►
From YouTube: kubeadm office hours 2019-11-06
A
A
B
Hi
I'm
Reggie,
basically
I'm
coming
from
rice
cooker
and
I,
mostly
consult
on
open
source
technology
to
work
parents,
so
I
also
maintain
hope
of
calcio.
Recently
we
were
using
multi
cloud
with
AWS
Azure
and
UCP
and
renter
on
top
of
it.
Basically
I've
started
contributing
in
kubernetes
I'd
very
easily,
so
I
thought
who
believes
very
best
to
start
with
so
I
just
just
joined
this
club.
A
A
We
published
the
cube,
ADM
onboarding
video.
You
can
check
this
out,
so
this
is
a
recording
of
me
talking
about
like
what
is
the
proper
way
to
get
involved
into
the
beta
and
development
process.
The
video
is
very
long,
so
it
has
sections
that
you
can
skip
if
you
are
not
interested
interested
in
this
particular
area.
A
So
yeah
we
already
shared
this
in
multiple
locations,
so
hopefully
folks
can
find
it
and
join
our
development.
The
next
PSA
is
that
we
have
cement
and
test
failures.
Mifa
bridge
were
working
on
that
I
am
going
to
send
some
PRS
later
today.
Actually,
these
are
not
failures,
incubate
them.
These
are
failures
in
our
infrastructure,
like
our
tools,
parts
of
the
ecosystem.
So
hopefully
we
can
resolve
this
family's
on.
The
next
piece
is
that
there
is
a
work
in
progress
by
C
cough
to.
A
Basically,
let
me
show
you
this
issue,
so
there
is
a
work
in
progress
on
enabling
a
new
security
feature
in
kubernetes
that
is
walking,
mirror
pots
or
pots
that
are
created
by
the
couplet.
When
you
run
study
pots,
you
have
mirror
pots
that
are
viewable
by
the
API
server,
but
there's
some
security
issues
with
those
and
now
incubate
them.
A
We
have
to
whitelist
our
static
pots
for
the
controlling
and
the
work
has
already
started,
but
I'm
not
sure
if
this
is
going
to
even
graduate
to
offer
in
117,
because
there
are
some
questions
in
the
pending
pairs,
but
I
wanted
to
raise
attention
that
if
this
ends
up
in
117,
we
have
to
enable
some
changes
in
Hebei,
diem
and
I
already
have
a
pair
for
that.
It's
linked
here,
I
think
I
saw
it
here
and
you
can
participate
in
these
discussions.
If
you
are
interested,
I
see
a
PSA
from
Ross
about
comparing
Kovac.
C
C
C
B
C
A
D
A
A
C
I,
don't
know
if
we
actually
want
to
start
merging
the
full
series
right
now,
because
they're
going
to
be
like
three
piers
and
up
to
today
up
to
now,
actually
there
are
two
uploaded
and
the
third
one
is
coming
probably
tomorrow.
I
just
need
to
get
some
tests
fixed
and
it's
about
adding
atom
names,
and
this
might
be
a
little
bit
like
causing
some
discussion.
In
addition,
so.
E
E
E
A
Okay,
so
kinder
is
also
high
priority.
We
don't
have
that
much
time.
We
can
potentially
enable
testing
like
slightly
after
the
PRS
are
already
in,
which
is
not
great,
but
I.
Also
me
Rafael
found
something
there
is
a
later
in
the
agenda
about
hypercube
that
this
is
also
kinda
requiring
a
change
in
the
API,
and
it's
currently
like
a
problem.
High
hypercube
does
not
work
currently
incubate
iam
in
116
because
of
changes,
so
the
basically
our
hypercube
flag
is
broken,
and
maybe
that's
also
pending.
A
E
A
B
A
Next,
so
this
is
a
I'm,
not
gonna
talk
much
about
this,
but
there
is
a
pretty
a
problem
in
the
scheduler
and
a
certain
feature
in
kubernetes
recently
graduated,
and
this
is
called
the
taint
nodes
by
condition
and
a
cupid
is
already
enabling
this
admission
controller
with
the
same
name.
The
problem
there
is,
let
me
try
to
pretty
much
read
the
explanation
so
wrong
way.
He
works
for
IBM
he's
one
of
the
six
scheduling
folks
and
he
provided
a
pretty
good
explanation
was
going
on
so
basically
are
not
joining.
A
The
Koster
is
usually
tainted
with
not
ready,
but
there
is
a
possibility
that
the
scheduler
may
reach
this
node
incorrectly
already.
So
there
is
a
very
weird,
very
rare
case
where
this
can
happen
and
after
long
discussions,
they
decided
to
mitigate
this
problem
by
enabling,
by
adding
this
new
controller,
and
the
question
is:
should
we
add
it
to
our
list
of
submission
controllers?
Currently
only
have
the
load
restriction,
admission,
control,
I.
D
I
think
like
we
did
our
account
discussed
in
this
when
I
was
doing
work
on
sick
scheduling
and
the
latest
like
the
least
racy
solution
was
adding
the
this
admission
controller
like
if
we're.
If
we,
if
we're
seeing
the
users
that
are
experiencing
God's
being
scheduled
or
not
already
nodes,
we
might
want
to
enable
this.
A
There
is
one
case,
at
least
that
I
mentioned
to
huawei
that
this
is
actually
reported
by
Yago.
He
saw
the
same
problem
where
we
scheduled
pots
on
the
control
plane
nodes
that
we
had
in
the
coaster
after
the
primary
control
plane
node.
So
this
is
similar.
There
is
a
similar
problem.
We
already
saw
it
in
cube,
Adium
and
I'm,
not
sure.
Maybe
we
can
enable
it
see
how
it
works
and
if,
if
it's
fine,
we
can
leave
it,
because
my
understanding
here
is
that
this
is
a
recommended
approach
for
kubernetes
as
a
whole.
Yeah.
D
A
E
Have
a
comedy
if
I
I'm
not
sure,
remember
where,
but
if
I'm
not
grounded
a,
there
is
a
default,
a
list
of
a
dish
of
initial
controller
which
are
enabled
by
dpi
server,
and
we
are
adding
they'd
know
that
mission
controller
explicitly
on
top
of
this
list.
He
is
this
controller
being
part
of
the
default
list
or,
and
so
we
can
get
it
for
free
or
it
is
one
of
the
optional
one.
A
D
E
A
C
D
A
E
E
G
A
I,
don't
see
it
in
the
list,
so
we
are
enabling
this
the
node
restriction
we
enable
it
enabling
mid-space
explicitly,
but
this
this
one
should
be
enabled
for
us
already
in
addition
to
the
default
ones.
You
can
enable
others,
so
I
think
I'm
going
to
comment
this
with
hungry.
Maybe
he
doesn't
know
that
this
is
already
part
of
the
default
all
right.
This
is
an
action
item
for
me.
A
All
right,
the
next
one
is
the
hypercube
discussion.
So
the
explanation
here
is
that
if
you
check
this
PR
here
I
sorry,
this
is
an
issue
hypercube
used
to
be
published
to
the
GCR
bucket
for
for
google,
where
we
have
all
the
other
images
for
the
control
plane
for
coordinates
for
the
proxy,
but
they
stopped
doing
that
in
116.
A
Okay,
the
default
value
is
false,
obviously,
but
it's
simply
a
boolean
and
I.
You
know:
I
have
I
had
some
objections
to
this
when
we
added
it,
but
it
made
it
easy
for
us,
but
now
this
flag
cannot
work
anymore,
because
if
you
feed
an
image
repository,
it
can
be
any
repository
that
you
maintain.
But
if
you
enable
this
to
true,
you
also
have
to
push
all
the
other
images
to
the
same
repository
like
cárdenas,
I,
hate,
CD,
I,
don't
know
if
I
per
cube
has
it
CD?
Does
anybody
know.
A
C
Yeah
I,
don't
think
that
this
is
such
a
big
problem.
If
you
change
like
repository,
you
are
supposed
to
upload
to
this
upholstery
manually
or
have
it
somehow
ensure
that
there,
the
ordinary
images
there-
and
this
calls
the
same
with
the
hypercube
image
so
I-
don't
think
that
there
is
much
of
a
problem
there.
Probably
if
you
use
the
hypercube
image
by
itself-
and
this
is
published
no
longer
in
the
case-
dot
g
GC,
r
dot,
io
repository-
you
need
to
change
that
manually.
A
Yes,
I
see
so
pushing
the
extra
damage
is
not
a
problem.
Another
problem,
I
guess,
is
that
the
whole
move
of
hypercube
new
repository
means
that
is
going
to
be
community
maintained.
Now
it's
not
going
to
be
part
of
the
release,
so
this
means
that
when
you
feed
a
kubernetes
version,
I'm
trying
to
understand
if
this
isn't
a
problem.
Okay,
if
you
feel
a
kubernetes
version,
the
hypercube
image
is
not
going
to
be
following
the
the
kubernetes
version
anymore.
B
B
B
B
So
that's
the
plan
of
action
for
117
and
we
are
going
to
remove
the
command
hypercube
hypercube
go
in
117
right
and
then
the
idea
is.
If
somebody
wants
to
do
something
around
hypercube
it's
up
to
them.
We
are
not
going
to
do.
We
not
gonna
have
a
repository
in
Cuba
notice,
SIG's
for
maintaining
that
code
and
the
reason
is,
if
we
maintain
hypercube
hypercube
go.
B
It
means
that
we
are
rendering
everything
from
KK
correct
and
if
you're-
and
that
is
something
that
we
won't
discourage
people,
and
if
we
do
it
ourselves,
then
people
are
going
to
say,
look
you're
doing
it
yourselves.
Then
you
know
you
should
let
us
do
as
well.
So
we
want
people
to
use
the
individual
repositories
from
stage.
You
know
that
that
published
from
staged
staging
and
we
don't
want
people
to
use.
You
know
KK
indirectly,
so
just
for
that
reason,
Jordan
came
up
with
this
idea
of
you
know
a
script
base
redirector.
B
A
B
E
C
Yeah
I
think
that
we
can
safely
remove
the
flag
from
beta
3
and
we
can
probably
warn
users
that
probably
that
they're
a
little
bit
on
their
own
with
regards
to
modern
latest
version
and
hyper
qqs
in
the
old
API
versions
and
also
I
think
that
if
we
actually
go
with
the
shell
script
image
based
hypercube,
this
will
probably
turn
off
all
of
the
usual
hypercube
users,
which
basically
use
it
to
provision
like
control,
plane,
nodes
and
basically
save
some
disk
space.
By
using
a
hyper
cube
image
to
run
all
the
control
plane.
B
C
A
C
B
C
Suspect
that
the
majority
of
users
who
use
a
hypercube
are
doing
it
to
save
disk
space
and
with
the
new
hypercube
images
being
actually
substantially
like
at
least
as
large
as
the
total
combined
sizes
of
the
control
plane.
Images
I,
don't
think
that
many
users
are
going
to
using
hypercube
anymore
and
they'll
probably
fall
back
to
individual
component
images
itself.
D
E
All
right,
let's
that's
a
good
point.
The
problem
is
that
we
have
not
sure
that
even
if
we
we
preserve
the
flag,
we
we
can
guarantee
the
functionality
so
I
think
that
it
we
should
take
with
the
discussion,
because
there
are
other
item
in
an
agenda
but
and
continue
commenting
on
take.
But
it
is
a
tauren
one,
because
the
real
problem
is
that
the
condition
outside
cooverman
are
changed
and
it
is
difficult
for
us
to
continue
to
offer
the
same
service.
A
A
She
sent
a
PR
for
this.
Basically,
the
Tod
are
here
is
that
we
have
cube
a
DM,
crate
token
print
joint
command,
which
generates
you
know,
doc,
knocking
talking
and
prints
to
the
command.
For
that
we
also,
you
can
see
the
joint
command
after
in
it,
but
for
certificate
key.
When
you
control
play
knows
adjoining,
we
don't
have
a
way
to
basically
print
the
joint
command.
A
You
want
to
see
both
the
joint
token
and
also
the
certificate
key,
and
we
don't
have
me
and
Rafael
discuss
this.
We
don't
know.
Ideally,
we
don't
want
to
mix
the
commands
and
the
backhands,
because,
if
you
enable
create
talking
to
print
certificate
key,
this
means
that
it
has
to
call
the
backend
reporters
the
certificates,
any.
A
If
you
enable
the
phase
that
applause
the
certificates
to
print
the
token
is
going
now,
is
going
to
now
use
it
to
talk
him
back
end,
which
is
not
good,
I,
guess,
there's
another
proposal
to
add
a
new
command
which
we
kind
of
late
in
the
cycle.
This
might
not
happen,
but
the
command
is
something
like
you
know:
create
John
command
or
print
joint
command
and
based
on
this
command,
we
can
execute
the
separate
back
ends,
create
a
new
token,
create
a
new
certificates,
key
a
port
certificate
simply
in
the
command.
E
I'm
kind
of
torn
around
this,
because
one
of
the
principal
of
the
certificate
key
is
that
the
certificate
key
should
never
be
stored
in
the
cluster
and
it
is
never
stored
in
the
cluster
for
security
reason.
So
there
is
already
a
comment
to
generator.
We
can
use
a
face
to
generate
this
certificate.
Key,
a
new,
a
new
certificate,
key.
A
Security
concerns,
but
using
the
the
face
that
is
for
upon
certificates.
We
generate
this
sorry,
we
generate
this
key,
we
don't
keep
it
in
the
cursor.
I
think.
The
problem
here
is
that
the
users
who
want
you
know
this
UX
enhancement
to
see
the
food
joint
command.
Currently,
it's
not
possible
to
generate
the
full
job
after
the
coaster
initialization
had
finished
after
the
booster
talking
has
expired
or
the
certificate
key
has
expired.
So
this
is
not
reproducible
anymore.
You
have
to
execute
the
two
commands
separately.
A
C
E
A
Yes,
I
was
thinking
the
same
machine
read
about
what
is
definitely
a
potential
option
here.
If
you
parse
both
outputs,
you
can
create
a
command,
but
this
means
that
when
we
do
the
print
joint
command
for
talking,
it
has
to
be
in
separate
fields
in
order
see
a
hash.
The
token
has
to
have
to
be
in
separate
fields
and
also
that
certificate
key
from
the
mid-face
and
these
fields
have
to
combine
them
after
that.
I
think
this
is
a
good
mitigation
long
term.
Maybe
that's
what
we
have
to
do
instead
or.
E
A
That's
an
option.
This
is
also
kind
of
combining
responsibility,
not
that
much,
but
that's
I
have
a
bit
of
an
objection
for
that
particular
command
in
general,
because
a
joint
command
nowadays
does
not
only
consist
of
a
token,
so
it
doesn't
even
make
sense
anymore.
For
cube
a
game
creates
print
joint
command,
cube
alien,
talking,
create
print
pen,
joint
command
to
be
responsible
for
printing
a
command,
because
nowadays
the
command
also
includes
this
other
aspect,
which
is
you
know
completely
different
backends.
A
E
A
C
A
A
E
E
I
freaked
in
the
robbery
list,
so
there
was
a
threat
in
kubernetes
data
with
regards
to
a
cap
which
is
changing
the
which
is
cleaning
up,
the
meaning
of
the
node
label
and
I
was
reading
through
the
cap,
and
it
is
very
square.
The
description
and
I
would
like
to
check
with
this
team.
If
there
is
something
that
we
should
do,
my
understanding
is
no
and
the
email
trade
was
specifically
about
a
single
node
cluster,
but
I
think
that
this
done
does
not
impact
four
cubed
mean.
E
E
So
it
is
saying
that
the
kubernetes,
the
Noda
roll
Burnett
is
master
label
today
is
preventing
for
being
today
is
a
behavior
that
will
be
removal
in
future.
So
okay
I'm.
Finally
with
this,
but
the
first
consideration
is
that
for
single
note,
the
deployments
we
are
suggesting
user
to
remove
this
level,
and
so
there
will
be
not
change
for
a
power
user.
E
E
A
E
A
E
E
E
D
E
A
A
A
Yeah,
let's,
let's
have
more
discussions
about-
they
say
this.
We
got
be
very
intrigued
because
and
all
the
same
time
we
don't
want
to
break
users.
This
is
part
of
the
instruction
for
the
poor,
so
maybe
we're
supposed
to,
because
you
understand
this,
the
best
forbid
should
they
want
to
commit
to
and
ask
simply
Clayton
here
attention
the
boys.
Can
you
ask
him
a.
E
A
A
A
A
A
How
much
time
we
have
five
minutes?
Any
final
topics
I
wanted
to
propose
before
we
before
ask
in
the
final
topics,
question
I
wanted
to
propose
it
with
tomorrow
we
can
book
a
meeting,
something
like
perhaps
one
hour
before
the
this
meeting,
but
tomorrow
we
can
book.
You
know
to
do
some
grooming
of
the
backlog.
Do
we
have
enough
people
that
want
to
participate?
I'm.
D
C
A
H
E
Comment
that
this
week,
thank
you
for
the
video
for
the
party
and
this
week,
I
I
added
the
chance,
also
to
open
some
last
week
at
work
on
some
new
route
for
new
contribute
or
issue
and
and
it
works.
So
it
is
a
I,
open
and
free
issue
and
they
were
taken
and
sorboni
in
two
days.
So
we
have
really
to
work
on
on
these
to
get
a
new
contributor
to.
A
Help
us
yes,
as
long
as
we
have
problems
that
are
simple,
simpler
to
solve
that
qualify
for
the
help
wanted
and
good
first
issue
labels.
We
are
definitely
going
to
get
new
contributors
for
the
rest
of
the
areas.
I,
definitely
think
that
we
might
as
well
need
some
mentoring
and
private
sessions
explaining
how
to
fix
a
certain
problem,
because
so
a
lot
of
the
things
are
not
so
easy.
G
Have
been
working
on
some
phases
of
stuff,
but
I
really
think
that
we
for
upgrade,
but
I
really
think
we
should
hold
till
next
cycle
anyways
to
even
start
merging
any
of
it.
I've
been
working
on
just
doing
some
testing
and
making
sure
that
I'm
solid
on
that,
so
I
have
been
working
on
it.
I
did
I
just
want
to.
Let
you
guys
know
that
update.