►
From YouTube: kubeadm office hours 2020-07-22
A
B
I
actually
haven't
used
the
Kubb
ATM
much
at
all,
so
this
will
be
interesting,
I
like
to
look
at
it
and
and
see
how
well
that's
being
used
so
or
how
useful
it
is.
I.
A
A
A
Interesting
I
am
not
familiar
with
it,
but
in
general
right
now
the
problem
is
that
we
deploy
a
pretty
heavy
control
plane.
So
if
you
want
to
run
the
whole
control
plane
on
edge,
you
might
face
some
constraints,
CPU
and
memory
okay,
but
the
idea
is
to
trim
down
the
control
plane.
Eventually,
the
problem
with
that
is
that
cocooning
such
as
the
QB
I
server,
do
not
support
any
flags
built
flags.
A
Note
arguments
to
exclude
features,
for
instance:
EDD
is
hard
call
it
today,
and
also
it
is
hard-coded
in
comedian,
so
I
want
to
use
a
lighter
back-end.
Currently,
both
corporately
same
comedian
do
not
support
that.
So
it's
it's.
It's
a
lot
of
work
to
change
the
storage
back-end,
for
instance,
ok,
and
so
the
some
of
the
discussions
before
the
core
Latinas
have
stated
that
cooperate
is
heavy
by
design,
and
this
is
premature,
direct
quote.
A
So
until
we
convince
solve
the
core
maintenance
that
we
have
to
enable
these
flags
to
trim
down
the
functionality,
there
is
pretty
much
nothing.
We
can
do
the
key
baby
on
the
side.
If
you
want
to
deploy
control
plane,
that
is,
you
can
always
deploy.
You
know,
couplets
with
without
an
API
server
to
use
the
static
port
functionality.
Okay,
but
that's
we
we
are
facing
this
condition.
We
depend
on
how
heavy.
B
A
But
I
guess
it
depends,
some
devices
are
depends.
H
is
very
generic
like
if
you
want
to
run
credit
or
something
that
is
like
really
slow
by
design.
It's
limited
by.
You
know
by
how
much
a
company
wants
to
spare
in
terms
of
producing
this
unit,
and
then
somebody
consuming
this
particular
units.
If
the
unit
is
slow
and
it
has
no
plan
to
progress,
then
obviously
it
has
to
wait
for
this
coin
in
succession.
A
B
A
A
I
had
a
couple
of
psays,
we
are
in
code
freeze,
but
there
was
a
message
from
the
release
team
recently
that
code
tow
is
going
to
be
delayed.
Koto
is
this
process
where
we
start
back
porting
features
to
the
branch
that
is
going
to
be
released.
In
particular,
this
is
the
119
branch.
I
have
no
context
where
this
is
happening.
A
A
A
A
I
think
the
releasing
today
confirm
that
they're
planning,
pretty
fast
114
sorry
was
614
release,
possibly
next
week
or
something
like
that
and
by
the
way
our
our
60
Sigma
was
broken
for
the
time
being
and
I
see
that
it
cleared
today.
Just
that
I
was
a
PTO
last
week
and
I
hadn't
had
the
opportunity
to
look
at
this
day
single
but
I'm
going
to
modify
her
missing
that
the
single
cleared
after
we
fixed
it.
C
I
have
one
I
actually
forgot
to
fill
it
in,
but
yeah
from
like
this
week,
I'm
starting
to
pick
up
some
topics
for
the
qadian
deep
dive
and
probably
next
week,
I'll
try
to
prepare
some
slides
so
probably
tomorrow,
I'll
share
reading
to
a
Google
Doc,
where
I
pick
up
the
topics
and
yeah.
My
goal
is
to
start
recording
the
talks
like
I
could,
ten
days
from
now
or
something
like
that.
What
is
the
first
week
I
promise
I.
A
C
A
B
A
A
A
C
A
My
idea
was
to
fix
a
link.
If
the
link
is
fixed.
We
can
continue
working
on
the
survey
in
August
because
the
presentation
presentations
are
going
to
happen
somewhere
around
August
1918,
something
like
that.
So
we
still
have
a
couple
weeks
work
in
the
survey
above
it,
but
if
the
link
is
fixed,
we
can
have
the
QR
code
ready
before
that.
A
B
A
It's
basically
a
branch
section.
If
you
are
interested
in
providing
feedback
for
key
medium,
you
can
click
yes
here
and
then
you
have
some.
You
know
general
questions
about
user
experience,
production
questions,
like
rate
your
like
experience
with
these
with
this
particular
functionality,
you
can
rate
it.
A
It's
so
a
matter
of
this.
Anyone
to
include
questions
for
cube,
ATM
operator
and
that's
pretty
much
it.
The
general
section
covers
a
lot
of
interested
is
out
like
how
often
do
you
upgrade
like
some
of
the
questions
we
are
interested
in
also
see
Ric
and
I
windows
yeah.
But
let
me
know
if
you
don't
have
access
to
this
document.
I
Rossi
I
think
you
should
have
ADA
taxes.
C
C
C
A
Okay,
so
this
is
a
book
that
I
thought
that
somebody
found.
Basically,
they
are
reporting
that
they
really
external
HDD
and
they
have
a
once
extinct
oneself
and
when
they
download
the
117
binary
Africa
medium
and
they
run
cube,
ADM
up
great
plan,
they're
getting
context
the
deadline
exceeded
at
the
moment
where
cubed
M
is
trying
to
contact
the
next
elevated
city,
coaster
for
Versalles
and
I
was
wondering
if
this
was
ik.
A
If
this
was
receivin,
correct
and
I
remember
that
we
removed
some
of
this
in
119,
and
we
did
some
investigation
here
like
discussing
so
in
119,
we
have.
We
have
this
eventually
keep
ATM
upgrade
plan
cause
dysfunction,
gear,
available,
upgrades
rusty,
I.
Remember
you
are
this
particular
branch
that
yeah
yeah
it
was.
It
was
also
related
to
the
tax
and
not
using
the
cry
as
he
client,
but
in
the
other
versions.
We
are
contacting
this
acidic
booster
and
I
honestly
think
that
if
that
plant
should
not
do
that,
yeah.
C
I
think
that
currently
does
not
do
that
and
I
think
when
I
actually
did
the
change.
It
was
more
like
a
left
over,
so
somebody
just
did
not
put
the
branch
around
get
abortion
calls
ok,
pushing
is
actually
required
for
loco
exiting
or
external
I'd
city.
It's
pretty
much
like
useless.
It
can
actually
tell
you
yeah
you're
running
an
older
version
of
its
people.
That
may
be
too
still
users
choice
to
that.
A
Yeah
apparently
this
is
this:
is
a
braking
upgrade
plan
on
older
branches.
I,
don't
know
why
exactly
here
getting
this
this
particular
error
and
a
context
dead
by
annexing
it
they're.
Getting
this
consistently
like
my
last
request
was
for
them
to
actually
try
upgrade
apply.
They
can
even
force
to
disable
a
CD
upgrade
completely.
So
maybe
I'm
great
apply
works,
but
great
plan
only
do
support.
A
C
A
A
C
D
D
C
A
D
And
yep
I
inserted
it.
There
is
that
okay
did
you
want
to
talk
about
the
triage
first
god
or
the
three
US
should
be
lost?
Okay,
well,
just
quickly
to
say
that
I
have
been
in
trying
to
understand
how
the
certificates
get
rotated
during
Hume
Adam
upgrade
and
via
the
cube
Adam
alpha,
certs
renew
command.
D
D
How
what
would
be
the
ideal
way
to
rotate
certificates
in
a
cluster,
and
specifically
what
I
mean
is
that
the
cubelet
has
quite
a
neat
system
where
it
can
renew
its
own
certificates,
rotate
its
own
certificates,
but
other
components
don't
rotate
their
own
certificates
should
they
might
be
in
the
future,
like
the
scheduler
and
the
controller
manager,
could
they
use
the
same
mechanism
that
cubelet
uses
and
submit
a
certificate
signing
request
to
the
API
server?
Have
it
signed
by
some
built
insider
or
an
external
signer
rotate
and
reinstall
the
new
certificates
themselves?
A
Cool
kubernetes
question:
I,
don't
have
the
answers
whether
the
the
controlling
components
will
support
automatic
rotation,
eventually
using
the
same
mechanism
of
the
coolant.
I
really
have
no
idea
given
this
given
viscous
I
have
not
seen
discussions
about
this.
Even
maybe
they
have
no
plans
to
do
it
unless
there
is
a
good
reason.
A
D
D
Well,
just
just
in
terms
of
where
I
should
direct
my
efforts.
Would
it
would
it
be?
Would
it
be
better
to
develop
the
cube
Adam
alpha
search
for
a
new
command
without
I
that
with
some
sort
of
CSR
mode
of
operation,
or
would
it
be
better
to
go
and
start
talking
about
whether
the
scheduler
could
rotate
its
own
certificates
or
perhaps
I
do
bonus,
because
that
that
last
option
is
probably
a
much
longer
term
and
it's
gonna
require
a
lot
of
planning.
A
Well,
currently,
we
have
to
rotate
the
the
clouds,
the
Kip
config
for,
for
instance,
the
keep
schedule
we
have
to
rotate
it.
It's
managed
by
cube
ATM,
and
until
we
see
this,
this
idea
that
the
cork
operator
can
self
rotate.
We
have
to
potentially
implement
this
mechanic
to
dissipate
the
enablement
of
self
rotation
and
say:
hey.
You
don't
have
to
rotate
its
self
rotating,
something
like
that
I.
A
D
Another
thing
I
wanted
to
ask
ya:
I,
know
you've
recently
removed
that
option
to
come
coincide
with
the
graduation
of
the
certificates
API,
but
now
that
that
has
reached
version
1
or
is
about
to
reach
version,
1
I
wonder
if
I
could
reintroduce
it
in
such
a
way
that
he
bought
an
alpha.
Certs
renew
generate
certificate,
signing
request
with
some
significant
signer
name,
which
can
be
signed
by
an
external
sign
up
I
think
that's
what
I
was
going
to
try
and
prototype
I.
A
Yeah
well
at
the
moment
you
want
to
utilize
the
CSR
the
generate
CSR
functionality,
you're
already
in
in
a
case
where
you
have
to
generate
the
CSR.
Somebody
has
to
sign
them
and
you
have
to
potentially
copy
these
certificates
back
to
the
question,
so
they
are
obviously
like
manual
in
many
auctions
or
maybe
automated
actions
but
outside
of
comedian.
These
actions
are
no
longer
responsibilities
of
comedian.
Maybe
we
should
document
this
work
fall,
but
I
agreed
I
agree
that
maybe
we
should
potentially
remove
the
CSL
functionality
from
service
renew
I.
A
My
guess
is
that
me,
Amir
Fabrizio
didn't
want
to
do
this
because
we
didn't
want
to
break
people
suddenly
if
they
use,
you
know,
cells
in
you
with
CSR
I
think
we
should
have
potentially
more
examination.
Oh,
this
is
actually
useful,
but,
like
Rossi
saying,
maybe
we
should
just
delegate
those
csr
logic
to
the
new
generation.
Circa
man
yeah.
D
Okay,
well
I
I'll
I'll,
try
and
figure
out
how
that
could
be
how
we
could
use
generate
CSL
here.
Let
me
give
a
right.
That's
probably,
the
way
to
go.
I
also
have
a
look
at
the
cubelet
serving
certificates,
which
I've
only
just
really
understood
that
and
I
would
like
to
make
it
so
that
those
could
be
externally
signed
as
well.
A
D
A
A
A
But
I
think
there's
a
the
soft
there's,
a
fundamental
problem
with
the
way
the
serving
certificate
of
the
committee
is
designed
and
it's
a
very
difficult
problem
to
solve.
I
believe
all
of
the
big
companies
have
tried
to
resolve
it
and
I.
Think
I,
don't
quote
me
on
that,
but
the
name
of
the
problem
is
node
identity
problem
or
something
like
that.
It's
like
how
do
you
trust
somebody
to
improve
your
and
that
your
couplet
can
serve
the
certificate
and
I?
Maybe
you
know,
maybe
somebody
at
your
company
knows
about
it.
A
A
Yeah
in
the
sick-out
slug
shadow
on
kubernetes,
you
can
ask
this
question.
Can
somebody
explain
to
me,
like
in
one
sentence
why
this
is
happening?
You
can
also
include
James
in
the
conversation.
Maybe
he
already
knows
why
this
is.
This
is
the
case
because,
as
you
know,
hero
he
worked
on
the
sign
up.
Name
functionality.
Yeah
the
silver
certificate
was
part
of
that.
A
Related
to
Las
Vegas,
but
the
reason
we're
not
doing
it.
Why
we're
not
enabling
we
are
not
signing
the
the
corporate
service
certificate
with
the
root
CA
in
Cuba
am
is
because
at
some
point,
if
rotation
is
enabled
for
the
cognate
service,
certificate
is
going
to
pretty
much
csr
is
going
to
be
triggered
and
nobody
is
going
to
receive
the
csr
and
auto
prove
it
because
you
pay
the
amazon
bundle
controller
that
is
going
to
manage
that
it's
a
design
decision,
I
guess
we
may
also
have
the
option
to.
A
Not
rotate
not
automatically
rotate
the
silver
certificate
and
simply
rotate
it
the
same
way
we
are
doing.
We
are
rotating
the
other
certificates
like
with
the
new
command,
but
I
think
there
was
a
problem
with
that
as
well.
I
I
may
have
forgotten
the
reason
for
that
usually,
should
you
treat
the
Hokie
baby
atop
the
gate?
It's
like.
It
has
a
few
dozen
comments.
A
So
if
that's
the
only
use
case,
I
mean
people
have
multiple
options.
If
there's
a
more
serious
use
case,
which
I
have
not
seen
yet
and
we
we
may
start
considering
it,
there's
there's
something
else
here:
m'dear
from
VMware
also
said
that
we
can
have
a
there's
a
very
fairly
easy
work
around
with
with
an
airbag
proxy.
A
So
you
can
use
a
lot
of
proxy
to
say
to
the
metric
server,
hey
yeah,
to
have
this
type
of
proxy
between
the
couplet
in
the
metric
server
and
not
require
a
particular
are
back.
Let
me
see.
D
D
A
A
Yeah
this
is
it's
not
how
it's
designed
at
the
moment,
I
think
originally,
but
kubernetes
is
making
a
lot
of
assumptions
that
forces
the
cooperate.
Sir.
The
nodes
are
replicas
certificates,
so
everything
may
be
everything
from
GCP
I,
don't
know
everything
is
signed
by
the
same
CA.
Even
if
there's
I
appreciate
the
assigning
the
server
certificate,
but
everything
inside
by
the
same
CA.
So
there's
no
logic
to
sign
the
services.
A
D
A
If
you,
if
you
have
access
to
GC
p,
you
can
check
that
I.
I
really
don't
know
how
different
companies
are
doing
it.
I
know
that
I
I
would
like
I
would
be,
would
be
happy
if
we
have
nadir
from
VMware
on
the
call
right
now,
but
this
kid
nadir
was
saying
that
at
some
point
that
maybe
Keep
Calm
North
America
2019,
something
like
that
they
had
a
meeting
with
the
Red
Hat
Google
VMware
is
some
other
folks
in
a
room,
and
they
discuss
this
exactly
this
problem.
We're.
A
A
A
Let's
see
what
nucleus
we
have
so
this
this
PR.
We
wanted
to
merge
this
in
118,
but
apparently
it's
missed
the
deadline
for
code
freeze
and
it's
not
a
high
priority.
This
is
the
enabling
more
descriptive.
What
is
the
supported
service
submit
and
I
think
the
reason
for
this
given
much
is
because
we
had
such
a
long
discussion
here.
So
in
any
case,
I
I
was
spoke
today
and
whether
we
should
watch
this
and
I
moved
it
to
120.
A
Correctly
in
kubernetes,
it's
not
really
clear
to
the
users.
What
is
the
supported
subnet
for
ipv6,
who
ipv4
there
are
some
quirks
around
I
palm
bitmaps,
and
so
it's
hopefully,
conversely,
some
point:
this
is
a
PR
by
Shanklin
Gao.
He
said
this.
We
had
an
issue
for
this
incubator
open
for
a
long
time.
So
basically,
a
question
here
is:
should
we
even
like
have
this
before
I
check
for
two
gigabytes?
To
my
understanding?
Is
a
kind
users
are
happy
with
my
hundred
megabytes
of
RAM?
A
C
A
C
Yeah
I
guess
that
probably
1500
this
okay
to
like
it
depends
actually
on
the
environment
and
like
what
you're
trying
to
do.
Is
it
like
single
mode
control
plane
was
actual
workloads
Costello?
Is
it
like
dedicated
control,
pain
note?
So,
basically,
all
these
variables
apply
here
and
coming
up
with
the
actual
error.
A
A
D
C
A
So
I
committed
that
we
should
use
cesium
for,
but
we
should
have
to
do,
which
is
very
optimistic,
but
Sunday
windows
can
support
the
control
plane.
In
fact,
I
think
we
can
hack
the
windows
loads
to
support
the
control
plane.
Today,
maybe
at
least
we
can
resolve
the
issue
of
privileged
containers.
I,
don't
know
what
else
is
not
going
to
work,
but
maybe
we
should
still
have
this
to
do
to
remind
ourselves.
C
Well,
basically,
700
was
on
which
I
came
up
by
producing
like
typical
amount
of
video
memory.
That's
shared
between
CPU
and
GPU,
so
a
skip
ID
is
that
a
lot
of
the
folks
out
there
with
two
gigs
of
RAM
are
going
to
have
like
blowing
machines
and
have
some
video
memory
shared
or
reserved
for
some
other
purposes.
So
their
machines
are
probably
not
going
to
report
two
gigabytes
precisely
but
a
little
bit
under
that
number
and
the
tables
to
be
eligible
to
this
control
panel
there.
But
they
were
basically
half
this
air.
C
A
A
A
Couplet
FS
type
pre-flight
check
so
basically,
apparently
there's
a
book
in
the
storage
site
of
the
couplet,
where
overlay
offense
is
not
supported,
but
this
is
more
of
a
bug.
Basically,
Audrey
is
setting
this
PR
with
the
idea
that,
until
this
bug
is
resolved,
comedians
should
have
a
pre-flight
check.
A
What
I'm
saying
to
him
is
that
I
I
think
that
unless
a
couplet
maintainer
says
that
hey,
we
are
not
going
to
support
overlay
FS
at
all,
I,
don't
think
we
should
have
this
preflight
check
if
they
say
this
is
a
bug,
we
should
fix
it
on
the
side
of
the
storage.
The
couplet
and
Q
by
name
should
not
have
this
pre-flight
check.
I,
really
don't
like
the
idea
of
temporary
pre-flight
checks.
D
A
Now
this
is
a
discussion
about
the
HJ
dogs.
This
is
a
nasty
bug,
I'm
working
on
it,
but
I'm
waiting
for
Fabrizio
to
go
back
to
get
back
from
vacation.
Basically
the
HCD
image
container.
He
has
a
weird
bug
where
it
cannot
pull
the
latest
CD
image
if
container
D
is
run
inside
of
another
container
on
time,
so
contain
CR
and
CR.
It's
a
very
weird
I
cannot
I,
basically
decided
to
put
a
leash
on
the
host
and
then
try
to
fix
our
and
27
yeah.