►
From YouTube: Kubernetes Kops Office Hours 20180706
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello:
everyone:
it
is
Friday
July
6th.
This
is
the
cop's
office
hours.
We
have
a
fairly
light
agenda,
but
let's
get
going
on
it
I
think
the
the
the
main
thing,
that's
I'm
sure
on
everyone's
mind,
is
moving
forwards
with
releases
of
110
and
then
also
starting.
The
111
release,
which
we've
talked
about
in
the
past,
is
being
you
know,
wanting
to
roll
that
out
faster
into
alpha
at
least
so
I'm
thinking.
A
A
Instead,
the
big
important
thing
for
that
to
happen,
though,
is
that
we
have
to
make
sure
that
the
110
release
is
looking
good
and
we
don't
have
too
many
features
that
we're
gonna
have
to
back
port,
and
there
are
a
couple
of
issues
in
the
github
issues
which
I'm
definitely
go
through,
and
but
if
anyone
else
knows
of
any
other
bigger
issues
other
than
the
ones
already
on
the
agenda,
then
please
do
either
put
them
on
the
agenda
or
mention
them
now.
That'll
be
great.
A
Otherwise,
I
probably
do
operated
Abeyta
I
have
some
extra
stuff
happening
software.
Do
the
data
in
the
middle
of
next
week
scurry
around
Wednesday
of
next
week,
and
then
we
can
yeah,
hopefully
do
a
release
within
a
week
or
two
of
that
and
we'll
do
the
111
alpha
around
then
as
well.
Well,
that's
the
plan
cool
all
right.
Moving
on
Fred.
Are
you
here,
I
thought
yep.
You.
B
A
C
A
C
Really
quick
I,
don't
have
much
to
say:
I
just
opened
this
PR,
which
I
so
I
open
it
this
morning,
yeah
it's
6:00
p.m.
here
so
which
yeah
it
just
implements
a
super
simple
Hecky
support
for
certificate.
In
this
case,
I
only
am
the
ACM
certificate
for
the
API
load.
Balancer
I
created
a
cluster
with
that
and
surprise
surprise.
It
works
so,
but
I'm
totally
not
familiar
with
the
cops
codebase.
So
I
just
said,
I
look
at
it
and
packing
around
so
I,
just
looking
for
feedback.
C
Not
only
that
and
I
thought
it's
the
right
place
to
actually
ask
for
feedback
and
essentially
what
it
does,
especially
regarding
and
what
it
does
is
nothing
special.
It
just
uses
that
certificate
for
the
ELB
in
front
of
the
api
dps
server,
which
means
that
you
don't
need
to
see
any
more
into
the
config
file.
Why
do
I
want
that?
Easy-Peasy
I,
just
don't
want
to
ship
everybody.
The
configure
just
want
to
you
know:
that's
the
URL.
You
can
talk
with
it
and
you
can
trust
it
because
it's
certificate
also
free
in
lbs.
C
I,
just
I
didn't
know
exactly
out
to
do
it.
So
I
just
put
a
flag
like
to
the
argument
to
the
CLI.
Maybe
there
are
better
way
like
putting
the
yeah
mode
or
something
and
and
it
just
busted
the
area
and
that's
it
essentially
and
I.
Do
it
across
recreation,
I
can
probably
a
it's
not
I,
think
about
it.
I
will
edit
the
pure
to
the
comment
to
how
to
run
this.
In
case
someone
wants
to
check
the
PR
and
and
try
it.
A
A
C
A
A
I
think
the
good
thing
is
because
it's
extra
functionality
that
you
have
to
opt
into
there's
not
as
much
risk,
so
we
can
basically
get
this
in
without
too
much
risk.
The
only
thing
that
we
might
want
to
think
about
is
you
know
in
future.
Maybe
people
want
to
automatically
generate
these
things
or
something
like
that
and
making
sure
we
have
a
syntax
that
allows
for
that.
But
I'll
have
a
look
at
this
PR
and
he
we
can
try
to
come
up
with
something.
C
C
A
C
C
Think
that
you
Justin
already
reviewed
some
time
ago
is
in
cocoa
Benitez,
which
is
to
add
a
security
group
without
having
extra
rules,
and
the
old
idea
is
that
to
set
a
proper
security
group
for
all
for
real,
be
for
service
services
and
not
adding
rules,
because
the
current
behavior
is
that
you
always
have
two
zero
zero
two,
and
so,
if
you
really
want
to
restrict
stuff
for
service,
is
not
possible.
So
there
is
a
PR.
If
someone
is
interested,
I
will
post
it
in
the
chat.
C
A
A
D
Than
110
three
so
I
upgraded
my
development
clusters
to
with
cops
alpha
and
it
used
one
110
three
by
default
and
several
of
the
helm
charts
I
had
installed
we're
failing
due
to
issues
with
the
volume
mounts
that
word
fixed
in
one
tenth
floor,
I
upgraded
to
one
ten
five
and
that's
currently
what
I'm
running
without
any
issues.
So
one
ten
for
at.
A
Least,
and
probably
we
should
just
recommend
the
latest
and
greatest
yeah-
that's
a
big
cool
I'll.
Put
that
on
the
list
is
we
normally
put
it
into
to
see
where
we
are
in
the
output
channel
we
normally
put
into
the
Alpha
Channel,
let
it
fake
there
and
theory
people
test,
it
definitely
goes
really
needy
tests
and
then
from
would
into
the
stable
channel.
This
looks
like
it
might
be
more
of
a
more
of
a
blocker
given
if
helmets
are
actually
breaking,
and
that
is
a
gonna,
be
I'm.
D
A
E
C
Sorry
there
is
full
documentation
on
the
together
or
rape
or
don't
use
it
with
cops,
even
though
I
always
had
a
bug
that
some
people
having
some
people
come
out
with
no
clue.
Why,
which
is
essentially
like
I,
have
to
restart
the
API
server
after
I
apply
the
indicator
at
once
that,
because
there
is
some
TLS
craziness
going
on,
which
fully
need
from
croc
and
to
be
honest,
I
just
restarted
ruined
that
happen.
Like
a
pacification,
it
always
happen.
A
Okay,
yeah
I,
don't
I,
don't
have
any
insight
there
and
possible
is
she
was
cute
proxy?
Unfortunately,
no,
no
issue
number
I,
don't
know
that
sounds
pretty
serious
but
I
in
the
absence
of
any
more
information.
I.
Guess
we
leave
it
and
see
if
Fred
pops
up
see.
Is
there
anything
else
anyone
wants
to
talk
about
Rohit.
You
want
to
talk
about
your
amazing
Authenticator
or
yes,
I
guess
Authenticator.
What
would
you
call
it?
No.
A
F
A
F
A
F
A
But
it
is,
it
is
optional
and
opt-in
at
the
moment
right
so
I'm
thinking
we
can
get
it
in
as
a
ow
as
a
feature
flagged
feature
so
that
we
make
it
very
clear
that
we
are
not
guaranteeing
it
because
they're
still
like
it's
a
fairly
big
big
change.
It's
a
good
change,
I!
Think.
But
it's
really,
you
know
it's
a
sizable
change,
yeah.
F
A
Right,
well
that
sounds
very,
very
safe.
No
one's
accidentally
gonna
fall
into
that
by
mistake,
so
I
will
see
if
we
are
able
to
get
that
into
the
beta
I
think
it
would
be
great
because
one
of
those
things
that
the
more
eyes
on
it,
the
better
I,
think
and
we
definitely
need
node,
authentication
or
node
bootstrapping
I,
don't
know
what
we
call
it,
but
per
node
certificates
yeah
into
date,
and
it
would
be
great
to
get
that
in
and
I
think.
A
A
Correct
and
I
actually
thought
my
thought
on
this
was
that
even
in
a
machines
API
world,
the
sort
of
it
might
be
that
the
code
moves
right,
but
that
the
the
sort
of
the
general
handshake
we
sort
of
still
need
a
similar
sort
of
handshake.
We're
trying
to
establish
that
the
machine
that
we're
talking
to
is
who
we
think
it
is
so
I
can
imagine
that
there's
a
lot
of
overlap
in
the
code.
A
A
Various
yeah
cool
all
right
is
there
anything
else.
Anyone
would
like
to
talk
about,
or
are
we
some
good
stuff
on
there
and
yes,
I?
Think
if
we
get
one
ten
beta
out
with
some
of
those
fixes
with
110,
four
or
whatever
the
latest
I
want
ten
is,
and
hopefully
the
nodal
indicator
in
feature
flag
and
a
dress.
A
F
C
A
F
A
A
That's
what
the
machines
API
is
going
to
introduce
in
order
to
make
the
rollout
safe
in
today,
we
would
have
to
sort
of
read
reinvent
some
way
of
storing
the
the
rollout
state
and
that's
what
I'm
wondering
if
just
isn't
really
worth
it
versus
adopting
the
machines
API.
But
on
the
other
hand,
if
I
I
know
it's
a
good
feature
in
a
lot
of
people,
water
uses
a
lot
of
work
to
keep
it
up,
but
I
don't
know
that's
my
challenge.
What
do
you
think
I'm.
F
B
A
There,
like
an
official
one,
so
the
machines
API
itself
is
part
of
the
cluster
API
and
is
a
generic
API
across
all
the
kubernetes
is
the
hope
it's
a
fairly
open-ended
API.
So
they
have
something
like
a
deployment
called
a
mission.
They
call
it
a
machine
deployment,
a
machine
set
and
a
machine
which
correspond
to
deployment
replicas
set
and
pod
and
they're
all
pretty
generic
at
the
moment,
and
they
each
have
a
provider
config
block
which
is
sort
of
an
extension
block.
A
So
you
have
one
controller
which
will
be
specific
to
your
cloud
and
the
way
you
install,
but
then
the
logic
that
does
the
rolling
update
will
be
generic,
so
we
could
take
Gamble's
PR
and
make
a
generic
PR.
That
would
then
work
on
any
on
any
implementation
of
the
not
even
cops
for
example,
so
it
would
work
on
maybe
gke.
A
If
GK
adopted
the
machines,
a
para
eks,
if
e
KS
adopted
the
machines,
API
write
that
one
but
same
logic
would
work
everywhere
and
it
wouldn't
necessarily
be
a
de
cloud
provider
level,
so
it
wouldn't
necessary,
be
in
auto-scaling
groups.
It
would
be
at
be
like
machines
that
will
track
through
the
kubernetes
api,
so
so
that's
nice,
but
that
it
is
at
the
it's
a
machine.
It
sorry
it's
at
the
it's.
It's
a
kubernetes
api,
basically
for
managing
its
our
first
community
API
for
managing
the
infrastructure
that
is
like
part
of
the
kubernetes
project.
A
A
A
A
So
it's
almost
you
know
you
could
run
cube
ATM,
you
could
run
whatever
you
wanted
to,
or
the
the
Machine
controller
can
run
whatever
it
wants
to
that.
The
machine
controller
is
basically
responsible
for
are
getting
a
node
to
register
with
sort
of
general
configuration
as
specified
by
the
machine.
So
a
machine
specifies.
A
Well,
the
I
I
think
it's
difficult
to
know,
what's
actually
in
the
core
object
and
what's
in
the
provider
config.
But
you
know
the
machine
would
specify
the
kubernetes
version
for
the
cubelet,
for
example
it
would,
it
would
specify
the
amount
of
memory
and
CPUs
and
whether
you
wanted
a
GPU
all
that
sort
of
stuff
so
or
maybe
just
the
instance
type
on
AWS.
A
It
could
specify
the
networking
options,
but
that
would
definitely
be
getting
into
provider
config,
but
the
idea
is
that
the
machine
controller,
then,
is
the
only
thing
that
needs
to
know
anything
about
the
cloud
and
that
the
rolling
update
logic
or
the
sort
of
how
you
run
machines
is
then
abstracted
away
from
or
can
be
implemented
once
and
work
across
all
cloud
providers.
And
so
we
have
something
similar
to
this
in
cups.
Today,
where
we
have
you
know
the
rolling
up,
we
don't
write
it,
a
different
rolling
update
for
GCE.
A
Then
we
do
for
AWS,
but
we
implement
at
the
same
interface
in
terms
of
I
kind
of
we
call
them
cloud
instance,
groups
I
think
what
we
called
them,
and
so,
but
this
is
sort
of
taking
that
to
a
more
kubernetes
level,
so
that
you
can
actually
split
that
logic
out.
We
have.
We
have
interface,
abstraction
and
cops,
and
you
could
actually
split
it
into
separate
controllers
in
kubernetes,
okay,.
B
A
G
Did
the
specific
issue
that
I
encountered
with
that
one
seemed
to
be
the
I
was
a
filesystem
permission
issue,
so
I
had
that
you
use
the
security
context
that
doesn't
map
your
route.
User
ID
is
something
else
or
something
like
that.
But
I'd
be
happy
to
hear
more
about
that.
What
you're
talking.
A
About
oh
no
I
mean
I.
Think,
though
we
I
think
so
I
think
it
was.
I
saw
the
P
R,
which
changed
from
mod
600
to
644,
and
that
looks
good
I
need
to
understand
why
we
have
to
do
that,
but
that
that
makes
sense
as
a
problem
that
we
have
to
solve,
and
it
would
be
great
not
not
to
have
to
make
it
world
readable
or
yeah
world
readable,
but
it
would
be
it's
an
acceptable
fix,
but
I
don't
know.
If
we
can,
you
know,
do
better,
I,
don't
make
it
more
so
tighter.
A
We
also
know
we
have
to
Authenticator,
has
also
been
accepted
as
a
sub-project
of
C
AWS,
so
we're
gonna
and
as
and
as
part
of
that
is
gonna
be
renamed
AWS
Authenticator,
and
so
because
it's
only
been
done
as
an
alpha
release
so
far
we're
just
gonna
rename
it
from
I.
Guess
Authenticator.
You
must
have
tio2
Authenticator
equals
AWS.
A
G
G
Actually,
actually
maybe
you
guys
can
give
me
some
guidance
in
the
form
of
a
link
or
a
previous
item,
but
between
the
a
WSB,
PCE
and
I
thing
and
and
and
something
about
the
cops
cluster
or
something
we
sometimes
get.
Pods
that
are
unable
to
talk
to
the
cluster
dip
for
API,
server
and
and
I
was
hoping.
G
Maybe
you
guys
could
give
a
explain
how
we
can
go
around
like
identifying
which
pieces
it's
it's
most
likely
AWS
as
CPCC
and
I
thing
I
think,
and
it
has
something
to
do
with
when
the
second
DNI
gets
attached
or
something
to
that
effect.
Something
is
busted
on
the
source
or
destination,
either
the
the
worker
node
or
the
hours,
the
master,
control,
plane,
node
or
something
is
going
on
and
haven't
really
been
able
to
figure
out
identify
exactly
what
it
is
other
than
ii
ii,
and
I
seems
to
play
a
role
somehow
and.
G
B
You
know
there's
a
limitation
with
with
that,
with
how
many
pods
you
could
run
per
per
node
depending
on
the
node
type
it
so
like.
There's
there's
a
map
that
they
have
in
the
eks
node
CloudFormation
thing
where,
when
they
set
up
the
the
cubelets
there,
they
set
the
amount
of
pods
based
on
the
node
type
and
a.
G
C
G
Why
I
bring
it
up
is
I,
think
it's
possibly
all
clustered
lips
are
all
services
or
all
cluster
IDs
are
broken
somehow
when
they
go
off
note
for
for
some
pots
or
something
like
that,
I'm
hoping
maybe
by
the
next
time.
This
comes
around
I'll
have
more
more
context
and
something
but
I
was
I
was
hoping.
Maybe
you
guys
could
give
me
something
other
like
a
troubleshooting
guide
or
something
so
I
can
rule
out,
say
coup
proxy
or
something
as
being
the
culprit
like
it's
very
most
likely
it's
there,
the
others.
A
So
there
is
actually
a
all
right,
so
there
is
a
service
troubleshooting
guide
and
it
will
help
you
narrow
down
whether,
for
example,
it
is
the
like
the
VIP
or
DMS
or
internode
networking.
So,
like
you
know,
if
you
try
to
reach
the
pod
directly
or
guide
P
directly
in
this
in
the
case
of
API
server,
then
you
know:
that's
not
the
VIP.
Yes,.
G
Good
point
and
I
do
have
a
silly
question.
In
general,
it
seems
like
the
the
cluster
IPS
or
whatnot
like
the
server-side
keys.
Come
from
a
setting
in
the
cluster
spec
called
non
masquerades.
Cider
block
is
like
their
sign
from
there.
I
don't
quite
understand
what
that
means
as
far
as
not
a
masquerade,
because
that's
that's
not
an
actual
routable
address
range
right
and
correct.
A
So
the
the
the
service
block
is
a
block
of.
Basically,
you
know
we
assign
these
virtual
IPS.
They
basically
have
to
be
just
unused
elsewhere
in
the
cluster,
because
they're
stolen
from
the
address
space
and
remapped
the
the
nomenclature
of
it,
is
a
little
weird
I.
Don't
it's
actually
nom
masquerades
it's
a
subset
of
non
masquerade,
cider
block
I!
Think
if
I
recall
correctly,
it's
a
sub
you
yet.
G
A
Yes,
it
is
it's
a
sort
of
the
name
made
more
sense
originally
went
before
we
had
like
CNI
and
all
these
sort
of
fancy
other
ways
of
doing
things,
and
it
used
to
be
basically
the
set
of
the
internal
network.
The
the
the
IP
address
is
used
inside
the
cluster
and
they
were
there
for
not
doing
mask
IP
masquerade
for
NAT
on
the
way
out
is
sort
of
how
I
remember
it.
When
you
say
like
the
video
database,
V,
PCC
and
I,
then
the
pot
Opie's
aren't
masqueraded
either.
So
now
it's
really
a
little
confusing.
A
G
A
Well
done
everyone,
it's
a
team
effort
and
thank
you
for
one
but
good.
So
hopefully
we
can
get
it
get
it
released,
and
hopefully
you
can
track
that
down
and
yeah
I
I'm
happy
to
know
that
it's
likely
related
to
the
ats-v
PCC
and
I
provided,
which
is
still
a
little.
You
know
earlier
than
other
things,
but
yeah,
certainly
if
you're
able
to
track
it
down
through.
Let
us
know
what
you
find,
because
if
it's
more
general
then
that's
obviously
even
more.
Concerning
okay.
G
G
A
Don't
love
I
personally
love
people
using
it,
but
they
are
useful
like
I.
Very
much
would
rather
people
use
a
like
a
daemon
said
if
it's
possible,
but
it
should
be
documented
and
I.
Think
we
have
I
mean
there's
a
top-level
directory
called
hooks,
which
has
some
examples
and
then
oh
yeah,
and
actually
the
that's
what's
going
on
docks
hooks
has
disappeared.
Where'd
it
go,
one
of
them
has
a
link,
it
has
a
broken
link,
but
I
thought
it
was.
A
A
The
big
dilemma
about
them
is
that
they
they
tie.
You
I,
guess
to
your
OS
image,
a
lot
more
and
they're,
not
really
as
integrated
into
kubernetes
as
they're
sort
of
invisible
right,
they're
sort
of
a
cop's
feature,
and
so,
if
you
can
use
a
daemon
set,
a
privileged
daemon
set,
which
runs
on
all
your
nodes
and
that
works
for
you,
then
you
can,
you
know,
see
the
output
of
them
easily.
You
can
easily,
you
know,
upgrade
them
it's
easier
to
test.
You
can
roll
it
out.
You
know
all
the
niceties
of
communities.
A
So
if
and
that's
a
big,
if
you're
able
to
use
a
daemon
set
to
do
that,
I
personally
think
that's
a
nicer
option,
but
a
lot
of
people
can't
and
luckily
we'll
have
more
advanced
use
cases
that
are
harder
to
fit
into
the
daemon
set.
And
so
that's
why
we
have
them
they
are.
They
are
not
supposed
to
be
as
hidden
as
they
are
I,
don't
know
where
they've
gotten
to
be
that
list
and
they
are
supposed
to
be
documented
and
I.
A
Just
don't
understand
where
they've
gone,
I'm,
trying
to
search
for
like
hook,
I
found
a
little
broken
link
if
I
haven't
found
there
yeah
the
actual
hooks.
If
you
look
in
the
hooks
top-level
directory,
there
are
at
least
two
examples
which
should
demonstrate
how
to
use
them.
Campbell
do
you
know
where
they
are
where
the
docks
are.