►
From YouTube: kubeadm office hours 2020-06-10
A
A
C
Yes,
since
the
PR
is
for
something
like
a
few
hours,
I
just
wanted
to
let
you
know
that
this
basically
brings
like
a
slight
little
person
can
be
config
for
debate,
great
plan
and
great
apply,
which
basically
allows
you
to
supply
a
yahoo
file
with
overwriting
component
configs,
and
these
are
basically
going
to
be
treated
a
little
bit
differently
than
they
like
all
the
way
config
worked,
and
basically
the
two
different
ways
config
courtside
now
is
like
distinguished.
If
cube
am
types
are
actually
present.
Inside
of
the
file.
That's
supplied.
A
A
C
A
Yeah
there
are
questions
related
to
this
operator,
so
if
you
have
any
I
have
questions,
but
if
you
have
also
comment
here,
okay,
basically,
my
lot.
My
question
from
ten
minutes
ago
is
like
to
have
a
roadmap
for
this.
I
know
that
if
we
enable
an
operator-
and
we
want
to
disable
the
hard-coded
add-on
of
key
proxy
in
cube
ATM,
there
has
to
be
a
way
to
configure
the
proxy
keep
config.
It
has
a
cube
config
that
currently
with
nowadays,
we
supply
the
control
plane
endpoint
inside
this
cube
config.
A
C
Yeah
I
don't
think
that
should
be
dealing
with
the
proxy
configuration,
so
if
we
are
actually
not
involved
in
managing
it
and
the
operator
is
actually
managing
it.
So
by
understanding,
we
should
probably
try
and
agree
with
the
coastal
add-ons
folks
to
get
some
sort
of
generic
interface
for
the
body
like
atom
manager,
library
to
basically
supply
it
with
generic
stuff,
like
the
location
of
the
API
server,
endpoint
and
stuff
like
that
and
peace
should
be
then
like
the
operator
should
be
on
their
own.
D
D
My
opinion
is
that
we,
as
a
could
mean
we
should
a
load
to
skip
his
time
to
bring
in
it
and
we
should
know
to
keep
upgrading
advanced
doing
upgrade
and
and
so,
if
someone
want
to
experiment
something,
they
are
free
to
do
mind
itself.
But
I
want
a
rush
to
integrate
of
our
interfaces
for
that
own
project,
which
is
Wii
U,
which
is
because
we
already
tried
to
do
so
and
wait
a
long
time
for
the
cat
and
this
/
this
project
up
to
now
and
is
understaffed.
D
A
It's
not
clear
that,
even
if
the
group
produces
sorry
it's
a
soup
project,
the
soup
project
produces
anything.
It's
not
clear
that
we
are
going
to
use
it.
Even
if
it's
something
good
and
also
another
topic
is
that
we
should
not
wait
on
the
add-on.
Installer
quote-unquote
are
honest,
teller
before
integrating
operators
she
took
uranium
I
mean
this
is
something
as
we
discussed
with
him.
A
If
we
can
delegate
specially
for
cue
core
DNS,
if
we
can
delegate
all
the
upgrade
management
to
the
operator,
we
fix
problems
and
equality
pleasant
in
Belgium
and
Costa
Rica.
At
the
same
time,
so
we
can
potentially
style
operators
instead
of
installing
deployment
and
delegate,
all
the
you
know
the
magic
to
the
operators
without
an
adult.
D
Mean
of
first
a
way
to
manager
done
two
add-ons
and
it
is
by
deployment
or
by
demonstrators,
and
it
assumes
a
config
match
between
a
specific
in
some
specific
location
and
so
on
so
forth.
So
if
the
user
want
to
go
far,
go
on
to
install
an
operator
and
the
operator
start
having
some
requirements,
I
don't
want
them
in
our
deployment.
I
don't
want
these
I.
Don't
want
debt
I,
don't
think
that
as
a
cubed
meaning
we
should
for
law
cover
mean
the
operator
until
it
is
stable.
A
D
So
the
question
is:
if
there
is
a
clear
specification
and
great
form
of
the
operator,
maybe
we
can
upgrade
or
change
how
to
winston
things,
so
the
operator
get
them
ready,
and
so
the
delta
is
only
studied
operator,
but
until
there
is
no
premise,
a
define
and
goals,
so
I'll
do
aspect
or
out
operator
expect
they.
They
are
tones
to
be
installed
Oh.
D
What
is
the
naming
convention
for
the
deployment?
Does
he
want
the
deployment?
What
is
the
naming
convention
for
the
config
mom
doesn't
want
config
Maps
go
on
or
many
so.
This
is
why
I'm
telling,
until
this
work
on
on
the
operators,
get
to
a
good
shape.
I
don't
want
to
block
about
I,
don't
want
to
follow
all
the
changes,
because
we
have
to
manage
a
user
for
every
upgrade.
D
So
I
will
give
the
user
the
possibility
to
opt
out
from
commit
be
measure
and
don't
and
obtain
to
whatever
it
is
getting
a
reading.
As
soon
as
something
is
getting
really
is,
it
matter
might
measure
enough,
and
we
know-
and
there
is
also
clear
and
clear
content
manage
this
operator.
They
are
part
of
kinetics.
They
are
part
of
core
DNS.
C
C
So
this
means
is
better
and
also
gaining
some
clear
following
so,
for
example,
if
we
actually
see
that
the
say
the
core
DNS
operator
is
at
better
state
right
now
and
most
of
the
users
are
actually
just
disabled,
incubating
score,
TNS
support
and
using
this
operator-
and
you
should
probably
consider
mitigating
it,
but
I,
don't
think
that
should
try
and
basically
experiment
with
an
alpha
release
or
something
that's
popular
and
doesn't
have
a
clear
following
and
has
a
to
just
go
down
the
drain
at
some
point.
Yes,.
A
B
A
A
A
C
Yes
or
the
behavior
that
this
actually
produces
will
basically
allow
us
to
just
remove
the
support
of
shaking
the
coastal
conservation,
basically
deleting
something
like
five
lines
cold,
and
if
we
actually
proceed
with
defeating
those
coastal
configuration
and
all
cube
alien
times,
there
will
be
just
ignored
or
if
we
like,
working
to
just
change
one
of
the
lines.
Instead
of
deleting
those
five
lines,
we
can
just
put
something
like
a
warning
corner,
saying:
hey,
you
have
to
bait.
Em
types
this
in
the
pike.
C
A
A
D
My
opinion,
the
long-term
goal,
is
clear:
the
problem
is
to
getting
a
natural
sources
to
make--,
make
it
happen
and
because
in
Yona
older
dance,
so
everything
is
done.
Ministers
should
be
managed
by
operator,
so
could
mean
structure
should
only
booster,
but
now
to
manage,
for
instance,
for
upgrades,
okay
and
also
Google,
meaning
self
should
be
upgraded
by
an
operator.
D
D
A
B
Signed
using
the
CSR
only
option
to
just
to
create
the
CSR
files
for
some
of
the
components,
send
those
off,
in
my
case,
to
verify
service
and
have
it
returned
signed
certificates.
But
when
I
try
to
do
this,
I
expected
to
be
able
to
I
expected
the
sequence
to
be
a
creator.
A
prototype,
PKI
folder,
put
in
place
the
CA
cert
file
and
then
run
a
cube
atom
in
it
phase
API
server
CSR
only
and
I
expected
it
to
work.
It
doesn't
work
because
the
presence
of
the
CA
cert
file.
A
A
Certificate
from
the
API
server,
so
I
this
is.
I
would
consider
this
some
sort
of
an
oversight
we
did
when
we
broke
down
the
phases.
I,
don't
remember
who
worked
on
the
certificate
phase?
In
particular,
I
did
a
like
a
summary
of
what
has
to
be
changed
and
it's
a
pretty
big
change
and
we
are
very
close.
I
mean
we
have
a
couple
of
weeks
you
until
code
freeze
for
119,
so
the
first.
The
first
point
here
is
that
that
maintainers
of
comedian-
it's
not
likely
that
we're
going
to
have
the
bandwidth
for
this.
A
B
B
D
Important
pieces
and
low
to
execute
pieces,
but
the
seer
SAR
generation
is
not
part
of
the
in
it
come
in
it.
So
this
is
a
kind
of
deviation
that
we
discussed
a
degree
when
goin
going
to
a
force
for
reasons
but
yeah.
It
is
a
being
a
deviation
at
the
end.
You
face
this
problem
that,
in
order
to
make
this
deviation
to
work,
or
you
have
to
change
your
workflow
as
Richard
II
suggesting
in
order
to
make
sales
CSR
generation
part
of
the
usual
northeast
and
the
workflow
or
you
have
to
change,
been
introduced.
D
D
B
Yes,
I
mean
that
would
that
would
work
for
me
and
that
would
definitely
that
would
allow
me
to
quickly
work
around
this
problem
and
in
fact,
I
should
say
it's
not
actually
a
big
problem
I.
As
long
as
I
don't
create
the
CA
cert
up
front
I
can
use
the
current
phase
sub
phases
to
create
each
with
the
individual
certificates.
B
D
Am
not
sure
if
you
then
so
this
desirous
of
the
Commons
the
CSR
are
are
intended
to
be
positive
to
something
else
that
should
generate
certificates
and
then
and
then
any
two
should
basically
are
sealed
the
generated
certificate,
so
I
don't
see
in
future
a
change
in
common
meaning
in
it
or
join
to
to
get
any
input.
Doses
fear
any
CSR.
D
C
So
I
think
that
having
separate
alpha
sub
command,
it's
probably
going
to
give
us
some
sort
of
flexibility
here
and,
for
example,
at
some
point,
we
can
actually
try
and
graduate
those
commands
and
get
a
more
complete
UX
around
more
advanced
search
options
here,
and
this
will
basically
allow
us
to
keep
a
need
to
clean
of
anything.
That's
not
like
still
clearly
required
for
the
like
most
base
to
bathe
a
minute
boss.
C
A
A
A
Sign
the
CSRs
and
then
proceed
with
the
cluster
I
honestly,
don't
think
we
have
users
for
that
evil.
I
am
not
convinced
that
this
feature
was
a
good
idea.
I
don't
have
the
historical
context.
I
know
that
lease
already
possibly
with
requests
by
Tim
but
I,
don't
know
why
so
I
think
we
should
proceed
with
a
command
any
Lacrosse.
He
proposed
keep
area
officers
generate
cobalt.
That
has
a
subcommittee
CSR.
A
B
Currently,
this
is
this
is
my
prime
directive,
so
maybe
I'll,
maybe
I'll
get
it
done
in
time
for
the
release,
but
I'll
certainly
I'll
certainly
be
working
on
it
and
I
saw
how
you
deprecated
something
recently
to
do
with
the
signer
name
or
the
use
of
the
API
server
for
renewing
certificates.
So
that
looks
very
straightforward.
Oh.
B
No
I'm
I'm
interested
in
it
because
my
colleague
James
monalee,
who
might
might
join
us
shortly
and
was
involved
in
that
extension
of
the
certificate
signing
request
API.
So
he
you
talked
to
him
I
think
he'd.
He
pointed
me
to
your
github
account
and
I.
Looked
at
what
he'd
been
doing.
B
Let
me
think,
as
I
say,
this
signs
the
CSR,
the
kubernetes
CSR
resources,
which
are
created
during
the
joining
of
a
worker
node,
and
that's
another
thing
I'd
like
to
talk
about,
maybe
in
another
meeting
and
a
future
meeting
about
how
have
such
a
controller
could
somehow
be
integrated
wiki.
The
idea.
A
Basically,
this
functionality
that
the
users
were
using
to
like
using
slash
abusing
to
sign
anything
and
now,
with
these
limitations
of
the
signer
name,
we
have
to
remove
this
functionality
because
it's
not
possible
to
use
the
control
manager
in
particular,
now
in
terms
of
external
sylars,
like
users
can
already
do
this
outside
of
the
cube.
Atm
utilities
and
you
know
in
it,
and
join
waterfall.
A
B
Yeah
I
I
think
my
vague
idea
was
that
if
my
signer
could
it
could
be
run
as
a
static
pod
or
if
it
could
be
deployed
on
the
control
plane
cubelet
by
the
control
plane.
Key
word,
the
the
signing
of
worker
node
certificates
could
be
handled
in
cluster
rather
than
outside
the
cluster,
but
yeah
I
haven't
thought
that
through
sufficiently
yes.
A
I
think
that
you
can
certainly
do
that
with
a
you
know.
After
you
did
for
the
quest
sir
I
guess
you
can.
You
can
also
pre
populate
this
static
pot.
So
when
you
learn
that
couplet
is
going
to
start
as
a
service,
you
know
as
a
couplet
managed
service.
You
can
also
run
it
as
a
system
this
service,
and
as
long
as
you
have
some
sort
of
an
end
points
that
can
sign
you.
A
You
can
just
manage
this,
but
the
idea
with
cube
ATM
is
that
this
is
what
is
something
that
the
cube
ATM
users
care
about?
They
just
want
the
certificates
they
want
to
run
their
website.
This
is
the
default
behavior,
the
minimum
viable
cluster,
and
this
feels
like
an
extension
that
you
can
at
your
setup,
like
an
extra
step.
C
A
See,
okay,
I,
put
to
a
alle
basis
here
that
you
can
take
you
can
take
this
work
for
119
about
the
ticket
is
active,
which
means
that
somebody's
working
right
I
mean
don't
worry
if
you
can't
get
it
in
119,
it's
really
late.
We,
if
we
have
this
discussion
earlier,
maybe
we
could
have
given
you
a
better
response.
You
know
maybe
last
fall
for
something
like
that.
It's.
B
B
A
A
So
I
heard
a
lot
here.
What
we
are
going
to
do
don't
start
the
compressor
at
a
service
automatically.
So
this
is
a
Richard
from
Suzy
who
used
to
be
the
boss
of
Raphael
and
Merrick.
To
my
knowledge,
he
said
a
set
up
PR
and
to
change
the
our
system
disservice.
Files
for
the
corporate,
a
he's
using
condition,
path
exists,
which
I
don't
really
agree
with,
because
if
you
are
running
the
couplet
service
without
cube
ADM,
which
is
pretty
much
plausible.
A
B
A
C
I'll,
probably
checking
on
that,
but
yaponets
up
or
like
all
of
the
service
managers
will
support,
so
even
for
Windows
services,
it's
better
to
just
like
not
enable
by
default
cubelet
without
having
a
computation.
So
it
should
probably
be
Cubans
job
to
not
only
start
like
the
cube
root
for
the
first
time
after
it's
configured
in
it
over
join
time,
but
also
enable
it
so
it's
enabled
by
default
of
food,
and
they
should
not
be
done
at
install
time
so
pretty
much
right
now.
C
A
Services
or
today
please
run
so
we
actually
only
returning
the
commands.
We
are
not
enabling
it.
We
are
telling
the
user
what
to
do
depending
on
the
service,
so
get
I,
guess
now
we
have
to
actually
enable
it
and
remove
this
preflight
check,
because
I
mean
we
can
enable
it
and
then
check
if
it's
enabled,
which
is.
C
D
D
C
That
was
actually
what
I
was
saying
back
in
the
open
RCR
when
it
was
submitted,
I
think
a
month
or
so
ago,
but
this
will
be
pretty
hard
to
push
just
the
way.
This
probably
some
sort
of
application
cycle.
Something
needs
to
be
done,
because
all
the
fusions
would
probably
be
expecting
that
to
partly
is
just
cache,
hoping.
Maybe
it's
a
system,
a
service.
A
The
crash
would
be
the
core.
It
was
such
a
bad
idea.
I
mean
we
have
to
have
an
action
required
in
any
case,
if
we
hard
switch
to
22
disabled
service,
as
default
I
see
a
problem,
a
potential
problem.
If
the
users
don't
use
cube
ATM,
but
they
expect
the
couplet
service
automatically
start.
We
are
going
to
break
those
users,
so
they
have
to
be
able
to
see.
This
actually
requires
notice
in
the
room
is
not.
D
D
A
D
B
A
A
B
A
A
So
I
take
it
about
Logan
Cupid,
yet
repository
ticket
and
saying
okay,
we
have
these
two
action
items.
One
of
them
is
out-of-band.
We
can
also
always
enable
the
service,
the
other
one
is.
We
have
to
have
an
action
required
change
for
those
packages
and
I'm
going
to
point
people
who
are
already
watching
this
vl2
sorry,
this
PR
to
the
ticket
and
row.
So
if
you
have
comments
about
the
particular
usage
of
this,
like
you
can
add,
I.
C
A
Maybe
there
are
a
number
of
tickets
that
I
wanted
to
look
at,
but
let
me
see
what
peers
we
have
paid
in
quickly
also
about
the
patches
work.
You
know,
replace
accessorize
with
patches
I
have
work
in
progress,
but
I
don't
have
a
TR,
yet
I'm,
probably
going
to
send
it
by
the
like
tomorrow,
such
that
so
which
leaves
us
we
can
I
have
to
review
it.
It's
from
what
I
did
right
now,
it's
something
like
300
lines
without.
A
A
A
Basic,
my
idea
was
to
to
have
the
retries
on
the
side
of
the
color
bar.
You
guys
agree
that
should
be
inside
that
the
importancy
file,
which
is
fine,
I,
guess
but
I
thought
that
at
the
retries
for
these
two
functions,
great
or
muted,
config,
BAP
or
muted,
kappa
bob
are
only
10
seconds.
So
I
propose
that
he
should
change
this
to
something
like
po
immediate,
which
is
now
using
this
concept,
which
is
40
seconds
hello.
Please
have
a
look
at
this
I'm
telling
a
fuse.
D
Guess,
deputy
the
reason
why
he
changed
the
PR
is
that
basically
now
is
same
thing:
he's
changing
one
function
at
a
time,
so
we
have
a
smaller
PR
instead
of
the
bigger
one.
I
didn't
have
time
to
check
the
new
one
but
yeah.
Basically
in
the
first
PR
II
was
changing
the
call
to
five
or
six
function
in
dependencies
and
probably
is
going
through
two
other
try
100
time.
C
But
yeah
it
is
the
risk-insurance.
Carry
it
important
see
what
goal
should
be
the
ones
that
contain
the
device
with
themselves
and
not
the
other
way
around
and
at
some
point
in
the
future
we
should
probably
come
out
like
I
proposed
beginning
the
second,
some
sort
of
uniform
start.
The
Chilean,
because
I
see
here
a
lot
of
own
mediates,
which
call
functions
that
us
to
do
contexts.
A
A
A
There's
another
piarc
here
that
touches
Commedia
seek
network,
don't
know
what
to
do
with
the
supported
service
of
network
service
Eilers.
I
think
this
is
seeing
discussion
now,
but
basically
the
idea
on
the
side
of
Chlamydia
was
to
update
the
sia
white
flags
for
something
like
service
a
bit
to
have
so,
first
of
all
valid
validation
and
also
update
the
message
that
you
have
for
the
flag,
because
nowadays,
users
are
confused.
What
what
are
the
actual
ranges
that
we
support
and
from
what
I
think
what
I'm?
Seeing
at
the
discussions?