►
From YouTube: kubeadm office hours 2019-09-11
A
A
A
A
I
spoke
with
Tim
and
basically
the
idea
is
to
have
the
planning
session
for
qadian
1:17
next
week.
So
the
same
meeting
next
week
we
are
going
to
hold
the
planning
session
of
117
I.
Guess
a
question
I
have
here:
is
it
so
a
little
bit
of
a
context?
We
do
this
every
release
before
every
release.
We
start
planning
for
what
we
are
going
to
work
on
during
the
cycle.
We
do
we
list
basically
a
bunch
of
features
and
we
try
to
establish
priorities
like
what
is
the
critical
priority
for
a
certain
feature.
B
A
So
I'm
going
to
start
I'm
going
to
create
the
new
date
here
and
for
next
week,
I'm
going
to
add
some
some
of
my
personal
preferences,
but
I'm
not
going
to
attend
next
week
because
I'm,
a
PTO
for
is
going
to
host
the
meeting.
Roasty
is
gonna,
be
back
and
you
guys
can
discuss
like
everyone.
The
opinion
from
folks
like
what
is
the
higher
priority
from
them
for
them.
A
A
So
there's
a
walk
around
PR
at
the
committee's
website.
Yes,
aqui
con,
so
the
work
around
PR,
they
had
a
discussion
in
the
cool
additionally
shadow
and
they
decided
to
include
this
documentation
inside
the
cube.
Abm,
installation,
Docs
and
I
said.
Okay,
but
you
know
it.
Dis
affects,
like
everything
is
not
only
cube
adium
and
the
answer
again
is
that
I
pretty
much
the
theories
of
D
don't
have
anywhere.
To
put
it.
The
change
itself
looks
like
this.
B
So
we
can
absolutely
build
this
into
our
packages
like
when
we
do
a
install
of
cube,
a
DM
for
Debian
or
or
CentOS
or
whatever.
So
when
you
do
the
install,
it
could
absolutely
do
this
over
end
as
part
of
the
installation
process.
So
I
think
we
should
be
building
that
operation
into
our
packages.
But
there's
a
broader
question
of
like
there
are
a
set.
The
coop
proxy
is
the
main
order
of
IP
tables
integration.
There's
like
a
couple
of
functions
that
exist
inside
of
the
cupola.
B
Is
broken
here
so
for
this
particular
behavior,
like
can
IP
tables
rules
for
some
of
the
things
in
the
couplet
are
basically
like
firewall
rules,
if
I
understand
perfectly
but
most
of
the
actual
routes
that
are.
You
use
the
IP
tables
like
what's
the
option
of
just
defaulting
to
IBBs
and
what's
the
fall
out
there
from.
A
B
In
terms
of
IP
table,
so
so
I
think
for
an
immediate
band-aid,
you
can
absolutely
update
the
packages
to
do
the
install
scripts
for
both
Debian
and
CentOS
packages,
and
we
can
still
have
the
documentation
here,
but
the
I
think
long
term,
IP
tables
itself
isn't
the
way
we
use
IP
tables.
Is
we
abused
it
in
a
way
that
was
never
intended
to
designed
to
be
used
and
I?
Pbs
is
a
much
more
sustainable
and
longer
term
solution.
C
A
B
Well,
there's
a
part
of
this
that
basically
denotes
that
we
have
missing
CI
signal
right
like
if
we
had
Debian
latest
as
because,
right
now
we
have
specific
distributions
that
we
run
that
are
basically
long-term
support
distributions.
We
have
zero
sort
of
bleeding
edge,
newer
stuff,
which
is
the
unstable
slash.
You
know,
Fedora
style
automated
builds,
but
if
we
had
those
distributions
in
test
grid
for
koob
ATM,
we
would
have
surfaced
this
well.
Before
became
an
issue.
C
B
That's
fair,
but
we
kind
of
like
ricotta
like
Sisyphus.
We
pay
for
the
sins
of
others.
You
want
more
rocks
that
were
to
push
up
here,
I
think
I,
don't
know
who
we
should
talk
to,
but
I
do
think
that
getting
broader
CI
signal
in
place
like
an
early
warning
system
should
be
on
it.
Cuts
horizontally
shouldn't
have
everyone's
citrus
to
make
this
guy
yeah.
B
D
B
I
think
this
is
something
that
falls
underneath
cluster
lifecycles
broader
umbrella,
along
with
the
release
team
to
get
the
CI
cover
that's
required
before
they
can
make
an
actual
cut
natural
release,
because
we
always
just
stuff
like
this
always
seems
to
happen
where
it's
like
the
last
minute.
All
of
a
sudden,
we
get
these
weird
reports
in
from
the
wild.
A
Yeah
personally
think
that
the
network
should
take
ownership
of
both
the
signal
and
both
you
know,
notifying
the
community's
development
mailing
lists
about
probably
that
I
was
lucky
enough
to
look
at
the
seek
release,
slack
channel
to
even
notice
a
problem.
I
didn't
see
the
issue
they
had
Ayesha
locked,
but
the
problem
again
on
our
side
is
bandwidth.
I,
don't
have
the
bandwidth
to
start
me.
They
need
these
extra
tests.
I.
C
B
B
It's
a
little
frustrating
because
I
don't
know
who's
gonna
own
this
or
who
has
the
bandwidth
to
do
it.
In
my
opinion,
I
would
I
personally
believe
that
this
is
a
conflation
of
the
people
who
are
working
for
these
distributions,
whether
they
be
canonical
in
Red
Hat
should
be
doing
what's
in
the
best
interests
of
the
community
and
helping
to
foster
and
build
the
ci
signal
for
that
distribution.
They
do
not
do
that.
They
are
disincentivized
to
be
doing
that
with
the
kubernetes
community,
but
I
don't
know
how
do
we?
D
C
B
Might
go
all
the
way
to
steering
because
it's
a
tragedy
of
the
Commons
problem,
where
there's
it's
there's?
No,
there
needs
to
be
an
enforcement
mechanism
for
these
people
who
are
extracting
value
from
the
core,
but
do
not
offer
and
lens
CI
signal
or
resources
towards
these
things
and
I
can
take
this
up
to
the
higher
levels,
but
the
it's
a
you
need
to
kind
of
write
it
down
in
detail
about
what
the
problem
statement
is.
B
A
We
shouldn't
there
was
recently
a
discussion
in
the
some
of
the
Costa
Rica
one
of
the
coastal
apiary
poster.
Is
somebody
proposed
okay?
What
is
the
list
of
supported
distributions
for
this
particular
provider
and
I
checked
in
in
the
discussion
that
you
basically
cannot
have
such
a
thing,
because
the
distributions
are
moving
fast,
some
of
them
break
stuff,
some
of
them
change
between
minor
versions.
A
E
Yeah,
so
actually
that's
what
I
was
going
to
say
was.
It
would
be
interesting
to
have
like
a
centralized
location
where
you
could
see
the
tests
that
run
for
each
distribution
and
would
encourage
the
distributions
to
actually
have
automated
tests
that
run
that
plug
into
that
some
help.
But
that
was
my
only
thought.
A
long.
B
It
because
relative
ik
will
incessantly
break
stuff,
and
my
team
was
responsible
for
finding
and
fixing
those
bugs
and
I
hated
that
life
and
the
I
do
not
it
because
of
the
way
they
have
a
downstream
product
which
is
separated
from
upstream.
They
have
hopefully
avoided
the
necessity
to
want
to
put
CI
resources
in
sky
signal
to
ensure
that
upstream
is
stable
for
a
given
release
cycle.
A
A
B
That's
a
it's
a
really
user
experience,
though,
like
it's
not
good
on
the
community,
you
know,
there's
gonna
be
some.
We
should.
We
should
pick
just
to
be
pedantic.
We
should
pick
the
most
popular
distributions
and
their
upstream
bleeding-edge
equivalents,
and
that
would
be
a
state
space
of
four
right,
like
you'd.
Have
the
stable
versions
of
Ubuntu
and
CentOS
and
you'd
have
like
the
bleeding
edge
versions
of
those
distributions
which
would
be
fedora
and
Debian
unstable
or
whatever
the
heck?
They
call
it
nowadays
for
the
canonical
latest.
A
But
maybe
you're
right
that
this
should
be
is
connected
to
stealing
for
the
fact
that,
for
instance,
we
have
Malik
and
Raphael
representatives
of
openSUSE,
but
we
don't
have
the
canonical
people.
The
netiquette
people
don't
care,
so
it
feels
like
they
should
be
involved,
went
from
the
distributions
themselves.
If
we
want
to
solve
this
problem
or.
B
B
A
Conveyance
surtsey
a
discussion.
There
are
three
items
in
this
list.
Basically
we
got
a
report
a
couple
of
days
ago
that
the
user
is
requesting
that
so
let
me
go
to
the
beginning.
Basically
they
have
a
question
that
they
are
migrating
from
something
else.
I
don't
know
the
details,
but
basically
the
the
TRS
ten
years
is
not
enough
for
them.
So
the
argument
here
is:
if
we
are
selling
ten
years,
why
don't
we
set
it
to
a
hundred
years
or
maybe
a
thousand.
E
C
D
A
C
A
C
A
C
C
D
A
Okay,
so
this
is
the
related
issue
that
the
same
person
market
this
new.
Basically,
he
requested
that
we
should,
when
we
check
the
expiration
of
certificates.
We
should
also
print
the
remaining
time
for
the
CAS
and
there
is
already
appear
for
that,
but
being
Fabrizio.
We
were
not
very
happy
with
the
approach
so
to
explain
here
when
we
execute
the
the
check
expiration
command,
we
see
a
table
with
the
certificates.
This
is
from
Sheridan
for
belt
obituary,
but
we
don't
list
the
CAS
in
there.
C
This
is
why
I'm
a
little
bit
concerned
in
printing
a
unique
list
with
everything
mix
it
I
prefer
at
least
to
have
something
separated
or
even
to
come
on
side.
I,
don't
know.
So
we
are
somehow
setting
clear
user
expectation,
but.
A
A
A
A
This
is
technically
an
artifact
of
the
the
way
we
proceed
with
the
phases
we
let
Kapadia
manage
the
couplet
not
cough,
which
is
the
contains
the
client
certificates
for
a
complete
paper
server,
but
we
do
not
update
it
later
to
point
this
symbolic
link,
which
is
the
symbolically
into
the
rotatable,
automatically
rotate
about
class
certificate
that
the
complete
certificate
manager
manages.
So
the
problem
here
is
that
we
have
multiple
options
and
one
of
them
are
super
good.
A
I
outlined
them
here,
and
one
of
them
is
to
change
the
init
process
a
little
bit
to
the
basically
to
the
point
where
it's
not
breaking
users,
but
we
still
have
to
think
about
it
a
little.
Maybe
one
of
them
is
so.
The
first
approach
is
to
instead
of
manually,
managing
copulated
curve
by
cube.
Atm
is
instead
write
the
boot
sub
kulikov
and
let
the
couplet
TOS
bootstrap
generate
the
kulikov.
We
are
already
doing
this
from
the
worker
nodes.
This
is
going
to
allow
us
to
let
the
couple
it
automatically
manage
its
rotatable
class
certificate.
A
C
A
There's
a
side
effect
of
that.
However,
if
we
do,
if
we
named
onto
the
regular
team,
is
posture,
we
have
to
pre,
create
the
node
object
with
the
taints
and
no
labels
and
shirasaka
the
information
and
then
let
the
cool
it
updated.
Sorry
I'm
confused,
because
what
the
list
of
people
disappeared
for
me
so
yeah.
So
this
is
the
first
approached
me:
Fabrizio
kinda
decided
to
attempt
to
go
with
this
one
I'm
going
to
send
up
here.
I.
C
A
With
the
automatic
time
stamps
there's
a
another
gutter
here,
but
I
guess
we
can
discuss
the
technical
stuff
on
the
PR
yeah.
The
alternative
was
to
which
is
continued
to
manage
the
cupola
Kampf
by
Cuba
diem
instead
of
using
the
TOS
bootstrap.
But
the
problem
with
this
is
that
if
we
attempt
to
update
the
kulikov,
you
know
manually
in
a
place
certain
aspects
of
the
the
Capcom
file
like
in
a
place,
then
Bennett
clan
certificates.
A
A
A
The
API
server
authorization
mode
is
customizable
by
the
user
if
they
feed
the
extra
Alex
from
the
API
server
and
our
DaCosta
configuration.
But
we,
if
they
feed
a
custom
list
of
modes,
we
still
mess
up
with
the
modes
of
the
user
and
I
found
a
logic
to
D
it's
here.
In
my
opinion,
if
the
users
pass
authorization
mode
in
the
extracts,
we
should
completely
override
the
cube
ADM
default.
A
Here
is
the
logic
we
so
the
user
passes
some
modes
index
works.
We
predefined
our
modes,
which
are
we
need
note
in
our
back,
and
then
we
also
append
a
back
and
webhook,
but
this
messaged
ordered
order
of
authorization
modes
is
very
important,
so
the
user
here
is
trying
to
explicitly
explicitly
define
it
in
the
coastal
configuration,
but
it
ends
up
something
different
in
the
static
mode
manifests
from
the
API
server.
B
C
Order
yeah
my
comment:
customizes
a
workaround
for
this
just
reminded
that
for
other
settings
with
which
could
mean
forcing
we
are
allowing
using
two
users
to
override
cupboard,
mean
default
and
we
trace
a
warning.
So
in
other
part
of
the
code
base,
we
are
taking
this
approach
that
we
allow
user
to
override
Cooperman
default,
even
if
they
are
security
default
alike
in
the
state
yeah.
D
F
A
F
A
F
Right
so
this
made
a
bit
more
complex
because
the
API
server
also
the,
for
example,
the
internal
urban
area
service
that
service
IP
is
used
for
certain
things
inside
Cuba
ADM,
there's
some
certification
logic
that
uses
there.
There's
like
some
DNS
related
logic,
I
uses
it.
So
there
were,
you
know,
there's
some
corresponding
changes
there,
but
for
the
most
part,
yeah.
E
C
A
C
A
E
A
A
A
C
A
A
A
reporter
here
yeah,
if
we
we
have
a
version
of
qadian,
that
we
will
not
support
this
API
as
a
list
116
is
going
to
support
it
and
117
but
115.
Well,
when
we
introduced
b1
b2
to
correct
me,
if
I'm
wrong,
it's
not
going
to
support
it
so
I!
Guess
we
it's
safer
for
Australia
team.
Do
you
want
be
the
tree.
C
A
C
A
A
C
E
C
It
is
if
you
have
to
turn
these
into
our
PR
for
kubernetes
announcement.
This
will
be
much
quicker.
I
agree
is
not
the
same
level
of
functionality
of
Google
Docs.
Here
I
have
a
question.
Maybe
for
team
and
the
connect
the
coordinate
is
the
code
mean
operator
in,
in
my
opinion,
is
something
that
should
go
in
under
the
six.
C
B
I
think
I
would
prefer
to
have
an
earth
Covidien
for
the
time
being
and
then
Oh
in
the
fullness
of
time,
breakout
committee
and
proper
and
Covidien
operator
to
be
released
as
a
single
thing,
because
you
can't
do
one
without
the
other,
and
you
would
want
to
have
validation
for
that,
especially
for
upgrade
testing
right,
because
the
the
we
would
we
would
drastically
change
how
we
do
upgrade
testing
using
an
operator
style
pattern.
And
we
may
even
have
other
end
to
end
behavioral
tests
that
we
don't
currently
have
today
like
CA
rotation.
C
B
A
A
C
B
The
way
we
are
structuring
things
like
Clostridium
is
to
do
both
right
is
to
have
the
deployed
version
as
a
sub
command
of
the
actual
main
command,
so
you'd
say
cuvee,
DM
operator
or
whatever
you
want
to
call
it
or
demon
or
whatever,
as
a
sub
command
of
the
main
command,
and
that's
not
a
bad
approach
specifically
for
cube
ADM.
That
might
be
a
better
strategy
instead
of
us
having
to
do
this,
you
know
to
separate
artifacts
within
a
single
repository.