►
From YouTube: SIG Cluster Lifecycle 2020-10-20
A
A
I
about
a
couple
of
group
topics-
slash
psas
here,
if
you
have
any,
please
add
them
up
below
so
recently
there
was
a
disclosure
of
some
cves
in
core
components
of
kubernetes,
so
this
is
not
really
relevant
to
this
sick,
but
I
I
just
added
this
to
the
agenda,
because
the
topic
is
quite
interesting
because
we
have
something
related
to
k
log
levels.
A
So,
apparently,
if
you
have
a
any
like,
you
are
disclosing
a
secret-
or
maybe
I
don't
know
any
ip
address
or
something
insensitive
in
a
k-
walk
entry.
A
But
basically
there
are
a
number
of
fixes
that
fix
problems
around
that,
like
you
can
see
the
links
we
fixed
the
number
of
cvs,
for
instance
like
this.
This
one
is
interesting:
the
cube
api
server
at
level
more
than
nine
prints,
some
sensitive
details-
and
I
ask
the
question
here
like
ok:
we
have
a
guide
about
k,
log
levels
which
claims
that
everything
above
level
three
is
the
bug
information.
A
Now
we
don't
do
that
in
go
like
that
much,
but
it's
still
possible.
So
basically,
the
question
here
is
like:
why
can
we
just
say:
okay,
the
bug
level
is
something
that
we
is
basically
the
level
where
we
should
print
anything.
A
Why
do
we
have
cvs
for
things
like
k,
walk
level,
nine,
which
obviously,
we
have
to
have
a
lot
of
disk
space?
For
for
that
anyway,
like
it's
really
a
question,
can
the
app
enter
the
bug
level
mode
and
how
do
we?
How
do
we
say
that
to
the
users?
A
A
C
Okay,
I
agree
with
you
in
spirit
lubamir,
but
people
are
gonna
do
stupid
things.
People
are
not
gonna,
read
the
instructions
and
I
just
I
don't
think
you're
gonna
win
this
one.
B
Yeah
I
was
going
to
echo
similar
things
and
you
know,
while
we
can
make
recommendations,
the
user
is
not
running
a
higher
level
of
debug
there's
going
to
be
cases
where
users
hit
issues
and
for
one
reason
or
another,
going
to
need
to
enter
a
higher
level
of
debug
to
be
able
to
like
feed
back
issues,
and
if
they
are
capturing
that
and
other
software
you
know,
then
it
becomes
a
continued
issue
that
will
crop
up.
So
I
don't
think
we
want
to
rely
on
debug
level.
B
A
D
Can
you
hear
me
better
now?
Yes,
okay,
good,
I
was
gonna
say
it's
only
secrets,
tokens
things
like
that
that
can
actually
grant
permission
that
we
are
filtering
or
removing.
It
is
not
things
that
make
it
easier
to
hack
like
addresses,
and
it's
not
things
like
pii
like
ip
addresses.
I
don't
think
as
far
as
I've
seen
there
hasn't
been
anyone
obscuring
those.
It
is
only
credentials
or
credential
equivalents.
D
They're
they're
sensitive,
but
I
think
your
argument
applies
there,
that
the
value
of
like
that
it
would
diminish
significantly
diminish
the
value
of
the
log
information
if
we
started
redacting
ip
addresses
and
that
they
are
less,
they
are
less
empowering
than
a
token.
A
Yeah,
so
I
wanted
to
make
clear
that
this
is
not
like.
We
don't
have
really
an
argument
against
the
I.
I
just
wanted
to
get
feedback
from
this
group
and
maybe
make
this
like
a
announcement
that
things
nowadays
being
treated
as
cvs
if
you
print
the
secret
by
mistaking
your
locks,
it's
a
cve.
So
this
is
the
psa
here
pretty
much.
A
C
Sorry
there
was
a
comment
I
saw
on
on
twitter
that
maybe
in
the
code,
if
you
use,
if
you
define
types
for
things
like
passwords
and
tokens
that
that
by
default
obscure
like
their
their
their
string,
conversion
method,
prints
asterisks,
for
instance,
that
that
can
kind
of
help
people
do
the
right
thing.
I
don't
know
if
we
wanna,
I'm
not
sure
if
we
own
that
level
a
little
bit.
Maybe
we
own
frameworks
like
that.
This
is
kind
of
next
level
up,
isn't
it
controller
runtime?
That
kind
of
thing.
A
C
Right
but
my
point
was
was
to
put
it
on
the
data
type.
Then
then
you
it's
much
harder
to
forget.
D
D
Useful
because
then
you're
never
gonna
like
accidentally,
pass
a
docker
token
to
a
like
rbd
credential
right.
It
provides
it's
actually
a
really
standard
practice
that
we
haven't
done
in
go
because
it's
sort
of
considered
discouraged.
I
guess
I
think
also
one
of
the
challenges
with
that
is
that
I
believe,
if
you
print
the
structure,
it
doesn't
call
the
printer
on
the
fields.
I
could
be
wrong.
D
The
string
function
on
the
fields
in
in
any
case,
though
I
imagine
this
would
be
a
security
thing
now
that
we
have
that
sake.
That
should
be
proposing
that
sort
of
thing,
but
we
can
certainly
like
suggest
it's
a
great
suggestion,
and
I
think
we
should
certainly
bring
it
to
them,
and
we
did
it.
We've
done
it
successfully
in
the
past,
where
we've
had
strings
that
could
easily
be
confused,
like
I
did
node
name
and
an
instance
and
hostname
for
example.
That's
why
those
two
types
exist.
A
Yes,
if
you
have
any
suggestions,
you
can
add
them
to
the
google
groups
discussion.
I
guess
I'm
hoping
that
seek
security
will
be
watching
this
topic,
and
maybe
members
of
seek
security
can
reply
but
yeah.
This
is.
This
was
just
the
discussion
here,
I'm
hoping
that
we
don't
have
components
that
will
have
cvs
eventually
for
this,
for
something
like
that.
A
Topic
all
right
moving
to
the
next
one.
This
is
basically
the
release
theme
ci
signal,
triage
fox
found
that
we
have.
We
have
failing
costar
api
end-to-end
test
jobs
since
october
5th.
A
E
I
have
one
question
like
I,
the
the
one
that
cap
g-
it's
we
pointed
this
to
the
sig
release
dashboard
as
informing
th.
Does
this
job
needs
to
be
there
as
well
like
how
critical
like
in
terms
of
seek
release?
I
don't
think
this
is
very
critical
for
the
sig
release.
A
Ago
we
we
discussed
that
question.
Api
should
eventually
be
a
project
that
blocks
the
kubernetes
release,
so
the
kuster
api
providers
were
placed
as
releasing
forming,
which
is
the
first
step.
Eventually
it
can,
they
can
become
released.
Blocking
the
problem
here
is
that
if
these
providers
don't
maintain
their
end-to-end
signal,
we
should
just
remove
them
from
releasing
forming,
because
otherwise
we're
going
to
get
like
requests
from
the
release
team
constantly
to
fix
them
agree.
F
E
Yeah,
okay
and
I
saw
in
the
in
the
configuration
for
cap
g.
There
is
a
lot
of
other
jobs
like
similar
to
v1,
alpha
3,
but
for
v1,
alpha
2.
and
looking
the
repo
for
capital.
I
didn't
see
like
the
api
alpha
2
should,
like
we
open
up
here,
to
clean
up
this
pro
config
jobs
or
I'm
missing
something
that
I'm
not
aware.
B
I'm
not
entirely
sure
about
the
v1
alpha
2
related
jobs.
I
do
know
that
we
have
had
some
folks
that
are
more
interested
in
maintaining
cap
g
now,
so
we
should
probably
route
some
of
these
questions
their
way.
B
A
A
A
Okay,
so
any
volunteers
to
bring
the
cup
g,
this
discussion
to
the
copy
meeting.
F
E
A
A
Meter
yeah
correct:
you
can
also
bring
the
discussion
about
the
ci
signal
triage
in
the
copy
meeting
in
general.
Maybe
that
is
the
right
forum,
for
this,
like
just
sorry
like
jason,
is
saying
chat.
So
maybe
the
copy
meeting
is
the
right
forum
for
this.
A
A
All
right
moving
to
super
project
readouts
I
added
like
something
for
cube
adm.
We
don't
have
any
major
updates,
we're
currently
discussing
and
roadmaps
with
fabricio
for
potentially
what
we
can
do
with
cubadiem
as
a
library
and
in
the
future.
A
A
Apparently,
this
is
quite
a
quite
of
a
mess
in
core
kubernetes
today,
so
we
have
a
couple
of
pending
prs
if
you're
interested
have
a
look,
these
are
for
cube,
adm
and
also
for
core
components
in
terms
of
fixing
the
docks
at
least
the
one
of
the
flags
from
the
kcm.
That
is
the
I
believe
note
cider
mask
it's
very
problematic,
because
it's
it
makes
some
assumptions
around
the
coastal
cider.
You
pass
it's
bound
to
the
quest
side
of
whack,
it's
a
bit
of
a
mess.
A
A
All
right
for
british
request,
api.
F
F
F
We
are
running
to
get
the
v0311
release,
which
is
ready,
which
is
planned
for
the
first
week
of
november,
and
basically
the
two
teams,
or
the
two
changes
that
that
are
filled
with
in
this
into
these
release
are
an
improvement
on
condition.
So
we
are
adding
non-condition
on
machines
or
it
is
written.
F
Notice
is
wrong.
We
are
adding
kcp
conditions
for
kcp
machines
and
also
we
are
adding
a
remediation,
both
kcp
navigation
and
external
mediation.
F
A
Yeah,
I
thought
there
was
a
pr
to
help
check
lcd.
I
guess
this
is
part
of
the
conditions
work
as
well.
A
Okay,
any
questions
for
question
api.
G
Hi
yeah
there's
one
one
thing:
that's
kind
of
interesting:
there
was
a
request
to
to
implement
phases
so
in
the
same
way
that
kubidium
has
phases-
and
this
came
out
of
the
use
case-
of
using
xcd
nfc
cuddle
binaries
that
are
installed
from
a
different
source
like
a
system
package
and
that
would
require
relieving
at
cd
adm
of
the
responsibility
of
of
installing
the
binaries
and
uninstalling
them.
So
the
phases
there
it
made
made
sense,
there's
a
little
bit
of
discussion
in
that
in
that
pr.
G
That
was
closed,
so
yeah,
if
anybody's
interested
in
that
yeah
just
help
wanted
a
label
on.
On
that.
That's
that's.
I
think
all
the
all
the
updates
for
now
justin.
I
don't
know
if
you
wanted
to
there's
anything,
I'm
I'm
forgetting.
D
A
Yeah
we
have
a
bit
of
a
lesson
learned
from
phases
in
the
land
of
cubadm,
the
more
you
expose
to
the
user,
the
more
you
have
to
not
break.
So
if
you
expose
commands
phases
for
this
separate
sub-actions,
you
have
to
be
careful
like
what
is
stable.
What
is
not,
I
would,
I
would
only
expose
the
stable
parts
of
the
actual
command.
So
if
you
have
concerns
about,
for
example,
the
if
the
part
about
generated
certificates
is
currently
unstable,
it
may
change
in
the
future.
A
If
you
expose
it
as
a
command,
you
have
to
apply
some
rules
for
this.
Okay,
we
expose
this
command,
but
it's
alpha.
Is
it
or
a
phase
it's
alpha
and
we
can
break
the
consumer
if
they
are
not
careful
once
you
graduate
this
command,
we
give
you
a
guarantee
that
we
are
not
going
to
break
it.
So
that's
basically
the
tldr
there
nowadays
in
cuba,
it's
really
hard
to
change
the
face
order.
The
face
contents
so
like
this
is
just
a
you
know
like
a
warning
that
you
should
be
careful
about
such
feature.
A
Hdidm,
all
right,
we
don't
seem
to
have
any
more
project
updates
on
the
readouts.
Does
everybody
else
want
to
add
safano
thoughts
or
we
can
end
up
earlier?
I
guess.
D
Yeah,
it's
been
it's
going
well
we're
doing
basically
weekly
non-recorded
sort
of
informal
hangouts,
zoom
outs,
the
I
think
it's
actually
very
valuable,
like
the
one
of
the
things
from
this
morning
when
we
are
meeting
with
this
morning,
we
were
reviewing
a
pr-
and
it
was
sort
of
interesting
because,
like
it
was
sort
of
very
fundamental
around
the
like
approach
to
how
we
were
going
to
do
things
and
that's
not
something
which
we
normally
discussed
before
a
pr
is
up
generally,
we
can
sort
of
do
it,
but
it's
sort
of
generally
harder.
D
So
it's
I
feel
like
there's
a
just
a
cross
project
thing
we're
not
necessarily
getting
doing
a
great
job
which
we
had
in
some
of
our
earlier
meetings
and
there's
also
where
a
bunch
of
people
from
different
projects
showed
up
and
thank
you
like
you
know,
everyone
did
and
then
there's
also
a
sort
of
more
sort
of
abstract
early,
just
discussion
of
how
to
do
things
which,
unless
you
guys
do
the
effort
of
doing
a
full
cap
is,
is
often
missed
in
some
of
these
other
more
structured
ways.
D
So
I
I
I
want
to
continue
doing
it
and,
I
think,
there's
an
argument.
I
think
we're
still
experimenting
as
to
what
the
right
way
to
achieve
that
to
achieve
some
of
these
things.
It's
it's
it's
not
necessarily
like.
Should
we
change
our
structured
meetings,
the
cult
structured
meaning,
for
example,
to
better
encompass
this,
or
should
we
have
some
ongoing
random
state
cluster
lifecycle,
hangout
fun
meeting
where
we
talk
about
random
stuff,
that
is
across
projects
that
isn't
as
easy
to
bring
up
here
that
you
know
we
don't.
D
D
This
particular
pdr
was
around.
They
were,
the
pr
was
changing
the
way
that
docker
was
installed.
So
you
know
we
have
an
agent
that
runs
on
the
machine.
A
D
Has
a
bunch
of
versions
of
the
docker
like
pre-configured
and
the
debate
was,
and
basically
it
was
changed
to
all,
be
dynamic
and
done
by
the
like
configurable,
and
the
debate
was
whether
we
should
go
back
and
retroactively
change,
the
behavior
for
the
older
versions
and
it's
sort
of
a
difficult
question
like
because
it
means,
like
we've,
been
even
trending
in
this
direction,
but
it's
like
for
the
versions
that
are,
I
think,
more
than
four
releases
which
technically
we
still
support
or
we
want
to
support.
D
Do
we
want
to
change
the
way
they
behave
and
therefore
risk
having
to
sort
of
think
about
them
again
or
do
we
want
to
risk
everything
about
them
because
we
break
them
or
do
we
want
to
potentially
break
them
or
do
we
want
to
just
get
everyone
onto
the
new
thing
and
not
have
to
worry
about?
You
know
the
sort
of
split
behaviors.
D
So
it's
it's.
It's
not
an
easy
question.
We've
tabled
it
for
our
office
hours
on
friday,
but
it
probably
would
have
been
better
had
we
had.
D
We
had
that
conversation
beforehand
for
everyone
involved,
but
it's
difficult
to
know
like
what
those
things
are
and
we
tend
to
generally
not
to
do
like
kept
for
what
essentially
sounds
like
a
refactoring
generally,
we
try
to
avoid
caps
if
we
can
in
general,
so
yeah
it's
it's
not
necessarily
the
details
of
the
pr
itself,
it's
more
just
the
that
that
pre-discussion
that
becomes
clear
when,
when
you're
sort
of
halfway
through
the
work
you're
like.
A
Yeah
I
see,
but
if
I
join
a
hackathon,
I
honestly,
I
wouldn't
expect
that
I
have
to
write
something
like
a
kip,
maybe
it's
a
too
much
but
like
today
I
realized
that
the
project
called
helm
was
created
during
a
hackathon,
so
maybe
design
decisions
and
big
ideas
also
can
be
a
product
of
a
hackathon.
So
but
if
something
is
if
if
the
hackathon
is
like
or
why.
F
D
A
Scope
is
more
about
lightweight
changes.
Maybe
you
just
have
to
scope
the
hackathon
itself
like
saying
hey,
we
are
only
going
to
touch
small
issues
here.
Small
features,
it's
a
big
designer
factors
and
things
like
that
are
really
in
the
scope
for
the
project
timeline
itself,
not
the
hackathon
timeline.
D
Has
played
out
is
that
the
people
that
are
attending
meetings
are
generally
people
from
the
existing
community.
There
are
a
handful
for
these
examples.
There.
There
are
a
few
have
prs
that
have
come
in
from
new
contributors.
I
don't
think
we've
seen
them
show
up
to
the
the
informal
chat
sessions.
Yet
generally,
there
are
some
existing
contributors
that
are
able
to
attend
because
of
the
different
times
of
you
know
being
not
friday
afternoon
in
europe
type
thing,
but
it
is
not
it
is.
D
It
is
not
so
far
a
way
to
bring
in
new
contributors,
as
it
is
a
new
discussion
forum
that
we
basically
have
been
missing
so
far.
A
I
see
so
so
it's
a
mixture
between
existing
contributors
and
new
contributors.
Of
course,
we
are
more
interested
in
terms
of
the
goal
main
goal
of
the
event.
We
are
more
interested
about
the
new
contributors,
because
this
is
like
we.
This
is
how
we
are
going
to
attract
more
people,
but
it's
really
a
difficult.
It's
a
difficult
decision
where,
whether
where
to
draw
the
line
in
terms
of
what
is
acceptable
for
the
event
itself
and
what
is
acceptable
for
the
main
project
development
cycle,
I
really
don't
have
a
good
answer
for
that.
A
Yeah,
it's
a
it's.
I
don't
know
it's
finding
the
balance.
Also,
if
you,
if
you
can
create
the
list
of
potential
tasks
beforehand,
maybe
and
say:
okay,
this
is
only
what
we
are
going
to
work
on.
Maybe
that's
like
this
scopes,
the
hackathon
itself,
so
you
know
that
all
the
tasks
are
going
to
be
maybe
easier
and
you
can
leave
the
design
design
decisions
outside
of
the
event
itself.
Maybe
I
mean
this
is
just
brainstorming
on
the.
A
D
Relaxed
about,
like
the
whole
like
how
how
strictly
we
adhered
to
the
upstream
october
festivals
and
more
we're
just
using
as
an
opportunity
to
explore,
like
you
know
what
was
gonna
happen,
and
I
think
we
got
something
good
out
of
it
or
have
done
so
far,
and
it
may
not
be
entirely
aligned
with
the
upstream
october
festivals.
A
A
So
all
right,
any
more
topics
for
today.
A
Cool
we
can
give
you
26
minutes
back.
Thank
you,
everybody
and
see
you
again
in
a
couple
weeks.
Bye.