►
From YouTube: Kubernetes WG K8s Infra 20191211
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
C
C
E
D
C
C
F
G
G
G
A
G
G
G
I
G
Sure
that's
fine,
my
I
proposed,
then
we
let
it
ride
right
now
and
we
take
a
look
at
it
again
next
month
and
we
see
if
it's.
If
we
think
it's
a
problem,
then
we
can
have
a
conversation
about
how
continuous
does
our
continuous
build
need
to
be
right?
Now
it's
$600!
This
is
what
the
money
is
for,
so
we've
spent
more
than
600
ollars
discussing
it.
So.
A
I
wonder
maybe
what
definitely
note
something
to
go
over
just
yet,
but
if
we
have
any
data,
if
we
can
get
dashboards
for
this
as
well
as
kind
of
looking
at
how
much
we
should
be
spending
on
how
much
we're
expecting
to
be
spending
month
or
month
to
compare
it
against.
So
we
can
actually
concretely
say
whether
someone
is
spending
too
much
budget.
G
G
G
G
G
E
G
G
G
G
C
G
G
Alright
I'm
I'm
sharing
the
dock
with
the
entire
Kate's
informating
list,
so
anybody
who's
on
the
mailing
list
should
not
be
able
to
open
it.
Thank
you.
Sorry
didn't
you
were
saying:
I
was
just
reading
what
was
on
screen?
Okay,
yeah
staging
releases,
two
of
the
top
four
items
and
the
other
two
are
commodities
public,
which
both
seem
appropriate
right.
C
G
G
G
G
Now
that
coats
I
can
I
can
talk
a
little
bit
about
it.
So
Bart
has
a
weird
script
that
creates
and
enables
the
are
back
for
an
individual.
You
know
ex-owner
name
space.
We
have
activated
it
for
GCSE
web,
so
we
created
a
group
for
managing
GCSE
web
created
at
GCSE
web
namespace
added
a
are
back
role
and
role,
binding
called
namespace
user,
which
allows
them
to
do
things
like
list
secrets,
but
not
get
secrets.
We
tested
it.
G
Bard
and
I
tested
it
manually
fairly
extensively
to
make
sure
that
he
can
do
the
things
he's
supposed
to
do
and
not
do
the
things
he's
not
supposed
to
do.
The
only
thing
left,
then,
is
to
start
applying
this
to
all
of
the
other
services.
We
are
missing
monitoring.
Still
we
don't
have
cluster
monitoring,
we
don't
have
individual
app
monitoring.
This
is
something
that
we
need
to
do
some
investigation
on
how
to
enable
and
what
we
want
to
get
what
norms
we
want
to
set
on
this.
G
But
I
was
thinking
about
it
just
this
morning
on
the
way
in
you
know,
I
don't
really
have
those
things
truthfully
very
robust
for
the
existing
services
either
in
the
old
cluster.
So
maybe
I
shouldn't
be
raising
the
bar.
Maybe
we
should
just
start
moving
things
over,
so
I
moved
GCSE
web
this
week.
It
is
running
now
on
the
new
cluster.
In
fact,
I
have
a
to-do
item
to
turn
down
the
old
instance
and.
G
Yeah,
so
it's
made
some
slight
Fargus.
It's
actually
serving
a
real
thing.
Now
sorry,
there's
still
an
open
item.
We
need
to
make
sure
the
cert
manager
namespace
is
locked
down
in
the
right
way
and
that
we
don't
break
serve
editor.
Maybe
James.
We
I'm
wonder
if
that
will
need
a
special
different
permissions,
because
it'll
need
to
be
able
to
create
secrets,
so
we'll
need
to
only
to
come
up
with
a
scripted
way
to
manage
that
and
then
otherwise.
G
G
F
F
G
Clusters,
yeah,
you
know
the
ant,
you
know
the
answer
to
that
sure.
No,
we
we
chose
the
AAA
name
so
that
it
didn't
have
any
implications
around
zonal
or
regional
or
meaning
of
the
cluster.
It's
just
our
very
first
cluster.
If
we
want
to
have
a
second
cluster,
we
can
come
up
with
a
a
B
if
we
have
a
good
reason,
fair
enough.
C
G
Almost
nothing
I
have
not
touched
it
in
months
and
months
and
months.
The
what
we
would
need
to
do
realistically
is
set
up
whatever
monitoring.
We
need
to
convince
ourselves
that
it's
actually
alive
and
set
up
alerts
to
buzz
somebody's
phone
or
ping
to
a
slack
channel
when
it's
not
alive
and
have
a
couple
of
people
who've
signed
up
to
in
the
bizarre
off
chance
that
this
actually
happens
to
respond
to
it.
G
A
Cool
and
on
these
savage
stuff,
I'm
happy
to
and
go
through,
some
of
that
and
like
you
say
it
will
need
pretty
permissive
access.
It
does
require
a
secret,
pretty
much
get
create
list
sleep
or
maybe
not
delay
actually
across
all
namespaces.
So
yeah
you
can
run
it
again.
It's
a
single
namespace,
but
right
now,
currently
not
against
multiple
namespaces
with
a
single
daemon.
So
it's
pretty
painful
to
run
with
a
more
isolated
configuration.
A
G
A
From
the
cluster
like
variants
of
what
we
have
right
now,
they
are
fairly
well
split
up
at
the
minute,
so
you
can
see
by
controller.
What's
why
it's
where,
but
we
don't
have
any
kind
of
like
automated
testing
or
even
examples
over
at
the
minute.
No,
that
might
be
something
to
feature
request,
though,
because
it
seemed
sensible,
I.
H
G
Just
gonna
say:
if,
if
you
or
somebody
who
knows
well
what
the
breakdown
is
was
to
try
to
think
about
what
would
the
are
back
rules
for
a
minimum
grant
oppression
to
assert
manager
install
so
that
the
things
running
insert
managers
namespace
could
do
exactly
what
it
needs
to
do,
and
nothing
else.
I
think
that
would
be
a
wonderful
documentation
and
thought
process
forward
project
and
super
helpful
for
us.
A
J
Hey,
so
that
page
is
actually
a
bit
out
of
date,
now
I've
been
working.
Oh,
this
is
Linus
by
the
way
who's
speaking
I've
been
working
on
a
set
of
changes
around
this
area.
Most
recently,
just
a
less
than
an
hour
ago,
is
the
initial
implementation
of
like
the
auditing
I,
see
seed
Tim
and
Justin
and
Bart
from
VMware
on
its
last
major
hurdle
is
basically
setting
up
tests
for
this
code.
J
J
J
J
J
J
The
auditor
auditing
mechanism
will
take
that
and
verify
it
against
a
known
set
of
manifests,
and
then,
if
it's
good,
you
know
it'll
say
so.
If
it's
bad
I'll
say
so
in
the
logs
I've
taken
a
design
choice
to
just
stop
the
pub/sub
stuff.
At
that
point,
as
I
cut
off
just
to
simplify
things,
because
today
you
can
use
stackdriver
to
create
lock
metrics
on
the
logging.
Just
the
pure
log
messages
from
your
program
in
cloud
run.
J
A
G
G
K
A
G
G
G
G
I
I
mean
we
can
certainly
move
over
the
project
if
we're.
Okay,
with
saying,
like
we're,
gonna
have
like
this.
Some
of
the
existing
DCP
infrastructure
for,
like
the
CI
controlled
these
new
projects
that
doesn't
really
need
any
special
Bosco's
expertise
because
they
are
just
decent
II
projects
that
are
like
added
to
a
list
of
projects
and
some
service
account
is
allowed
to
access
them.
I
The
tricky
question
there
is
probably
like
how
we
manage
I
going
forward
we're
right
now.
Mostly
there
are
just
a
large
pool
of
general
DCP
projects
that
have
it
pretty
soon
and
I
was
quoted
in
them
to
do
things,
and
some
robot
CI
account
from
forever
ago
is
owner
of
them,
so
that
I
can
create
and
believe
resources.
G
Can
we
invite
Jeff
to
either
jump
on
the
mailing
list
or
come
to
the
next
meeting
and,
and
like
start
like
this,
is
filing
issue?
Get
a
plan
worked
out
for
what
it
is
that
we
want
to
do
and
agree
to
do
it
I?
Don't
think
it's
actually
that
complicated
or
that
big
of
an
ask
at
this
point.
This
seems
like
what
the
community
infrastructure
is
forward.
So
if
we
just
need
somebody
to
say
this
is
what
we
need
to
do
in
detail.
G
A
L
G
And
great
question
so
I
think
there's
a
couple
of
open
questions.
One
should
be
install
and
run
Prometheus
ourselves,
or
should
we
use
should
we
use
stackdriver,
given
that
it's
on
the
cheek,
a
cluster?
That's
integrated
I
have
a
slight
bias
towards
not
running
infrastructure.
I,
don't
need
to
run,
but
I
don't
feel
strongly
the
and
then
the
second
part
of
it
is
just
bringing
some
expertise
to
the
table
and
saying
how
do
I
set
up
a
dashboard?
What
are
the
metrics
that
we
want
to
look
for
in
a
normal
application?
G
L
Guess
is
a
policy
for
the
group
just
to
like
you
know,
talk
it
out
first
and
have
everything
planned
out
or
is
it
better
just
kind
of
like
take
initiative
and
you
know,
build
a
POC
and
show
everyone
like
what's
possible
because
you
know
there's
no
baselines
currently
so
I'm
sure
something
about
us
to
be
an
iterative.
So
I'm
just
wondering
like
what
your
policy
or
guided
some
that
is
I.
A
M
I
have
one
question
the
future
and
I'm
participant
to
participate
in
that
subgroup
where
we
are
talking
about,
and
we
want
to
help
something
related
to
moving
easy
apps
from
old
cluster
to
the
new
one
and
is
it?
Is
there
anything
that
is
in
progress
or
any
plans
there
or
something
that
will
be
useful
for
us
in
that
team
or
will
have
some
separate
calls
about
it?.
G
We
can
do
separate
calls,
but
I
can
also
point
you
at
the
existing
things.
So
if
you
look
in
the
case
that
IO
repo
there's
a
couple
of
directories
now
the
directory
structure
is
getting
a
little
confused,
but
there's
things
like
artifact
server
and
kate's
that
sorry
Kate's.
That
IO
are
two
of
the
main
things
that
we
will
want
to
move
over.
I
guess,
artifact
server,
I'm,
not
sure,
is
even
in
use.
G
Yet
I
was
a
adjusting
thing,
but
it
said
IO
definitely
is
that's
our
main
go
go,
get
redirector
as
well
as
all
our
short
stuff,
the
all
the
yeah
mol
to
run.
Those
is
in
the
kids
io
repo.
If
somebody
wants
to
start
thinking
about
what
do
we
need
to
do
to
move
it
over
in
the
same
way,
it's
probably
pretty
easy,
I
just
haven't
looked
at
it
yet.
M
G
That's
a
great
question:
we
have
a
bunch
of
open
issues,
but
I
don't
know
that
they're
broken
down
quite
as
far
as
we
probably
really
want
them
to
be.
Why
don't
you
want
to
pull
up
the
issue
list?
Maybe
we
could
run
a
quick
scan
through
to
see
if
there's
obvious
things
that
are
missing
like
I?
Can
I'll
look
at
the
old
cluster
while
we
do
it
make
sure
that
there's
no
an
issue
for
from
each
such
topic?
G
G
G
G
I
I
G
So
velodrome
might
be
a
thing
or
it
might
not
I'll
I'll
file
an
issue
on
it
anyway,
and
if
we
don't
need
to
do
anything
that
we
don't
need
to
do
anything
it'll
be
an
easy
one.
You
close,
so
those
are
the
three
things
that
we
want
to
move
out
of
old
clusters
right
now.
If
we
did
those
three,
we
could
literally
turn
off
the
old
class.
G
G
G
C
The
attacked
yeah,
the
last
three
times
I
ran
everything
was
fine,
the
only
who
was
when
we
switched
from
Python
to
to
Python
3.
We
didn't
want
to
run
it
without
actually
manually
checking
first,
so
that
was
the
only
thing
that
I
can
think
of
other
than
that.
If
it's
just
configuration
changes,
I
think
we
can
just
do
it.
Those.
I
G
A
B
A
G
Honestly,
there's
some
of
these
issues
that
look
like
they
would
be
actionable
with
a
little
bit
more
information.
So
maybe
we
should
take
the
last
10
minutes
offline
to
sort
of
individually
run
through
these
issues
and
make
sure
that
they're
as
actionable
as
they
can
be
at
the
time
being
and
open
up
any
other
sorry
I'm,
reading
open
up
any
other
issues
that
were
think
we're
missing.