►
From YouTube: Kubernetes Kops Office Hours 20180427
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Good
morning
good
afternoon,
everyone
it
is
Friday
April
27th.
This
is
cop's
office
hours.
We
have
a
couple
of
things
on
the
agenda.
Please
do
feel
free
to
add
anything
else,
because
we
don't
have
a
ton
on
the
agenda
right
now.
The
thing
I
wanted
to
start
off
with
was
we
we
did
talk
previously
about.
You
know
getting
cops
110
alpha
beta
release
as
soon
as
possible,
which
should
have
been
out
now.
I,
know,
I,
guess
the
I
know
sort
of
in
our
new
plan
of
releasing
alphas
and
betas,
even
before
they're
really
ready.
A
So
people
have
the
option
to
do
it.
The
thing
which
is
which
is
blocking
me
and
I'm,
holding
back
on
is
that
we
also
have
the
desire
to
get
our
STDs
like
we
have
our
STD
roadmap,
which
is
I,
think
almost
more
critical,
so
I
am
trying
to
make
sure
that
we
have
the
ability
to
opt
in
the
goal
of
the
110
releases
to
build
up
into
a
city
manager
which
then
also
lets
us
change
the
default
at
e3
in
a
sort
of
honest
way,
and
so
that's
what
I
am
trying
to
get
to
happen.
A
So
I,
the
the
one
thing
I
want
to
happen
is
get
a
TV
manager
working
and
change
the
default
to
at
CD
3,
which
will
be
obviously
make
a
lot
of
people
very
happy
on
the
defaults
and
hopefully
at
city
manager
won't
make
too
many
people
unhappy
and
it
will
really
manageable
remain,
opt
in
and
then
their
plan
going
forwards
is
one
it
cops.
111
will
change
it
to
be
the
default,
but
you
can
opt
out
and
at
some
stage
in
the
future
you
will
remove
support
for
the
proto
cube
integrated
at
CD.
A
B
C
A
C
A
cops
issue
because
essentially
the
issue
is
saying
that
we
can
just
have
events
and
I'm
guessing
like
the
events,
is
like
kubernetes
events
that
we
store
in
a
separate
cluster,
and
so
the
idea
was
like
we
can
just
have
them
on
the
same
cluster.
There's
no
reason
to
separate,
but
I,
don't
know
the
context
in
the
background
behind
why
the
second
sed
events
is
their
first
place
right.
So
the
second.
A
It's
the
events
in
the
first
place
is
your
ab
c--
right.
The
second
density
events
was
there
in
the
first
place,
to
store
the
kubernetes
events
in
a
separate
cluster
so
that
a
large
volume
of
events
wouldn't
interrupt
the
sort
of
like
more
important
control
plane.
The
idea
be
events
is
like
a
log
and
I,
don't
believe
anything
acts
on
events,
it's
only
a
log,
so
no
controllers
acts
on
events.
A
D
To
the
conversation,
I
think
it's
actually
pretty
pretty
cool
that
cops
by
default
comes
with
separated
City
for
the
event,
because
it
removes
a
lot
of
thinking
on
how
to
size
a
genie,
because,
usually
you
start
small
and
then
you
start
having
a
bunch
of
more
pots,
and
if
you
suddenly
go
crazy
because
someone
in
your
organization,
the
spectacled
crazy,
then
you
have
a
problem
and
yeah
this
splitting
them
after
of
course,
is
possible.
But
it's
work
to
do
this.
D
A
Like
to
claim
credit,
but
yes,
this
is
a
GCE
Cuba,
like
the
Skillman
team.
Did
this
in
it
yeah?
As
you
say,
it
makes
a
lot
of
sense
and
ie.
I
certainly
don't
object
to
people
putting
them
back
together,
but
let's
do
it
in
the
main
repo
and
discuss
that
it's
nice,
as
Rafael
said
to
be
able
to
drop
like
you
always
drop
your
events
database
if
it
like
overflows,
whereas
you
cannot
drop
your
mate,
take
your
best
if
it
overflows
that's.
B
That's
really
good
context
hub
thanks
for
the
record
we
when
we
originally
set
it
up,
we
had
it
all
in
one
at
CDI
built
the
whole
cluster
manually,
and
that
was
the
only
issue
we
had
was
the
number
of
events
going
into
Etsy.
Otherwise
everything
was
fine,
but
the
the
event
load
was
was
higher
and
I
was
like.
Well,
we
don't
really
need
these
that
long,
so
anyway,
I
wanted
I
like
the
the
way
it's
done.
I
I
understand
the
question
too,
and
I'm
I
feel.
A
D
So
a
little
bit
of
background,
a
couple
of
clusters
with
cups
and
yeah
be
quite
happy
to
know,
but
I
reach
the
point
where
I
need
to
give
access
to
discuss
them
to
other
people
inside
the
organization
and,
of
course,
I
need
to
give
them
the
configure
a
now
or
or
I
didn't
want
to
give
them
access.
The
cops
here
I
just
want
to
get
them.
Give
them
keeps
you
here
and
I
need
to
give
them
me
from,
of
course,
certificate.
D
I
don't
want
to
miss
cancer.
Idiot
I
would
love
to
keep
with
a
experimenting
with
the
Hector
I
think
it
looks
like
it's
fine
for
what
I
want
to
do
and
for
the
level
of
trust
we
have
inside
the
organization,
but
you
know
so
I
said:
okay,
maybe
I
can
just
use
its
yen
certificate.
It
looks
like
it's
not
possible
and
I
I
saw
some
issues,
so
the
idea
would
be
for
me
I,
don't
know.
Maybe
something
was
already
discussed.
D
I
haven't
looked
too
much
into
cops
in
the
past
months
now,
I'm
looking
a
little
bit
more
closely.
So
this
is
why
I'm
here,
the
idea
would
be
to
make
it
possible
to
specify
the
arm
of
t.
Is
him
certificate
and
use
that
for
for
API
server,
and
this
will
make
everything
a
lot
easier,
because
people
don't
have
to
trust
any
CA
or
we
will
move
sometimes
certificate
from
the
apology?
Not
for
it's
hard
would
be
to
implement
them.
Then
you
will
be
hard,
but
most
wondering
if
it
was
disgusting
already.
A
So
it's
a
great
idea:
it's
a
great
idea:
I
have
no
objection
to
us,
influencing
it
at
all.
I
think
it'd,
be
great.
I.
Think
the
I
think
my
the
reason
why
it
might
not
be
trivial
is
because
of
cube.
Api
server
might
not
allow
it
in
all
modes
of
operation.
So
I
know
it's
been
possible
to
do
something
like
this
in
the
past,
where
you
have
an
ingress
that
decrypts
with
the
certificate
and
we
encrypts
to
a
different
SSL
and
a
different
TLS
endpoint,
so
that
API
server
still
thinks
it's
it's
an
encrypted.
A
It's
a
it's
an
HTTP
connection,
but
I,
don't
I,
think
there's
also
a
new
flag
where
you
can
tell
cube
API
server
to
have
an
external
certificate,
but
I
don't
know
if
that
works
with
a
cm,
because
you
can't
get
the
private
key
and
then
I
think
also
you
can
tell
it
that
something
is
trusted.
So
if
someone
knows
the
flags,
let's
do
it.
D
But
I
was
more
thinking
of.
Is
he
I'm
only
fully
yield
me
from
the
API
server
right
and
would
terminate
this
connection
and
then
from
DLP
to
the
API
server
be
SSL,
but
we
just
so
you
know
I,
don't
think
we
need
to
put
the
ACMs
persevere
inside
the
API
server
to
do.
Okay,
so
cool
so
can
can
can
ELB
or
can
is
a
mode
which
is
a
SSL,
so
that
should
work,
but
I
ever
tried.
I
mean
I
would
definitely
try
mentally
before
doing
that.
But
I
wanted
to
get
some
background.
First,
yeah.
A
And
I
think
I
think
that
would
be
great
I.
Think
the
so
the
rien
Krypton
mode
will
break
client
certificates.
They
won't
work,
I!
Think
that's!
Okay,
that's
a
big
caveat
Kentucky,
because
you
know
it
is
really
convenient
to
use
ACM
certificates.
But
yes,
I,
think
it'll
be
great!
You
the
way
you
would.
If
you
want
to
try
to
implement
it,
you
would
add
a
field
to
the
API
ingress.
Elb
I
think
is
the
the
sort
of
spec
and
yeah
just
set
it
up,
but
yeah.
A
D
A
I'll,
do
it
I'll
do
a
drop-in
if
anyone's
going
to
Q
Khan
EU,
and
there
is
a
hack
session
on
Wednesday
night,
where,
if
anyone
wants
to
do
a
smallish
PR,
then
we
can
get
it
all
done
and
an
hour
and
20
minutes,
I
think
we've
allocated
and
I
think
we
could
certainly
get
this
done
in
that
in
that
time.
So
that
could
be.
That
could
be
fun.
I
presume
you're
going
all
right.
E
A
Like
to
do
more
of
those
in
like
going
forwards,
I
think
it
could
be
interesting
ideas,
so
I
thought
we
could
try
one
in
person.
That's
on
that
I,
don't
know
anyone's
going
to
cut
of
you,
but
yes,
it
is
on
the
coupon
EU,
counting
their
own
in
it
I'll
be
there.
So
you
have
to
go
to
Denmark
to
get
it
the
same
room
but
yeah.
That's
crimson,
yeah,
alright,
so
yeah
that
would
be
one
phone.
Yeah
do
open
an
issue
and
we
can.
A
We
can
collaborate
on
that
or
if
you
want
to
send
a
PR
that
I'm
super
welcome,
but
yes,
I,
think
that'd
be
great
and
there's
no.
The
only
reason
not
to
is
just
because
of
some
of
those
complexities
around
does
it
work,
but
I
know
it
works
if
you
decrypt
and
we
encrypt
losing
client
certificates.
So
great.
Thank
you.
C
So,
after
adding
digital
support,
I
think
I
have
a
better
idea
of
what
the
cops
codebase
looks
like
and
I
noticed.
There's
a
lot
of
places
where
we'll
have
like
a
switch
statement
that
goes
like.
Oh,
if
AWS
50
see,
if
the
jokes
in
it
like
all
of
them
and
with
some
of
you
know,
I
think
Alibaba
is
adding.
They
want
to
add
support
of
cops
and
I'm
sure
like
down
the
road.
Other
people
would
want
to
add
supporting
cops
and
so
I've
been
thinking
about
like
what
is
it?
C
What
would
it
look
like
if
you
wanted
to
kind
of
consolidate
code
so
that
we
can
kind
of
add
a
provider
functionally
in
like
in
one
package
or
in
just
like
in
one
place,
instead
of
kind
of
like
cloud
like
files
for
different
clouds
being
kind
of
scattered
all
over
the
place,
so
I,
don't
it
seems,
like
it'd,
be
a
pretty
big
effort?
Probably
you
know
it'll
take
many
many
versions.
If
you
wanted
to
actually
do
this
and
I'm
kind
of
think
like
is
it
even
like?
Is
this
even
worth
it
like?
C
A
Yes,
it
would
be,
it's
always
gonna,
be
better
to
have
cleaner
code.
I
think
you
know,
we've
started
trying
to
do
that
with
like
the
models
layer
where
we
split
up
the
package
and
the
resources
there
for
discovery
where
we
have
like
we
split
the
AWS.
Some
of
those
are
just
a
historical
where
the
AWS
is
in
the
root
and
we're
trying
to
pull
them
out
into
subdirectories.
A
The
other
thing
that
I
don't
know
that
big.
When
I've
seen
customers,
which
was
formerly
called
Kay
inflate,
it
is
a
cool
tool
for
layering
effectively.
Like
imagine
so,
here's
the
here's,
the
problem
it
solves.
Imagine
you
are
running
the
Calico
add-on
and
you
want
to
change
the
log
level,
because
that
came
up
so
today
you
have
to
mechanical
is
managed
by
cops.
So
today
you
have
to
add
a
field
to
the
cops
cluster
spec.
A
You
have
to
like
plumb
that,
through
into
the
Calico
atom
and
do
all
this,
what
customize
does
is
it
lets
you
effectively
have
an
overlay
where
you
say
I
want
to
change
the
settings.
Let
me
look
at
the
manifest
it's
sort
of
like
templating
accepted
the
problem
that
it
avoids
with
templating
is
like
templating
introduces
like
another
language,
whereas
this
is
the
kubernetes
api
all
the
way
down,
as
it
were,
so
you
just
layer
on
the
level
change
right,
so
it's
restricted
to
things
that
can
be
effectively
merged
in
the
corrals
api.
A
So
it
doesn't
work
very
well
yet
for
flags,
but
for
environment
variables
or
config
maps,
or
things
like
that.
It
works
great,
so
I
would
love
to
get
more
and
more
I.
Think.
The
first
step
here
is
to
create
a
customized.
An
area
where
we
can
add
customizations
is
what
they're
called
and
have
them
therein
and
see
to
what
extent
we
sort
of
remove
a
lot
of
the
problems
from
a
local
requirements
to
add
fields
to
cops
itself.
A
Now,
as
this
applies
to
other
clusters,
it
would
be
great
to
say
well,
but
the
clouds
I'm
sorry
as
a
spy,
so
the
clouds
they'll
be
great
to
say:
can
we
actually
showed
another
clouds
produce
a
customization
layer
right
is
that
is
that
a
way
to
do
it?
So
I
don't
know,
but
that's
the
other
way,
I
think
I.
Think
the
I
think
yes,
I
I,
don't
know
exactly
how
we'll
do
it
in
all
the
cases
I'm
sure
there
are
places
are
gonna,
be
easy.
A
C
A
It's
it's.
It
is
hard
to
produce
a
I
need
to
face
the
works
for
all
the
clouds
and,
as
you
say,
doesn't
end
up
with,
if
that's
a
be
a
switch
statement
where
you
effectively
have
like
the
same
like
every
cloud
apart
from
one
implements
like
a
stuff
method
right.
Definitely,
if
you
look
like
the
cloud
provider
in
in
kubernetes
like
if
there
are
definitely
methods
which
are
only
donate
of
us
and
impulses
like
we
don't
know
what
this
means,
this
doesn't
get
yes,
I.
A
C
A
Sounds
great
and
also
yeah
I
just
put
up
working
progress
for
yours.
If
you
want
and
yeah
that's
wonderful.
Thank
you.
Mike
cube
DNS
to
147
yeah.
B
Yeah
so
I
don't
know
how
familiar
people
are,
but
apparently
there's
a
decent
bug
in
cube.
Dns
114
9
for
external
external
names,
no
longer
work,
so
they
they
put
on
a
patch.
They
patched
all
the
kubernetes
versions
with
this
and
we
hard-code
our
version.
So
a
few
people
posted
I
think
the
fix
is
already
in
master.
A
few
people
have
posted
like
how
do
I
do
this
and
you
know
I
and
a
few
others
have
responded
like.
B
A
E
A
Feels
more
but
like
yeah
for
for
each
of
the
CNI
providers,
it
is
even
more
uncomfortable,
so
I
I
will
like
my
goal,
is
to
try
to
get
110
alpha
whatever
it
is
out
before
I
get
on
that
plane
right
and
then
maybe
so
we'll
do
a
1
9
o
dot
one
with.
Definitely
this
bug
fix
I,
don't
know
if
there's
anything
else
that
we
need
to
go
into
1
9
into
the
1
9
branch,
yeah
I,
don't
know
of.
B
F
A
A
G
Yeah
we
were
trying
to
to
migrate
to
kubernetes
with
my
company
and
right
now
we
would
like
to
have
like
a
single
way
of
deploying
a
communities
cluster
in
different
environment,
and
we
have
like
a
local
environment
and
environment
in
AWS
and
I
was
wondering
if
we
could
do
that,
always
cops,
and
maybe
it's
already
covered
in
the
past
I'm
very
new
to
two
cops
I'm.
Sorry,
if
it's
a
redundant
question.
A
We
definitely
want
to
do,
but
the
answer
today
is
no
I
will
tell
you
how
we're
trying
to
get
there
so
the
two
things
that
are
so
there's
the
the
machines
API
and
the
cluster
API
effort,
which
is
a
way
to
effectively
to
put
machine
management,
infrastructure
management
into
the
kubernetes
api,
and
that
will
in
theory,
let
us
bring
up
its
if
that's
a
kubernetes
effort,
not
a
cop's
effort
that
will
in
theory,
let
us
manage
machines
in
a
way
that
is
separated
from
the
infrastructure.
So
you'll
talk
to
it.
You'll
create
a
machine
deployment.
A
So
today
in
cops,
we
have
an
instance
group
and
gke
has
a
node
set
and
I'm
sure,
like
every
tool
has
a
similar
notion.
The
the
equivalent
one
in
the
machines
API
would
be
a
machine
deployment,
and
the
idea
is
that,
for
example,
the
autoscaler
would
talk
to
the
machine
deployment
and
adjust
scale.
It
up.
A
controller
that
is
specific
to
your
cloud
or
bare
metal
would
actuate
that
in
terms
of
creating
machines
or
destroying
machines-
and
it
would
be-
it's
gonna-
be
more
baked
into
the
kubernetes
api.
A
A
So
at
CV
cluster
resize,
so
to
be
able
to
move
from
a
single
master
to
multi
master,
so
one
two
three
to
five
and
that
back
down
to
three
also
backups
sort
of
come
out
of
that.
But
the
two
pieces.
Sorry,
that's
a
very
long-winded
answer
for
the
two
pieces,
two
pieces
that
have
to
happen
from
bare
metal,
which
is
we
have
to
get
a
TD
manager,
which
is
what
I'm
working
on
right
right
now
and
we
have
to
get
a
machines.
A
Api
going
and
I
actually
have
a
machines,
API
running
on
bare
metal
in
cups
and
so
you'll
see
a
lot
of
the
pieces
there.
But
it's
not
in
the
tree.
So
the
answer
is
no,
but
probably
bye-bye,
probably
soonish.
But
the
answer
is
no
not
really
today.
So
today,
I,
don't
I,
don't
have
a
great
answer
for
what
what
you
should
do
today,
I'm
afraid,
okay,.
G
A
G
A
A
G
H
I'm
definitely
willing
to
to
be
a
bit
that
mister
of
that
that'd
be
wonderful.
Yes,
opinion
on
Sakai
and
just
an
Espeon
stack
as
well.
A
E
Question
please
do
eight
times
that
I
apologize
for
the
noise
I'm
Internet
report
actually
had
to
be
futon,
super-huge,
AWS
fan
and
Segovia.
Thank
you
guys.
So
much
for
cops.
Our
company
runs
entirely
on
it
now
and
with
finance
companies,
but
question
the
cow
without
networking
layer
I
enjoy
is
we're
running
in
a
private,
be
PC.
I
I
do
enjoy
the
Container
networking
interface.
We
just
had
an
issue
recently
where
we
have
two
namespaces
production
and
staging
running
inside
the
same
cluster
set
some
safe
and
all
of
a
sudden.
Now
outside
of
our
production.
E
A
E
A
A
A
If,
if
it
is
correct,
then
you
know
it's
the
cube
proxy
iptables
mappings,
and
so
there
you
can
so
I
would
look
at
the
I'd
look
at
the
calico
and
cube
proxy
logs
for
any
errors
like
in
the
hope,
like
that.
That's
the
easy
way
to
diagnose
it
right,
but
fair
enough.
Yeah,
that's,
but
we
are
tracking
it
layer
by
layer
is
sort
of
the
way
I
would
go
about
doing
it.
I
certainly
have
not
seen
that
the
one
thing
that
I
have
seen
is
where
are
using
cops.
A
We
are
yeah,
so
there
was
a
issue
with.
We
were
not
logging,
the
we're
not
locking
the
weren't
mounting
the
X
tables
lock
into
few
proxy
next
tables
being
something
to
IP
tables,
locking
right
and
so,
if
you're,
if
calico,
was
also
making
IP
tables
changes.
I,
don't
know
that
actually
resulted
in
corruption
or
just
theoretical
corruption.
But
that
could
be
a
case.
So
if
you're
not
running
cops,
one
I
know
you
could
try
mounting.
You
could
try.
Gonna
cops
want
to
know
which
mounts
the
mounts:
X
tables,
the
IP
tables
lock,
but
I
think.
E
A
D
Maybe
this
can
be
handy
this
one
saying
it
exactly
to
a
couple
of
pots
and
try
to
see
just
take
them
around
on
I'm
sure
I
made
you
don't
have
too
many
single
cluster
and
try
to
see
if
they
can
talk
to
each
other.
Usually
in
cases
where
friend
was
going
crazy,
it
was
kind
of
easy
to
find
pairs
of
pots,
which
the
communication
was
only
going
one
direction
and
the
way
to
fix
it
there
just
assistant
city
planner
on
this
case,
was
assistant
Lee
unit,
but
in
any
case
you
gotta
do
some
depart.
E
A
I
appreciate
it
yeah,
maybe
if
you,
if
you,
if
you
track
it
down
a
little
bit
more,
do
open
an
issue
because,
like
you
know
the
the
coup
proxy
thing
it
could
be
are
not
setting
up
correctly,
but
also
we
could
make
a
big
career.
These
issue
could
be
an
insurrection
with
kept
like
the
interactions
or
the
ones.
We
hope
it's
not
because
that's
even
harder,
the
like,
if
it's
an
interaction
between
catholic,
going
cube
proxy,
that's
a
nightmare.
Okay,
but
yeah
being
able
to
track
it
down
or
log
it.
A
D
We
were
using
flannel
yeah,
it
was
pretty
pretty
nasty,
it
was
actually
easy
to
reproduce.
Just
we
had
a
way
to
reproduce
it
manually
easy.
The
conversion
we
were
using,
then
in
flannel,
introduced,
like
a
log
file
like
fiber
was
in
case
was
we
started
to
me?
Take
the
old
AP,
but
also
this
would
allow
for
another
risk
condition.
So
was
kind
of
kind
of
nasty,
and
the
funny
stuff
is
where
this
happens.
The
first
time
usually
5:00
a.m.
A
It
only
it
only
happens
if
I
then
yeah
the
IE,
certainly
liked
the
idea
that
you
know
kubernetes
assigns
as
the
coop
controller
manager,
which
can
assign
a
slash
24
to
each
node
and
I
like
that,
because
it
sort
of
you
know
common
across
all
everything
and
it
goes
through
at
CD,
and
so
we
believe
that
to
be,
you
know,
lock
or
race,
free
and
bug
free,
and
so
that
I
like
that.
But
I
think
it
was
also.
A
C
A
A
Wonderful,
if
there's
nothing
else,
then
I
will
see
at
least
you
Zack
at
cube.
Kansai,
say
hello.
If
you
see
me,
oh
yeah,
where
are
you
gonna?
Be
you're
gonna,
be
the
contributor
summit.
You
say
yes,
word.
Alright,
that
I'll
see
you
there
awesome
and
see
you
there
Andrew
and
anyone
else
it
is
making
the
trek
otherwise
wonderful
weekend.
Everyone,
yes
safe
travels
thanks.