►
From YouTube: kubeadm office hours 2019-07-03
A
A
Okay,
so
a
quick
PSA
at
the
top
of
the
agenda
is
that
correctly
there's
some
refactoring
going
on
the
community
released
repository
and
they
broke
like
all
the
CIA
artifacts
for
master,
which
means
that
most
of
our
tests
were
kinda,
broken
and
I.
Already
poked,
like
folks,
like
steven
augustus-
and
you
know,
some
of
the
signal
is
folks
to
take
a
look
at
this
and
possibly
like
the
decision
was
to
revert
to
a
working
state.
I
only
wanted
to
make
this
PSA.
So
now
it's
Ross,
you
have
an
item
about
APA
extensions.
B
By
third
parties
without
actually
having
to
pick
up
additional
cube,
ATM
stuff,
so
I
presume
that
some
of
you
have
seen
it.
But
there
are
several
things
that
need
to
be
clarified
before
we
can
actually
proceed
with
making
modification
to
the
cap
about
cubed
games,
config
and
actually
proceed
with
the
like
the
PR
that
actually
do
the
the
kind
of
split
so
well.
The
first
thing
is
to
find
the
location
of
the
new
API
directory.
B
D
A
Yes,
that's
correct:
we
got
confirmation
that
the
publishing
process
is
going
to
stop
the
contents
of
k,
/q
beta,
so
Jason
just
proposed
that
we
should
create
a
separate
depository
for
the
types
but
I.
Don't
personally,
don't
like
this
I,
it
feels
to
be
like
you
baby
I
mean
the
types
should
be
in
case
Ice,
Cube,
medium
ap,.
C
E
B
C
A
C
I
get
that
but
like
in
the
fullness
of
time
like
if
you
want
it's
okay,
to
leave
Condor
inside
of
the
comedian
repo
for
a
period
of
time
and
have
a
checklist
that
we
can
periodically
poke
at
across
releases
until
kind
matches
parity.
We
don't
want
to
look
live
in
this
perpetuity
forever
right.
We
don't
like
we
originally
when
we
create
a
kinder,
is
always
that
we
would
implement
these
features
now
to
give
us
over
the
hunt,
because
it
gets
us
past
a
certain
point.
C
A
One
of
the
things
we
are
doing
in
kinder
are
completely
out
of
scope
for
the
kind
project
by
out
of
scope.
I
mean
they
might
not
be
implemented
ever
so.
I
also
kind
of
itself
is
a
recommendation
by
the
kind
paint
a
nurse
they
suggested,
what,
as
multiple
times
to
create
a
new
project
that
is
using
kind
as
a
library,
but
our
features
are
not
that
many,
but
they
extend
the
kind
library
in
such
a
way
that
there,
this
change
is
not
going
to
be
accepted
into
kind.
C
C
B
B
B
The
other
option
is
to
move
them
entirely.
Inside
of
the
exported.
Api
is
probably
with
the
static
defaulting
code.
Also,
another
option
is
to
just
remove
them
from
the
api
at
all
and
move
them
to
the
cube
ATM
constants
package,
and
the
last
option
is
probably
to
do
some
sort
of
a
mashup
and
end
up
with
concealer.
E
And
the
reason
is
that
there
are
several
reason
about
visa.
First
of
all
is
that
defaulting
included
means
is
not
only
starting.
The
fall
thing
about
also
dynamic
defaulting
and
second
I,
don't
see
a
real
use
case
for
a
consumer
of
the
API
to
ask
for
defaulting.
They
should
set
only
the
value
they
are
concerned,
and
then
let
could
mean
to
the
folding
I.
B
C
E
A
B
A
B
B
Idea
is
to
just
make
things
like
drop
in
the
replacement,
so
simply
switch
the
import,
buff
and
the
vendor
from
the
new
place.
So
if
people
are
actually
using
only
the
public
types,
which
is
what
we
actually
expect
from
people
to
do,
then
they're
going
to
be
completely
fine.
But
if
they're,
using
some
constants
or
even
some
of
the
defaulting,
coat
and
stuff
that
we
don't
expect
them
to
use
they'll
probably
remain
broken.
C
Because
these
are
publicly
it's
weird
I,
don't
know
what
policy
is
on
this,
because
if
people
are
already
been
during
today
and
then
we
know
they
are
right.
If
we,
what
is
the
I,
don't
know
what
the
public
policy
is
for
potential
breakage
here
that
it
have
to
be
some
form
of
would
have
to
Assyria
PSAs
for
this
to
make
sure
that
it's
it's
readily
no,
but
we
should
also
see
if
there's
any
policy
and.
F
One
thing
from
our
side:
we
are
actually
using
the
types
and
also
some
functions
that
handle
the
types
if
I
remember
correctly,
for
example,
one
for
splitting
the
yeah
moles
when
there
is
a
list,
some
utility
functions,
but
from
our
side
it
wouldn't
be
a
blocker
if
that
those
ApS
are
not
available
and
our
internal
to
qadian.
So
we
will
find
some
other
way
that
will
be
fine
for
us.
Well,.
D
A
A
E
B
I
think
that
keeping
everything
in
a
single
document
is
probably
better.
Also
this
the
original,
like
Cube
alien
config
gap,
is
about
getting
the
conflict
to
GA
and
I
am
having
the
opinion
that
we
should
not
allow
cube
idioms
coffin
to
be
GA
without
having
a
proper,
stable
location
for
it
and
KK
CMD
cube
ADM
is
not
a
very
nice
location.
B
C
C
C
A
Okay,
thanks
Rossi,
the
next
one
is
a
PRI
in
the
general
area,
the
PR
that
last
night
I
wrote
some
very
simple
logic
to
retry
it
EDD
member,
join
and
I
assigned
Raphael,
and
also
Danny
only
povitsky,
approver,
cert
team
and
Fabrizio.
Please
have
a
look
because
I
don't
know
the
date
for
the
dot
one
release
of
115,
and
this
is
something
that
we
should
back
port
because
we
don't
support
concurrent
join
of
control,
plane
nodes
currently-
and
this
is
a
fix
and
we
graduated
AJ
to
bed.
Without
this.
C
A
B
A
E
A
C
So
this
is
technically
not
a
critical
fix
right,
so
like
policy
matters,
because
otherwise,
if
we
don't,
we,
it
becomes
arbitrary
to
external
viewers
of
what
we're
doing
right.
So
this
one
I
can
see
it
being
beneficial
for
a
subset
of
people,
but
it's
a
known
deficiency
and
it
doesn't
actually
satisfy
a
critical
fix
problem
like
the
worker
is
that
you
just
create
the
config
and
that
the
fix
is
going
to
be
in
in
master,
so
I
think
an
absence
of
a
good
blocking
reason.
We
should
still
adhere
to
policy.
A
F
A
F
A
A
E
A
A
So
milestones
first
I
wanted
to
look
at
the
115
because
we
have
some
things
in
there
still
I
created
117
by
the
way
same
tip,
so
so
concurrent
joy.
This
is
the
one
I
created
yesterday
for
the
sake
of
having
an
issue
this
we
decided
to
back
port.
This
is
the
the
share
pick
pair
is
already
up
and
it
should
be
closing
this
issue
thoroughly.
Psalm
116.
G
So
tissues
are
created,
came
out
of
the
meeting
we
had
a
couple
of
weeks
ago
with
Liz
Weiss
from
at
birth,
so
just
create
issues
based
on
the
stuff
that
we
discussed
in
that
meeting
and
one
of
the
suggestions
was,
we
put
a
document
on
Doc's
top
Kate's.
The
IO
explains
how
you
can
beat
CIS
compliance
with
Cuba
diem.
A
G
Yeah
that
was
also
one
of
the
things
that
we
discussed
in
meeting
the
citations
were
that
vendors
were
testing
compliance
pretty
in
a
pretty
slipshod
fashion,
so
say
check
it
and
they're
also
doing
in
quite
an
old
way
checking
for
flags
and
environment
variables,
whereas
if
we
only
sit
in
a
été
suite,
then
people
can
vendor
those
tests
and
put
them
into
their
products.
We
own
the
test,
suite
I.
A
C
C
A
C
Said
that
get
have
just
posted
an
air
for
me.
Well,
it
smells
good
I,
just
gotta
oops
500
air
from
get
him.
So
maybe
me
it's
just
easier
just
to
close
it,
the
dear
and
open,
open
and
reference
this
in
in
K
I'll.
A
Okay,
so
this
was
I
move
this
to
the
milestone.
Today
we
had
a
discussion
here
with
the
original
author
and
Fabrizio,
and
this
was
this
was
a
long
time
ago,
meaning
2018.
Basically,
the
user
requested
to
enable
basic
authentication
in
Hebei
diem,
which
is
kind
of
I,
think
we
shouldn't,
but
also
remain.
There
is
a
man
in
question
that
is
our
file
discovery
based
approach
of
joining
nodes,
currently
working
with
the
flag,
anonymous
Alf.
If
it's
set
to
false
I,
basically
I
have
to
verify
they
said.
A
I
never
had
the
time
for
this,
but
if
our
file
discovery
does
not
work
with
this
I
mean.
To
be
honest,
this
is
like
a
barcode
feature,
because
I
don't
see
a
reason
for
you
to
disable
anonymous
off
in
the
first
place
like.
Why
should
you
do
it
because
I
know
myself
equals
true
is
already
secure
because
of
our
back-end.
Like
the
other
options,
we
have
true
security,
so
I
don't
see
a
reason
for
someone
to
even
want
to
disable.
This
I
think.
E
E
It
is
the
behavior
of
the
because
you
are
already
providing
the
the
look
at
the
cluster
information.
You
are
providing
the
user
you're
provided
the
server
you
are
providing
the
CA,
so
cobalamin
should
not
goes
goes
through
a
cool,
an
unauthorized
call
to
the
API
server.
If
it
is
doing
it
is
a
property,
it
is
a
regression,
but.
F
E
When
you,
you
can
include
me
enjoy,
and
you
can
use
a
three
out
in
t3
discovery
method:
okay,
the
first
one
is
token
and
when
he
has
a
token,
the
token
could
mean
contact
the
API
server
through
an
unauthorized
call
and
read
the
cluster
info
config
map
with
the
the
CA
and
with
the
ca,
basically
okay
and
then
validate
the
CA
on
the
cih.
This
is
one
way,
and
this
way
cannot
work
with.
A
A
question
here:
so
if
we
have
a
Kip
config
that
we
use
for
cube
carro
to
access
the
same
cluster,
if
anonymous
authorization
is
disabled,
are
we
going
to
get
a
problem
because
currently,
what
we
do
is
we
create
a
client
from
the
same
clip
config
that
the
user
passes
with
the
file
discovery
method?
And
the
question
is
here
like
if
we
do
keep
Carol?
Is
this
going
to
work
like
because
it's
essentially
the
same.
A
E
A
A
G
Say
I
and
I
I'm
slowly
working
through
that,
so
there's
a
bit
more
for
tracking,
so
it's
I'm
doing
it.
Basically,
so
the
next
release
of
the
documentation
should
have
the
tests
valid
for
the
qiblah.
What
in
component
config.
G
E
G
Of
the
opinion
that
we
should,
we
discussed
that
ticket
before
I
seem
to
remember
in
a
preview
in,
like
a
couple
of
releases,
go
I'm
of
the
opinion
of
saying
we
don't
like
we.
We
support
our
back
as
the
only
mechanism
for
key
by
diem
and
when
you
have
our
back
enabled-
and
we
did
like
this
readiness
checks-
you
need
anonymous
off
off
on
for
that.
And
therefore
this
is
an
right
fix.
E
A
A
G
G
I'll
find
it
in
a
minute
laura's,
and
you
can
log
into
that,
and
there
is
a
draft
version
of
the
next
CIS
benchmark,
which
is
one
point
five
in
draft,
and
you
can
do
comments
on
it.
So
Liz
suggested
in
there
that
for
all
of
the
couplet
tests
commonly
it's
checking
the
flags
and
the
rebels,
because
that's
deprecated
now
we
need
to
do
the
equivalent
test
for
component
config.
So
all
of
those
controls
need
to
be
updated.
G
C
C
A
C
G
C
A
C
A
A
C
A
Now
this
is
like
a
separate
topic.
If
you
want
to
talk
about
this
issue,
I
currently
I,
don't
see
a
problem.
I
don't
see
a
security
problem
here.
So
while
this
is
important,
long-term
I
questioned
the
priority
label
here,
because
I
have
not
seen
other
requests
for
that.
I
wrote
and
say
like
why.
Why
is
this
a
security
problem.
A
That's
basically,
they
want
to
rotate
the
the
CAS,
which
is
fine.
Of
course,
we
signed
him
for
ten
years
and
if
they
want
to
provide
their
custom
CA,
they
want
to
rotate
in
the
CA
he.
Yes,
that's
the
shaky
for
to
be
able
to
do
it
more
easily.
They
want
to
take
the
controller
manager
with
a
separate
key.
E
A
But
then,
how
are
we
going
to
figure
out
I
see
that
you
know
Roscoe
Dimitri
created
something
here
as
a
where
was
it
like?
He
had
a
proof
of
concept
and
I'm,
not
sure
how?
How
are
we
going
to
pick
the
correct
CA
from
the
bundle,
the
one
that
is
specific
for
the
controller
manager?
There
has
to
be
some
sort
of
an
algorithm
or
some
sort
of
a
tag
somewhere.
E
C
A
A
Basically,
she
enabled
UID
and
GID
set
up
from
the
qadian
config
to
configure
the
controlling
pots
in
such
a
way
that
you
can
basically
specify
the
user
a
singles,
but
Rasta
suggested
that
maybe
we
should
just
Hart
condom
and
I.
Think
we've
that's
something
we
can
do
today.
We
should
just
hard
code
them
to.
You
know
the
use
of
nine
nine,
nine
and
like
test
if
it
works
and
that
we
can
ship
116
with
this.
G
G
G
A
Just
a
second,
except
by
each
other,
is
not
working.
So
the
the
Cuba
name
issue
is
thirteen.
Six
is
sixty
seven,
our
find
it
alright
thanks
and
I.
Basically,
the
PR
itself
is
going
to
be
very
simple
for
Canadian
I
think
we
can
do
this
like
in
this
cycle,
so
yeah
I'm,
going
to
remove
the
Help
Wanted
here
assigned
me
in
the
dirt.
F
G
A
A
A
A
F
The
only
dancer
that
I
can
see
is
if
some
distress,
when
packaging
set
certain
parameters
that
are
not
what
cube
ATM
expects
them
to
be
right.
Now
we
are
forcing
them
to
be
what
we
expect
cube
ABM.
So
in
that
sense
we
are
coherent
with
vodka
baby
and
us
that
is
the
only
downside
that
I
see
that
we
are
going
to
respect
those
which
is
a
good
thing.
On
the
other
hand,
so.
B
A
Okay,
I
covered
it.
This
may
be
Bartos
can
get
back
to
this
problem.
It's
important
long
term,
but
I'm
going
to
reduce
the
purity
everything
to
backwalk,
because
we
don't
see
that
many
requests
about
it.
I
think
I've
been
taught
oh
I've
seen
so
the
116
milestone.
Also,
yes,
it's
in
116
I
mean
it's
there,
but
you
know
at
the
end
of
the
cycle.
A
We
start
kicking
things
out,
because
if
people
don't
have
the
time,
okay,
cubed
emj
generate
Pulitzers
with
master
CS,
so
this
was
basically
the
solution
is
that
we
should
provide
a
workaround
in
the
dogs,
not
your
promise
to
write
the
workaround
for
that
I.
Think
I've
linked
this
already
here.
Let
me
check
okay,
when
we.
A
That's
that's
basically.
Actually
there
are
a
couple
of
issues
here:
okay,
so
this
is
the
user
report
like
he
basically
wants
to
use.
You
know
the
the
the
metric
server,
which
I
mean
it's
a
complicated
problem,
but
basically
what
we
decided
I
think
even
in
the
previous
meeting,
is
that
instead
of
enabling
this
ago
signing
the
couplet
serving
certificate
we
the
Questor
CA
instead,
maybe
we
should
provide
workarounds,
and
maybe
one
of
the
workaround
is
is
to
like
instruct
the
users
how
to
sign
this
themself
like.
H
Need
I.
G
A
G
A
We
should
probably
end
it
now
like.
Maybe
we
should
continue
next
time
because
we
didn't
go
through
a
war
of
these.
We
have
a
lot
of
issues
in
116.
We
should
adjust
priorities
and
more
things
to
the
next
milestone,
possibly
so
yeah.
Okay,
thanks
everybody.
We
should
give
room
to
the
COS
API
and
enjoy
your
evening.
Bye-Bye
wanna.