►
From YouTube: 20200127 - Cluster API Provider AWS Office Hours
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Today
is
Monday
January,
27th
2020.
This
is
the
AWS
cluster
API
office
hours
meeting.
This
is
a
sub-project
of
SiC
cluster
lifecycle
and
we
abide
by
is
a
meeting
adequate,
which
is
basically
nice
to
each
other
and
if
you've
got
something
to
say,
please
use
the
raise
hand
feature
in
zoom
and
I
will
do
my
best
to
call
on
you
and
if
you've
got
any
items
for
the
agenda,
please
add
them
to
the
group
tops.
Excuse
me.
The
group
topics
section
here.
A
There
are
only
four
of
us
here
today,
so
feel
free
to
speak
up
and
not
necessarily
use
the
raise
hand.
If
you
don't
want
to
I,
don't
have
any
key
essays
that
I
can
think
of
nadir.
Is
there
any
I
do
want
to
talk
about
the
encryption
of
user
data
visit,
anything
PSA?
Why
is
it
you
can
think
of
just
do
it
besides.
A
B
Right,
yeah
sure,
so
what
way
we
bootstrap
machines
for
in
Kappa
is
we
generate
user
data
and
be
tracked
machine?
So
one
of
the
things
that
occurs
doing
then,
that
is,
the
certificates
are
generated
by
the
cube
ATM
bootstrap
controller
in
we
1
alpha
2
and
in
the
cube
alien
control,
plane
provider
in
we
run
our
for
free
and
all
of
those
certificates
are
injected
into
the
use.
The
data
for
control
plane
nodes,
but
could
they
need
cube?
A
Liam
needs
those
CA
certificates
to
generate
the
sed
server
certificate.
B
The
API
server
certificates
are
on
beat
one
of
the
issues
with
that
is
that
anyone
who
has
read
who
has
well
as
two
issues
one
is
a
pod,
can
read
that
instance
metadata
if
it's
not
firewalled
off
and
they
can
just
scrape
the
URL
and
reconstruct
those
root
certificates
and
people
with
read-only
access
to
ect.
You
API
save
you
just
give
people
console
apps
access,
they
can
go,
they
can
click
in
Dec
2
and
get
the
user
data
and
be
able
to
do
the
same
thing.
B
So
what
we
settled
on
doing
is
using
AWS
secrets
manager.
The
reason
for
that
is,
it
can
store
documents
up
to
20
kilobytes,
so
we
stored
a
cloud
in
it.
Data
in
a
secrets
manager
then
inject
a
script
to
download
that
from
secrets
manager
and
then
restart
cloud
in
it
and
it
can
carry
on
its
way,
and
that
means
oh
and
then
we
also
immediately
delete
that
data.
So
it
can't
be
reread
by
someone
read
access
to
that
node
and
people
with
read-only
access.
A
A
All
right!
Thanks,
Google
X
there
we
go
how
much
of
what
I
typed
didn't
lose.
Oh
good,
nothing
inject
a
script
to
download
encrypted
user
data,
write
it
to
disk
and
restart
cloud
an
it
to
process
it
encrypted
user
data
is
deleted.
As
soon
as
it's
read
instance
and
I
know,
Vincent
asked
a
question:
a
deer
on
the
pull
request
about
when
we
would
default
encryption
to
true
I.
A
Don't
think
we
can
reasonably
do
it
in
alpha
2,
given
that
the
current
state
is
not
to
encrypt
it
and
I
wanted
to
ask
you
because
I
didn't
go
back
this
morning
and
look
at
the
PR
as
a
as
an
ec2
user.
Do
you
have
to
do
anything
to
get
this
like?
Do
you
have
to
set
up
some
sort
of
key
kms
thing,
or
does
it
just
automatically
work
for
you
out
of
the
box?
Assuming
you
have.
The
I
am
permissions
that
you
need.
I
was.
B
Out
of
the
box,
because
just
using
the
default
kms,
so
certain
services
that
you
leverage
kms,
if
you
don't
specify
a
key
one-
is
automatically
generated
by
this
service.
So
you
don't
need
to
do
anything
else
and
they,
you
don't
add
an
important
you
don't
get
charged
for
it.
So
normally
a
key
is
charged
for
one
pound
per
month,
one
dollar
per
month
right
now
and
you
won't
get
charged
if
it's
just
being
used
this
part
in
this
as
through
a
service.
B
So
it's
nothing
else,
but
is
an
extra
permission
on
a
don't
get
secrets
manager
so
ya
know
don't
intend
to
enable
it
for
default,
and
we
won
alpha
to
the
logic.
I
got
so
far
is
to
at
least
four
control
planes
only
one
out
for
free.
If
you
haven't
explicitly
said
that
you
don't
want
encryption,
it's
going
to
be
encrypted
and
then
the
working
nodes
are
doing
under
the
common
standard
process.
For
now,.
B
A
B
A
B
I
mean
the
side
effect
of
this.
Is
this
solution
only
works
for
cloud
in
it,
so
the
option
is
specifically
under
a
section
called
cloud
in
it,
so
we
can't
really
reason
about
how
other
systems
can
support
those
bootstrap
methods
and
it
and
it
doesn't
change
their
already
existing
escape
hatches
if
you're
doing
something
else
right.
B
A
No
good
for
me
no
I'm,
good
thanks,
okay,
so
what
I'm
gonna
do
next
is
essentially
do
a
burn
down
of
the
0.5
milestone,
which
maps
to
v1l
for
3.
If
you
hadn't
attended
the
cluster
API
office
hours
meeting
in
the
past
week
or
two,
we
are
trying
to
do
a
pre-release
of
b1,
alpha
3
around
Valentine's,
Day,
so
mid-february,
and
then
the
goal
is
to
release
the
final
GA
version
in
early
March,
which
is
like
the
fifth
or
6.
A
Whatever
you
see
what
that
is
on
the
calendar,
the
six
is
a
Friday
so
somewhere
around
there
and
the
goal
for
doing
the
burn
down
is
to
look
at
the
16,
currently
open
issues
that
are
in
the
milestone,
as
well
as
any
law
requests
that
are
in
the
milestone
and
see.
If
there's
anything
that
needs
to
be
deferred,
because
it's
not
critical.
A
If
there's
something
has
been
lingering
for
a
while,
and
it's
got
an
assignment,
we
can
check
in
with
the
person
and
see
how
things
are
going
so
I'm
gonna
do
what
I
usually
do,
which
is
start
at
the
bottom.
We
have
first
up
nadir.
This
has
been
here
forever,
but
I
do
still
think
that
it's
it's
worthwhile
document
what
you
get
in
a
cluster.
So
what.
B
A
A
This
has
been
around
for
a
while
I
had
asked
a
couple
weeks
ago.
If
we
think
we'll
have
time
to
do
anything
about
this,
for
the
upcoming
release,
my
gut
feeling
is
no.
At
this
point.
I
know:
Jason
had
suggested
the
sort
of
client
key
your
token
or
something.
Where
was
that
or
the
item
potency
token,
so
that
we'd
store
the
token
in
one
of
our
custom.
Resources
then
make
the
call,
and
then
we
could
I
guess,
use
that
token
to
go
locate
it.
A
If
we
crashed
and
the
tagging
failed
or
whatever
I
don't
know
the
details
on
that
from
an
AWS
perspective.
But
my
gut
feeling
is
that
we
probably
should
just
move
this
to
next
and
as
soon
as
alpha
3
is
released.
Take
everything
that
has
the
next
milestone
on
it,
clear
it
and
then
reevaluate.
Everything
is
there
anything
near
that
you
can
think
of
that,
like
other
than
this
item
potency
token
idea
that
we
could
do
here,
no.
B
A
All
right,
this
was
one
from
where
there
are
some
AWS
calls.
I
forget
I
think
it
would
have
something
to
do
with
the
ELB
Association
that
just
we
previously
weren't
generating
events,
and
so
this
was
a
request
to
just
awed
it.
Every
single
AWS
call
that
we
make
and
make
sure
that
we
are
generating
event
for
it.
A
I
think,
given
that
our
long-term
goal
is
to
move
towards
status,
conditions
everywhere
and
the
closer
API
ecosystem
and
to
rely
less
on
events
that,
ultimately,
we
can
probably
close
this
one
and
I-
don't
know
that,
like
it's,
it's
okay,
I
think
to
leave
it
in
the
the
milestone.
But
in
my
opinion
it's
certainly
not
a
release.
Blocker.
B
A
So
this
is
still
a
nice
to
have,
but
it
won't
be
a
release
blocker.
If
we
don't
do
this
for
v-103,
the
plan
is
to
close
it
and
switch
to
status
conditions.
A
All
right,
this
is
the
one
we
just
talked
about
about
not
storing
sensitive
and
certificates
in
user
data.
That
will
definitely
be
coming
in
liveness
and
readiness
probes.
We
have
a
pull
request
open
for
it,
just
working
on
finalizing
the
details,
so
that's
appropriate
to
stay
in
ability
to
configure
note
disks.
We
have
a
pull
request
that
was
opened
I
think
over
the
weekend
for
this,
so
that
presumably
will
come
in.
A
Oh
right
so
I
actually
wanted
to
talk
to
you
about
this
nadir.
It
looked
to
me
that
we
we
take
the
secret
that
has
the
bootstrap
data
that
the
cube
am
bootstrapper
or
any
other
bootstrapper
generated.
Then
we
in
memory
base64,
encode
it
and
then
in
your
pro,
in
your
pull
request,
you
were
decoding
it.
A
Yeah
I
know
I
know,
but
you
so
you
were
working
with
data
I
think
that
had
already
been
encoded
yeah
you
needed
to
decode
it
so
that
you
could
encrypt
it
and
then
I
kept
on
following
the
chain
of
events
and
after
got
encrypted
or
no
I
got
it
got
rien
coded.
So
it
was
like
it
was
decoded
or
encoded
decoded
gzip,
three
encoded.
It
was
just
it.
It
looked
like
we're
doing
too
much.
Yes,.
B
A
B
A
B
A
This
one
about
cross
zone
load,
balancing
I
thought
you
had
commented
on
this,
but
maybe
not
too
dear
no
and
then
Vince
has
a
PR
for
it.
I
think
I
asked
him
to
rebase
this
last
week,
yeah
all
right,
so
we
should
review
that
and
it
should
stand
alone
or
in
yeah
the
milestone
at
a
project
roadmap
document
I
recently
opened
up
one
four
core
close
to
API
a
pull
request.
I,
don't
know
that
I
had
a
ton.
She
was
in
here.
A
I'm
sort
of
on
the
fence
on
this
one
I
had
opened
this
because
there
was
a
pull
request
that
merged
and
all
the
all
the
pre
submits
and
proud
worked
just
fine,
but
it
broke
compiling
the
e
to
e
code
because
that
uses
a
go,
build
tag.
The
pre
submits,
don't
build
that
and
we
only
noticed
it
when
the
ad
started
failing
immediately
after
the
PR
emerged.
So
there
is
a
way
to
do
this.
Like
you.
Can
you
can
do
a
go?
A
Build
of
the
test
e
to
e
directory
or
a
go
test
and
just
have
it
spit
it
out
to
dev
null
and
that'll
ensure
that
it
builds
with
the
e
to
e
tag
so
like
I
I,
think
that,
like
crowd,
will
catch
this
if
the
if
something
gets
checked
in
and
the
EDS
fail
in
the
future,
or
we
could
try
and
give
it
a
pre
submit
like
I
think
this
is
really
like.
I,
don't
see
this
as
release
blocking
and
it's
really
a
long-term
priority.
In
my
opinion,.
A
This
one
I'm
gonna
clear
the
milestone
off
of
this.
This
is
about,
or
also
its
next,
a
long-term
adjustment
of
our
proud
jobs,
because
they,
some
of
them,
are
in
permanent
failure
because
of
the
way
that
they're
configured
and
it
requires
a
lot
of
changes
to
make
them
start
working.
So
just
move
that
over
to
next,
oh.
A
A
So
yeah
I
mean
I
think
with
this
one.
There
was
some
oddness
with
it
looks
like
we're
disassociating
multiple
times
and
I
swear.
I
talked
to
Vince
about
this
and
thought
he
had
given
me.
Some
reason
why
but
I
don't
recall
what
it
was,
and
this
is
basically
just
hey,
let's
figure
out
if
we're
doing
the
right
thing
or
not,
yeah.
B
A
B
A
A
A
B
A
A
Okay,
so
that
one's
out
this
one
is
I
need
to
just
review
the
probes
need
to
review
the
labels
are
close
metrics
again,
your
user
data
encryption,
the
dear
and
then
John's
extra
volume
option,
so
I
think
everything
here
is
relevant
and
will
be
getting
reviewed
and
updated
over
the
next
week
or
two,
hopefully
so
that
is
all
I
have
for
issue
in
PR
triage.
So
if
anybody's
got
anything
else
you
want
to
talk
about,
we
can
do
it
if
not
we'll
just
end
here.