►
From YouTube: Kubernetes kops office hours 20200214
Description
Recording of the kops office hours meeting held on 20200214
A
Hello,
everybody
and
welcome
to
cop's
office
hours
today
is
Valentine's
Day
2020,
so
februar
teenth
I,
am
your
moderator,
facilitator,
Justin,
Santa,
Barbara
I
work
at
Google,
a
reminder
that
this
meeting
is
being
recorded
and
will
be
put
on
the
Internet
and
to
be
mindful
of
our
code
of
conduct.
Please
I
just
pasted
the
link
to
our
agenda
or
replacement
or
attend
in
the
chat.
A
Please
do
feel
free
to
add
your
name
to
the
attendees
list
and
if
there
is
anything
you
would
like
to
bring
up
please
edit
or
insert
it
at
the
correct
place
on
the
agenda.
The
agenda
doesn't
look
too
long
today,
so
I
think
we
will
get
through
it.
But
please
do
so
anyway,
because
it's
helpful
so
follow
along
and
with
that
I
guess.
We
will
jump
straight
to
the
first
item,
which
is
Peter.
Do
you
want
to
tell
us
all
about
coordinates?
A
B
Ben
is
in
full
a
couple
of
weeks
with
Korky
and
SM
cops.
We
tried
to
upgrade
to
167,
and
that
was
cherry
picked
back
a
couple
released
branches
and
it
turns
out
that
image
doesn't
exist
in
the
docker
repo
that
we
use.
We
use
it.
Kate's
GC,
r,
dot,
io
repo,
rather
than
the
official
accordion
s
repo
and
that
hasn't
been
mirrored
I,
believe
it's
because
it
will
get
updated
in
the
next
kubernetes
minor
version,
but
it
doesn't
exist
today.
B
It
wasn't
caught
because
we
didn't
have
any
and
end
tests
using
core
DNS.
We
have
since
added
one
I
had
about
leaf
there,
and
it's
now
green,
also,
there's
a
open
PR
to
discuss
switching
the
cops
default
from
cube
DNS
to
core
DNS,
which
I
think
aligns
nicely
with
the
recent
deprecation
announcement
for
cube
DNS,
so
just
to
give
an
update,
and
if
anyone
has
any
comments.
C
A
Whom
I
guess
would
be
the
question
for
us
or
for
you
me
for
cops
yeah
per
cop,
for
making
that
the
default
I
think
would
rather
depend
on
what
the
what
upstream
is
doing
right.
So,
if
I'm
less
concerned
about
cubed
I'm
much
more
concerned
about
like
Kubb
DNS
and
whether
they
will
continue
to
patch
Kubb
DNS
issues,
because
if
they're
not
gonna
patch
security
things,
we
should
we
should
accelerate
that
change.
I,
don't
know
if
you
have
a
link
Capri
on
to
the
to
the
release
that
you
were
just
referring
to.
Let.
A
B
A
Or
indeed,
a
number
of
difficult
questions
here
after
like
which
gets
into
the
next
one
which
we're
gonna
vote
John
was
talking
about
about
like
how
do
we
catch
I?
Guess
one
subset
of
this,
which
is
like
missing
images,
but
like
do
we
want
to
have
the
images
we
depend
on
mirrored
in
some
location
that
we
can
have
more
traceability
on
right
because
I
mean,
for
example,
I
think
it
is
possible.
A
We
refer
to
them
by
tag
and
not
by
sha,
and
so
it
is
possible
for
someone
to
retag
an
image,
and
there
are
there.
Are
there?
Is
this
working
group
kate's
infra,
that
is
building
protections
against
that
sort
of
thing
for
kubernetes,
for
kate,
CC,
r,
dot,
io
or
something
that
would
eventually
become
case
that
you
see
are
the
AO?
So
that's
one
aspect:
I,
think
that
is
a
good
question.
A
I
think
and
I
can
raise
that
with
people
and
working
group
Kate's
in
for
I
guess
it's
almost
like
a
security
question,
more
an
integrity
question
of
like
the
distro,
the
communities,
distro
I,
think
yeah.
Should
we,
we
probably
should
switch
that
we
should
find
out
what
sway
I'm
with
the
deprecation
of
Campinas
I.
Think
that's
that
first
step
and
do
you
say:
is
there
something
in
the
chat
there
we
go?
Okay,
so
it
is.
A
A
B
A
Why
that
we
change
like
that,
we
choose
what
to
do
right
like
if,
if
it's
deprecated,
yes,
we
would
make
it
that
we
probably
like
say
that
the
default,
if
you
don't
actively
choose
a
provider,
will
change
for
all
clusters
and,
as
of
a
certain
cops
version,
whereas
the
Soudan
kubernetes
version
I
should
say
if
it's
soft
deprecated
like
think
about
it,
we
probably
change
the
default
for
like
new
clusters,
as
you
say,
and
then,
like
think
about
in
a
future
release,
changing
it.
If
it's
unspecified.
C
A
D
It
thanks
to
question
test.
You
know
this
went
in
straight
through
and
wasn't
caught
and
it.
This
is
not
the
only
thing
only
add
on
that
isn't
covered
in
tests.
We've
got
a
lot
of
add-ons
and
it
would
probably
have
some
way
to
test
whether
a
change
actually
real,
some
luck,
working
cluster
or
not.
Yes,
unfortunately,
I
don't
have
a
solution.
I
think
our
only
tool
we
have
now
is
the
full-on
HIV
test,
which
is
flaky
and
expensive.
A
It
yes,
I
think
the
I
think
it's
become
less
flaky,
with
some
of
the
changes
that
you
and
others
proposed,
I.
Think
about
a
month
ago,
where
we,
like
don't
stick
on
head
head,
I,
think
what
we
were
sort
of,
in
other
words,
we've
run
like
more
stable
test
versions
like
the
release
test
version.
I,
think
that's
a
good
change
that
should
help
with
stability.
I
think
it's
only
expensive
if
we
run
them
on
every
PR,
so
I
think
there
could
be
a
I
can
certainly
imagine
a
policy
where
we
hold
well.
A
We
like
to
make
sure
that
everything
passes
him
just
check
like
when
something
goes
wrong
and
like
what
what
those
flakes
are,
whether
they're
flakes
whether
they're,
real
and
I-
think
we've
also
have
talked
in
the
past
about
people
like
adopting
or
picking
a
scenario
that
they
look,
that
they
are
is
important
to
them
and
so
like
if
you're,
if
Cordia
ness
and
psyllium
is
important
to
you,
then
I
think
it'd
be
great
to
create
a
end-to-end
test.
That
runs
every
day.
That
does
that
and
then
we
would
see
those
sort
of
things.
D
A
I
think
it's
I
think
it's
I
think
it's
okay
to
to
cherry-pick
the
ones
we
retest,
at
least
in
in
our
current
testing
strategy.
So
we
we
don't
have
what
I
would
call
fuzz
testing
where
we
basically
like
explore
the
solution.
Space
sort
of
randomly
we
only
have
like
here
is
a
configuration
and
please
run
it
every
n
hours
or
every
n
minutes,
and
so,
given
that
I
think
we
should
take
configurations
that
offer
us
some
coverage,
as
you
say,
up
the
rows
and
columns
and
not
exhaustive,
but
at
least
some
some
indication.
C
A
D
B
Jobs
set
up
for
cops
that
you
can
trigger
with
an
explicit
test
and
it
doesn't
run
automatically
I
think
you
just
said:
optional,
true,
run,
always
false
and
then
there's
a
command
like
test
cops
with
cilia
or
something
I.
You
could
do
that
I,
don't
know
if
it
locks
the
PR.
If
it
fails,
though,
but
it's
still
a
good
indication,
maybe.
C
We
can
do
something
more
intelligent.
Do
we
have
access
to
what
files
were
changed?
If
we
have
access
to
what
files
were
changed?
We
can
start
the
cluster
in
a
bit
more
intelligent
way
like.
If
you
see
a
Don's
cilium,
then
enable
then
start
with
networking
cilium,
but
depends
a
lot
on.
You
know.
If
we
have
the
file
names.
A
A
C
A
B
A
A
Well
or
yeah
that
we
have
some
or
yeah
the
mastery
tests
are
healthy.
Yes,
say
yes
in
this
particular
example
as
well
like
we
also
could
do
a
I
think
we
can
discover
all
the
images
we
use
by
default.
Assuming
you
don't
override
the
images
is
what
I
mean,
and
so
we
could.
We
could
have
a
test
that,
like
checks
and
those
images
exist.
That
feels
like
a
very
specific
thing,
but
I
know
it
happens.
A
So
I'd
be
very
much
in
favor
of
the
like
if
we
keep
pushing
on
more
e
to
e
coverage,
more
e
to
e
scenarios,
at
least
until
we
get
pushback
on
from
the
testing
team,
about
the
cost
or
from
us
as
it
were
about
the
overhead
of
understanding
the
flakes,
and
it
sounds
like
there's
a
process
change
here
to
make
sure
that,
during
a
release,
we
are
much
more
I
am
much
more
diligent.
Well,
I
am
hopefully
soon.
We
are
much
more
diligent
about
checking
the
status,
as
reported
by
the
IDI
tests.
D
A
This
one
so
the
scenario
so
we
do
have.
We
actually
have
some
some
mock
tests.
The
do
this
sort
of
thing
and
I
wonder
if
we
could
catch
the
stuff
in
mocks.
The
problem
is
I
guess
the
scenario
is
I
have
version,
one
of
my
manifests
and
the
PR
changes
an
immutable
field,
but
doesn't
introduce
a
new
file.
It's
sort
of
the
real
problematic
one
right.
So
I
need
to
go
back
into
the
gate
history
to
where
it
was
before
there.
D
Was
one
we
actually
shipped,
which
was
when
we
moved
from
a
demon
set
from
extensions
to
apps
the
field
selector
was
supplied
and
the
field
selector
was
incompatible
with
the
previous
employed
field.
Selector
in
extensions,
so
someone
going
across
the
one
told
boundary
would
get
a
failure
which
benefits
was
that
that
was.
B
D
B
Think
if
there
is
a
way
that
cops
could
kind
of
output
its
manifests
in
a
way
that
we
could
just
apply
them
to
even
like
a
kind
cluster
or
something
something
very
lightweight,
because
all
that
matters
is
whether
the
API
server
accepts
the
matter.
A
change
to
the
manifest.
For
this
particular
scenario,
it's.
A
B
And
I
think
one
one
start
to
that:
I
would
be
if
cops
had
a
way
of
having
its
own
tests
ran
and
ete,
because
right
now
we
only
run
the
kubernetes
repos,
ege
tests,
there's
a
way
for
cops
to
define
its
own.
You
know
tests
and
assertions
that
I
ran
as
a
part
of
the
ete
tests.
That's
where
we
could
do
something
like
testing
rolling
updates
testing
upgrades
those
sorts
of
things
yeah.
A
And
we
could
also
run
the
community
ETF,
so
we
could,
we
could
sort
of
invert.
The
I
mean
we've
actually
started
doing
this
right.
We
have
so,
for
example,
we
have
some
tests
that
run
the
tests
like
Basel,
is
correctly
formatted
right
or
generated.
We
could
imagine
having
an
ad
test
that
brings
up
by
a
cluster
upgrades.
The
cluster
does
all
that
sort
of
fun
stuff.
D
A
Version,
that's
how
we
missed
it.
Yeah
cuz
I
was
like
how
did
I
not
stop
that
okay
yeah
cuz.
If
you
try
to
change
the
immutable,
feel
it
just
doesn't
upgrade
yeah.
So
that's
even
harder
to
see
because
like
well
a
naive
upgrade.
The
upgrade
test
I
would
have
written,
would
not
have
felt,
but
not
a
spot
of
that
yeah.
D
E
A
B
A
That's
the
John's
point
about
that
being
expensive.
That
will
take
a
long
time
and
I
suspect
there
might
be
one
or
two
flakes,
but
yes,
that
would
be
should
we
should
at
least
try
I
would
hope
yeah.
You
know
I
mean
you're
absolute,
because
there
is
certainly
the
potential
have
like
hysteresis
such
that
just
cuz.
One
time
you
go
to
111
and
111
get
a
112
doesn't
mean
that
110
can
go
to
what
11
at
my
12.
C
C
A
C
A
Yes,
which
seems
as
far
as
I
know,
to
just
be
like
a
fact
of
life
on
a
device
which
is
that
volume
and
volume
attach
and
detach
times,
sometimes
are
super
well
even
volume,
its
volume
detach,
there's
something
which
could
happen
at
the
kernel
level.
I
guess
like.
If
you're
using
the
volume
you
can
understand,
but
volume
even
volume
attached
can
vary
from
almost
instant
to
like
very
slow
and
as
far
as
I
know,
another
we've
ever
got
to
the
bottom
of
why
that
is
I.
A
C
C
A
C
C
A
B
A
B
C
A
C
So
the
same
way,
I
implemented
the
tgz
for
container
D
I
change
the
beat
the
way
it
is
done
for
docker
moved
the
packages
that
were
installed
to.
Let's
say
the
packages
go
so
that
it
can
install
easily
at
EDC
it
has.
Some
advantages
would
be
able
to
run
on
more
distros
like
it'll,
be
able
to
run
also
an
Amazon
lean
plus
instead
of
doing
adding
six
packages
with
every
docker
release
you
get
to
add.
Just
one
should
be
simpler.
C
B
We've
made
some
progress
using
the
Google
cloud,
build
jobs
available
to
us.
We
now
have
our.
We
have
a
post
submit
image,
pushing
job,
it's
ran
on
every
merge
and
we
have
the
cops
controller
image
getting
successfully
post
to
GC
are
there's
issues
with
its
tagging,
but
at
least
it's
up
there.
I
guess
permissions
are
in
place.
We
also
have
the
cops
node
up
and
all
of
the
image
tar.gz
files
uploaded
to
GCS.
Those
are
tagged
with
commits,
so
those
are
immutable.
B
A
Yeah
and
as
I
think
I
understand
it
the,
although
we
could
relatively
easily
change
the
tag
with
which
we
push
images
to
GCR
the.
We
also
have
to
plumb
that,
through
into
the
manifest
to
match
the
tag
that
we're
pushing,
which
is
sort
of
that,
the
trickier
bit
so
freaks,
and
so
we
do
have
an
override
when
you
set
cup
space
URL,
which
is
that
we
basically
preload
the
image,
and
when
we
do
that,
my
understanding
is,
we
don't
try
to
pull
it
from
docker
registry,
but
I'm
just
wondering
yes,
that's
only
true.
A
If
image
pull
policy
is
not
always
or
whatever
but
anyways,
we
need
to
check
that,
but
that
is
so
like
with
cosplay
Sakura
I
think
it
should
work,
but
the
problem
with
cup
space
URLs.
It's
not
art,
not
how
we
run
cups
releases,
so
cups
releases
today
still
pull
from
a
docker
registry
and
I
guess
they're.
The
underlying
question
here
is:
should
we
do
people
have
a
view
as
to
whether
we
should
try
to
get
these
images
pulling
from
a
docker
registry
or
beef
up
the
ways
to
load
them
from
from
a
file?
A
Definitely
one
issue
which
is
like
if
it
happens
that
the
image
gets
evicted.
Let
me
guess
removes
then
if
it's
preloaded
you're,
basically
stuck,
and
so
that's
why
we
have
tended
to
only
rely
on
the
cup
space
URL
for
some
development
builds.
You
know
it's
fine
for
dev
builds
like,
but
it's
not,
presumably
one
run
in
production.
Also,
you
know
having
images
running
on
your
node
square.
I
guess
security
comes
along.
I
was
like
what
is
this
image?
It
doesn't
exist.
You're
like
yes,
that's
true,
it
does
not
exist.
A
A
The
correct
thing
to
do
is
always
to
you
know:
do
the
full
build
and
the
full
upload,
but
a
lot
of
people
don't
do
that
in
that
it's
certainly
very
natural
started,
and
so
I
don't
know.
If
that
I,
don't
think
it
would
help
here
actually,
unless
we
actually
wanted
to
update
all
the
time
I
guess
we
could
maintain
a
rolling
tag
but
I'm
not
sure
that'd
be
any
better
like
Deb,
flayed
us
or
something.
D
A
The
scenario
is
I
hope
people
that,
yes,
true,
if
you
like
pulled
me
over
L
release,
French,
yes,
that
also
but
yeah
for
people
that
are
like
contributing
code
or
changing
the
code.
I
would
hope
they
would
find
the
instructions
on
how
to
like
do
a
full
bill,
but
yeah.
They
certainly
are
not
easy
to
find
I.
A
A
A
A
Someone
we
build
these
stage
muses
all
the
time,
and
then
we
have
a
pyaare
that
goes
in
or
that
is
proposed
against
a
sort
of
a
git
repo
and
it
lists
the
shah's
of
the
artifacts
who
want
to
promote
and
someone
else
approves
it,
and
so
that
can
enable
anyone
to
do
releases.
I
think
the
missing
piece
right
now
is:
we
don't
really
know
how
to
well
there's
some
mechanics
I
should
get
that
working,
but
the
other
more
challenging
one
is.
How
would
someone
feel
good
about
approving
that
PR
like?
A
How
would
they
say
this
shots
a
good
shot
and
did
that
if
they
can't
build
it
themselves
or
if
they
have
like
no
way
of
knowing
where
these
binaries
really
came
from
type
thing?
Are
we
any
better
off
in
that
world,
so
that's
sort
of
what
I'm
trying
to
figure
out
it's
like
making
it
so
that
people
can
somehow
say?
Yes,
this
is
right.
A
C
A
Like
a
good
idea,
I'm
pacing
in
the
things
from
last
time
to
see
so
we
didn't
do
the
am
I
promote
well
I,
don't
think
we
did
at
my
promotion.
I
did
not
create
Buster
a
mais
everything.
No
one
else
did
we
have
three
open
branches
which
is
117,
1,
116,
117,
118
and
I?
Think
you're
saying
we
should
try
to
do
one
16-0
I,
don't
know
if
anyone
else
has
any
issues
that
they
are
aware
of
with
the
116
branch,
whether
people
feel
confident
going
to
release
is
really
the
beta
I
think
I'm.
A
C
D
C
D
B
D
A
C
A
A
A
A
A
Look
good
for
everyone,
so
looking
at
doing
the
Buster
ami
is
maybe
some
ami
promotion
I
think
we
did
a
criminal
use,
guess
so
what
communities
promotion
go
through.
So
what
we
will
aim
for
one
16-0
yeah,
and
when
we
do
that,
we
will
do
117,
0
beta
to
other
weight,
having
two
alphas
and
start
stabilizing
117,
and
we
won't
particularly
prioritizing
118
0
alpha
unless
anything
comes
up.
But
we
can
certainly
do
what.
A
A
If
it's
our
duty
to
tell
people,
we
should
start
testing
on
flat
car
if
we're
not
already
doing
so,
and
then
I
don't
know
if
we
need
to
tell
people
if
you
want
to
put
an
informative
note
in
the
release
notes
anywhere
that
by
the
way
core
OS
is
sufficiently
whatever
the
status
is,
so
we
all
be
like
refocusing
core
OS
efforts
on
flat
car.
That
would
be
reasonable
in
my
opinion,
but
I
don't
think
we
should
only.
We
need
to
mirror
the
deprecation
notice
to
me.
I.
C
Don't
think
so
either,
but
I
was
thinking.
Maybe
we
already
do
some
checks
on
the
images
to
make
some
changes
to
the
config.
So
maybe,
if
someone
selects
a
core
OS
image
print,
a
warning,
a
chorus
is
deprecated,
look
into
alternatives,
not
sure.
If
you
want
to
do
that
or
just
let
people
use
core
OS
and
I
guess
when
they
go
to
find
the
new
versions,
they
will
realize
that's
not
working
anymore
or
something
yeah.
A
I
I'm
not
overly
opposed
I,
don't
want
to
create
a
precedent,
but
if
people
want
to
be
like,
if
you
want
to
put
in
a
note,
tell
people
that
seems
helpful,
I
would
certainly
start
by
making
sure
that
flatcar
is
great.
And
then
we
can
yeah.
I
would
feel
bad
about
putting
in
the
notes
telling
people
to
use
black
art,
but
then
like
was
not
ready
to.