►
Description
A Kubernetes community meeting about Image Builder: a tool for building Kubernetes virtual machine images across multiple infrastructure providers.
A
Right,
let's
see,
let
me
share
screen,
oh
and,
of
course,
that
there
we
go
of
course
I'm
gonna
about
to
sneeze,
okay,
welcome
everybody
to
image
Builder
office
hours,
it's
the
11th
of
September,
and
we
have
this
meeting
every
two
weeks.
Image
Builder
is
a
project
of
Sig
cluster
lifecycle,
so
we're
under
the
general
kubernetes
Community
umbrella,
which,
as
far
as
the
code
of
conduct,
boils
down
to,
please
don't
talk
over
each
other.
Please
try
to
be
kind
and
welcoming
to
everyone.
A
C
Yeah,
so
obviously
it's
it's.
It's
come
up,
obviously,
as
a
reminder
recently
about
the
change
of
the
app
repos.
The
fact
they've
been
frozen
and
new
ones
are
coming
about.
So
I
thought
I'd
drop
this
in
I
think
it
was
last
oh
when
would
it
have
been
last
Friday
or
Thursday?
Maybe
even
probably
before
that,
but
then
obviously,
as
I
was
writing
it
in
I
thought
I'll
just
check
the
PRS
to
see
what's
going
on,
saw
that
there
was
already
a
PR
room
for
it.
C
So
it's
more
just
a
case
of
keeping
our
eye
on
it
and
just
make
sure
everything's
moving
forward
nicely
before
the
13th
when
it
gets
Frozen,
not
that
it
really
affects
us
directly
straight
away,
but
it's
obviously,
as
we
start
any
upgrades
moving
forward.
It's
it's
going
to
be
a
thing.
We
need
to
pay
attention
to,
isn't
it,
but
it
looks
like
you've
already
done
it
and
it's
merged
and
it's
more
just
kind
of
getting
it
into
a
release.
The
next
one
that
comes
about
so
a
few
I
guess.
A
Well,
I
think
so,
but
you
know,
unfortunately,
our
end-to-end
tests
don't
cover
everything.
So
there's
the
potential
that
some
other
District
we're
not
actually
testing
breaks
as
a
result
of
this,
but
hopefully
not
maybe
the
only
other
interesting
detail
here.
Is
you
can?
If
you
look
at
the
pr
it's
pretty
straightforward,
we
I
ended
up
just
replacing
the
URLs
pretty
much
one
for
one,
some
of
the
little
silly
details
change
like
the
name.
They
call
the
RPM
that
has
changed,
but
what
we
ideally
would
have
done
is
change
the
entire
approach.
A
So
that's
just
using
the
ansible
APT
key
setup
thing,
which
is
a
sort
of
deprecated
now,
because
the
next
release
of
Ubuntu
will
not
have
apt
key
as
a
utility.
My
understanding
is
it's
a
moderate
security
risk
because
when
you
imported,
when
you
import
a
key
using
apt
key,
it
drops
it
into
that
Etsy
apt
trusted,
keys.d
or
something
like
that,
and
all
those
keys
get
looked
at
every
time
you
access
any
repo.
So
potentially
that's
not
great.
A
They
should
be
one
for
one
ideally
and
there's
a
way
to
do
that,
but
it
involves
not
using
apt
key
and
so
app
key
is
deprecated.
So
there's
a
new
recipe
for
how
you're
supposed
to
do
this
going
forward
in
ansible
that
worked
fine
and
it
essentially
just
is
download
the
key
file,
put
it
in
a
different
directory
and
then,
when
you
set
up
the
APT
repo
reference
specifically
that
key
there's
just
a
little
syntax
to
do
that,
and
then
you
know
when
you're
downloading
from
that
repo.
A
A
C
No,
no,
that's
fine,
fine
I,
don't
actually
know
when
I
can't
actually
think
when
2004
is
deprecated.
Sorry
end
of
life,
so
it's
probably
not
something
we
can
really
just
say:
oh
we'll
sort
it
when
it's
and
Alive,
because
it's
going
to
be
a
while
off
yet
isn't
it
I
think
it's
gonna
be
another
few
years
so
yeah
we
should
probably
have
a
look
at
how
we
can
approach
that
yeah,
Marcus
I'm,
not
sure
off
top
of
my
head,
so
yeah.
A
A
B
Yes,
so,
as
you
likely
know,
we've
had
some
issues
lately
with
the
GitHub
token
rate
limiting
stuff,
since
we
moved
our
tests
to
the
new
community-owned
PKS
cluster.
There's
a
bunch
of
discussion
with
the
various
teams
that
rely
on
that
cluster
and
I.
Believe
changes
have
now
been
made
that
the
nodes
within
that
cluster
now
get
public
IPS
rather
than
going
through
in
that
Gateway.
B
So
the
cluster
is
now
very
similar
to
the
old
cluster
that
we
had
in
GCE
and
hopefully
that
has
now
reduced
the
occurrence
of
the
rate
limiting,
because
we've
now
got
a
large
pool
of
ips
to
pull
from
when
to
use
when
pulling
from
from
GitHub
Matt
I
saw
you
triggered
some
tests
earlier
today
and
it
looks
like
none
of
those
failed
with
the
rate
limiting
and
I,
don't
recall,
seeing
any
others
in
the
past
like
week
or
so
so.
I
think
that's
at
least
given
us
some
some
breathing
room.
B
B
A
I
agree:
sorry
I
meant
to
raise
my
hand,
but
I
literally
can't
find
the
control
when
I'm
presenting
I've
been
looking
for
everything.
So
not
true,
but
yeah
I
totally
agree
with
everything
you
said:
I
haven't
seen
that
specific
error
happen
in
a
while,
whereas
at
the
time
we
reported
this
is
a
problem.
It
was
rampant.
A
It
happened
on
everything,
so
this
is
clearly
probably
fixed
it
for
for
now,
if
they
were
able
to
put
in
you
know
that
specific
token
that
would
still
probably
make
the
whole
environment
even
safer,
but
as
it
is
I
think
we
can
probably
just
close
the
issue
and
then
open
it
again
or
something
similar
if
it
crops
up.
So
that's
great
yeah.
B
A
A
B
A
C
B
B
The
the
question
basically
is:
is
anybody
building
OVA
images
for
for
cap
V
within
a
Docker
container
using
image
Builder,
it
doesn't
seem
like
it's
actually
possible.
You
seem
to
rely
on
some
VMware
utilities
that
you
get
as
part
of
running
VMware,
so
yeah.
That
was
something
I
was
not
aware
of.
If
that
is
the
case,
it
does
somewhat
murk
the
opinion
of.
Should
the
docker
container
be
the
officially
supported
way
if
you
can't
actually
run
one
of
our
providers
in
that
way,
yeah.
C
B
A
I
don't
know
I
wanted
to
I've
thought
about,
seeing
if
I
could
get
a
vsphere
account
somehow
to
use
but
I.
It
seems
like
a
fair
amount
of
work.
It's
it
I,
don't
know
who
I'd
ask
and
yeah,
and
just
in
general
I
wish
I
had
more
flexibility
right
now.
I
can
really
only
build
azure
targets
because
I
have
an
Azure
account,
but
I
I
wish
I
had
somewhere
where
I
could
build.
You
know
the
qemu
stuff
and
I
have
thought.
A
Making
a
CL
I
guess
you
can
do
nest
of
virtualization
and
maybe
do
that
in
a
cloud
image,
but
it
sounded
kind
of
but
I
haven't
had
a
Friday
to
try
that
out.
So
at
this
point,
I
really
wish
I
had
a
vsphere
account
I
mean
we
could
explore.
Maybe
they
could
give
us
one
for
testing
or
something
I.
Don't.
B
Know
I
mean
there
is.
There
is
a
larger
discussion
here
about
wanting
to
improve
our
tests
in
general
and
to
cover
more
of
the
providers
yeah,
because
there's
a
lot
of
areas
that
are
completely
missed
either
through
our
own
lack
of
knowledge
of
those
areas
or
just
lack
of
availability,
to
resources
to
to
do
those
things.
C
I
I
no
I
agree
with
that,
though,
because
obviously,
as
I
I
put
that
in
video
stuff
in
with
the
S3
stuff-
and
there
was
a
bunch
of
other
things
that
affected
just
around
the
additional
components
and
that
and
obviously
I
was
like
well
I-
don't
use
that
directly
at
the
moment
I
do
now,
which
is
why
I
discovered
it.
But
if
we
had
something
there,
that
could
I
mean
I'd
say
we
can't
cover
all
scenarios,
but
we
can
probably
cover
most
it's
just
having
the
infrastructure
there
to
do
those
things.
C
B
C
B
C
Yeah
as
well
I,
remember
reading
it
at
the
time
and
I
thought
to
myself.
Oh,
we
could
probably
just
move
our
local.
What's
it
component
additional
components
and
then
realized
that
would
put
it
in
the
image
not
in
the
environment,
that's
doing
the
building
and
that's
where
the
problem
was
yeah
yeah,
oh
yeah,.
C
C
B
C
C
A
The
kind
of
the
kind
of
perspective
I
was
given
previously
by
Cecile,
who
used
to
maintain
image
Builder
and
by
James
who's
been
here
for
a
while
is
you
know
we
do
our
best
in
e2e
and
then
the
rest
of
it
is
really
on
individual
providers
to
maintain
and
that
yeah
and
I
think
that's
true,
but
it
still
seems
like
there's
a
lot.
I
mean
that's
obviously
true,
but
it
seems
like
there's.
We
could
be
testing
more
at
the
core.
Somehow.
B
A
We
dog
food
it
pretty
closely,
so
Pepsi
is
obviously
a
very
heavy
user
of
it,
but
I
wish
other
providers
were
kind
of
at
the
same
level
like
I,
don't
know,
yeah
exactly
I,
don't
know
how
Amazon
builds
their
images
I,
don't
know
how
whether
Google
actually
uses
the
stuff.
That's
in
here,
I
kind
of
doubt.
It.
B
A
Which
is
a
shame?
It's
fine
I
mean
you
know.
People
are
probably
going
to
do
their
own
things.
Maybe
Kappa
Amazon
probably
would
build
their
images
in
their
own
way
regardless,
but
just
just
based
on
how
they've
been
participating
in
the
community.
They
often
have
different
anyway,
but
it
would
be
nice
if
we
had
more
tests.
It
also
feels
like
a
way
to
keep
people
involved
with
the
project.
C
A
B
B
C
B
C
C
A
It's
it
seems
like
it's
a
good
thing
that
we
designed
the
darker
image
to
download
Packer
just
in
time,
because
I
think
that
technically
means
we're
not
Distributing
it
and
all
that.
But
even
if
we
were,
we
pretty
much
gotten
a
green
light
from
Microsoft
legal.
They
don't
think
we're
doing
anything.
That's
going
to
be
problematic.
Even
if
we
go
to
2.0
with
the
EPL
or
whatever
the
license
is
I.
B
There
was,
there
was
an
update
to
the
the
FAQ
page
actually
cop
had,
and
it
kind
of
addressed
some
of
our
concerns
as
well
in
there
that
you
know
as
an
open
source
project
we're
pretty
much
okay,
so
I
think
image
Builder
using
Packer,
fine
and
I
think
even
for
our
users,
it's
fine.
The
only
concern
I
still
have
is
that
technically
the
cncf
doesn't
want
us
using
that
license.