►
From YouTube: Kubernetes WG K8s Infra - 2019-10-16
Description
GMT20191016 153525 k8s infra 1920x1050
A
A
B
A
C
D
C
F
F
C
Okay,
so
let's
move
to
the
review
of
our
action
items.
There
were
few
of
them
in
the
last
time
and
the
first
one
is
about
the
GCSE
web
in
the
cluster
and
understanding
the
publisher,
bodkin
Fink,
which
I
remember
that
Dean's
and
Nikita
I
don't
see
it
on
the
meeting.
So
maybe
James
can
you
say
something
about
for
us.
F
We
last
week
we
said
we
would
come
look
at
bringing
publisher
bot
into
Triple
A
by
looking
at
the
are
back
configuration
and
the
Google
Groups
config
there
I've
also,
basically,
because
I've
been
failing
so
regularly
at
making
enough
time
for
this,
I've
asked
for
internal
help
here
from
people
who
can
access
the
old
systems
and
help
to
move
off
of
them.
I,
don't
know
if
Nico's
here,
I,
don't
see
him
on
the
list,
but
I've
got
at
least
one
volunteer
internally
to
help
us
push
on
this.
F
F
Use
groups
are
back
to
prove
that
the
certain
manager,
admins
or
sir
manager
owners
or
whatever
we
want
to
call
the
group,
has
access
to
that
namespace
and
not
to
other
things
and
write
down
what
we
did
so
that
we
have
a
pattern
to
follow
for
other
things.
Once
we
have
that
pattern,
the
rest
should
fall
in
line
pretty
quickly
and
what
we
talked
about
last
week,
looking
at
the
notes
was
GCS
web
and
as
a
trivial
example
and
publisher
bot
is
a
slightly
less
trivial
example.
A
All
right
and
then
for
the
publisher,
but
what
we
were
also
seeing
was
only
three
of
us
have
access
to
the
github
token,
which
is
stored
using
git
crypt
in
publisher
bot
repository,
and
we
would
like
to
keep
that
that
way,
and
one
of
the
three
of
us
will
update
the
secret.
Well,
will
publish
the
secret
to
the
cluster,
and
then
we
can.
The
rest
of
us
can
help
manage
the
publisher
bot
itself
right.
C
F
C
F
I,
don't
think,
there's
anything
for
DIMMs
to
do
until
we're
ready,
basically
I,
think
publisher
bought.
It
should
be
the
second
target
after
we
prove
through
cert
manager
and
GCS
web,
that
we
know
what
we're
doing.
Then
we
can
use
publisher
bought
because
publisher
bot
is
a
less
trivial
example
like
GCS
web
doesn't
need
any
particular
secret
access,
so
we
should
start
with
the
simpler
one.
B
A
F
A
C
F
F
H
F
I
haven't
heard
back
from
either
of
them.
No
I
specifically
forwarded
that
message
on
to
a
few
people
who
I
know
at
various
places,
I've
heard
back
from
one
that
they
were
fine
with
it
that
they
took
a
look
in
the
head,
no
problems,
one
that
said
they
were
going
to
look
at
it
and
no
further
updates.
F
H
F
Point
we
should
send
a
follow-up
message
to
time
this
out.
Like
I,
don't
know
what
the
timeline
is
for
our
internal
review,
but
maybe
we
said
I
imagine
our
review
is
about
as
slow
as
they
can
get.
So
maybe
we
set
that
as
an
upper
bound
and
tell
people
like
hey
after
I,
don't
know.
What's
today,
October
15,
so
maybe
like
November
1,
we
hope
to
continue
moving
forward.
Yeah.
C
C
A
A
F
A
A
It
talks
to
boss,
boss
boss
course,
will
give
it
a
name
of
a
project
and
then
the
job
essentially
starts
a
5
node
cluster,
with
three
control
plane
and
two
worker
nodes
in
that
cluster,
and
then
when
the
test
is-
and
it
runs
eetu
it
s
when
that
test
is
the
CI
job
gives
it
back
to
bosco
sandbox,
boss,
boss,
basically
cleans
it
up
and
gets
it
ready
for
the
next
time.
Okay,.
F
A
Ready
and
work
it's
already:
it's
been
working
for
a
really
long
time.
Scalability
jobs
use
it.
There
are
other
CI
jobs,
use
it
as
well.
So
what
we
want
to
do
is
this.
Currently,
the
list
of
projects
that
we
have
in
Bosco's
is
all
under
the
Google
account.
We
would
like
to
see
if
we
can
start
creating
projects
that
can
be
used
by
CI.
Basically,
okay,.
F
How
is
there
we
don't
have
a
process
for
proposing
new
WG
in
for
efforts
and
actually
I
would
propose
the
step.
One
here
is
to
get
a
little
bit
meta,
and
what
is
the
process
for
creating
a
new
subsystem?
Is
it
then,
to
design
doc
or
a
kept
2wg
infra
mailing
list?
Is
it
come
to
this
meeting
and
ask,
and
then
somebody
does
something?
Is
it
send
a
PR
that
writes
a
script?
I
I,
don't
know
what
we
think
the
process
should
be
I
would
like
it
to
be
lightweight
so
right.
F
A
F
Issues:
okay,
I'll,
take
a
look
at
it.
It
seems
reasonable
to
me
that
we
could
provision
some
number
of
projects.
What
I
guess
we
need
to
know
is
how
many
projects,
what
do
we
want
to
call
them
and
what
permissions
like
who
has
permissions
to
them?
What
service
accounts
do
we
need
created
to
access
them
and
who
holds
those
credentials
to
those
service
accounts
and.
A
I
I'm
not
using
my
usual
headset
I
forgot
to
charge
it
so
I
commented
on
the
issue
they
Christophe
opened.
If
we
want
to
do
it
with
the
current
CI
there's
just
kind
of
like
a
CI
current
service
account
that
needs
to
be
given
a
ownership
over
the
project.
I
do
think
it.
I
I
still
think
it's
worth
considering.
I
This
mostly
gets
us
like
spend
now.
Normally
humans
don't
touch
these
projects
like
we
just
create
them,
we
hand
them
to
the
robot,
and
we
forget
about
it,
and
it's
only
touched
by
CI.
If
something
breaks,
we
fix
the
robot
so
like
getting
it
under
the
m4
workgroup,
the
it
like.
Hopefully,
humans
are
never
touching
these
ever
to
begin
with,
okay
and
create
them,
and
you're
done
so
that's
a
little
bit
less
exciting.
The
thing
that
will
be
a
little
painful
is
if
we
create
these,
we're
gonna
have
the
same
problem.
I
It
will
be
a
lot
easier
to
switch
to
a
totally
new
set
of
projects
when
we
move
the
C
then
tried
to
do
some
kind
of
juggling
act
where,
like
some
of
the
projects,
are
in
use
and
we're
trying
to
not
kelabra
that
it
is
very
disruptive
to
the
CI.
If
we
don't
keep
track
of
that
state,
sorry
I'm
lost
on
what
state
that
is
just
basically
if
the
project
is
in
use
or
not.
Oh
who's,.
F
I
F
F
Okay,
so
in
the
short
term,
we
could
just
create
a
bunch
of
projects,
throw
them
in
the
pool
and
let
the
current
system
run
them
to
move
it
over.
We
would
need
to
double
that
up,
but
that's
fine,
because
projects
are
free
and
in
fact
one
might
argue
that
we
should
retire
projects
after
use
and
just
have
a
pool
of
them.
That
is
constantly
refreshing,
but
maybe
that's
a
design
change.
That
is
a
different
topic.
F
I
F
Yes,
we
would
need
to
automate
the
creation
of
a
project
which
is
itself
a
problem,
but
if
what
we
need
right
now
is
create
n
projects
of
a
given
template
with
a
give
name
format
like
that's
easy
enough,
I
just
want
I'll,
go.
Look
at
the
dock
and
I'll.
Ask
my
quitter,
then
not
the
the
issue
and
I'll.
Ask
my
questions
there
and
if
we
can
answer
those,
this
is
simply
write
a
script
and
one
of
the
GCP
admins
runs
the
script
yeah.
I
F
F
Is
it
requesting
quota
through
the
quarter
request
system,
or
is
it
something
internal
I?
Don't
actually
know
much
about
it?
Presumably
we
don't
have
access
to
anything
internal
anymore.
So
if
part
of
this
is
making
sure
these
projects
have
quota,
then
we
part
of
the
script
needs
to
be
either
filing
those
quota,
requests
or
printing
out
enough
information
that
a
human
can
go.
Oh
good,
god,
click
on
this
link,
yeah.
I
F
I
These
things-
that
is
another
thing
in
the
in
the
current
system,
we
kind
of
mostly
just
have
one
big
general
pool-
that's
sort
of
like
outs
left
fund
for
projects
to
do
fairly
generic
spinning
up
some
sort
of
cluster,
and
it's
just
as
one
giant
billing
account
had.
Nobody
really
knows
what's
using
the
most
is,
is
that
better.
I
Pools
so
I
think
the
biggest
thing
was
just
they
currently
prod.
When
it's
been
a
lot
of
time
on
this
and
doing
it
that
way
ensured
we
always
had
plenty
of
capacity
doing
it
on
like
a
per
use
case
basis
means
we
need
to
pay
a
little
bit
more
attention
to
like
how
much
capacity
we
allocate
each
use
case.
F
I
F
I
F
F
I
F
F
I
I
F
A
F
Would
be
wonderful
if
we
could
put
together
two
or
three
people
who
felt
like
either
they
do
own
it
or
they'd,
be
willing
to
own
it
who
we
could
have
discussions
about
mechanisms
with
like
as
the
infrastructure
group.
Our
job
is
to
empower
these
people,
these
teams,
but
also
to
make
sure
we
understand
where
we're
spending
money
right.
If
we
have
a
pool
of
500
projects
and
they
just
all
have
random
charges.
We
have
no
idea
where
that
money's
going
right.
F
I
No,
so
actually
I,
don't
think
you
need
a
change
to
the
mechanism.
It
already
has
concepts
of
different
pools
and
project
types,
so
it
would
more
be
a
matter
of
levers
managing
that
instance
and
the
testing
ensuring
that
we
have
all
those
pools.
Bosco's
knows
about
the
projects
and
that
CI
is
actually
you
know
using
the
correct
pool.
I
F
I
F
D
E
A
A
Related
to
what
Ben
was
talking
earlier
about,
can
we
have
a
different
pro,
which
has
its
own
set
of
clusters
and
the
periodic
jobs
run
there
kind
of
thing?
So,
let's
not
worry
about
that
right
now,
I'm
more
worried
right
now
about
how
do
we,
the
new
cab,
G
jobs?
How
can
we
replicate
some
of
the
things
that
we
do
using
the
kind
up?
That's
the
basic
problem,
I'm
trying
to
tackle
right
now.
H
Yeah
so
as
part
of
the
additional
like
security
measures
to
make
this
promoter
more
robust
and
secure,
we
want
to
make
the
let
me
rephrase
so
every
time
there's
a
change
to
production
GCR.
They
can
send
a
pub/sub
message
and
then
we
want
to
intercept
that
and
like
send
an
alert.
If
something
is
wrong.
For
example,
an
image
was
promoted,
independent
of
the
promotion
process,
probably
with
malicious
intent,
because
you
shouldn't
be
doing
that
anyway,
because
every
promoter
should
be
transparent
but
long
story
short.
H
H
F
It
we
but
hope,
is
not
a
strategy,
and
we
need
to
make
sure
that
we
have
a
group
of
people
who
have
the
authorities
to
and
the
knowledge
to
do,
a
restore
from
backup
if
they
need
to
without
calling
you
and
who
would
get
those
notifications.
If
somebody
pushed
an
image
without
going
through
the
promotor
I.
H
J
H
J
Suggest
Gloria
I've
been
I've
been
like
multitasking
and
listening
in
can
I
suggest
the
step.
One
would
be
writing
down
like
I
mentioned
this
in
this
live
channel,
I
haven't
created
an
issue
on
it,
yet
that's
my
bad.
We
need
some
sort
of
like
runbook
system
for
not
just
the
image
promoter,
but
basically,
like
all
the
infrastructure,
we're
standing
up
so
that
people
who
are
holding
the
pager
don't
necessarily
need
to
know
the
intimate
details
of
every
single
system
because
the
subject
matter
experts
have
written
it
down.
J
J
What
are
those
written
in
markdown
stuff
like
that
and
be
able
to
like
have
a
have
a
run
book
system
that
then
utilized
as
a
subject
matter
expert
for
the
promoter
can
dump
information
into
and
then
whoever's
holding
the
pager
when
we
define
better
like
who
holds
the
pager,
what
rights
do
they
need
to
have?
Do
we
have
like
one
pager
rotation
for
all
of
our
infra?
Do
we
have
multiple
page
rotations
for
like
parts
of
the
prowl
like?
Is
there
a
difference
between
cluster
and
men
versus
image
promoter
stuff
like
that?
J
But
once
we
make
once
we
make
all
these
decisions,
we
still
need
a
place
like
dump
information
into
and
I'd
say.
That
is
something
that
we
don't
need
to
make
the
rest
of
decisions
like.
We
don't
need
to
make
the
decisions
around
who's
holding
the
page
or
what
that
looks
like
yet,
but
we
can
we're
start
writing
down
information
like
what
our
failure
conditions.
How
do
we
diagnose
it?
I
F
I
think
if
I
can
interpret
what
crystal
saying
is
we
just
need
to
do
something.
Anything
is
better
than
nothing.
Let's
just
do
something
right
down
with
that
something
is
and
start
a
convention
and
I
need
a
volunteer
to
do
to
get
the
ball
rolling
here.
I
don't
want
to
voluntarist
off,
but
it
sounds
like
you
got
a
lot
of
context.
My
friend.
J
F
F
That's
what
we're
talking
about
here
really
like
we
as
we
move
to
vertical
eyes,
each
of
these
bits
of
infrastructure,
we're
going
to
need
volunteer
owners
to
sign
up
for
these
things?
Okay,
and
if
we
don't
like
just
to
go
back
to
the
the
boscoe's
thing
right
like
if
there's
not
a
clear
person,
who's
signing
up
to
own
it
and
and
drive
it
or
organization,
that's
signing
up
to
own
it
and
drive
it
I,
don't
think
we
can
reasonably
do
it.
I
J
C
F
Well,
so
this
is
an
open,
there's,
an
open
issue
on
this
too.
It
would
be
in
the
ideal
world
humans
don't
have
access
at
all
to
the
staging
repo
and
only
the
GCB
pushes
to
the
staging
repo.
We
have
accepted
that
that
is
not
an
immediately
practical
position
for
all
sub
projects,
but
we
would
encourage
any
new
sub
project
to
think
about
whether
that
is
something
they
could
live
with.
B
F
B
Problem
for
me,
but
this
another
question
which
I
have-
and
it
might
be
a
useful
thing
to
have
since
we're
talking
about
images
which
are
going
to
be
used
by
all
the
CIC
test,
suite
and
so
on.
It
wouldn't
be
a
great
idea
to
just
promote
images
which
might
break
everything
is
the
way
we
could
add
the
job
which
would
use
the
staging
area
before
we
actually
merge
that
request
and
promote
the
images
so.
F
B
I
B
Then
I
have
another
question:
it's
going
to
be
all
automated
in
the
future.
So
when
it
comes
to
this
images,
there
are
around
31
test
images.
That's
gonna
take
quite
a
long
time
to
build
everything.
Just
so
you
know
so
the
image
builder.
We
have
to
know
how
to
build
images
on
which
images
to
build.
Basically,
it
takes
me
at
least
half
an
hour
to
build
everything
so.
I
B
I
Don't
think
that's
true
either
I
mean
ideally
we're
also
specifying
what
version
of
the
other
image
to
depend
on
so
kind
of
same
thing.
If
you
change
a
base
image,
then
you
follow
up
with
changing
the
other
images.
Otherwise,
I
think
the
entire
pattern
of
you
need
to
go
through.
Promotion
isn't
really
going
to
work.
B
It's
not
speculative,
you
can
you
can
specify.
For
example,
there
are
two
test
images,
the
kitten
and
Nautilus
images
which
depend
on
the
test
web
server
image,
which,
if
you
would
update
the
test
web
server
image.
You
might
also
want
to
bump
the
kitten
and
the
Nautilus
images
as
well
and
rebuild
them
as
well.
If
those
changes
are
to
be
reflected
as
well.
I
B
F
F
F
Can
we
I'm
not
gonna
have
time
to
do
this?
Can
somebody
does
somebody
have
time
to
follow
up
with
Jason
or
Vince
and
see
if
they
have
written
down
what
the
process
was?
I
can
try
to
ping
Catherine
I'm
gonna
have
to
be
in
meetings
all
the
rest
of
this
morning,
though,
somewhere
there
is
written
down
the
example
PR
to
follow
for
Kate's
at
I/o,
which
you
look
to
have
done
and
for
GCB
or
for
prowl,
rather
to
enable
it
to
auto
build
your
repo
on
unmerge
I.
Think
you
want
both
parts
right,
yep.
F
F
C
C
J
C
C
F
We
have
a
lot
of
stuff
to
do.
We
have
we
have
a
lot
of
action
items.
We
have
a
lot
of
cool
ideas
and
things
in
flight.
We
have
a
small
set
of
people
who
continue
to
sign
up
or
get
signed
up
for
all
of
the
work
to
everybody
here
who,
like
is
working
with
an
organization
that
depends
on
kubernetes,
can
I,
please
agitate
for
you
guys
to
go
up
to
your
leadership
and
try
to
solicit
more
volunteers
or
voluntarily
do
miss
left.
F
In
short,
we
need
more
hands
on
more
keyboards
if
we're
going
to
continue
to
make
progress.
I'm
working
on
doing
this
on
the
Google
side
can
I
like
anybody.
Who's
got
access
to
more
friends
or
community
people
who
want
to
help
here.
This
is
a
great
way
for
people
to
earn
some
brownie
points
and
be
part
of
the
community
and
have
meaningful
impact
on
the
project,
even
if
they're
not
strictly
a
software
developer.
F
This
is
this
is
a
great
opportunity.
Please,
like
tell
your
friends
tweet
about
it
write
email,
we
need
more
hands
on
work,
keyboards
or
we're.
Gonna
continue
at
a
very
slow
pace
like
there
are
many
things
that
we
have
not
even
tackled.
Yet
we
do
not.
We
haven't
even
opened
the
question
of
monitoring
for
our
clusters
like
how
do
I
know
the
cluster
is
still
alive,
I,
don't
honestly
I.