►
From YouTube: Kubernetes kops office hours 20200508
Description
Recording of the kops office hours meeting held on 20200508
A
Hello,
everybody:
this
is
cop's
office
hours.
Today,
it's
Friday,
May,
8th
I.
Am
your
moderator,
facilitator,
John,
Meyers,
I
work
for
Proofpoint
a
reminder.
This
meeting
is
being
recorded.
We
put
on
the
Internet,
be
mindful
conduct,
which
is
basically
a
good
versa.
There
is
a
duty
agenda
in
the
zip
bathtub
and
please
feel
free
to
put
your
name
on
the
news
list
and
add
any
items
you'd
like
to
discuss
to
the
anjana
in
the
appropriate
place
so
get
started
here.
B
B
C
So
I
think
they're,
a
bunch
of
things
happening
at
once
here,
the
on
GCE,
but
in
general
the
the
state
store
which
can
be
on
s3
or
on
GCS
or
on
other
storage
providers,
can
be,
is
used
by
the
nodes
themselves.
To
read
the
instance
group
information,
the
cluster
information,
for
example,
the
on
s3.
We
give
very
tightly
scope
permissions
at
the
sort
of
file
or
prefix
level.
C
Gcs
doesn't
really
have
that
G
says
when
Google
doesn't
really
have
that
it
has,
and
we've
recently
moved
I
think
or
we
are
certainly
moving
people
to
uniform
bucket
level
access,
which
means
you
can
only
configure
a
whole
bucket
yeah.
The
problem
that
we
have
today
is
that
I
think
there
are
two
problems,
one
of
which
is
there's
a
limit
on
the
number
of
rules
you
can
have
per
bucket,
and
so
as
we
go
through
this
cycle
of
projects
in
in
boss
casts
in
the
testing
environment.
We
hit
that
limit.
C
C
B
I
think
I
think
we
should
I
think
we
should
just
create
a
new
bucket.
We
should
create
a
service
account.
Google
service
account
a
and
a
new
bucket
and
give
that
service
account
access
to
the
bucket
and
give
the
account
that
we
authenticate
using
workload.
Identity,
which
is
the
cops
GCE
account
that
we
already
have.
So
we
have
one
account
already
and
that
account
has
access
to
the
bucket.
B
B
B
I
prefer
to
have
two
accounts,
because
I
think
it's
best
practice
to
have
that
and
then
just
do
it
on
the
on
the
service
account
level,
as
opposed
to
like
playing
with
configure
the
permissions
in
cops
itself
and
that's
kind
of
where
I
was
coming
from
that
I
think
that's
the
model
that
makes
the
most
sense
in
GC
and
I
would
like
to
have
kind
of
get
go
ahead.
The
permission
to
explore
that
and
to
see
how
we,
how
we
can
get
that
going.
Yeah.
C
B
Complicated
and
probably
will
I
I
would
vote
that.
It's
super
easy
to
do
the
model
that
if
we
can
get
the
right
people
to
put
the
right
buttons
and
I'm
still
not
sure
which
those
who
those
people
are
yet
but
I
would
love
to
get
this
documented,
so
that
so
that
we
can
document
it
and
then
use
the
you
know
we
can
sort
of
set
the
model
for
how
to
do
this
and
I'll
be
having
document
how
to
do
it.
Yeah.
C
B
C
B
My
first
step
right
and
then
we
can
yeah
I'll,
get
it
in
so
I'll
put
it
in
there
and
I'll
continue
to
document
it
and
I
can
get
just
get
some
love
on
that.
That
would
be
helpful.
I
would
really
like
to
get
our
GC
tests.
Writing
it
down.
Yeah.
That
would
be
great
all
right,
cool!
That's
off
me!
Thanks,
okay,.
E
Yes,
so
there
are
two
of
them
one,
it's
a
pretty
simple
thing,
but
needs
attention
on
some
detail
to
reduce
well
to
be
able
to
set
the
time
limit
for
ECT
etcd
backups
one
year,
it's
a
bit
too
long
for
us,
not
that
it
is
so
big,
but
heard
also
people
complaining
that
they
would
like
to
clean
up
easier
and
the
second.
It's
actually
a
big
issue.
E
E
F
We
actually
run
into
this
too,
and
the
only
reason
I
cared
about
it
was
we
have
versioning
on
on
our
bucket,
so
every
back
up,
then,
is
multi
version,
even
once
it's
deleted,
and
so
we
ended
up
with
this
cascading
thing
over
time,
where
we
had
gigs
and
gigs
and
gigs
of
data,
even
though
the
we
deleted
the
current
version
after
a
year.
It
was
weird
so
yeah.
C
C
I
get
yeah
so
good,
that's
and
then
D.
So
yeah
I
like
very
much
approve
of
the
idea
of
setting
the
limits.
I,
don't
know
if
like
making
them
configurable
I,
don't
know
if
we
can
make
them
more
closely
aligned
with
what
you
just
expect
by
default.
I
guess
we
could,
let's
start
off
with
the
environment
variables
and
then
go
from
there,
I
think
and
then
maybe.
E
C
E
C
Can
certainly
yeah,
let's
get
the
let's
get
the
environment
in
and
then
I
would
support
changing
the
default
in
some
way
that
users
could,
if
they
cared
about
this
value,
go
back
to
a
longer
value
on
the
the
versions
issue.
Mike.
Is
there
something,
should
we
make
it
different
Cole
or
is
there
something
we
should
be
doing
differently
there?
No.
F
It
just
kind
of
like
cascaded.
This
problem,
like
you
know
that
weep
I
thought
they
were
getting
cleaned
up,
but
what
I
was
looking
at
was
the
hourly
ones
getting
cleaned
up
and
when
in
reality,
so
they
were
cleaned
up,
but
the
old
versions
of
them
somehow
still
persisted,
which
I
don't
know
why
there
would
be
multiple
versions,
but
anyway
there
were
so
I,
don't
think
so,
because
you
can
solve
it
with
retention
policies
and
stuff
like
that
and
in
s3,
but
but
I
I
I
didn't
mean
to
change
the
topic.
I.
H
E
D
Point
yeah
I
think
you
can
in
the
delete
object,
call
you
might
be
able
to
specify
a
version
marker
that
will
let
you
delete
like
all
traces
of
an
object,
even
with
personally
enabled
I
think
it
might
also
help
if
we
add
documentation
about
like
how
to
set
up
your
bucket
lifecycle
policies
for
any
backups.
That
was.
E
E
E
A
I
Thanks
so
much
for
you
for
having
the
open
office
hours,
I
really
appreciate
it
yeah.
So
we
have
this
ambassador
ingress
solution
and
ambassador
edge,
TAC
and
open
source
version
and
the
Enterprise
version
and
I
noticed
just
recently.
There
was
discussion
about
removing
the
on
capability
and
just
happened
to
see
that,
as
we
were
starting
to
do
this,
and
no
one
of
our
team
created
an
add-on
for
cops
to
make
it
easy
to
use
ambassador,
and
we
think
they're
actually
useful
and
should
be
kept.
I
We
think
that
they're
really
good
a
great
UX
for
the
for
the
end
users.
They
have
a
good
integration.
You
don't
have
to
worry
so
much
user
can
not
worry
so
much
about
where
they're,
deploying
and
so
on
and
I
think
what
we'd
like
to
do
is
we'd
like
to
contribute.
You
know
our
submitted
PR
and
also
what
we
could
do
is
make
it
easier
for
people,
because
there's
a
you
know
a
little
bit
of
a
lack
of
documentation.
I
We
could
write
some
documentation,
so
we
could
write
a
little
bit
about
how
to
write
in
debug
add-ons.
You
know
how
to
use
the
channels
tool.
You
know
which
cops
uses
to
manage
add-ons,
there's
a
little
confusion
about
that,
and
we
can
see
that
certain
things
like
that
and
nginx
ingress
is
broken,
but
cops
doesn't
throw
an
error
that
confuses
people,
but
we
can
fix
that.
We
can.
You
know
it
can
be
figured
out
when
one
uses
channels
to
deploy.
So
we
think
we
could
do.
I
A
C
For
example,
an
operator
is
just
a
fancy
way
of
installing
a
yeah
Mille,
so
the
first
step
regardless
is
getting
that
llamó
correct
and
having
doubts
about
how
to
install
it.
But
if
you
were,
if
you
are
looking
at
what
to
document,
I
would
focus
on
the
Gamo
and
that
more
than
and
and
that
experience
more
than
the
channels
tool
which
may
go
away
and
I
want
you
to
waste.
Okay,
yeah.
I
We
know
about
operators
and
we're
working
with
operators
as
well,
and
so
actually
what
I'd
like
to
do
is
is
we'll
go
ahead
and
put
that
on
in
will
will
write
a
little
bit
of
acumen,
tation
and
we'll
just
keep
up
with
with
the
direction
that
you
guys
are
setting
and
as
you
change
you
know,
your
approach
will
change
our
approach.
That's.
C
I
A
A
J
Yeah
I
think
everything
was
pretty
much
answered
here,
though.
My
main
concern
was
because
of
that
intense
ingress
issue
that
was
brought
up
in
cops
user
Chaz.
This
week
someone
was
actually
trying
to
install
the
engine,
Xing
dress
using
that
add-on
and
he
was
using
their
super
outdated
version
like
Golduck,
16
or
something
and
I
figured
I
mean
most
of
the
items
we
have
over
there
right
now
and
just
really
maintained,
and
that's
like
misleading
for
users
that
don't
know
how
to
do
that
and
making
good
sense.
J
J
K
C
Definitely
true
not
it's
like
one
of
the
problems
Constance's
trying
to
solve.
It
is
worried
this
weird
in
between
ground
and
these
in
between
grounds
can
last
for
years,
sometimes
and
I,
don't
know
if
we
can
put
a
document
like
I.
Read
me
on
that
directory,
explaining
the
situation
or
something
like
that
to
help
users
not
be
misled.
C
I
think
one
of
the
things
we've
seen
is
the
value
of
tests
and
one
of
the
challenges
we
have
is
we
don't
really
have
a
way
to
test
it's
running
a
cop,
specific
test
and,
if
anyone's
add
this
to
their
now,
they
haven't
added
this
to
the
thing.
But
we
don't
anyway
today
to
run
costs
for
tests
and
it'll
be
great
to
get
something
like
that.
Going
like
today,
the
the
integration
tests,
the
tests
we
run
are
we
bring
up
a
cop,
a
cop's
cluster.
C
C
D
E
F
F
Actually
have
some
power,
and
you
know
that
would
basically
let
that
person
say
okay,
this
first
invention
ax
is
ready
to
merge
in,
and
you
know
the
maintainer
x'
don't
always
have
to
focus
on
on
some
of
those
add-ons.
Since
we're
trying
to
remove
focus
on
that
from
our
energy
anyway,
yeah
I
mean,
but,
but
is
that.
F
Well,
the
problem
is,
we
already
have
this
stuff
here
and
I'm
for
deprecation,
but
I'm
not
for
taking
away
features
that
current.
You
know
clearly
some
people
utilize,
you
know
I
personally,
use
all
help
charts
so
I'm
with
you,
John
I.
Just
think
that
you
know
if
we
have
it
here,
we
should
support
it.
If
we
can
in
some
middle
ground,
yeah
I
really.
I
G
D
A
C
A
C
G
C
That
would
be.
That
would
be
great,
yes,
I.
Think
I
have
some
Jupiter
work
in
progress
like
Jupiter,
like
the
former
ipython
thing.
That
I
think
does
a
rolling
update,
so
I
will
I
will
dig
that
up
see
if
it
is
useful,
see
if
it
can
be
applied
to
testing
a
cluster
add-on,
it
wouldn't
be
as
useful
for
testing
go
level
code.
It
would
be
more
for
information
tests,
links
to
your
PR.
A
Okay
and
so
I
guess
the
last
item
would
be
Winnie
the
1:18
removal
pr's.
My
point
is
well:
one
of
these
has
been
languishing
the
others
relatively
new,
but
we
should
decide
whether
they're
going
into
118
or
not.
So
we
can
adjust
the
release,
notes
appropriately,
the
the
newer
one
for
caras
and
Jessie.
Those
distributions
really
don't
work.
K
E
G
C
C
C
C
Okay,
the
the
Jesse
one
seems
less
controversial
than
it's
broken
already.
The
core
OS
one
is
more
forward-looking,
but
a
probably
a
good
thing
to
do.
We
should
probably
shouldn't
go.
We
shouldn't
claim
to
support
core
OS
if
it's
going
to
stop
working.
If
we
know
it's
gonna
stop
working
within
a
month
or
two
of
the
release.
E
I
think
I
guess
we
do
sorry.
On
the
same
note,
I
updated
the
images
in
ops
documentation
and
also
put
their
Ubuntu
1604
for
removal
in
120.
Is
it
okay,
or
this
will
go
away
about
well
early
next
year,
but
I
thought
that
it's
better?
It's
also
with
a
very
old
kernel
and
people
shouldn't
use
it.
So
I
wrote
it
as
deprecated
in
118
and
targeted
for
removal
in
120,
so
that
all
had
enough
time
to
move
off
to
it
from
it.
C
G
G
I
teach
this
as
being
the
compatible
version
at
which
one
you
should
choose
like
it's
in
the
docs
that
this
is
a
recommendation.
So
you
have
to
keep
that
in
mind.
This
is
what
Linux
Foundation
is
pushing
out
to
their
customers
for
what
for
the
official
kubernetes
trainings
for
cubanelle
spicy
ncf.
So
if
you
want
to
learn
kubernetes
and
good
to
CN
CF-
and
they
say
this
is
the
course
you
should
attend,
you're,
getting
tested
or
trained
on
a
bunch
of
1604
OSS
to
be
kept
in
mind
like
it's.
G
G
G
E
Say
to
keep
it
as
deprecated
starting
one.
Eighteen
note
the
removal
in
120
and
see
what
happens
along
the
line
and
if
we
we
need
to,
we
can
just
keep
it
around
Jesse
and
core
OS,
actually
we're
adding
code
to
cops
that
we
don't
use,
but
Ubuntu
1604,
it's
just
just
starting.
It
doesn't
have
anything
special
compared
to
any
other
one
to
version
I.
C
E
C
C
A
C
F
Yeah
yeah
I
threw
a
note
on
there.
Peter
and
I
were
discussing
offline,
so
we've
done
this
before,
but
just
the
usual
call.
You
know
there's
a
number
of
reviewers
and
approvers
on
this.
This
call
right
here,
I
think
we
have
16
people
on
today.
That's
pretty
good
that
so
that's
great
and
we
always
want
more
people
to
be
involved.
Many
of
you
have
heard
this
feel
before.
If
you're
not
familiar,
we
have
an
owner's
dock
and
the
root
of
cops
go
in
there
take
a
look.
F
You
can
see
some
names
and
there's
there's
a
different
levels.
You
can
progress
to
as
an
open-source
contributor
in
cops
and
we're
always
looking
to
involve
more
people,
and
you
know,
progress
people
up
into
other
roles,
so
certain
roles
allow
you
to
merge
code.
Certain
roles,
allow
you
to
review
code,
but
the
good
news
is
anyone
can
actually
review
code,
so
we
are
always
looking
for
more
reviewers
that
way
the
approvers
don't
have
to
go
in
nitpick
every
every
PR.
F
F
If
you
want
go
look
at
the
membership
guidelines
for
kubernetes
as
well,
and
once
you
are
a
member
of
the
org,
you
can
start
reviewing
any
PRS
and
then
eventually,
if
we
get
you
added
to
the
owners
file
you'll
be
pained
when
PRS
are
assigned
to
you
so
automatically
by
the
bots
so
yeah
or
talk
to
me
offline
as
well.
If
you
want
and
slack
or
any
of
us,
especially
the
people
in
that
owners
file,
we're
all
happy
to
to
assist
more
onboarding.
Thank
you.
So.
A
Okay,
yeah.
Actually
the
interesting
thing
is
okay,
any
member
can
lgt
em
correct
and
what
being
on
the
reviewers
list
means?
Is
you
get
automatically
assigned
correct.
I
B
E
C
One
of
things
I've
had
on
my
like
general
list
for
a
while
is
we
should
make
a
proof
we
should
make.
The
assignee
is
useful
and,
like
I've,
always
been
a
fan
of
having
one
assignee
per
PR,
and
then
we
can
look
at
like
who
isn't
active
at
doing
their
PRS
that
are
assigned
to
them.
The
other
point
is
the
assignees
have
to
be
useful.
It
can't
be
the
same
two
people
every
time
so
like
I,
think
the
I
think
I
think
we
should
make
all
the
approvers
also
reviewers
I.
C
G
I
think
I
updated
that
it
used
to
be.
You
have
to
be
on
both
in
order
to
be
really
the
thing
I
think
from
how
I
missed
it,
the
owners,
following
the
dots
when
I
drove
into
it.
It
was
like
hey
you
bit
onto
that
list,
and
then
you
also
get
added
to
the
other
list,
but
you're
always
on
both
from
how
I
understood
the
logic
behind
that
file,
even
though
I
also
see
the
benefit
of.
G
If
the
review
is
just
the
sign
and
approver
that
they
see
useful,
because
if
they
know
the
approved
is
better,
so
you
can
really
like
send
it
to
someone
who's
more
specialized
in
the
topic
for
approval
level,
which
is
something
that
potentially
interesting
as
well
right.
So
you
don't
send
everything
to
Justin,
but
you
say:
oh,
this
sounds
like
something
might
eventually,
no
it's
better,
so
you
can
just
directly
say,
slash
assign,
which
is
something
you
can
do
as
a
review.
F
Decide
there's
also
a
new
status
since
I
think
a
lot
of
people
have
probably
looked
at
these
called
emeritus.
So
if
we
do
find
people
that
were
kind
of
like
you
know,
it's
I
don't
want
to
be
rude
to
push
someone
out,
but
you
can
move
them
to
a
status
called
emeritus.
Where
you
tag
the
dates
that
you
know
they
were
kind
of
removed,
and
then
they
have
certain
powers,
I
believe
and
they
can't
they
can't
improve
the
code.
But
when
they
come
back,
you
can
easily.
You
know
reap
remote
them
if
they
want.
A
A
B
G
A
C
A
C
K
Only
comment
I
have
on
that
switch
is
I.
Did
that
switch
recently
from
DNS
accordion
s,
and
mostly
everything
worked
except
a
lot
of
different
issues,
DNS
and
UDP,
and
how
IP
tables
works
on
the
kernel
itself,
which
has
been
fixed
in
newer
kernel
versions,
but
I
hit
lots
and
lots
of
issues
with
older
versions,
and
you
just
see
DNS
name
out
most
applications
retry
under
fine
but
there's
exceptions
which
are
really
hard
to
debug.
So.
K
C
Can
I
suggest
the
other
thing
that
helps
a
lot
with?
That
is
there's
no
local
DNS,
so
one
thing
we
could
do
is
move
the
default
to
190
and
enable
no
local
DSM
119.
At
the
same
time,
if
there
are
these
issues
that
are
new,
which
honestly
doesn't
surprise
me
and
that
makes
sense,
Thank
You,
Rodrigo,
okay,.
A
C
A
C
C
C
One
of
the
things
I've
been
someone
commented
earlier
about
how
like
building
cops
is
hard
and
I
agree
with
that
it
is
getting.
It
should
have
been
getting
easier
in
that
you
should
no
longer
have
to
push
docker
images.
If
you're
using
the
cops
base
URL,
it
should
side
load
them,
so
it
just
goes
to
s3
or
GC.
Yet
you
upload
tell
you,
wherever
you're,
putting
your
binary
SS
through
your
GCS
and
it
gets
it
from
there.
So
it
means
there's
only
like
one
step
and
it's
a
little
little
easier.
C
C
We
have
a
default.
Yes,
once
a
2004
is
out
now
is
reasonable.
It
works.
We
could
try
the
bust
or
default
as
Buster
stock
image
as
well,
and
we
could
look
at
a
pre-baked
image
which
I
am
also
working
on
in
image
photoresists
in
this
sort
of
image.
Builder
sub-projects
I'm,
just
we
just
had
a
busy
weeks
with
some
releases
this,
this
sprint,
I,
guess
yeah
I
didn't
identify
that
is
like
that
is
the
that
is
the
other
big
blocker
in
117
I.
C
Think,
like
figuring
out
what
what
our
strategy
should
be
for
image
is
going
forwards.
I,
don't
know
if
people
have
a
view
pre-baking
the
images
means
we
don't
have
to
download
container
d,
let's
like
let's
jump
a
year
to
the
future,
Hansa
down
the
container
d,
don't
have
to
download
cubelet,
so
it
will
make
that
bring
up
a
little
bit
faster
and
avoid
a
dependency
on
what
in
the
past
was
a
flakier
distribution
point,
but
within
a
year's
time,
be
the
same
as
the
kubernetes
distribution
points,
so
no
real
difference
there.
C
E
C
E
C
E
C
Yeah,
that's
the
sort
of
thing,
which
is
the
sort
of
reason
why,
like
a
year
down
the
road,
a
sis
cuddle
or
a
kernel
boot
time
setting
or
whatever
it
is,
comes
up
and
that's
where,
like
we
basically
to
reboot,
that's
sort
of
how
we
got
into
this
world
in
the
first
place,
which
is
the
reboot
requirement
test.
There's
in
the
past
been
changes
which
you
need
it.
We
need
your
reboot
and.
C
E
Plus,
at
anytime,
because
of
the
channels
we
can
generate
back
images
if
we
want,
but
probably
the
no
one
will
be
around
to
generate
I,
don't
know,
I,
don't
know,
that's
yeah
yeah
yeah.
If
you
think
that
there
will
be
project
or
something
to
generate
those
images
at
that
time,
I
don't
see
an
issue.
It
certainly
cops
supports
panels
of
distros.
E
I
E
C
E
E
C
E
C
E
Think
they
they
most
do
track
it,
but
bugs
are
usually
fixed
in
the
latest
version
and
then
they're
back
ported.
Based
on
how
someone
wants
the
backboard
depends
on
how
complicated
the
back
words
are,
for
example,
contract
bugs
were
pretty
hard
to
backport,
even
in
5.1
or
something
kernel
that
Amazon
is
shipping
ECS
or
something
so
I.
E
A
Well,
yes,
we
got
all
the
decision
we'll
do
in
the
next
two
minutes,
so
116
someone's
staying
open,
Stax
broken.
We.