►
Description
A Kubernetes community meeting about Image Builder: a tool for building Kubernetes virtual machine images across multiple infrastructure providers.
A
Right,
let's
see,
let
me
share
screen,
oh
and,
of
course,
that
there
we
go
of
course
I'm
gonna
about
to
sneeze,
okay,
welcome
everybody
to
image
Builder
office
hours,
it's
the
11th
of
September,
and
we
have
this
meeting
every
two
weeks.
Image
Builder
is
a
project
of
Sig
cluster
lifecycle,
so
we're
under
the
general
kubernetes
Community
umbrella,
which,
as
far
as
the
code
of
conduct,
boils
down
to,
please
don't
talk
over
each
other.
Please
try
to
be
kind
and
welcoming
to
everyone.
A
This
is
also
a
time
where,
if
someone's
new
to
the
meeting,
we
can
it's
a
great
time
to
introduce
yourselves
I.
Think
that's
not
the
case
here.
So
we
can
skip
over
that
yeah.
Let's
just
get
right
into
it.
True,
you
were
just
talking
about
yeah
repos
changes.
C
Yeah,
so
obviously
it's
it's.
It's
come
up,
obviously,
as
a
reminder
recently
about
the
change
of
the
app
repos.
The
fact
they've
been
frozen
and
new
ones
are
coming
about.
So
I
thought
I'd
drop
this
in
I
think
it
was
last
oh
when
would
it
have
been
last
Friday
or
Thursday?
Maybe
even
probably
before
that,
but
then
obviously,
as
I
was
writing
it
in
I
thought
I'll
just
check
the
PRS
to
see
what's
going
on,
saw
that
there
was
already
a
PR
room
for
it.
C
So
it's
more
just
a
case
of
keeping
our
eye
on
it
and
just
make
sure
everything's
moving
forward
nicely
before
the
13th
when
it
gets
Frozen,
not
that
it
really
affects
us
directly
straight
away,
but
it's
obviously,
as
we
start
any
upgrades
moving
forward.
It's
it's
going
to
be
a
thing.
We
need
to
pay
attention
to,
isn't
it,
but
it
looks
like
you've
already
done
it
and
it's
merged
and
it's
more
just
kind
of
getting
it
into
a
release.
The
next
one
that
comes
about
so
a
few
I
guess.
A
Well,
I
think
so,
but
you
know,
unfortunately,
our
end-to-end
tests
don't
cover
everything.
So
there's
the
potential
that
some
other
District
we're
not
actually
testing
breaks
as
a
result
of
this,
but
hopefully
not
maybe
the
only
other
interesting
detail
here.
Is
you
can?
If
you
look
at
the
pr
it's
pretty
straightforward,
we
I
ended
up
just
replacing
the
URLs
pretty
much
one
for
one,
some
of
the
little
silly
details
change
like
the
name.
They
call
the
RPM
that
has
changed,
but
what
we
ideally
would
have
done
is
change
the
entire
approach.
A
So
that's
just
using
the
ansible
APT
key
setup
thing,
which
is
a
sort
of
deprecated
now,
because
the
next
release
of
Ubuntu
will
not
have
apt
key
as
a
utility.
My
understanding
is
it's
a
moderate
security
risk
because
when
you
imported,
when
you
import
a
key
using
apt
key,
it
drops
it
into
that
Etsy
apt
trusted,
keys.d
or
something
like
that,
and
all
those
keys
get
looked
at
every
time
you
access
any
repo.
So
potentially
that's
not
great.
A
They
should
be
one
for
one
ideally
and
there's
a
way
to
do
that,
but
it
involves
not
using
apt
key
and
so
app
key
is
deprecated.
So
there's
a
new
recipe
for
how
you're
supposed
to
do
this
going
forward
in
ansible
that
worked
fine
and
it
essentially
just
is
download
the
key
file,
put
it
in
a
different
directory
and
then,
when
you
set
up
the
APT
repo
reference
specifically
that
key
there's
just
a
little
syntax
to
do
that,
and
then
you
know
when
you're
downloading
from
that
repo.
A
It's
only
ever
checking
the
one
key
and
things
are
coherent
that
works
great
for
Ubuntu
2204.
For
some
reason,
I
could
not
get
it
to
work
for
2004,
even
though
it
looks
like
it
should
so
I
so
I
didn't
do
that,
but
in
the
future
we
should
take
a
look
at
somehow
supporting
this.
The
future-proof
way.
A
C
No,
no,
that's
fine,
fine
I,
don't
actually
know
when
I
can't
actually
think
when
2004
is
deprecated.
Sorry
end
of
life,
so
it's
probably
not
something
we
can
really
just
say:
oh
we'll
sort
it
when
it's
and
Alive,
because
it's
going
to
be
a
while
off
yet
isn't
it
I
think
it's
gonna
be
another
few
years
so
yeah
we
should
probably
have
a
look
at
how
we
can
approach
that
yeah,
Marcus
I'm,
not
sure
off
top
of
my
head,
so
yeah.
A
A
A
On
okay
Marcus,
you
want
to
move
on
to
rate
limiting.
B
Yes,
so,
as
you
likely
know,
we've
had
some
issues
lately
with
the
GitHub
token
rate
limiting
stuff,
since
we
moved
our
tests
to
the
new
community-owned
PKS
cluster.
There's
a
bunch
of
discussion
with
the
various
teams
that
rely
on
that
cluster
and
I.
Believe
changes
have
now
been
made
that
the
nodes
within
that
cluster
now
get
public
IPS
rather
than
going
through
in
that
Gateway.
B
So
the
cluster
is
now
very
similar
to
the
old
cluster
that
we
had
in
GCE
and
hopefully
that
has
now
reduced
the
occurrence
of
the
rate
limiting,
because
we've
now
got
a
large
pool
of
ips
to
pull
from
when
to
use
when
pulling
from
from
GitHub
Matt
I
saw
you
triggered
some
tests
earlier
today
and
it
looks
like
none
of
those
failed
with
the
rate
limiting
and
I,
don't
recall,
seeing
any
others
in
the
past
like
week
or
so
so.
I
think
that's
at
least
given
us
some
some
breathing
room.
B
B
B
That
now
I
mean
technically,
we
could
still
hit
it
because
we
we
are
still
pulling
from
a
finite
pool
of
ips
based
on
the
the
nodes
depending
on
I
guess
how
they've
got
Auto
scaling
set
up
I'm,
not
entirely
sure
I
haven't
yet
heard
whether
they
plan
to
still
go
ahead
with
creation
of
a
shared
GitHub
token
for
teams
to
use
within
their
tests
or
not.
B
The
last
I
heard
was
that
was
an
option,
and
then
this
suggestion
of
just
switching
to
using
public
IPS
was
was
brought
about,
and
that
was
easy
to
implement.
It
seems
so
yeah
I
think
we're
good
for
the
time
being.
A
I
agree:
sorry
I
meant
to
raise
my
hand,
but
I
literally
can't
find
the
control
when
I'm
presenting
I've
been
looking
for
everything.
So
not
true,
but
yeah
I
totally
agree
with
everything
you
said:
I
haven't
seen
that
specific
error
happen
in
a
while,
whereas
at
the
time
we
reported
this
is
a
problem.
It
was
rampant.
A
It
happened
on
everything,
so
this
is
clearly
probably
fixed
it
for
for
now,
if
they
were
able
to
put
in
you
know
that
specific
token
that
would
still
probably
make
the
whole
environment
even
safer,
but
as
it
is
I
think
we
can
probably
just
close
the
issue
and
then
open
it
again
or
something
similar
if
it
crops
up.
So
that's
great
yeah.
B
I
can
I
can
do
that
now
then
I'm
personally,
following
those
Upstream
issues
as
well.
So
if
they
do
have
have
you
know,
progress
or
whatever
I
can
I
can
recall
back.
A
Cool
well,
if
there's
nothing
else
on
that,
I
had
the
next
one,
which
is
just.
We
had
the
idea
that
before
we
jumped
up
to
container
D
1.7
since
that
potentially
can
rock
the
world
for
people,
we
should
do
a
release
and
then-
or
because
you
probably
put
this
note
in
about-
we
should
yes.
A
Which
I
totally
agree
that
makes
perfect
sense
so
maybe
after
and
and
I
was
planning
on
doing
that,
I
maybe
can
get
to
that
today
or
tomorrow.
Unless
one
of
you
is
really
gung-ho
about
it,
I'll
go
ahead
and
take
a
look
all
right.
Yeah.
B
I
think
I
think
that
was
the
only
thing
that
came
out
from
last
week
when
we
just
not
last
week
before
when
we
discussed
the
the
change.
Okay.
A
A
C
It's
that
the
should
word,
isn't
it
that
you
always
use
it
dangerous
word,
that's
it:
okay,
yeah!
That
makes
sense
to
me
good.
A
Deal
all
right
and
then
Marcus.
B
Yeah
this
last
one's
just
me
asking
on
behalf
of
a
colleague
of
mine,
the
last
in
our
slack
a
few
days
ago.
I
don't
think
Drew
you're,
not
you're,
not
using
vsphere.
Are
you
not.
B
The
the
question
basically
is:
is
anybody
building
OVA
images
for
for
cap
V
within
a
Docker
container
using
image
Builder,
it
doesn't
seem
like
it's
actually
possible.
You
seem
to
rely
on
some
VMware
utilities
that
you
get
as
part
of
running
VMware,
so
yeah.
That
was
something
I
was
not
aware
of.
If
that
is
the
case,
it
does
somewhat
murk
the
opinion
of.
Should
the
docker
container
be
the
officially
supported
way
if
you
can't
actually
run
one
of
our
providers
in
that
way,
yeah.
C
B
A
I
don't
know
I
wanted
to
I've
thought
about,
seeing
if
I
could
get
a
vsphere
account
somehow
to
use
but
I.
It
seems
like
a
fair
amount
of
work.
It's
it
I,
don't
know
who
I'd
ask
and
yeah,
and
just
in
general
I
wish
I
had
more
flexibility
right
now.
I
can
really
only
build
azure
targets
because
I
have
an
Azure
account,
but
I
I
wish
I
had
somewhere
where
I
could
build.
You
know
the
qemu
stuff
and
I
have
thought.
A
Making
a
CL
I
guess
you
can
do
nest
of
virtualization
and
maybe
do
that
in
a
cloud
image,
but
it
sounded
kind
of
but
I
haven't
had
a
Friday
to
try
that
out.
So
at
this
point,
I
really
wish
I
had
a
vsphere
account
I
mean
we
could
explore.
Maybe
they
could
give
us
one
for
testing
or
something
I.
Don't.
B
Know
I
mean
there
is.
There
is
a
larger
discussion
here
about
wanting
to
improve
our
tests
in
general
and
to
cover
more
of
the
providers
yeah,
because
there's
a
lot
of
areas
that
are
completely
missed
either
through
our
own
lack
of
knowledge
of
those
areas
or
just
lack
of
availability,
to
resources
to
to
do
those
things.
B
C
I
I
no
I
agree
with
that,
though,
because
obviously,
as
I
I
put
that
in
video
stuff
in
with
the
S3
stuff-
and
there
was
a
bunch
of
other
things
that
affected
just
around
the
additional
components
and
that
and
obviously
I
was
like
well
I-
don't
use
that
directly
at
the
moment
I
do
now,
which
is
why
I
discovered
it.
But
if
we
had
something
there,
that
could
I
mean
I'd
say
we
can't
cover
all
scenarios,
but
we
can
probably
cover
most
it's
just
having
the
infrastructure
there
to
do
those
things.
C
B
C
B
That's
that
seems
to
be
the
thing
like
it
needs
this,
this
tool
in
the
environment,
but
it
looks
like
it's
only
available
like
as
part
of
vsphere,
either
either
of
his
favorite
virtual
environment
or
a
vsphere
workstation.
Yes,.
C
Yeah
as
well
I,
remember
reading
it
at
the
time
and
I
thought
to
myself.
Oh,
we
could
probably
just
move
our
local.
What's
it
component
additional
components
and
then
realized
that
would
put
it
in
the
image
not
in
the
environment,
that's
doing
the
building
and
that's
where
the
problem
was
yeah
yeah,
oh
yeah,.
C
C
B
C
C
I,
don't
have
a
suggestion
for
that:
no
really
either
yeah.
C
A
The
kind
of
the
kind
of
perspective
I
was
given
previously
by
Cecile,
who
used
to
maintain
image
Builder
and
by
James
who's
been
here
for
a
while
is
you
know
we
do
our
best
in
e2e
and
then
the
rest
of
it
is
really
on
individual
providers
to
maintain
and
that
yeah
and
I
think
that's
true,
but
it
still
seems
like
there's
a
lot.
I
mean
that's
obviously
true,
but
it
seems
like
there's.
We
could
be
testing
more
at
the
core.
Somehow.
B
A
We
dog
food
it
pretty
closely,
so
Pepsi
is
obviously
a
very
heavy
user
of
it,
but
I
wish
other
providers
were
kind
of
at
the
same
level
like
I,
don't
know,
yeah
exactly
I,
don't
know
how
Amazon
builds
their
images
I,
don't
know
how
whether
Google
actually
uses
the
stuff.
That's
in
here,
I
kind
of
doubt.
It.
B
A
Which
is
a
shame?
It's
fine
I
mean
you
know.
People
are
probably
going
to
do
their
own
things.
Maybe
Kappa
Amazon
probably
would
build
their
images
in
their
own
way
regardless,
but
just
just
based
on
how
they've
been
participating
in
the
community.
They
often
have
different
anyway,
but
it
would
be
nice
if
we
had
more
tests.
It
also
feels
like
a
way
to
keep
people
involved
with
the
project.
C
A
Can
see
how
worried
I
am
about?
You
know
what
might
still
happen
just
changing
this
repository
and
what
might
happen
with
container
D
and
that's
just
because
I,
don't
really.
Yes
have
an
idea
what
the
splash
damage
is
going
to
be.
B
A
Cool,
well,
that's
all
we
had
on
the
agenda
anything
else
on
your
minds.
B
C
Was
about
to
say,
oh
I
said
I
was
gonna,
have
a
chat
with
my
boss.
Who's
gonna
speak
to
oh,
her
name
just
got
out
mad
Amanda
Brock
and
apparently.
B
C
A
Got
I'm
sorry
go
ahead,
Drew.
C
A
It's
it
seems
like
it's
a
good
thing
that
we
designed
the
darker
image
to
download
Packer
just
in
time,
because
I
think
that
technically
means
we're
not
Distributing
it
and
all
that.
But
even
if
we
were,
we
pretty
much
gotten
a
green
light
from
Microsoft
legal.
They
don't
think
we're
doing
anything.
That's
going
to
be
problematic.
Even
if
we
go
to
2.0
with
the
EPL
or
whatever
the
license
is
I.
B
There
was,
there
was
an
update
to
the
the
FAQ
page
actually
cop
had,
and
it
kind
of
addressed
some
of
our
concerns
as
well
in
there
that
you
know
as
an
open
source
project
we're
pretty
much
okay,
so
I
think
image
Builder
using
Packer,
fine
and
I
think
even
for
our
users,
it's
fine.
The
only
concern
I
still
have
is
that
technically
the
cncf
doesn't
want
us
using
that
license.
B
If
you
want
one
doesn't
want
us
using
a
dependency
with
that
license
and
that's
what
I
haven't
heard
back
about
yet
I
mean
if
they
say
no,
we
can't
use
it
then
I
I,
guess
we
stop.
A
B
A
C
Yeah
I
was
gonna,
say
just
the
open
terraform
project
of
they
they've
they've
basically
managed
to
get
away
with
sticking
with
the
original
license
by
forking
it
from
the
version
that
was
you
know
before
BSL,
but
then
hashcot
released
an
update,
saying
that
they
can't
now
pool
providers
or
plugins
can't
have
the
naming
of
it
and
terraform
from
basically
repost
so
now
they're
having
to
find
a
way
around
that
side
of
things.
C
B
Well,
we'll
just
wait
and
see:
we've
done
what
we
can
in
terms
of
letting
the
appropriate
people
know
and
following
the
suggested,
you
know,
requesting
an
exception
and
stuff
from
cncf.
So
yeah.
A
B
C
Yeah
come
for
me:
I've
got
enough
notes
that
I
can
think
of
off
top
of
my
head.
Three
so
sounds
good
to
me.