►
From YouTube: Kubernetes - AWS Provider - Meeting 20220318
Description
Recording of the AWS Provider subproject meeting held on 20220318
Agenda - https://docs.google.com/document/d/1-i0xQidlXnFEP9fXHWkBxqySkXwJnrGJP9OGyP2_P14/
Subproject updates:
Authenticator - discussed https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/416
A
Good
morning
it's
march,
18
2022.,
welcome
to
the
cloud
provider
aws
meeting
of
the
kubernetes
project.
The
meeting
is
being
recorded.
Please
be
mindful
to
the
cncf
code
of
connect.
Let's
get
started.
Let
me
share
my
screen
here.
B
C
I
think
the
big
news
is,
I
think
we
released
one
twenty
three
zero.
I
think
we
did
that
just
after
the
previous
sega
west
meeting
other
than
that,
I
don't
know
of
anything
peter.
I
don't
know
if
you
know
of
anything,
but
those
are.
That
was
our
big
thing,
so
rolling
forwards
with
releases
yep.
That's.
A
The
next
is
the
load
balancer
controller,
so
we
just
published
the
version
2.4.1
pass
release
day
before
yesterday,
and
the
important
changes
are
support
for
fail
open
of
target
group,
so
in
case
like
if
there
is
a
misconfiguration
or
outage
of
the
control
plane,
we
still
want
the
data
plane
component
to
continue
to
work.
So
we
added
this
opt-in
feature
for
now.
A
So
customers
can
opt
into
this
feature
in
this
patch
release,
eventually
will
make
it
at
the
default
in
future
releases.
We
also
removed
permissions
for
secret
resources,
so
controller
no
longer
needs
secret
resources
permission.
This
was
for
security
reasons,
so
we
modified
such
that
we
don't
have
to
watch
all
the
secret
resources
in
the
cluster.
A
So
the
pull
requests
of
note.
So
let's
go
on
that.
A
B
Yeah
I
put
this
in
there.
This
is
something
that
we
discussed
in
in
the
fighter
aws
meeting,
probably
about
a
month
ago.
We
did
do
an
internal
review
of
this
particular
pull
request.
This
is
the
one
that
added
barn-like
matching
for
the
aws
im
authenticator.
B
Ostensibly
one
of
the
main
use
cases
that
this
pr
solves
is
the
current
pain
point
with
aws
sso
integration.
So,
like
I
don't
know,
if
you're
familiar.
B
Session
that
is
or
sorry
the
session
role,
but
is
created
by
aws
sso
has
this
generated
like
random,
set
of
characters
in
it,
and
it's
just
annoying
for
admins
to
have
to
like
keep
adding
these
role
or
user
arn's
that
are
generated
by
aws
ssf.
So
this
arm,
like
wild
card
support,
was
to
address
that
particular
pain
point
in
the
internal
review.
B
We
ended
up
sort
of
coming
down
on
a
decision
to
ask
logan
who's
the
contributor
to
sort
of
re-uh
rethink
the
the
pr,
and
instead
of
a
more
generic
sort
of
barn-like
matching
for
both
user
and
role
and
including
like
globs.
We
we
thought
it
would
be
better
to
specifically
address
the
aws
sso
use
case,
including
the
like
the
specific
string
that
aws
sso
puts
into
the
to
the
rail
role
arn
and
anyway.
So
I
I've
gone
back.
B
I
had
a
couple
of
conversations
with
logan
and
those
conversations
are
continuing
on
the
on
slack
he's
in,
I
believe,
australia
or
new
zealand.
So
it's
kind
of
time
zone
issues,
but
hopefully
we
can
have
a
path
forward
here
in
the
next
or
by
the
next
meeting.
A
Sure
we'll
hear
in
the
next
meeting
about
this,
I
have
come
to
the
end
of
the
agenda
here.
Anybody
has
anything
else
to
bring
about.
A
All
righty,
in
that
case
yeah
we'll
I'll,
stop
the
recording.