►
From YouTube: kubeadm office hours 2020-06-24
A
A
A
Started
excluding
the
kubernetes,
CNI
rpm
package,
and
basically
this
means
that
we
combines
the
contents
of
this
package
into
the
complete
package
and
also
we
did
the
same
for
I
guess
they
were
packages
but
for
our
peer
packages
in
particular.
This
caused
a
bit
of
an
issue.
So
if
you
have
an
existing
setup,
where
you
have
the
kubernetes
eni
package
installed
and
you
try
to
install
this
new
Oobleck
package,
there
is
a
conflict,
so
they
try
to
resolve
the
conflict,
but
they
I
think
they
decided
that
the
solutions
are
not
very
good.
A
We
also
saw
a
number
of
reports
about
this.
It
is
a
ticket.
We
were
basically
closing
tickets
over
the
place
and
rallying
people
to
the
same
ticket
and
the
outcome
is
that
we
ended
up
reverting
the
change.
So
now
the
community
CNI
package
exists
again
and
I
think
there
is
a
plan
to
remove
it
in
the
future,
but
they
need
to
figure
out
how
to
do
this
less
harm,
harmfully
and
maybe
like
how
to
update
the
docs
Canadian
Doc's
are
affected,
and
so
on.
A
B
Guess
yeah
yeah
I'm
not
against
the
idea,
because
at
the
end
you
have
always
to
instruct
both,
and
so
it
will
simplify
properly
things
from
a
user
perspective.
But
given
that
yeah,
basically
given
to
the
problem,
I'm
just
commenting
that
the
from
a
command
mean
side,
we
are
fine
because
they
are
dark
and
they
change.
A
A
This
is
the
next
agenda
item
by
the
way-
and
you
know
back
in
the
day
in
Cuba
diem,
we
followed
what
the
kubernetes
project
is
doing.
So
we
had
a
few
instances
of
the
master
word
I
just
checked
today,
and
we
don't
have
instances
of
slave
whitelist
and
blacklist,
which
are
words
that
are
also
considered
offensive,
but
we
still
have
instances
of
master
which
are
most
related
to
something
and
I'm
going
to
talk
about
later.
A
A
Originally
it
was
in
kubernetes
kubernetes,
but
then
we
started
using
it
in
cube
ADM
and
at
some
point
kubernetes
who
already
said
like
there
is
no
such
thing
as
a
control,
plane,
node,
there's
no
such
thing
as
a
master
mode.
You
are
you
can't
dictate
your
architecture,
there's
no
such
concept.
So
the
fact
that
qadian
deploys
all
the
components
from
the
same
node
is
like
implementation.
Little
cube
ADM,
and
this
paragraph
this
section
here
explains
like
you
know,
we
had
a
discussion
about
this
lick.
A
A
The
problem
with
the
tape
is
that
if
you
apply
it
ain't
to
a
note,
this
means
you
have
to
modify
all
the
deployments
to
tolerate
the
tank
exactly
much
in
the
same
key,
especially
if
the
effect
is
not
scheduled.
You
know
we
are
breaking
users
who
want
to
schedule
critical
adults
on
our
control
a
mode.
A
So
at
this
point,
I
guess
I
want
to
get
some
comments.
Feedback
from
the
group
and
I
think
like
in
this
meeting
we're
not
obviously
we
can
solve
the
problem.
I
need
to
like
get
some
first
steps
for
the
plan
of
how
we
are
going
to
transition,
because
this
is
not
optional.
We
have
to
do
it
and
like
what
is
the
timeline
so
yeah
open
for
comments.
D
What
I'm
thinking
here
is
that
we
should
probably
introduce
a
placement
ain't
say
no
draw
dot
when
it
is
at
io,
/,
control,
plane
and
just
deprecated,
the
old
one,
but
probably
will
have
to
duplicate
it
for
at
least
three
cycles
over
here
and
for
the
time
being,
while
the
old
one
is
still
deprecated,
we
should
paint
with
both
things.
I.
E
A
So
the
labels,
the
labels
in
particular,
we
can
have
multiple
labels.
You
know
deprecated,
the
old
one
have
the
new
one,
but
for
the
tails
we
cannot
do
it
because
if
you
apply
change
to
the
node,
if
all
the
deployments
have
to
tolerate
the
taint,
if
you
had
a
couple
of
things
all
the
deployments
have
to
tolerate
both
yeah.
A
F
We
can
attempt
to
write
a
pre-flight
checklist
for
cluster
upgrades
that
warns
users
and
has
to
be
explicitly
ignored
unless
the
taints
are
migrated.
Wait.
It
would
be
tough
to
write
a
migration
tool
because
you
would
need
to
have
the
node
speed
label
with
both
the
control,
plane
and
mastered
label,
and
then
you
would
want
the
users
in
that
time
period
for
which
the
labels
are
present
on
all
nodes
to
be.
F
Moving
their
taints
and
then
at
some
point
like
say
we
use
one
kopitiam
upgrade
cycle
to
label
notes
with
both
labels.
We
can
at
that
point,
get
everything
deployed
to
where
those
notes
are
targetable.
In
the
next
upgrade
cycle.
We
could
add
a
pre-flight
check
that
looks
for
workloads
that
are
painting
on
the
deprecated
label.
G
F
D
F
Mutating
admission
controller
is
a
interesting
idea.
My
only
concern
here
is
that
I
believe
with
mutating
admission
controllers.
You
need
objects
to
be
applied
through
them
for
the
event
to
catch
the
object.
So
if
the
things
already
exist
inside
of
the
cluster,
then
there
is
still
an
action.
We're
like
we
need
to
shut
these
objects
through
the
API
server
in
order
for
them
to
be
fixed
because
it's
an
edge
triggered
system.
I.
A
G
Not
giving
any
guarantees
so
I
think
if
we
start
with
adding
both
labels,
and
then
we
update
any
of
the
Toleration
that
we're
setting
in
anything
in
cube
ATM
that
we're
deploying
and
then
give
the
warning
that
folks
should
plan
on
the
change.
And
then
we
can
we'll
have
everything
in
our
house
at
least
in
order
to
go
ahead
and
switch
over
the
taints.
And
then
you
know
we
expect
people
do
their
external
work
in
that
amount
of
time
as
well.
F
Then
we
can
use
an
additional
kuba
diem
cycle
at
a
later
point
to
migrate,
the
taint
exactly
and-
and
it
would
just
be
a
full
move
from
there.
We
can
migrate
the
tame
we
could
label
and
at
that
point,
that's
when
people
would
expect
the
breakage.
Yes,
that
sounds
pretty
reasonable
to
me.
If
we
did
that
over
you
know
a
number
of
cycles.
B
Ask
today,
if
they
ever,
if
they
agree
with
this
plan
and
they,
if
they
they
want
to
set
an
agenda
for
this
plan,
because
this
has
impacted
for
the
users.
So
and
if
we
go
with
the
normal
deprecation
cycle,
it
will
take
one
year
to
to
basically
resolve
the
problem
and
I
think
that
this
is
a
special
case.
Where
would
the
community
agree
to
make
this
as
soon
as
possible?
B
B
A
B
F
A
Of
course
there's
the
bigger
argument:
there
is
going
also
related
to
this
group,
but
it
was
spawned
by
a
different
topic
like
how
do
we
name?
You
know
the
Marcel
knows
how
we
name.
Is
it
the
control
plane?
It
is
it
something
else.
I
honestly
think
that
we're
pretty
much
set
out
on
the
control
plane
is
the
you
know
the
sequester
logic
of
qadian
to
the
side,
but
I
I,
don't
think
we
can
pick
something
else
here.
No.
B
Okay,
I
talked
with
the
working
group
telling
the
name
that
we
think
that
we
want
to
use
and
the
timing
that
that
we
more
or
less
agreed
I
have
an
additional
question
because
I
don't
remember
if
he
it
is
in
the
Cooperman
repository
or
in
the
custody
repository.
But
we
have.
We
have
people
that
is
asking
to
apply
a
label
to
the
workers
node
to
identify
the
war
arsenal
with
a
boat.
Is
it?
Is
it
a.
A
B
Basically,
one
of
the
main
complaint-
the
starting
point
is
always
that
people
use
proven
main,
create
a
cluster
one
control
plane
three
workers,
then
the
user
executes
cutter
get
note
and
every
see
avocado
get
not
you.
There
is
a
column
which
is
called
the
role
and
only
the
control
plane
as
a
role
set
to
master
at
this
moment,
but
their
role
for
the
other
mode
is
empty.
F
Yeah
I
mean
I
feel
like
this
is
not
the
right
way
like
this.
This
problems
need
to
be
solved
at
the
same
time,
but
it
is
a
good
thing
to
think
about.
I.
Do
think
that
this
is
related
as
well
to
the
need
for
things,
note,
groups
and
group
grouping
or
labeling
notes,
so
that
they
can
share
Kubla
configuration
that
kind
of
thing
resolver
configuration.
A
F
F
A
B
B
A
Okay,
so,
okay,
okay,
start
writing
the
cap.
It's
not
probably
not
going
to
Marchesa
debatable
for
119
I
can
talk
to
the
group
that
is
forming
it.
Touch
softer,
like
I,
want
to
get
back
to
this,
the
actual
plan
to
know.
To
summarize
it
again,
we
are
going
to
include
two
narrations
in
our
more
thoughts,
for
you
know,
add
another
key
and
effect
here
to
tolerate
the
new.
You
know
control
plane,
but
should
we
also
let
double
label?
What's
the
initial
step?
A
F
F
B
F
The
ecosystem
will
likely
still
be
at
a
point
where,
when
we
release
kubernetes,
you
know,
CNI
providers
are
still
using.
Then
the
minimum
number
of
manifests
necessary
to
support
older
kubernetes
versions
in
addition
to
the
new
ones,
so
they
will
likely
leave
them
in
place
even
after
the
label
is
deprecated.
F
G
H
F
G
F
A
B
A
F
Can
you
look
at
the
Calico
toleration
one
more
time,
so
it's
just
tolerating
in
general-
and
this
is
for
calico
note
no
scheduled
and
critical
add-ons
only
and
this
would
go
for
every
every
node
in
the
cluster
regardless.
So
it's
not
control
plane,
not
specific,
but
it
needs
to
tolerate
control,
plane,
label.
F
G
A
B
A
A
A
G
A
G
B
A
G
Well,
so
it
might
be
good
in
particular
reaching
out
to
like
the
cops
folks
to
keep
spree
folks.
The
mini
cube
folks
obviously
been
for
kind
I
know
in
close
to
API
we're
doing
some
interaction
with
the
label,
but
it
would
be
relatively
easy
for
us
to
add
support
for
backward
and
forward
compatibility
for
whatever
period
we
needed.
So
from
our
perspective,
I'm
not
worried
about
it
about
the
change,
but
at
least
the
other
six
sponsored
projects.
It
would
be
good
to
see
where
they're
currently
relying
on
it.
If
at
all,.
A
F
F
We
we
were
able
to
suss
out
several
reasons
explicitly
why
changing
components
like
the
scheduler
is
an
unattractive
deprecation
option
for
this
label.
So
if
that
conversation
comes
up
in
the
future,
I
don't
know
how
many
notes
we
took
on.
Why
we
shouldn't
do
that,
but
we
could
probably
all
remember
that
we
decided
not
to
modify
control,
main
components.
G
I
do
worry
that
if
we
try
to
change
terminology,
we're
talking
about
a
lot
bigger
change,
because
we've
already
done
a
lot
of
the
documentation,
rewrites
and
we've
already
gotten
a
lot
of
kind
of
community
coalescence
around
the
idea
of
calling
these
things
kind
of
control,
plane
nodes.
So
I'm
not
saying
we
shouldn't
do
that.
But
if
we
do
it's
a
much
broader
discussion,
I
think
yeah.
F
And
I've
sat
down
even
with
like
contributors
who
have
been
confused
with
other
deployment.
Topologies
a
good
exam
like
Ubuntu's
charm
to
kubernetes
does
not
deploy
the
control
point
named
pods
and
the
control
plane
does
not
run
in
the
same
Alex
II
containers
as
the
couplets
there's
no
couplets,
and
they
were
trying
to
deploy
some
security
and
auditing
features
that
relied
on
scheduling
a
pod
to
the
same
place
where
they
could
inspect.
You
know
PS
flags
and
things
for
control,
plane,
components
and
I.
G
And
I
think
the
difficulty
comes
when
you
start
talking
about
different
kind
of
opinionated
deployment
models
like
the
default
cube,
ATM
model
or
what
we
were
generally
doing
in
cluster
API
or
cops
or
some
of
these
other
ones.
You
know
some
of
this
terminology
makes
sense,
because
you
know
you
need
an
abstract
way
to
talk
about,
like
the
bundle
of
things
that
we're
deploying
as
a
control,
plane
machine,
but
then
in
other
cases
it
doesn't.
B
A
B
A
C
G
So
that
is
interesting
that
the
ingress
controllers
seem
to
be
the
ones
latching
onto
it
and
at
least
from
somebody
who's
been
involved
with
multiple
kubernetes
installers.
That
makes
sense,
because,
generally
you
know,
you
already
have
to
put
a
load
balancer
in
front
of
those
hosts,
so
you
also
generally
have
you
know
static?
You
know,
Ian
asked
for
access,
so
there's
either
DMS
or
IP
addresses.
So
it
makes
sense
that
you
might
also
want
to
target
that
for
ingress
as
well,
but.
F
A
D
It's
technically
dependent
on
them,
so
we
basically
consists
of
two
parts:
the
first
part
three
factors:
the
component
config
tests
and
basically
just
use
the
QP
names
coastal
configuration
component
config
so
that
we
don't
rely
on
Cube
proxies
or
any
other
external
to
cube
a
damn
component
convicts
to
to
our
testing.
So
in
case,
some
of
these
external
or
topics,
change
or
a
new
field
is
introduced
in
them.
D
This
is
the
only
test
of
joint
operation
compiled
that
was
like
extended
and
they
used
as
a
partial
replacement
back
in
the
day
of
the
puzzle
test
when
it
was
disabled
in
the
output
to
another
three
days,
so
basically
I
just
narrow
down
the
scope
for
this
unit
test
and
remove
the
wall
of
testing
files,
and
usually
these
testing
password
like
a
PR
targets
by
anyone
who
was
actually
changing,
something
on
the
Q
proxy
or
cuboids
component
config,
like
adding
a
new
field.
There.
A
D
D
A
A
Or
maybe
more
than
one
secret
debatable
github
speed,
so
we
are
grading
it
city
server,
two
three,
four,
nine,
this
cycle,
I
think
the
problem
he
right
now
is
just
we
don't
have
the
images
the
GCM
packet
yet
and
it's
some
complications
are
out
switching
the
there's,
a
domain
flip
at
Google
which
took
three
months
or
something
like
that.
It's
not
clear
why
it's
happening
the
problem
there,
but
hopefully
we
can
get
this
new
version
of
HD.
A
The
Clyde
is
already
updated
to
my
knowledge,
so
we
now
did
in
the
server.
These
are
Bart
ports
waiting
for
approval
by
the
patch
team.
It's
about
the
regarding
the
member.
Don't
reading
the
HT
member.
If
it's
already
exist,
I
like
Fabrizio
I'd,
say
that
I
don't
know
if
this
even
works.
I
have
not
disabled.
A
So
if
HDD,
if
you
have
a
if
the
member
is
already
there,
but
the
storage
is
not
good,
for
instance,
the
storage
for
this
member
is
not
good.
If
you
try
to
add
the
member
in
or
exists
in
a
cluster,
so
new
member
is
still
going
to
be
on
it,
but
the
storage
is
broken.
So
I
don't
see
how
this
helps
anything.
B
But
I
think
the
problem
here
was
different.
The
problem
is
that
we
want
to
make
faces
independent,
so
the
idea
was
to
or
Cooper
mean,
join
independent,
so
it
means
that
we
want
to
being
able
to
rerun
the
Commodore,
the
world
command
or
the
single
phase
is
in
and
necrosha
where
the
common
was
revolution
from
so
it
is
not
meant
to
to
fix.
Some
to
recover
is
just
to
mated
to
a
low
to
run
the
comma.