►
From YouTube: Kubernetes kops office hours 20191108
Description
Recording of the kops office hours meeting held on 20191108
A
Hello,
everybody
today
is
Friday
November,
8
2019.
This
is
cops
office
hours.
I,
am
your
moderator
facilitator,
just
in
Santa,
Barbara
I
work
at
Google
a
reminder.
This
meeting
is
being
recorded.
What
we
put
on
the
internet
and
to
please
be
mindful
of
our
code
of
conduct,
which
includes
the
concept
of
being
a
good
person.
Please
feel
free
to
add
your
name
to
the.
B
A
Which
I
have
shared
in
the
doc
I
will
take
the
tics
as
fast
as
they
appear.
If
you
do
not
have
permissions,
if
you
do
join
the
synced
us
to,
let's
have
a
good
group,
you
should
have
permissions
to
edit
the
we
have
a
bunch
of
things
on
our
agenda,
though
so,
please
do
add
things
to
the
end
of
the
agenda
if
you
would
like
to
so
that
we
can
be
sure
to
get
to
them.
Otherwise,
I
propose
we
get
right
into
it.
So
Peter,
do
you
have
first
item
on
the
agenda
about
testing
yeah.
C
I've
been
doing
some
recent
work
on
R
and
n
tests
and
they
were
looking
at
the
test
grid.
They
were
all
read
for
a
very
long
time
and
then
we
got
the
node
label
issue
fixed
in
1/16
and
now
they're
purple
and
hopefully
it'll
turn
green
suit.
So
that's
promising
it'd
be
great.
If
we
could
have
some
solid
green
before
a
state
will
release
so
we'll
see
how
that
goes.
Yes
with
an
add,
Justin
I,
just.
A
Want
to
say
thank
you
so
much
and
it
is
really
awesome
and
they
are
I
I
think
they
are
very
green.
But,
yes,
there
are
occasional
flakes
as
far
as
I
can
tell
most.
Those
folks
are
not
us,
but
yes,
I
think
it
would
be
great
great
to
get
them
all
green
I
agree
and
thank
you
for
your
work
on
that
yeah.
C
So
I
have
a
few
PRS
to
the
testing
for
project
one.
We
had
been
pinning
the
kubernetes
version
that
we
passed
against
to
115
because
of
the
node
label
issue
for
the
pre
submit
jobs.
Now
that
we
passed
those
tests,
we
should
no
longer
need
115,
so
the
first
one
will
unpin
that
so
that
now
our
pre
submit
jobs
are
using
the
latest
master.
The
second
one
will
add
and
end
job
for
the
Amazon
BBC
CNI
provider.
We
already
have
other
jobs
for
the
weave.
A
C
So
this
just
adds
one
for
that.
I
think
I
had
updated
the
VP,
CC
and
I
manifest
recently
and
watched
it,
because
I
wasn't
able
to
test
it
at
the
time
and
then
this
would
have
caught
that
much
faster
and
then
the
last
one
will
add
presubmit
jobs
for
merger,
quest
to
release
branches
currently
for
merge,
request
to
release
branches
which
be
cherry
picks.
We
only
run
a
subset
of
the
jobs
and
we
don't
run
a
need
to
eat
job.
C
A
Do
it
right?
Thank
you,
Peter,
yes,
I
think
yeah.
Thank
you.
So
much
I
think
like
the
the
VP,
CC
and
I
think
is
super
important.
It's
like
something
we've
talked
about
in
the
past.
Is
you
know
the
idea
of
like
adopting
a
test,
that's
important
to
you.
So
I
presume
that
a
diversity
of
CCC
ni
is
important
to
you
for
whatever
reason,
and
so
if
other
people
love
calico
or
you
sorta
used
calico,
then
they
should
also
adopt
a
test,
and
that
would
be
great
yeah.
A
A
We
get
signal
as
to
whether
something
is
specific
to
a
to
a
CBC
and
I
or
specific
calico
were
like
is
affecting
all
of
them,
so
that
really
helps
narrow
things
down
pretty
fast,
but
that's
an
awesome
set
I
will
I
will
look
at
those
two.
Probably
later
this
afternoon,
thank
you
all
right,
oh
and
I
should
also
bad
I'm,
trying
to
get
the
GCE
tests
also
running
as
well.
A
D
A
E
A
B
A
E
So
in
the
chat
group,
and
also
in
the
past
tickets,
I've
seen
there's
been
resistance
to
adding
features
to
rolling
update
because
cluster
API
is
it's
I.
Have
some
interest
in
and
paying
around
rolling
update.
I
would
like
to
improve
it
quite
a
bit
and
think
it
would
be
unfortunate
if
progress
got
stalled
for
the
three
years
it'll
take
for
clustering
API
to
address
these
things
now.
A
A
E
A
A
Yes,
more
reviewable
would
be
really
helpful
because
I
think,
like
the
surge
upgrade
in
particular,
is
has
a
lot
of
edge
cases
and
so
splitting
that
one
out
into
a
smaller
PR
so
that
it
doesn't
hold
up.
Everything
else
would
be
really
helpful,
because
a
challenge
for
surge
upgrades
has
always
been
that
unless
you
are
very
clever
about
how
you
do
it,
you
can
lose
sort
of
state
and
sort
of
get
stuck
on
a
bigger
size.
Yeah.
E
A
A
Yes,
those
have
been
the
challenges,
like
fear
of
like
cluster
API
coming
and
then
the
PRS
that
we
have
had
have
been
major
refactor
as
where,
as
we
do,
need
small
grants.
I
think
that
be
but
yes,
I,
think
I
think
that'd
be
great,
and
if
you
want
a
kind
of
like
a
work
in
progress
or
P
or
anything
like
that,
then
please
feel
free
to
do
that.
Then.
G
Worries
so
night,
hello,
so
I
am
West
open.
We
are
using
lift
0
5
0
now
in
our
cups
coaster.
It's
all
good.
The
problem
is
in
cups.
We
download
the
charges
either
from
github
from
lift
that
they
didn't
build
the
binary
for
the
point.
Five
zero
release,
so
I
tried
to
open
an
issue.
I
asked
about
this
being
stale
for
like
nine
days
now,
so
my
question
is:
where
do
we
store
them?
Do
we
do
we
try
to
have
a
chat
with
them?
A
Yes,
so
it's
it's
particularly
tricky.
It's
not
really!
It's
not
like
a
core
kubernetes
binary.
So
it's
not
even
one
of
it's
not
like
it's,
not
one
of
ours
right,
so
we're
sort
of
hosting
other
people's
code,
which
is
a
little
I,
know.
I
know
it's
Apache,
so
it's
less
problematic,
but
it's
certainly
not
something.
We
really
want
to
be
doing.
A
The
ideal
situation
would
be
that
they
would
upload
it.
We
could
also
support
like
a
mirror,
so
you
could
like
this
is
come
up
a
bunch.
The
idea
of
like
I
want
to
bring
my
own
docker
I
want
to
bring
my
own
C&I
provider.
I
have
a
different
tar
file
and
we
like.
Could
we
could
you
upload
it
to
your
s3
bucket
and,
like
we
support
specifying
a
tar
in
this
case?
I
guess
I
would?
Is
it
an
image
or
is
it
no.
A
G
E
A
A
Is
that
you
you,
in
your
private
cops
installation?
Could
you
could
upload
them
to
your
location
and
you
could
specify
a
URL
and
so
that
that
same
pattern?
I,
don't
be
your
URL.
So
that's
empowering
sort
of
thing
that
we
want,
for
you
know
the
people
that
want
to
bring
their
own
docker,
for
example,
which
feels
like
a
fair
use
case,
like
figuring
out
a
pattern
for
that
and
figuring
out
a
pattern
for
your
use
case,
which
is
a
little
different
right,
which
is
that
they
really
should
have
built
this
binary
themselves.
A
C
A
G
Used
I
to
use
that
and
probably
I
failed
somewhere,
but
it
didn't
really
work
for
us.
We
tried
like
half
a
day
to
to
see
if
it's
not
a
upload,
to
pick
up
the
environment
variable,
but
it
wasn't
able
to
make
it
work,
and
so
we
ended
up
like
just
changing.
I
literally
changes,
the
URL
and
the
flesh
from
ink
off
some
build
our
own
binary
and
that
works
fine
yeah.
A
So
there
I
mean
there
are
I.
Guess
there
two
things:
first,
we
should
figure
out
why
that
doesn't
work
and
we
should
let
you
support
other
URLs,
either
by
n
VAR
or
via,
like
another
specification
and
the
cluster
itself,
and
then
I
guess,
there's
the
regardless.
We
should
still
figure
out
what
we
want
to
do
about.
A
There
are
more
and
more
binaries
which
we
are
seeing
and
I
get
a
little
uncomfortable,
pointing
it
sort
of
random
binary
is
but
I
also
don't
wanna
start
hosting
them,
and
so
we
I
don't
know
what
the
answer
is
here.
Actually,
to
be
honest,
we
could
we
absolutely
could
just
upload
them
to
our
art
github
as
like
a
different
release
being
like
dependencies
or
I.
Don't
know
I
I,
don't
even
I,
guess
I
could
ask
people
on
the
release
team.
What
we
should
do,
I
can
I
can
ask
people
on
the
release
team.
A
A
If
we
can
get
a
nice
pattern
going
there,
then
we
can
also
use
it
for
docker,
where
we
have
this
request
and
I
keep
seeing
it
in
a
bunch
of
places.
So
I
can
have
a
look
at
that.
You
know
once
I
look
at
that
great,
but
I
can
also
have
a
look
at
that
and
also
also
find
out
what
our.
If
we
have
a
stance
on
hosting
other
people's
wineries
and
hopefully
well,
we
can
yeah.
A
B
F
F
The
difference
between
the
master,
daemon,
satin
and
work
Damon
said
would
be
that
the
master
would
have
an
innate
container,
which
would
do
some
labeling
and
annotations
of
the
of
the
master
nodes
which
would
enable
them
to
become
raw
deflectors
and
instead
of
doing
that
in
in
containers
in
separate
Damon,
said
I'm
thinking
of
creating
a
controller
that
would
just
you
know,
do
a
sync
or
do
a
watchin
and
sync,
by
applying
these
annotations
kind
of
in
a
more
distributed
approach.
Instead
of
being
directly
attached
to
so
deployments.
A
It's
really
I'm,
you
read
a
bunch
of
really
interesting
points.
There
I
think
I
think
what
your
your
your
the
way
you're
going,
makes
a
lot
of
sense.
I.
Think
having
multiple
Damon
sets
is
fine
and
actually
is
something
we
Brody
are
gonna
have
to
do
more
of
like
technically
we
shouldn't
like.
If
we
ran
to
proxy
in
a
Damon
said
we
shouldn't
really
be
running.
A
As
you
say,
I
think
we
do
actually
have
a
controller
now,
so
I
think
we
have
cops
controller
which
is,
as
of
116,
runs
on
master
runs
on
the
master
and
labels
of
masters
and
labels.
The
adds
the
Cupit
labels,
which
are
necessary,
supported
or
have
been
sort
of
locked
down
a
little
bit,
sir,
as
the
no
tables,
so
there's
a
knobby
similarity
with
what
you're
working
on
right
now
I
think.
A
F
I
did
look
into
this
and
I
did
to
the
the
code
for
the
cup
control.
I
was
quite
I
was
quite
happy
to
see,
but
it
doesn't
look
like
we
have
I,
don't
think
it
very
easy
to
do.
The
annotations,
well,
I,
didn't
I
didn't
want
to
jump
into
that
because
of
us
move
to
the
coach
controller.
Yet
I
want
to
kind
of
something
that
was
a
bit
simpler
and
could
could
tie
it
tight
over
until
you
get
to
that
point.
Okay,.
A
Yeah,
what
you're
annotating
and
the
advantage
of
putting
it
in
and
sort
of,
not
hang
it
to
the
to
the
Masters
per
se
for
putting
an
institute
level
is
if
someone
wanted
to
run
a
like
an
isolated
set
of
machines
that
ran
there
or
a
separate
set
of
a
separate
instance
group
for
their
route
reflectors.
They
could
do
things
like
that.
So,
like.
A
F
A
Some
cops
controller
is
a
binary
and
it
runs
a
set
of
controllers
and
the
controllers
are
you
know,
reconciliation
loops?
Adding
a
reconciliation
loop
to
in
that
same
binary
is
incredibly
cheap.
If
we
aren't,
if
we
aren't
adding
any
a
watch
on
doing
it
on
a
new
object,
so
we're
already
watching
nodes.
So
to
put
it
in
that
binary
will
be
very,
very
inexpensive
from
every
standpoint
from
a
memory
standpoint
from
a
lowered
standpoint
from
a
security
standpoint.
So
it's
it's.
A
B
A
A
H
So
I
I
came
in
like
halfway
through
that
I
wasn't
paying
attention
until
like
halfway
through
and
then
I
was
like
Alice.
Isn't
she
kind
of
relevant
anyway?
So
forgive
me
if
I
kind
of
were
done
in
here,
but
yeah.
Essentially,
we
have
a
use
case
where
we
need
to
be
able
to
download
docker
binaries
from
our
own
artifactory.
We
can't
we
can't
hold
them
from
dr.
hub
and
our
docker
IO,
so
the
PR
that
I
submitted
is
essentially
just
a
rough
way
of
overriding
that
docker
version
slice.
H
That's
in
docker,
go
and
note
up,
but
leave
in
using
this
we've
actually
noticed
some
issues
and
that's
why
I
put
a
hold
on
it
where
you
know
this
causes
problems
when
you
try
to
use
this
with
multiple
operating
systems.
So
it's
like
you
have
one
node
group
that
or
one
is
in
this
group
that
you
know
it's
like
CentOS
and
the
other
is
up
on
two
or
something.
You
know
this
doesn't
work
very
well.
So
now
we're
trying
to
think
about
some
other
options.
H
B
H
A
like
a
new
spec
that
has
the
list
of
docker
images.
The
problem
is
that
I
don't
really
like
about
this
is
like
now,
you
kind
of
have
some
things
outside
the
clusters,
spec,
which
you
know
like
I,
wanted
to
have
this
this
stuff
configured
inside
of
the
cluster
speck
or
in
or
in
an
instance
group
or
letter.
H
So
the
other
thought
is
like
kind
of
related
to.
This
is
all
the
same
thing,
but
you
just
provide
a
link
to
it
so
like
that
way,
it's
not
necessarily
down
to
being
an
s3
or
wherever
we
put
it
same
idea,
though,
you
have
a
speck
with
all
the
different
docker
images
and
where
to
download
them
and
what
dependencies
they
have
and
then
you
just
add
a
link
to
that
file.
H
The
other
one
is
the
base
like
providing
a
base
URL
to
download
from
download
them
from,
but
the
problem
that
we
see
with
that
is
that
there's
potentially
an
issue
or
like
if
you're,
whatever
artifactory
or
whatever
kind
of
a
binary
storage
you're
using
it,
doesn't
have
them
under
the
same
path.
Then
you
know.
H
A
A
A
We
can
sort
of
put
it
in
the
channels
file
and
then
the
channel
currently
just
configures
the
cluster,
and
so
we
sort
of
want
to
copy
it
somewhere
like
today
we
can
only
copy
into
the
cluster,
but
in
future
it
might
well
be
that
we
end
up
like
we're
good,
probably
gonna,
specify
more
add-ons
in
a
similar
pattern
to
channels,
and
you
could
almost
think
of
Dockers
not
on
and
we're
gonna
want
to
like
upload
them.
We're
gonna
loan,
a
snapshot
them
into
like
permanent
storage.
A
So
that,
like
you,
don't
have
a
reliance
on
this
channels
file
so
that
that
sort
of
works
but
isn't
really
there
yet
I,
think
the
option
of
not
installing
docker
is
actually
fine.
We
could
just
have
a
way
to
say,
like
externally,
managed,
docker
and
then
I
I
think
we
have
like
some
in
it
container
in
it.
H
H
A
We
want
to,
we
want
to
have
Ducker
I,
want
people
to
work
on
machines
that
are
instances
that
don't
have
talker
by
agree
bit
like
the
the
converse
is
not
a
certainly
true
like
we
should.
We
don't
want
to
not
work
on
machines
that
have
a
perfectly
working
darker.
That
is
newer
than
like
is
the
correct
one.
I
would
say
yes
having
an
external
option,
also
like
things
like
container
OS
or
core
OS
or
flatcar,
like
that,
don't
let
you
install
things
and
already
have
dr
installed
or
better
installed
or
in
big
trouble.
A
Maybe
that
would
be
fine
too,
like
some
sort
of
docker
external
and
then
you
would
mark
so
you
can
say
dr.
external.
We
just
say
like
alright
we're
not
going
to
still
docker
and
then
it's
up
to
you
to
install
either.
It's
you
up
to
make
sure
the
doctors
there,
whether
that
is
a
pre-baked,
OS
or
pre-baked
image,
or
whether
that
is
a
boot
up
script
right.
B
No,
that
will
work
too
I,
believe
that
will
still
work
today,
I'm
and
test
that
quite
a
while.
But
we
actually
used
free,
baked
versions
of
docker
and
a
much
earlier
version
of
cops.
Then
just
set
the
cops
version
to
an
invalid
version
of
docker
and
use
that
as
a
pack
to
get
around
it.
But
it
will
work.
A
B
A
You're
running
Linux
should
say,
and
so
having
a
version,
accepting
a
version
which
is
a
URL
and
doing
at
our
GC,
or
that
and
assuming
it's
at
RJ
is
a
URL.
That
to
me
would
be
a
great
option
as
well,
but
I
think
I
think
the
probably
external
like
formalizing
it.
So
you
have
to
hack
up
whatever.
However,
you
trick
the
assembler
parsing
code
into
like
bailing
out
early,
but
not
not
panicking
and
then
and
or
supporting
a
URL
so
like
I,
think
those
are
very
reasonable
options.
A
I
I
I
would
hope
if
we
start
with
tar.gz,
we
can
see
whether
we
need
these,
like
you
know,
like
the
dependencies
that
you
have
in
your
in
your
in
your
PR
or
six
nine,
six,
nine
five,
six,
two
because
yeah
it's
obviously
there
is
some
stuff
in
those
packages
like
selinux
rules
but
like
are
they
important?
I,
don't
know?
And
maybe
maybe,
if
you
want
those,
then
you
use
external
mode.
That
would
be.
A
Question
good
point:
first,
I
want
one
said
external
and
URL
I
think
are
like.
We
need
to
come
with
better
words,
but
like
that
next
one
would
be
like
I've
already
done
it,
and
then
URL
would
be
like
download
this
one,
the
in
theory
the
district
isn't
matter
because
it
should
be
statically
linked
the
architecture
you're
right.
It's
like
it's,
not
gonna
work
on
an
arm.
If
you
or
vice
versa,
I
guess
today
we
would
assume
we'd
assume
well.
A
If
that's
true
I'll
check
whether
you
cannot
specify
doctors
on
the
instance
group
level,
the
other
one
would
be
if
you
had
a
tar.gz
file
which
was
nicely
packaged
and
had
both
and
you
just
plug
out
the
right
ones,
I,
don't
it's
a
little
it's
a
little
annoying
because
then,
like
the
slice
of
that
taurah
becomes
pretty
big.
This
is
how
we
end
up
with
like
base
URL
right,
and
then
we
get
back
onto
the
topic
of
like
alright,
so
docker
isn't
gonna.
Do
that?
Do
we
redistribute?
A
This
could
be
something
where,
like
we've
also
talked
about
container
D
and
I,
I've,
repeatedly
threatened
to
add
support
for
a
container
devalue,
the
tar.gz
method,
which
I
think
would
be
I
thought
to
find
time
for
that
and
I
I
will
have.
I
can
have
a
look
at
how
they
have
an
idea,
I
kind
of
look
at
how
they
did
that,
how
they
implemented
their
distributions
in
tar.gz
format
for
architectures.
The
other
approach
is
to
put
a
magic
var
in
there
like
a
curly
brackets
arch
or
something
like
that.
A
A
Point
it's
a
really
great
point:
yeah
I,
think
yeah,
based
on
the
timing.
I
would
imagine
that
we
can
probably
deal
with
it
for
container
D
and
there
we
have
a
little
bit
more
impact
or
little
more
influence
on
how
they
package
things.
So
maybe
we
could
help
work
with
them
to
like
find
something
that
works
both
ways,
but
yeah
I
will
I
look
at
that
and
see,
but
for
you
for
your
approach,
if
you
want
to.
A
H
I
did
I
do
have
a
peer
and
it's
merged
in
that.
Just
this
kid,
docker
I
think
it's
like
skipped
a
conference
or
something
like
that.
Okay,
that
just
completely
skips
all
configuration,
so
maybe
we'll
just
go
that
round
now,
just
wasn't
sure
if,
like
there
was
something
we
could
do
with
this
PR
or
you
know
like
if
it's
just
not
time
yet
to
kind
of
have
something
like
this
I
like.
H
A
I
think
this
is
good,
so
maybe
maybe
start
maybe
copy
this
into
a
new
PR
because,
like
there's
a
lot
of
good
stuff
in
here,
if
we
do
decide
that
we
want
to
like
tidy
up
the
internal
API,
because,
like
some
of
the
fields
in
the
API
or
not
very
user-friendly,
because
it's
it's
intended
just
like
a
I,
go
struct
right
right,
but
yes
like
if
the
if
the
darker
version,
that's
so
terrible
and
the
first
operation
starts
with
HTTPS
or
even
HT
I
do
HBS,
then
like
assume
it's
a
URL
and
download
it.
Okay,.
H
A
A
H
I
I
Okay,
and
also
as
a
comment,
if
we
already,
we
added
the
gate
for
let's
say
115,
maybe
there
is
no
real
reason
not
to
cherry-pick
it
into
lower
versions.
You
know
because
pretty
much
whatever
we
have
now
it's
dead
from
Dockers
point
of
view,
so
only
people
that
that
would
manually
test
it
and
apply
it
will
run
it
so
will
not
break
anything.
Yeah.
A
Sorry,
please
I
just
want
to
say
like
thank
you
for
the
PR.
It's
it's
it's
great,
the
only
the
only
issue
I
had
with
it
was
that,
like
we,
we
just
have
this
policy
of
not
changing
the
defaults
for
versions
that
we
have
shipped,
and
so
that's
how
we
had
to
change
114
to
113.
As
you
say,
we
can
cherry-pick
this
back.
A
Yeah
I'm
wondering
whether
yes,
so
we'll
talk
within
the
115
release
about
I've,
now
realized
that
wait
a
month
team
could
be
very,
very
close
but
yeah.
Well,
we
can
cherry-pick
this
back,
as
you
say,
as
far
like
to
114
we're
not
going
to
much
for
cut
two
cops
114,
as
you
say,
and
then
people
would
have
to
opt
it
and
I
think
that's
fine.
The
one
thing
I
would
be
cautious
about
is
that,
yes,
you
know,
like
kubernetes
itself,
doesn't
test
with
a
hole
with
kritis
itself
tests
with
a
range
of
darker
versions.
A
I
It's
pretty
hard
when
you
only
get
the
list,
and
that's
it
also.
One
of
the
things
I
noticed
is
that
that
list
doesn't
have
so
everyone
that
committed
well
patches,
just
committed
its
own
version,
so
it
was,
you
know
like
I,
want
to
try
it
on
that.
No,
you
cannot
so.
This
is
why
I
try
to
make
it
for
as
many
S's
as
I
could
thank
make
money.
I.
Think
that's
really
good!
Yes,
yeah.
I
A
Yes,
there
are
indeed
the
challenge
is
that
there
are
people
that
are
running
I,
guess
so
yeah
I
mean
today
we
have
not
yet
we
have
not
yet
removed
in
theory
in
theory
today
you
could
launch
a
kubernetes
one
for
cluster
with
cops.
That
would
not
be
a
good
idea
and
you
should
not
do
that,
but
it
is
certainly
in
theory,
possible.
I.
Think
Mike
has
done
some
great
work
on
like
pushing
people
onto
like
newer
versions.
A
I
I
A
Why
don't
we
in
general
think
about
deprecating,
some
of
or
removing
support
for
some
of
the
oldest
versions
of
kubernetes
and
cleaning
up
at
that
time,
because
we
also
have
like
a
bunch
of
manifests
for,
like
I,
think
we
have
some
minor
fess
for
like
the
are
back
transition
like
we
have
pre
are
back
and
post
our
back
and
like
really
like
that
those
are
that
was
the
ancient
history
by
now.
So.
A
A
About
it,
yeah
so
I
mean
I,
think
and
I
think
that
is
like
one
of
the
things
that's
holding
people
back
on
the
older
versions
of
of
cops
and
possibly
of
kubernetes
and
I.
Think
as
as
we
get
past
that
I'm
hoping
we
can
actually,
as
you
say,
clean
up
these
things,
I
just
don't
know
if
the
time
is
right
right
now:
okay,
good,
keep
bugging
me
about
it
and
keep
bringing
it
out,
because
it's
definitely
worth
thinking
about
I.
A
I
A
A
Yeah
there's
an
upstream
issuer
we're
trying
to
discuss
this
I'll
try
to
find
a
link
for
that
and
it's
pretty.
What
basically
happen
is
that
IP
tables
and
the
latest
kernels
no
IP
tables
the
newest
versions
of
IP
tables,
the
binary
doesn't
configure
IP
tables
and
that
configures
and
if
stables,
nf
tables,
thank
you
so
and
IP
tables
and
n
F
tables
don't
coexist
very
well.
A
The
real
problem
is,
if
you
run
iptables
in
a
container,
you
are
running
the
u.s.
you're,
probably
still
running
iptables.
It's
gonna
talk
to
IP
tables,
not
be
able
it's
going
to
talk
to
NF
tables
and
so
and
then,
when
you
mix
them,
you
get
like
horrific
like
the
wrong
behavior
I
think.
Basically,
most
packets
drop
or
something
like
that,
and
so
we
have
debated
a
lot.
A
What's
the
correct
plan
of
action
is
and
I
don't
think
we
yet
reached
resolution
at
the
epoch,
kubernetes
level,
but
I
I
will
paste
the
link
where
this
debate
is
ongoing.
I
think
the
workaround
is
fairly
simple,
which
is
that
you
in
Buster,
you
install
iptables
legacy
and
just
don't
use
NF
tables,
but
obviously
that's
not
really.
The
long-term
best
course
of
action.
A
A
Try
to
use
a
hefty
yes,
there's
something
the
container
that
Tracy's
F
table
is
then.
Yes,
then
that
also
would
not
be
good.
Most
of
the
things
in
the
container
are
trying
to
use
IP
tables.
So
but
yes,
any
it's
a
it's
a
difficult
situation,
I
think
would
be
the
way
to
put
it
and
I
will
try
to
find
a
bug
that
describes
it,
but
but
yeah.
A
I
A
A
A
A
G
I
see
that
we
have
an
open
issue.
There
have
been
some
comment,
one
from
you,
that
you
would
like
to
see
that
as
the
first
phone
operators,
other
people
saying
well,
maybe
just
a
simple
Manifesta
I-
have
some
people
in
in
our
cluster
complaining
about
the
NSS
I
wanted
to
give
cash
a
try.
What
is
very
the
way
to
move
forward
with
these
very
around
that.
A
G
A
Operat
but
I
also
accept
that,
like,
as
per
the
roster
API
discussion,
that
John
Hastie
out
excellent
point
about
we're,
not
gonna
sit
waiting
for
like
operators
forever.
We
do
we
have.
We
have
gradually
like
whittled
down
the
pieces,
so
we
we
have.
We
have
a
controller.
Now
we
have
a
place
to
run
this
operator
there.
It
is
we're
closer,
so
I
will
I
will
try
it
this
weekend.
But
yes,
if
you
wanted
to
do
as
a
manifest,
that's
why
I'm.
A
C
A
A
We
did
one
sixteen
zero
alpha
one
we
pushed,
we
promoted
some
kubernetes
versions
and
we
promote
some
AM
ice
and
then
I
have
a
proposal
for
our
release
plan
for
the
next
two
weeks,
which
is
I'd
like
to
get
cups.
115
zero
out
I
realize
that
we
have
now
this
the
darker
version,
which
the
doctor
thing,
which
changes
the
release
or
the.
A
Changes
the
version
of
docker,
which
maybe
was
my
mistake,
and
maybe
we
shouldn't-
have
put
that
into
115
but
I,
don't
know
how
people
feel
about
that.
Whether
we
should
stay
on
one
stay
on
the
the
current
docker
version
or
whether
we
should
release
with
the
new
docker
version
or
what
the
other
things
is.
Probably
we'll
do
a
one
1604
I'm
sure
there'll
be
more
stuff.
It
would
be
good
to
do
117
zero
alpha
one
so
that
we
can
actually
catch
up.
A
Even
though
will
then
have
two
alphas
open
and
probably
it's
time
for
some
new
ami.
So
I'm
not
aware
of
anything
in
particular
that,
like
anybody
else
three
to
fix,
is
that
you
fixing,
since
our
last
one
but
just
good
hygiene
of
getting
into
the
practice
of
building
them
and
pre-baking
docker
for
the
want
that,
but
one
fifteen
zero
is
I,
think
the
one
which
we
is
overdue
and
I
don't
know
what
we
should
do.
A
I
don't
have
people
have
views
on
bumping
bumping
the
darker
version
versus
staying
on
an
older
doctor
version,
hoping
the
DECA
version
late
in
the
cycle.
Persisting
on
the
older
doctor
version.
I
will
click
on
the
other
link
as
well
of
the
PUD
destruction
budget,
the
pod,
this
option
that
feels
less
risky.
B
A
A
D
A
We
have
reached
time
and
the
end
of
our
agenda.
How
about
that
I?
Don't
know
if
there's
anything
else,
I
don't
wants
to
do
quickly.
Otherwise.
Well,
probably
two
weeks
is
coop
con,
so
probably
cancel
the
Friday
meeting
in
two
weeks,
I
said
miscounted
and
almost
the
day
after
good
con,
so
people
pretty
on
the
airplanes
and
stuff,
but
otherwise
I
hope
to
see
everyone
at
cube
con
and
in
slack,
and
hopefully
we
get
the
114
zero
out.
I'll
trade
you
this
weekend,
along
with
the
the
operator.