a
restriction,
but
it
is
so
if
we
wanted
to.
If
we
believe
the
dual
listeners
option
is
the
best
way
to
solve
this,
then
I
think
we
would
need
to
be
using
nlbs
and
there
is
a
work
in
progress,
pr
to
add
support
for
it,
but
it's
fairly
out
of
date.
So
it's
going
to
need
some
updates
and
it's
still
a
significant
change.
So
it'll
require
some
review,
but
the
author
said
they're
hoping
to
get
it
done
soon.
B
A
A
A
A
E
A
E
Okay,
I
believe
so
I
think
he
goes
off
for
a
month
and
the
goal
is
to
get
five
pr's
opening
projects,
so
I
mean
even
if
it's
documentation-
or
I
mean
it's
important
well,
every
part
is
important.
I
could
do
I
mean
I'm
offering
to
do
an
effort
to
look
into
what
it
means
and
say
we
could
do
these
things
to
prepare
for
it.
A
I
think
it's
a
good
idea
to
at
least
look
into
it.
I
think,
in
my
opinion,
I
think,
yeah.
I
think
it's
great.
If
you
want
to
organize
it.
I
think
like
trying
to
corral
people
to
do
these
things
is
is
would
always
be
appreciated,
and
I
I
do
worry
a
little
bit
that
we're
going
to
have
like
you
know
not
enough
review
bandwidth
if
we
have
a
thousand
pr's
that
get
opened,
but
I
maybe
maybe
we
can
see-
I
I
don't
know
who
organizes
who
organizes
oktoberfest.
A
E
A
The
other
thing
that
makes
it
particularly
attractive
right
now,
in
my
opinion,
is
with
kubecon
going
virtual.
There
aren't
that
many
like
fun
things
and
I
feel
like
kubecon-
is
also
going
a
little
bit
more
corporate.
So
like
this
sort
of
fun
thing
is
not
as
not
as
does
is
not
the
norm
anymore
and
so
like
this
would
be
complementary
to
kubecon
how
about
that
in
terms
of
audience
and
and
fun.
So
I'm
I'm
particularly
enthusiastic
about
this
sort
of
thing,
but
yeah.
I
don't.
A
I
don't
know
a
lot
of
details,
but
I
I
think
it'd
be
fun
as
long
as
we
can
make
sure
that
doesn't
swamp
our
limited
bandwidth,
and
I
think
that
would
be.
I
think
it's
good,
like
the
we
might
not
have
time
to
talk
about
it,
but
the
google
summer
of
code
program,
I
think,
was-
was
great
in
this
regard,
so
this
could
be
like
a
fun
version
of
that
sounds
good.
Thank
you
awesome!
So
yeah.
Let's
definitely
talk
about
that
next
time,
please
and
okay,
so
we
have
five
minutes
left.
A
A
C
A
A
A
I
A
Terms
of
like
can
I
restrict
the
images
which
we
pull
or
which
I
run
in
my
cluster,
and
can
I
restrict
the
ability
of
users
to
use
service
accounts
that
happen
to
be
available
in
the
cluster
which
are
not
specific
to
add-ons,
but
are,
I
think,
add-ons
highlights
them?
I
would
ask
people
to
follow
john's
example
and
like
comment
on
the
not
only
on
the
code
but
on
the
structural
issues
as
well
of
the
of
the
of
the
well
there's
a
work
in
progress
pr
for
core
dns.
I
think
you
know
we.
F
A
A
F
I
A
An
additional
meeting
as
it
were
like
an
optional
one,
and
it
looks
like
I
think,
it's
a
great
thing
to
discuss.
Okay,
we
could
do
and
we
could
have
an
issue
and
we
could
try
to
policy.
People
would
show
up
or
we
could
do
a
doodle
poll,
which
sometimes
is
an
indication
of
whether
people
would
would
show
up.
E
A
All
right,
and
so
peter
you're
gonna
open
an
issue.
You
said
okay,
yeah
and
we
can
do
some
sort
of
poll
or
something
it
sounds
like
that
might
be
you
because
it
might
be
surprising
with
everyone
sort
of
disrupted
globally
all
right.
Well,
if
there's
no,
the
final
call
for
items,
and
otherwise
we
will
call
time.