►
From YouTube: Kubernetes WG K8s Infra 20180928
Description
k8s-infra-team meeting Sept 28, 2018
A
B
So
I
don't
know
just
to
kind
of
recap
on
the
working
group
thing
a
little
fully
but
brought
it
up
to
steering
committee,
it's
keeping
non-controversial
by
saying,
whoever,
whichever
saying
it
seems
like
we
have
prior
art
for
them.
Opening
that
code.
That's
the
sig
that
owns
that
code,
but
you
can
revisit
as
need
be
so
a
subdirectory
of
cakes
that
I
over
DNS
seems
reasonable.
B
If
we
need
to
read
other
stuff
other
places.
That's
that's
fine,
too.
I
am
happy
to
work
on
their
charter
or
work
with
somebody
on
a
charter.
I
think
the
main
thing
is
I
want
to
get
a
majority
representation
rule
and
there
try
to
keep
things
loose
and
informal
and
do
just
enough
to
make
sure
we
have
the
working
group
pieces
of
structure
like
assume,
license
and
recurring
meetings
on
a
calendar
and
blah
blah
blah
label.
A
A
A
Sounds
good,
hippie,
hacker?
Okay,
then
what
was
the
next
one?
So
working
group?
We
already
talked
about
that.
So
one
idea
that
came
up
during
the
release
cycle
in
112
was
we
had
a
few
things
that
needed
a
home
where
we
could
run
those.
For
example,
the
publish
bot
is
right
now
in
in
running
inside
Red,
Hat
somewhere,
and
then
there
was
this
idea
for
a
cherry-pick
bot
that
we've
been
debating
on
a
PR
whether
it's
gonna
suck
up
tokens.
A
You
know
number
of
times
we
can
use,
and
things
like
that.
So
does
it
make
sense
to
create
a
utility
cluster
as
a
place
where
we
can
start
experimenting
with
ACLs
and
running
these
bought
some
of
these
BOTS
and
trying
to
get
a
handle
on
how
we
would
give
permissions
for
people
to
try
things
out,
pull
logs
and
things
like
that.
I
think.
C
A
Right
the
reason
for
picking
on
this
one
was
that
we
are
not
in
anybody's
path.
So
to
say,
we
are
not
like
this
is
like
an
independent
effort
just
to
stand
up
the
infrastructure
and
try
to
see
how
things
how
we
can
make
things
work
outside
of
the
Google
infrastructure,
but
yeah.
What
do
you
use
for
credential
sharing
right
now,
right.
E
C
D
C
D
C
C
B
Mean
that
was
gonna,
be
my
google
hat
on
suggestion.
My
Google
office
ounds,
like
this,
is
what
everybody
uses
Bob
for
yeah
agree
with
Dennis
person.
This
is
an
opportunity
to
experiment,
not
necessarily
find
the
one
true
way,
but
so
it's
like
the
the
cherry
picking
stuff
does
require
a
full-on
prowl
set
up
cherry
picking
is
basically
another
crowd.
Looking
and
Christophe
he's
not
here
has
some
specific
concerns
around
the
way
the
cherry
picking
bot
works
in
Red
Hat
repo.
While
it
may
not
work
here
in
kubernetes,
but.
A
D
B
A
D
D
He's
the
cherry
picker
or
is
the
publishing
robot
something
we
can
move?
Yes,
Bob
machine
robot.
We
can
move
right
now
and
we
can
we
do
that
and
can
we
start
experimenting
with
like
credential
management
and
things
I
talked
to
them
about
this
briefly,
and
they
said
they
used
like
a
CNC
F
last
pass,
but
they
had
just
sent
a
password
once
it
wasn't
really
a
it
wasn't
really
in
use.
Okay,
that
sounds
perfect.
So,
let's
start
with
publish.
C
So
I'm,
all
for
starting
to
do
this
work
scrolling
back
to
the
very
top
of
this
dock.
I
think
we
have
a
few
things
we
need
to
do
before.
We
do
that.
Okay,
specifically,
we
need
to
put
a
little
bit
of
thinking
into
how
we're
going
to
do.
Spend
reports
like
we
will
need
to
be
able
to
document
where
we're
spending
all
of
the
money
and
that
needs
somebody
to
sit
down
and
think
about.
C
D
C
C
D
C
And
then
the
other
thing
that
we
need
to
think
about
is
criteria
rules
for
adding
volunteers,
like
is
anybody
who
shows
up
to
this
call
going
to
get
access
to
everything,
or
are
we
gonna
get
very
limited
access?
We
may
want
to
create
secondary
Google
Groups.
That
I
mean
we've
started
this
already
with
DNS
right.
We
need
to
create
a
bunch
of
individual
groups
for
each
individual
topic
and
grant
those
groups
their
role
access
those
sorts
of
things.
So
we
need
some
criteria
for
like
who's
who
gets
credentials
to
help
I.
D
D
C
So
again,
we
need,
if
I
need
a
volunteer,
is
write,
a
page
about
the
existing
set
up
and
how
we
should
replicate
it.
Like
we've
already
created
a
DNS
group,
we
could
delete
it
and
create
a
different
one
with
the
you
know,
read
and
write
names
or
whatever.
What
I
don't
want
to
do
is
start
ten
efforts
and
then
having
to
go
back
and
retool
ten
different
times.
I.
C
Agree
with
that,
so
the
the
biggest
task
I
think
in
front
of
this
group
is
actually
making
time
to
make
progress
on
these
things
and
like
putting
aside
we're
putting
aside
an
hour
a
week
to
meet.
But
if,
if
we
can't
get
traction
on
these
other
action
items
we'll
be
in
the
same
spot
a
year
from
now
right
right,.
A
C
A
B
D
Also,
have
we
might
actually
want
to
include
some
of
those
same
requirements
like
something
that's
come
up
in
the
past,
for
us
is
that
there
is
some
amount
of
CI
for
the
security
folks,
and
we
want
to
keep
that
private
for
obvious
reasons,
but
someone
still
has
to
run
it,
so
they
effectively
have
like
the
same
level
of
access
to.
What's
going
on
with
that
team,
yeah
and.
B
So
I
have
experience
running
this
sort
of
commingled
requirement
thing
through
in
the
context
of
the
kit
of
admin
team.
So
I
feel
like
there's
some
level
of
overlap
with
the
Charter,
but
I
don't
want
us
to
get
hung
up
on
nailing
down
all
the
details
of
Group
Policy
and
whatnot
I'm
interested
more,
and
we
should
have
some
sort
of
likely
pot
processed
event,
responsible
people
right.
C
B
I
think
what
I've
been
hearing
then
volunteer
for
is
like
we
have
some
experience
doing
things
one
way
in
intestine
truck
in
the
past,
so
we
can
recommend
why
we
wouldn't
suggest
doing
it
that
way.
But
I
don't
know
if
we're
signing
up
for
a
full
detail-oriented
proposal
on
groups
and
credentials,
but
like
we
can
throw.
C
Happy
to
iterate,
like
honestly,
we
just
need
a
starting
point.
Well,
I,
don't
know,
what's
been
done
in
detail
with
sig
West
or
with
security
groups.
So
if
somebody
knows
those
and
tie
them
together,
then
that's
that's
fantastic,
but
I
don't
want
to
do
is
get
stuck
where
we
say
you
know:
hey
we're
gonna,
create
this
utility
cluster,
but
there's
only
three
people
that
I
trust
and
the
only
reason
I
trust
them
is
because
I've
known
them
for
four
years
through
the
project
and
new
people
are
showing
up
that.
You
know
in
particularly
you
know.
C
C
A
A
So
that's
where
I
wanted
to
bring
him
into
the
discussion
here
in
in
terms
of
we
do
so
right
now,
if
you
look
at
our
Google
containers,
it
has
everything
in
there.
How
do
we
make
sure
and
the
other
flip
side
to
that
is
the
cluster
API
flocks
and
the
cloud
provider?
Folks
don't
have
a
home
to
push
their
images
to
so
I
want
to
get
to
a
point
where
we
have
some
kind
of
rules
around
okay.
This
is
the
registry
that
can
be
used
for
XYZ
purpose.
These
are
the
images
this.
C
I
would
love
to
see
somebody
again
driving
a
sort
of
a
specification
for
how
we
want
that
to
be
I,
know,
you've
looked
at
the
promoter
proposal
from
from
our
side
and
I
think
it's
met
with
overall
general
approval.
That's
another
big
effort
for
us
to
start
the
migration
of
that.
If
we
want
to
try
to
impose
some
new
structure
as
we
sort
of
make
the
transition
I
don't
know
if
we
should
do
it
at
the
same
time
right,
we
really
were
thuggin
all
things
right,
all
right.
A
C
So
we'll
have
to
engage
that
carefully.
I'm
happy
to
hear
about
what
structure
people
would
like
to
see
in
there
I'm
all
for
structure.
That
said,
we
can't
actually
abandon
the
previous
Convention,
which
was
throw
everything
in
the
route
all
right,
so
we'll
have
to
migrate
over
everything
that
we
currently
have
and
start
to
impose
new
structure.
Do
we
do
that
at
the
same
time?
Do
we
do
that
as
a
second
step?
Yeah?
That's.
B
A
very
good
question,
so,
from
my
perspective,
this
is
also
why
I
think
DNS
is
one
of
the
more
important
things
to
get
done
first,
so
that
migrating
different
services
to
different
clusters,
or
whatever
is
a
lot
easier
once
it's
really
easy
to
flip
DNS
from
one
place
to
another.
If
we
find
out
you
put
a
bunch
of
things
in
one
cluster
that
actually
belongs
in
different
clusters,
or
vice
versa.
Right,
that's
a
great
point.
F
So
myself,
so
I,
basically
work
for
IBM
India,
so
basically
in
covered,
is
community.
What
I
spent
time
mostly
is
so
reading
all
the
test
images
and
then
from
ages,
multi,
architectural,
supporting
all
different
platforms
like
I'm
66
to
morality
and
history
90.
So
that's
that's
what
the
target
we
did
and,
in
fact
well
we
released
all
the
K
tests.
You
may
just
its
supporting
all
these
architectures
that
manifest
so
yeah,
so
the
the
future
goal.
What
I'm
trying
to
look
at
it
is
like
so
love
tests
in
quality
is
at
least
in
it.
F
We
know
or
whatever
right
so
this
they
are
using
their
own
repositories
and
then
we
don't
really
have
any
sort
of
a
control
where
those
images
are
and
then
you
don't
even
know
the
source
of
those
images.
If
something
goes
wrong,
it's
really
difficult
to
fix.
Yes,
so
what
I'm
trying
to
look
at
it
is
like
knowing
any
any
of
this.
Just
what
we
have
in
our
repository
should
have
proper
images
supporting
all
the
architectures
so
and
then
we
should
have
at
least
the
I
mean
right
now.
We
should
know
how
to
fix.
F
That's
what
I'm
thinking
of
and
then
in
d1
what
I
was
looking
at
recently
is
all
these
incredible
posits
what
we
have.
They
are
beginning
their
work
that
passages
right.
Even
that
is
not
really
good
great
way
of
doing
it.
So
I
think
if
you
have
some
sort
of
major
repository
is
created
in
this
year
with
certain
needs,
I
mean
sudden
naming
convention,
and
then
you
know
have
some
of
a
proper
back
model
to
know,
allow
them
to
push
or
modify
their
own
images.
To
be
great
right,
so
can
be
a
lot.
F
C
C
C
F
G
C
Want
true,
but
if
we
use
the
motor,
if
we
use
the
promoter,
then
it
doesn't
really
matter
because
humans
don't
have
access
and
we
can
through
the
promoter
manifest,
we
can
actually
include
owners
metadata,
perhaps
and
say
like
hey
only
you
know,
XT
is
the
owner
for
the
test
subpar,
but
not
for
the
DNS
sub
repository.
So
if
you
try
to
push
something
to
DNS
somebody,
who's
reviewing
that
can
say
hey,
why
do
you
have
access
to
this.
G
Also
add
like
a
year
or
so
ago
and
continuing
internally
at
Google,
we've
done
some
auditing
of
the
Google
Tanners
group
or
the
Google
containers
at
UCR
repo,
just
because
there's
so
many
images
in
there
and
trying
to
figure
out
like
where
does
some
of
these
come
from?
You
know
what
are
their
like.
This
is
whatever
and
I
think
there's
no
reason
you
can't
share
that
so
I'll
see
if
we
can.
You
know
at
least
get
a
copy
of
that
shared,
so
that
can
least
be
something
to
use.
G
I
know
like
I,
you
know,
pulled
I
tried
to
pull
out
all
the
images
so,
like
you
know,
there's
old
versions,
all
the
e2b
images
in
Tanner's,
but
like
the
ones
we
currently
use
or
incriminate
easy
to
be
test
images
which
is
lighter
access,
and
you
know,
sort
of
I've
been
at
least
trying
to
pull
things
out
of
Google
and
Tanner's
that
don't
belong
there,
but
yeah
I.
Think
I
think
this
would
be
great,
but.
C
I
would
like
to
go
I
think
I'd
like
to
go
the
other
direction
and
move
everything
into
the
kate's.
That
GCI
are
Kate's
GCR,
that
I
Oh
umbrella,
because
we've
set
up
the
Auto
regionalization
of
it,
and
so
that
sort
of
gonna
be
optimal
for
performance
and
cost,
and
we
can
just
use
the
structure
and
the
promoter
to
govern
access
to
it.
Yeah.
G
And
I
think
I
think
yeah
if
we
have
proper
access
that
way,
that
would
be
great
and
as
long
as
we
also
make
sure
that
we,
like
I,
think
you
know,
have
a
policy
of
somehow
documenting
where
these
images
come
from
or
somehow
automation
to
tell
that,
because
that's
the
other
problem
with
a
lot
of
stuff
in
goal.
Containers
right
now
is
yeah.
Is
that
her,
like
three
years
old
and
I,
have
no
idea
who
built
them
who
uses
so.
C
We
won't
be
able
to
retrofit
all
that,
but
we'll
be
able
to
say
at
least
with
the
promoter
we'll
have
a
track
record
of
saying
who
promoted
what
image
and
hopefully
the
PRS.
We
can
establish
the
structure
around
the
PR
is
there
to
say:
where
did
this
come
from?
What
is
the
expected,
checksum,
etc
right.
F
I
think
like
supports
a
lot
of
this
metadata,
so
we
can
feed
those
meta
data
looking
at
it.
So
probably
if
you
have
certain
proper
metadata
into
images,
so
that
can
be
done
like
and
give
it
to
commit
or
any
of
those
and
then
author
and
many
of
those
levels
are
supported.
So
if
you
deal
with
proper
metadata
into
it,
so
I
think
we
okay.
H
M'kay
ATG
yeah,
okay,.
C
C
So
anybody
who's
in
the
Kate's
DNS
Google
group
should
be
able
to
run
it
themselves.
Now
against
the
config.
That's
checked
in
there,
I
tested
it
as
my
own
Gmail
I
added
myself
and
removed
myself,
and
that
should
work
fine.
It
would
be
great
if
somebody
would
confirm
that
until
we
have
a
cluster
up,
that
we
can
run
the
automation
and
I.
Think
it's
acceptable
to
just
say
here
are
the
instructions
sort
of
like
we
do
today
with
the
website.
Jeff
like
people
push
a
PR,
and
then
we
manually
update
it.
C
We
could
you
limp
along
with
that
for
a
while
I
think
the
instructions
work,
but
it
would
be
nice
the
same
way
for
the
website.
We
have
a
test
test
at
SH,
which
actually
runs
through
all
the
URLs
and
make
sure
that
they
still
work.
I
would
really
like
a
like
first
do
a
dry
run
then
push
to
a
canary
run
a
test
against
all
of
the
name
resolution
against
that
canary
and
then
push
to
reality
and
I.
It's
on
my
plate.
C
C
E
Yeah
I
work
for
the
Scout
factory,
with
a
a
SS
partner
in
the
UK
and
currently
working
with
on
cluster
API
work
and
I.
Think
we'll
be
looking
for
a
home
for
the
artifacts
that
we
produce
also
from
asset
class.
The
life
cycle
perspective.
We,
for
you
want
to
improve
way
that
we're
doing
rpm
in
depth
generation,
particularly
separating
out
the
repositories
where
the
least
candidates
going
Rachel.
That
people
who
do
automatic
updates
on
systems
can
reliably
trust
that
it's
not
going
to
break
near
clusters.
E
A
E
A
I
think
one
of
the
first
items
that
we've
been
talking
about
is
like
try
to
figure
out
a
way
to
consolidate
those
two.
There
are
spec
files
in
both
and
the
release
infrastructure
uses
the
ones
and
K
release
to
actually
make
the
release.
But
then
people
are
always.
You
know
forgetting
to
sync
between
the
two.
E
A
Yeah
new
people
right
so
that
would
be
on
on
the
side
of
the
specs
right,
but
then
on
the
side
of
where
we
need
to
upload
them
or
the
directory
structure
that
we
need
to
upload
it
to.
We
had
one
problem
during
this
relay
cycle
where
we
pushed
what
was
it
RC
one
and
that
actually
went
to
the
stable,
a
directory
yeah
so
and
we
broke
a
bunch
of
people
for
a
day.
So
do
you
have
like
best
practices
of
how
the
X
table
experimental
nightly?
That
kind
of
repository
structure
should
be
set
up?
Yeah.
E
E
A
A
C
B
G
B
A
G
G
G
A
A
And
everybody
has
something
to
do
between
now
and
then
right.
We
don't
have
to
have
one
more
meeting
in
between
now.
Do
you
have
something?
But
you
not?
You,
have
something:
I
have
some
action
items
and
he
PP
hacker
has
one
at
least
okay.
I
think
we
are
all
set
here.
Unless
anybody
else
has
anything
else,
just.
E
Have
one
thing
so:
we've
been
talking
about
Google
related
stuff.
We
will
also
need
a
EWS,
it's
specially
for
sick
plus
y,
so
quick
cycle,
because
we
can't
do
a
Kelowna
AWS
provided
stuff,
it's
not
about
that
container
images,
right,
yeah
and
even
CI
and
all
that
stuff.
Is
this
the
way
the
venue
with
this
donor?
Oh,
yes,.
B
But
no
I
would
plant
on
that
for
now
and
come
talk
to
sick
testing.
If
you
have
specific
concerns,
they're
loosely
speaking,
we
have
AWS
credentials
that
are
given
to
us
by
CNCs
so
like.
If
you
want
to
file,
if
you
want
to
create
a
new
job
that
does
anything
in
AWS,
you
can
totally
just
file
PR.
That
does
that
today,
I've
had
people
from
the
US
ask
if
that's
how
they
can
create
more
jobs,
and
so
did
where
it's
yeah.