►
From YouTube: Kubernetes WG K8s Infra - 2019-06-26
Description
A
A
B
D
We,
why
don't
you
meet
your
numbers
and
then
we'll
see
if
they
jive
okay,
so
we
reconciled
our
previous
divergence,
which
was
because
we
weren't,
including
all
the
projects.
So
if
we
include
all
the
projects
from
May
29th
to
June
25th,
which
I
guess
is
the
last
30
days
on
all
services,
we
spent
three
hundred
and
seventy-six
dollars
and
79
cents
roughly.
E
D
Yes,
I
did
that's
30
days,
which
is
May
29th
June
25th
I
can
share
the
tab.
If
that
would
be
useful,
that
would
be
cool,
let's
see
and
the
everyone
or
it
is
now
going
to
a
group,
a
Google
Group,
which
I
know
someone
commented
on
Comic
Sans
I
think
I
might
was
that
you
Amy
I,
don't
know,
but
anyway,
someone's
comments,
a
ton,
Comic
Sans,
so
I
know
someone
is
getting
the
the
report.
Thank
you
for
commenting
and
we
can
certainly
look
at
publishing
it
more
widely.
D
E
D
D
E
E
Think
I
can
for
anybody
who
cares
about
why?
Sometimes
it
shows
us
as
having
a
credit.
It's
just
the
the
distributed
systems.
Nature
of
the
billing
process,
but
that
is
that
is
unique
to
the
this
report
doesn't
have
that
problem.
Yes,
your
report
does
the
right
thing
because
you're
writing
code
not
just
accumulating,
as
it
goes.
E
E
A
D
E
A
D
A
D
A
D
D
E
Studio
tool,
so
is
there
any
way
to
dump
that,
like
as
a
snapshot
or
is
it
just
in
the
tool?
I
haven't
yet
found
a
way?
I
can
I
get
like
an
open,
a
bug
and
ask
the
team
yeah.
It
would
be
really
great
to
have
that
check
didn't
get
somewhere
so
that
people
could
look
at
it
and
make
modifications
or
we
could
make
it
a
public
read-only,
so
they
can
copy
it
or
something
like
that.
But
yes,
it
and
is
that
is
access
to
that
controlled
by
the
Kate's
in
for
a
GCP
accounting
group.
E
That's
the
IM
group
that
we've
set
aside
for
people
who
are
working
on
accounting
I
can
I
can
grunt
access
to
that
group
to
to
edit
the
reports.
If
that
would
be
useful,
I
think
that
would
be
the
right
thing
to
do
and
then
whatever
access
like
I
want
to
get
to
the
place
at
the
end,
where
no
individuals
have
access
only
groups.
E
E
E
A
Okay,
so
just
to
recap:
we're
gonna
send
this
report
out
weekly
to
the
public
Google
Group.
We
might
send
it
daily
to
an
accounting
group.
We're
gonna,
try
and
use
the
accounting
group
as
write
access
to
the
data
studio
project
and
we're
gonna
look
at
ways
to
maybe
like
share
the
data
studio
project
with
the
public
at
large
or
maybe
dump
out
that
gnarly
query
or
something
yes.
E
D
E
D
E
A
A
A
A
A
E
Hi
Jen
I,
just
post
that
one
in
chat
and
realized
that
it
wasn't
assigned
to
anybody
except
their
know,
our
Noah
cell
GTM
did
I
just
assigned
it
to
Justin.
He
can
take
a
look
at
it.
Basically,
it's
just
moving
or
moving
things
out
of
the
Kate's
GCR
directory
and
moving
it
into
an
inferred
directory
because
it's
apparently
all
the
infrastructure.
Now
this
is
all
the
scripts
that
we
have
to
recreate.
E
E
A
A
G
I
might
open
like
once
we
get
to
the
rest
of
milestone.
I
might
go
discussion
topic
on
this
because
I
like
I
looked
at
it
and
I
was
unhappy
with
not
anything
that
are
know
did
like
like
actually
creating
it.
There
wasn't
any
concerns
that
I
had
like
what
the
work
that
our
node
did.
I.
The
concern
is
like
driving
this
through,
so
I
have
an
alternative,
but
we
can
do
that
after
the
milestone.
So.
A
E
Going
to
support
my
position
has
been
and
still
is
not
for
love
of
Bosch,
but
simply
we
know
that,
like
the
g-cloud
command
lines,
work
in
a
certain
way
and
they
have
the
features
that
we
need
and
I
didn't
want
to
get
distracted
in
all
of
this
by
going
off
and
learning
terraform
and
figuring
out
what
it
does
and
doesn't
do
or
going
off
and
writing
our
own
declarative.
Sinkers
like
we
can
do
that.
I
just
didn't
want
those
to
be
between
us
and
progress.
Yeah.
A
I
I
will
say,
based
on
a
little
bit
of
noodling.
I
have
done
with
spinning
up
crowd
lately,
it's
not
something
that
lends
itself
super
well
to
a
very
declarative,
get
ops
driven
model.
It
would
fit
better
if
we
were
supportive
of
will
allow
mostly
scripts
in
or
a
human
to
do,
a
bunch
of
things
and
then
we'll
find
a
way
to
reconcile
that
against.
Like
here's,
the
list
of
resources
that
we
expect
to
live
in
this
GCP
project
for
a
given,
proud
cluster,
that
also
needs
some
other
GCP
things.
E
E
A
E
A
A
A
A
E
A
E
Right,
okay,
we'll
see,
see
myself
for
review
as
well.
It
doesn't
have
to
be
me,
but
I
did
like
I
ran
their
first
draft
of
it
and
had
a
bunch
of
feedback
for
him.
So
I'll
go
back
to
it
again.
This
thing's
I
feel
free
to
jump
in
there
and
anybody
who's
got
gee.
Anybody
who's
in
the
GCP
auditors
group
should
be
able
to
run
his
results
here
and
produce
a
report
that
is
interesting
and
useful.
So
who
is
in
the
auditors
group?
Let's
look
real
quickly.
Okay,.
E
E
A
E
G
I
actually
have
bought
there.
So
I
looked
into
this
one,
because
I
was
confused
about
what
was
going
on.
There's
two
ways
basically
to
manage
gke
are
back
permissions
into
a
cluster
one.
Is
you
do
it
at
the
project
level,
so
you
assign
scope
and
stuff
to
a
user
or
to
a
group
or
something
at
the
project
level,
and
then
the
clusters
inherit
that
right
and
then
there's
also
doing
it
specifically
local
on
the
cluster.
G
So
like
creating
kubernetes
level
like
cluster
roll
bindings
and
that
kind
of
stuff
and
binding
directly
to
Google
accounts,
I
would
suggest
we
do
it
only
at
the
project
level,
because
it's
very
visible
and
auditable
from
the
project
level.
Whereas
right
now
we
are
not
doing
anything
to
other
things
on
a
con,
the
cluster
it
felt.
E
So
if
we
do
it
at
the
project
level,
though,
then
we
have
people
who
have
blanket
access
to
the
entire
cluster
right.
There's
no
sub
namespacing.
At
that
level,
I
was
hoping
that
we
could
use
the
our
back
control
so
that
each
of
the
individual
namespaced
efforts
would
have
their
own
are
back
in
their
own
cake
kit,
kubernetes
at
I/o
groups
that
would
govern
access
to
the
individual
things
like
going
pretending
we're
multi-tenant.
I.
G
Don't
know
that
that
is
particularly
useful
and
I
would
like.
I
would
assert
that
like
either.
We
trust
somebody
or
we
don't,
because
they're
still
going
to
be
able
to
consume
resources,
they're
still
going
to
be
like
work,
work,
I,
don't
think
we're
got
anybody
who
wants
to
get
in
the
business
of
like
setting
up
quotas
and
like
doing
that
on
a
per
namespace
level
and
managing
that
for
every
single
thing
that
we
do
is
I
think
either.
G
E
Was
hoping
we
would
do
it
if
nothing
else
as
a
way
of
exercising
the
reality
of
kubernetes
like
one
of
the
big
customer
empathy
points
that
Kelsey
keeps
beating
us
over
the
head
with?
Is
we
don't
use
our
own
products
enough,
and
if
this
is
what
we're
telling
users
they
should
do
I
feel
like
we
should
do
it
I.
G
D
G
E
Isn't
even
Google
product,
so
this
is
just
kubernetes.
This
is
like
we're
asking
kubernetes
users
to
set
up
our
back.
That
is
how
we
tell
them
to
do
multi
tenant
access,
whether
they're
doing
it
through
a
Google
group
or
an
individual
user
name,
doesn't
really
matter
right,
so
I
didn't
mean
to
position
it
as
a
Google
customer
empathy,
I
mean
as
a
kubernetes
customer
empathetic
like
anyway.
I
hear
your
point,
and
maybe
it's
maybe
we
should
not
block
on
this,
but
make
it
a
follow
up
to
try
to
make
it
more
granular.
A
Of
in
positioning
this
by
thinking
of
this
similar
to
the
discussion
we
had
around
like
being
really
by
ingrained
about
all
the
resources
that
were
standing
up
for
infrastructure
like
it
is
I,
believe
a
number
of
our
infrastructure
in
terms
of
our
infrastructure
right
now
is
stood
up.
Assuming
like
a
larger,
broader
level
of
access.
A
Then
maybe
you
are
comfortable
with
Tim
and
I
would
love
to
like
start
with
things
wide
open
and
then
gradually
tighten
it
down
to
figure
out
what
exactly
he's
required,
and
you
seem
to
be
describing
the
same
thing,
but
within
the
context
of
a
cluster
and
like
what
exact
Auerbach
roles
are
needed.
This
set
of
kubernetes
resources
to
be
able
to
do
their.
E
A
E
And
honestly,
as
as
a
point
of
process,
we
should
probably
make
it
easy
to
at
least
for
this
sort
of
utility
clusters
that
are
not
like
special-purpose.
That
did
carry
a
bunch
of
the
workload.
We
should
figure
out
how
to
burn
those
things
down
and
recreate
them
on
a
regular
basis,
so
that
we
know
that
we've
always
got
our
butt
covered.
Should
something
happen.
Oh
great,
the.
E
A
E
A
A
F
So
I
have
a
few
things
listed
in
the
open
discussion
section
so
currently,
what
I,
just
added
to
minuses,
buddy
design
doc,
is
having
like
an
image
promoter,
Eadie's
testing
criteria,
so
it
folks
from
this
meeting
and
then
also
post
it
in
the
stock
channel.
If
folks
can
review
that
after
that,
what
I
plan
on
doing
is
setting
up
proud
jobs
for
those
ETA
chests
and
then,
if
y'all
can
also
review
Linus's
the
testing
framework.
That
would
be
awesome.
A
D
A
F
I
added
it
into
you,
the
testing
criteria,
part
for
the
open
discussion
facility
for
deletion.
There's
like
a
few
open
questions
and
I'll
definitely
make
sure
to
float
those
up
within
the
slack
group
to
get
more
attention
on
it
as
well,
so
that
we
can
have
more
comments
but
yeah.
That's
there,
I
mean.
A
A
F
D
On
that,
what
does
it
matter
if,
if
they
don't,
if
they
aren't
configured
correctly,
you
mean
like
what
happens
if
the
promoter
is
just
completely
broken
like?
How
will
we
see
it
type
thing
or
I?
Guess
I'm,
just
wondering
why
that's
a
lot?
What
I
it
is
important,
I
just
don't
know
I
we
want
to
test
it
sort
of
will
be
write,
a
test
for
that
I.
Guess:
I,
don't
even.
F
F
E
E
D
Say
I
actually
use
this
promoter
in
my
personal
work
and
it
works
great.
Although
I
don't
do
deletion
I
turn
off
the
leat.
I
am
also
a
paranoid
turn
it
off
in
the
image
promoter
or
in
somewhere
else
in
the
image
from
a
driver's
head.
I
passed
the
flag,
but
once
I
passed
the
flag,
it
has
never
tried
to
delete
an
image
and
it
does
correctly
promote
images.
This
is
an
Akita,
but
it
is
at
least
supportive
of
the
fact
that
it
I've
been
doing
sure
Linus.
E
A
A
A
E
E
That
may
be
the
only
answer:
we've
got
I'm
looking
in
to
see
if
there's
anything
better
than
that
there
may
be.
There
may
be
nothing
better
than
that,
and
it
makes
me
a
little
nervous
to
know
that
the
code
is
there
and
just
flag
gate
it
off,
and
if
we
don't
so
your
point,
perhaps
we
can
set
it
up,
but
the
service
account
that,
for.
E
D
E
D
E
E
D
E
D
A
D
F
G
Think
the
only
case
that
we
even
want
to
remotely
consider
doing
that
is
like
there's
a
security
issue
in
something
that
we
published
and
that
it
is
so
unsafe
for
somebody
to
be
running
it
that
it
is
safer
to
break
somebody's
cluster
in
some
sort
of
way.
By
removing
it,
then
it
would
be
to
let
them
continue
running
what
they
are
in.
A
E
F
E
Can't
honestly
think
of
a
time
when
we
would
really
want
it,
I
would
I
would
much
rather
that
those
things
happen,
sort
of
as
a
like
at
the
back
end
as
a
policy
thing,
but
there
is
no
such
mechanism,
so
I
think
we
just
leave
them
and
and
never
remove
them.
We've
never
like
in
the
history
of
the
Cates
GCR.
We've
never
removed
an
image
for
a
reason
like
Cristal
suggests,
cool.
A
So
so,
somewhat
related
to
this
I
feel
like
I,
see
people
asking
about
a
place
to
put
their
images
repeatedly.
Maybe
I
keep
asking
this
question
every
meeting,
because
people
keep
asking
it
around
me
like.
Are
we
at
the
point
where
we
encourage
people
to
create
a
staging
GCR
repo
and
just
put
their
images
up
there
or
because,
like
I
looked
at
some
of
the
scripts
and
there
there
are
staging
repos
that
are
created
for
some
projects,
I.
E
A
Was
looking
at
this
okay
projects
like
core
DNS
and
cluster
API,
and
cops
that
like
or
not
kubernetes,
that
half
their
repos
but
I
think
they
also
kind
of
tangentially
have
Googlers
attached
to
all
of
them.
So
it's
unclear
to
me
whether
this
is
truly
a
workflow,
where
the
sub
project
is
pushing
images
to
GCR
repo
they're,
not
Googlers,
and
they
can
totally
do
this,
whereas.
E
So
the
list
that
we
picked
at
the
beginning
was
enough
so
that
we
could
get
a
few
people
outside
to
test
whether
they
had
appropriate
to
it.
The
intention
was
that
we
would
be
very
loose
in
granting
these
any
sub
project
of
any
cig
can
probably
ask
for
a
staging
repo,
and
we
should
be
fine
with
that.
E
B
A
E
A
A
E
A
E
E
A
D
I've
dropped
one
more
thing
on
the
agenda:
if
we
are
done
so
yeah,
let's
go
back
to
the
agenda,
creating
a
Google
Alert
for
AWS
accounts,
so
Tim.
This
is
sort
of
picking
between
you
me
and
a,
but
it
would
be
nice
to
have
a
Google
Group.
It
was
like.
80
of
us
accounts
need
an
email
we
want
to
set
up
the
cluster
API,
a
provider.
Eight
of
us
has
asked
to
set
up
a
bunch
of
AWS
Sabich
council
under
the
like
master
account
to
isolate
them.
D
E
A
D
A
A
E
G
A
A
G
G
So
after
after
I
reviewed
that
bad
script,
I
went
and
had
together
a
proven
concept
for
tear
for
actually
to
actually
spin
up
clusters
and
that
kind
of
stuff
and
based
off
of
like
the
technical
decisions
that
are
no
had
made
in
the
past
script
and
it
works
like
it
works.
We
can
do
pretty
much
everything
in
here
in
a
declarative
way.
G
The
new
version
of
terraform
is
actually
way
better
than
the
old
version
to
terraform,
where
which
is
good,
because
every
software
part
should
hopefully
get
better
as
opposed
to
worse,
but
I've
gone
I've
got
a
repo
I
can
send
out
a
link
into
the
channel
in
that
because
I,
my
folks
are
know
directly
to
take
a
look
and
review
this,
but
it's
basically
yeah.
It's
basically
spinning
up
a
cluster
in
declarative
way
when
all
the
best
practices
in
terraform
as
post,
using
the
g-cloud
CLI.
G
My
main
objection
to
the
G
cloud
CLI
is
the
flags
change
on
it
pretty
much
weekly.
It
updates
all
the
time
and
things
are
constantly
changing
and
flags
are
being
redefined
and
it's
great
like
I,
like
the
G
cloud
CLI.
If
you
are
interactively
using
it,
scripting
around
that
I've
always
found
painful
because
it
changes
so
frequently.
If.
E
E
G
What,
when
I
see
what
I
will?
Definitely
let
you
know,
because
it
does
it
does
that
it
does
happen
with
like
when
flags
change,
meaning
or
defaults
change
so
like
if
you
leave
a
flag
off
and
then
the
default
under-the-hood
changes,
because
even
just
like
Google
is
very
prescriptive
or
opinionated.
This
right
word
with
their
defaults,
which
are
not
necessarily
like
the
best
practices,
because
when
Google
wants
you
to
set
up
a
cluster,
they
wanted
to
be
super
easy
to
set
up
a
GK
cluster,
as
opposed
to
necessarily
like
create
being
the
the
best
practice.
E
E
D
I
think
it's
I
would
say
it's
it's
actually
much
better
as
crystal
says
in
zero.
12
I
think
it
even
has
loops
now,
but
it's
I
think
one
of
the
ways
we
could
start.
Maybe
is
my
understanding
is
it
they
can
now
reverse
an
existing
or
we
can
import
a
resource
and
see
and
do
a
diff,
and
we
could
actually
see
whether,
like
the
configuration
we
think
we
have
is
a
conversion
we
have
so
that
might
be
interesting.
G
A
G
E
A
B
E
If
everybody
thinks
better,
if
everyone
thinks
this
is
better
and
there's
you
know
already
a
hundred
and
two
pluses
on
the
chat,
then
we
look
at
this
instead
of
the
Bosch.
Like
you
know,
honestly,
if
everything's
this
is
better,
then
let's
do
it
and
let's
write
some
simple
documentation
for
people
who
don't
know
how
to
use
terraform
very
well-
and
you
know
so
we
can.
You
can
walk
me
through
the.
E
People
like
Christoph,
showed
me
what's
what,
but
so
yes,
let's
make
this
the
topic
for
the
next
session
and
in
between
now
and
then
Christoph
put
this
in
our
hands
or
in
our
faces,
and
let's
take
it
on
on
everybody,
to
go,
read
and
review
and
think
about
this
as
a
path
forward.
And
if
we
like
this,
then
we
can
do
a
similar
process
for
the
existing
scripts
that
are
in
there,
which
I'm
not
particularly
attached
to,
except
that
they
work
question.
Is
there
an
area
that
we
haven't
done.
E
Right
now,
the
canary
validations
I
mean
I,
think
it
works
really
well
I
don't
mean
to
put
the
DNS
data
in
to
terraform,
but
just
simply
the
setup
of
a
project
and
the
DNS
zones
themselves
like
we
can
load
the
data
in
through
script
because
they
can
do
the
canary
and
the
diff
and
everything
else
I'm
getting
kicked
out
of
the
room.
So
we
can
talk
about
this
on
slacker
ever
yeah.