►
From YouTube: 20191106 - Image Builder Office Hours
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
leave
recording,
has
started
so
hello
and
welcome
to
image
builder
office
hours.
Image
builder
is
a
sub-project
cig,
cluster
lifecycle
and,
as
a
reminder,
this
meeting
does
adhere
to
the
kubernetes
community
code
of
conduct.
This
meeting
is
being
recorded
and
will
be
uploaded
to
YouTube,
so
I've
shared
my
screen
with
an
agenda
doc
free
like
today
and
add
more
person
to
the
attendee
list.
Since
we've
got
three
people-
and
you
know
I
just
figured
for
today,
I
know
mojo.
A
You
said
he
wanted
to
do
a
demo
of
your
CLI
work
so
far,
so
I
added
that
to
the
agenda
and
then
I
had
one
other
thing
that
I
wanted
to
bring
up
as
a
group
talk
topic
to
begin
with,
which
was
had
some
internal
users
within
VMware
playing
with
cat
V
and
using
images
that
we
published
from
the
image
builder
for
cat
B,
and
they
found
that
their
images
were
hanging
on.
Buddha
I've
only
heard
this
from
one
user
so
far,
but
it
was
hanging
when
the
the
OS
would
start
up.
A
It
was
trying
to
do
and
apt-get
update,
which
was
surprising
to
me,
because
I
didn't
turn
on
anything
to
do
that,
but
my
defaults,
even
though
we
didn't
explicitly
install
it
right
now
via
boon
to
images,
have
unattended
upgrades
turned
on
in
addition
to
a
system
D
unit
and
timer
that
does
a
daily
apt-get
update.
Presumably
so
the
user
doesn't
have
to
do
it
themselves.
I
thought
this
was
kind
of
empathetic
'el
to
what
we
were
targeting,
but
I
wanted
to
solicit
feedback
before
making
a
change.
In
that.
A
B
A
Know
and
I
think
we
thought
that
it
already
was
and
I
don't
know
if
this
particular
user
had
a
strange
air
gap
situation
where
no
one
had
hit
this
before,
because
they
always
had
internet
access.
I
wasn't
able
to
confirm
that,
but
the
intent
of
the
image
was
all
ready
for
it
to
be
immutable.
But
one
question
that
I
had
was
ok,
so
we
say
it's
immutable.
Is
there
anybody
who
doesn't
want
that
meaning?
Should
we
add
an
option
to
disable
that
meaning
leaving
the
unattended
upgrades
in
place?
C
C
A
I
would
agree
with.
We
want
it
to
be
easy
to
customize
to
add
whatever
you
need
to
to
meet
your
requirements
for
images,
but
once
you've
completed
the
build
and
you've
added
your
scripts
you've
added
whatever
custom
packages
that
you
need,
I
think
from
there.
We
wouldn't
want
anything
to
change.
If
you
wanted
to
add
additional
packages,
you'd
have
to
build
a
new
image,
but
I'm
saying
I,
don't
think
it's
unreasonable
for,
like
for
the
unattended
upgrades
example
to
say
actually,
I
really
want
that,
because
my
images
are
gonna,
be
long.
A
A
B
They
could
that
go
and
unmask
him,
but
I
think
we
should
favor
and
removing
as
much
configuration
toggle
switches
as
possible
and
then
yeah
even
just
provide
example
hooks
for
renaming
unattended
upgrades
or
whatever.
It
is
because
I
think.
Otherwise.
We
can
just
have
this
very
long
list
of
configuration
options
trying
to
meet
everybody's
needs,
which
I
think
ultimately
will
be
impossible.
A
I
think
I
will
stop
sharing
my
screen,
but
so
just
to
follow
up.
I
will
make
these
changes
to
the
Ubuntu
image.
To
not
have
the
unattended
upgrades
and
stuff
in
place
and
based
on
your
feedback.
Moshe
I
will
not
add
a
new
flag
to
say:
nevermind.
Don't
do
that
and
because
I
don't
think
anybody's
gonna
complain
about
that
in
the
short
term,
and
we
can
wait
until
the
CLI
stuff
is
in
place
to
customize
that
that
make
sense.
Yep.
B
B
B
So
you
there
ideas
you
put
in
an
input
file
which
defines
what
pack
builder
you
what
you
use,
whether
it's
it
appear
so
being
way
what
distribution
wanna
use
a
bun
to
Center
is
and
whatever
hooks
you
you
want
and
whatever
a
packer
override
you
on
your
specify
and
then
we
take
all
of
that
and
emit
a
packet,
config
or
whatever
other
country.
Do
you
want
for
building?
B
But
it
will
do
is
it
will
then
generate
a
package.json
that
looks
similar
to
the
one,
that's
in
AWS
a
little
bit
different,
but
it
will
generate
boulders
and
insert
the
hooks
so
a
show
hook
or
an
antelope
or
whatever
it
is.
If
I
they
can
go
and,
for
example,
change
the
the
distribution
to
send
Centaurus
and.
B
So,
for
example,
you'll
see
that
the
the
installation
of
a
python
pipe
is
missing
because
we
specified
a
different
distribution
way.
That
works
is
that
we
have
a
bunch
of
difference
and
then
your
distribution.
So
basically
you
have
before
and
after
hook
that
like
run
and
template
out
precincts,
if
necessary,
add
any
hooks.
A
bunch
is
going
on
that
adds
a
hook,
so
this
will
run
before
any
user
provided
hooks.
Seventeen
precedes
Kickstarter
falls
and
you
pass
it
on.
B
B
Also,
the
fun
in
these
jammu
files
that
get
embedded
into
the
binary
so
part
of
this
is
we
bed
the
precinct
templates,
the
distribution
of
the
distributions
configuration.
So
this
will
define,
for
example,
how
do
I
find
the
image
as
an
icer
as
an
army
on
the
jaw
and
then
what
the
boot
come
on
would
be.
B
B
B
B
This
will
be
I'll.
Add
a
shell
ansible
and
all
configure
option
as
well,
which
will
basically
then
compiled
down
into
shell,
show
on
files,
and
then
we
should
have
a
good
base
point
for
for
providing
an
easy
to
to
release
artifact
that
anybody
can
con.
You
use,
you
know
that's
kind
of
where
it's
at
the
moment.
I
have.
A
One
question
about
the
the
embedded
proceeding
kickstart
files
since
they
were
just
in
the
resources
folder
are
they?
Is
there
any
way
to
version
them
by
OS
and
I'm
thinking,
specifically
of
the
one?
That's
there
right
now
is
basically
just
for
obas
and
the
kickstart
is
force
in
Tustin
and
but
since
I
think
is
how
much
it
would
likely
have
a
different
kickstart.
Is
there
a
way
to
put
those
in
folders
by
unless
or
something
like
that,
so.
B
Basically,
the
way
it
works
is
the
distro
can
do
whatever
it
was.
So
you
can
create
a
different
proceed
for
an
operating
system.
You
can
put
in
different
templating
into
the
precede,
so,
for
example,
we
just
templating
it
out
username
and
password
for
now,
but
you
could,
for
example,
template
out
the
username
or
I
know,
there's
some
minor
differences
in
DBM
and
bunch
of
different
version.
Use
them,
and
things
like
that.
B
And
then
yeah,
so
this
will
be
the
first
step.
The
second
step,
I,
think,
is
actually
that
a
pipeline
going
that
you
release
the
body.
We
use
the
binary
to
actually
both
some
things
that
can't
test
it,
which
is
we're
currently
spending
my
efforts
on
next
and
then
start
removing
all
of
the
countries
from
the
existing
ansible
and
reduced
that
and
so
down
to
a
minimal
set.
B
A
A
This
is
a
lot
more
than
what
was
there
when
I
looked
down.
One
topic
that
has
come
up
I
know
for
us
is
wanting
to
tag.
Our
version
of
this
I
want
to
make
sure
that
we
tagged
that
before
this
merges
cuz,
it
will
be
a
big
change
how
you
consume
the
tool,
so
I
think
that
would
be
important.
I
know
that
there's
some
stuff
coming
out
of
VMware
pretty
soon
there's
gonna,
be
documentation
pointing
to
the
image
builder
and
right
now
in
assumes.
The
image
builder
looks
like
it
does
today.
A
So
I
want
to
tag
that
so
that
you
know
we
have
that
to
be
able
to
point
to
and
in
perpetuity
but
yeah.
This
is
gonna,
be
so
much
easier,
I
did
think
of
a
question
and
hopefully
I'm
not
cutting
anybody
else
off
you
mentioned
you
know
linking
or
downloading
packer.
Is
there
anything
or
any
plans
to
be
able
to
do
kind
of
I?
Guess,
like
a
pre-flight
check,
you
know:
can
we
access
Packer,
okay,
you're
running
if
you're
doing
the
VMware
builder?
A
A
Yeah
I
know
what
you
know
needing
packer
and
ansible.
That's
one
thing
that's
come
up.
Is
that
there's
a
lot
to
install
them,
there's
a
lot
to
make
sure
that
your
system
can
can
actually
build
these
images.
So
if
there's
any
way
to
test
some
of
that,
that's
common
that
yep
we
can
access
Packer
and
we
can
run
demands
and
will
command
are.
B
B
A
B
A
Not
with
github
tokens,
but
with
some
other
things,
namely
GCS
bucket
tokens
or
Google
compute
fornication
tokens.
There's
a
couple
things
going
on
there,
like
some
other
projects
that
I've
worked
on.
You
know
we
do
including
chat,
be
to
some
extent,
but
you
know
they're
out
of
tree
components
for
kubernetes,
so
CSI
builds
cloud
controller
builds.
We
have
ground-based
automation,
then
you
know.
A
The
default
cluster-
yes,
there
is
higher
more
highly
secured
countries,
but
there
are
other
route
or
gets
different
clusters
that
run
more
secure,
oriented
jobs
but
yeah
and
the
default
one.
You
know
most
of
the
jobs
you
see
running
on
test
written
there
in
the
default
crowd,
cluster
and
there's
nothing
right.
Now
that
prevents
someone
from
reading
someone
else.
A
A
Know
it
so,
you
know
just
not
not
to
give
anyone
ideas,
but
yeah
I
mean
like
I
I
could
write.
You
know
if
I
was
I
could
write
a
proud
job
that
referenced
other
keys
and
if
no
one
catches
it
in
review
it'll
go
in
from
my
side.
The
projects
I
work
on
the
way
that
we
mitigated
this
is
all
of
our
keys.
Aren't
actually
right.
Only
people
can't
delete
things,
they
can
modify
things
and
there's
no
there's
nothing
in
our
process.
That
would
automatically
like.
A
If
someone
took
our
key
and
uploaded
something
to
a
bucket,
it
wouldn't
become
the
default
thing
that
gets
downloaded
in
our
documentation.
But
there's
still
that
thing
where
we'd
have
to
notice
someone
was
writing
new
stuff,
but
they
can't
change
anything
ever
delete
anything
official.
So,
but
you
know
it's
still,
that's
not
great.
A
B
A
Yeah
and
with
the
the
image
promoter
process,
that's
in
place
for
container
images,
that's
actually
through
the
kubernetes
community
and
SIG's.
Now
now,
when
you're,
promoting
something
from
one
registry
to
another,
and
that
is
not
done
by
a
key.
That's
ever
put
in
like
a
crowd
cluster
or
anything,
it's
managed
through
Google,
Groups
and
permissions.
A
B
A
A
A
A
Yeah
I
mean
one
thing
that
I
know
I
updated
recently
in
the
CentOS
images,
we
were
trying
to
pare
back
the
number
of
packages
that
are
installed
by
default
and
leave
it
to
users
to
customize
it
and
add
what
they
needed,
but
the
internet
stuff
is
still
there,
so
offenses
in
there
by
default,
and
so
I
would
have
I
would
share
the
same
concern.
We
don't
enable
RPC
bind
NFS
is
gonna,
have
issues.
B
A
Yes
and
we
go
back
at
the
top
and
seeing
so
the
I
mean
their
issue
was
just
that
it
was
an
open
court
from
a
security
scan,
so
I
make
sense
if
they're
not
using
it.
So
what
do
you
think
about
closing
this
before
we
have
the
looking
place,
I'd
hate,
to
say?
No,
we're
not
going
to
do
this
because
of
a
future
solution.
That's
coming
I'd
rather
wait
until
maybe
the
solution
was
there.
So
I
could
add
a
new
about
there.
Yeah.
B
A
B
B
B
A
This
particular
case
DIMMs
had
bumped
container
d2
1.3
because
of
CVE
issues,
but
I
don't
know
if
you've
seen
a
back
in
but
the
reason
we
ended
up
opening
this
was.
There
was
some
really
weird
issues
with
downloading
this
image
as
a
container,
if
you
were
using
any
type
of
registry
proxy
and
specifically
the
problem
was
with
artifactory,
which
is
used
internally
at
vmware,
and
it
literally
literally
cannot
download
this
image
unless
you're
and
and
that's
a
requirement.
A
The
vmware
has
to
be
able
to
keep
things
internally,
so
we
can
reproduce
any
build
that
we
ever
make
and
it
just
won't
download
gets
broken,
and
this
is
true
and
the
open
source
versions
of
artifactory
and
and
all
of
the
above
and
so
I
think
he
was
trying
to
downgrade
it
as
a
quick
fix.
But
DIMMs
was
baseless,
saying
no
sorry
and
I
think
that's
valid,
but
yeah
the
bigger
question
of
what
to
bump
and
win
I
you're
right
is
a
much
bigger
question.
B
A
Jumping,
let's
see,
there's
one
more,
let's
say:
I,
don't
know
if
we're
gonna
go
through
all
these
all
through
all
of
these.
This
is
something
this
a
boon
to
one
is
still
a
work
in
progress
for
me
just
because
I'm
not
as
good
with
proceed
as
kick-starts.
We
discussed
this
one
I
have
nothing
to
add
to
this
one.
If
anybody
wants
to
look
at
that
that
one
was
kind
of
between
I
think
you've
put
a
hold
on
this
one
Moshe
yeah,
so.
A
B
B
A
A
Although
I
mean
it's
very
simple
things
like
it
switched
from,
you
know
your
shortcut,
not
you
specifically,
but
it's
switch
from
the
shortcut
from
C
to
a
which
is
a
goal
in
tissue,
and
then
it
would
I
think
the
other
thing
was
just
capitalizing
ID,
which
is
also
a
Golan
thing.
Yes
from
I
lower
case
I
upper
case.
Those
are
all
real,
Golan
things,
and
that
was
all
the
change
in
there.
Yeah.
B
A
B
A
This
I
know
I
talked
with
some
people.
They
mentioned
that
this
can
get
really
ugly,
because
everyone's
proxy
setups
are
different,
and
so
we
can't
exhaustively
test
whether
it's
actually
working,
but
we
can
certainly
support
it.
Make
sure
that
we're
it's
in
place.
We're
supporting
the
HTTP
HTTP
proxy
emvu
are
and
there's
a
couple
places
where
things
are
broken.
If
you
set
that
yes,.
B
A
We
expect
that
people
who
are
running-
and
in
this
case
when
I
say
we
I-
am
talking
specifically
about
VMware-
that
customers
that
use
this
to
roll
their
own
images
for
use
with
cluster
API
their
corporate
users.
They
tend
to
use
rel
more
than
CentOS,
and
so
there
are
some
known
issues,
I
think,
even
in
the
makefile
with
this,
where
this
doesn't
work.
A
If
you're
running
on
rel
and
there's
I,
don't
know
if
this
would
be
a
hook,
you
would
consider
this
a
hook
or
not
Moshe,
but
there's
obviously
nothing
in
here
right
now
that
deals
with
licensing
or
entitlement.
So
right
now,
if
you
start
with
a
rel
iso
before
you
do
any
updates
with
your
packages
and
any
you
know
the
RPM
type
stuff,
you
need
to
register.
A
B
A
A
A
Is
the
hooks
that
you're
developing
what
the
CEO,
but
this
is
the
only
example
of
something
where
I
need
at
least
four
users
who
are
using
on-prem
if
they're
in
titling,
by
username
and
password,
though
I
haven't,
like
you
said
they
could
be
using
the
satellite
server
I
do
need
to
have
a
way
for
them
to
enable
that
entitlement
in
order
to
run
the
package
updates
before
we
switch
to
the
CLI.
This
is
something
I
need
to
get
done
in
the
next
week
or
so,
even
though
it
ends
up
being
completely
replaced.
B
A
A
Need
to
ping
qui
on
this
one
I,
don't
think
this
is
an
issue
anymore.
I
haven't
heard
about
it,
but
and
and
yeah
once
the
I
guess
a
question
for
a
question
for
EQ
for
freak.
You
moshus
that
has
come
up.
Is
you
know,
search
since
we've
got
kind
of
three
different
things
in
here?
There's
the
cube,
deploy
stuff,
there's
the
Cappy
image
builder
and-
and
you
know
the
other
stuff
I
always
forget
the
name,
the
other
one,
but
it
I'm.
A
B
A
Then
we'll
just
kind
of
converge
over
time.
Okay,
one
thing
that
Tim
st.
Clair
suggested
to
me
was
when
we
do
tag
it
was
to
add
a
dash
V
1,
alpha
2
in
the
tag
and
I
think
that
was
signifying
the
cluster
API
support
and
that
brought
up
another
can
of
worms
of
well
okay,
if,
like
our
image,
is
tied
to
the
version
of
cluster
API,
and
if
so,
do
we
need
to
build
that
into
the
image
file
names
and
all
that
kind
of
stuff
and
I
don't
know
the
answer
to
that.
A
Alright
and
maybe
I
will
bring
that
topic
up
in
the
in
this
issue,
because
I'm
not
gonna,
leave
this
comment,
but
you
know
he
was
suggesting
something
like
it
suggested,
one
that
ho
but
I
think
we're
very
like
a
zero
one
dot.
Oh,
you
know
something
more
like
that
which,
when
I
saw
that
I
immediately
thought
of
the
Cappy
version,
but
I
don't
think
we're
really
tied
to
that.
But
maybe
we
are
in
subtle
ways
that
I
not
aware
of
but
I
think
that
is
definitely
a
topic
for
discussion.
Yep.
B
B
A
B
B
I
think
Tom
Santa
set
up
the
invited
issues
with
a
hot
needed
counselor.
Okay,.