►
From YouTube: wg-k8s-infra biweekly meeting 20200415
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
I
want
to
remind
everybody
about
our
code
of
conduct,
which
we
can
summarize
us
be
excellent
to
each
other
as
I.
Don't
see
anyone
new
or
sure
there
will
be
a
time
to
small
introduction.
So
if
you
are
new
and
want
to
introduce
yourself
like
a
few
minutes,
there
would
be
a
time
to
do
that
to
that
I
think
we
can
start
with
the
billing
review
because
we
didn't
do
it
without
add
your
name
to
our
agenda.
If
you
are
in
this
call,
please
and
then,
let's
start
with
the
billing
review,
I.
B
C
E
A
E
E
C
C
Thank
you.
Sorry.
Could
you
say
that
again,
Bart
I'd
be
done
this
to
do.
I
didn't
understand
what
you
were
saying.
The
the
billing
report
that
you
were
showing.
Can
you
paste
the
link
to
that
in
chat,
because
I
don't
have
that
in
this
laptops
history
and
it
made
me
realize
I,
don't
think
it's
actually
linked
anywhere
I.
C
A
F
A
D
High
yeah,
so
I
mean
there
hasn't
been
a
whole
lot
of
updates,
because
you
know
we're
after
the
flip
happenin
and
we
rolled
it
back,
we've
been
trying
to
unravel
any
other
lingering
dependencies
that
we
were
unaware
of
which
caused
the
rollback
in
the
first
place
other
than
that.
That's
an
ongoing
thing
right
now,
other
than
that
I
could
say
the
backup
jobs
have
been
restarted,
they've
been
running,
fine
and
I've,
been
clearing
out
the
old
time-stamped,
backups
I
think
that's
about
it.
D
We
expect
the
next
flip
to
happen
soon,
but
I
can't
really
give
any
guaranteed
dates
right
now,
we're
hoping
to
do
it
on
a
Monday,
so
it'll
either
have
to
be
next
Monday
at
the
earliest
or
the
or
the
Monday.
After
that,
the
reason
for
that
is
because
the
rollout
or
the
you
know
the
flip
itself
takes
a
number
of
days.
Typically,
it
should
take
four
days
and
we
want
to
catch
any
any
errors
during
the
work
week.
D
D
A
Thank
You
brave
okay.
So
my
first
item
is
at
the
billing
/
namespace.
There
is
not
much
progress
because
I
face
I'm,
you
sure
I
don't
want
to
work
on
the
live
document,
so
I
try
to
clone
it
and
play
with
this,
but
I
have
some
error.
Very,
not
informative.
Data
set
configuration
error
without
an
information,
so
I
assume
it's
related
with
some
kind
of
permissions
may
be
team.
Do
you
know
if
I
need
to
have
some
more
permissions
to
clone
the
billing
report
and
play
with
it
or
I.
E
Have
no
idea
I
justin,
set
that
all
up.
I
have
not
touched
the
billing
report.
Where's,
the
auditor
accounting
group
is
supposed
to
be
have
enough
permissions
to
do
all
of
this
accounting.
So
if
there's
a
permission
that
you're
missing,
we
can
figure
it
out
and
add
it
to
the
accounting
group,
but
I
don't
know
off
the
top
of
my
head.
What
it
would
be
so
I
would.
A
So
another
update
from
me
about
automating
DNS
reconciliation
is,
as
we
discussed
lifting
yesterday,
I
tried.
The
idea
was
to
use
bash
script,
which
would
be
run
in
the
container,
with
the
cytokine
sidecar
container
of
heatsink,
and
whenever
the
directory
of
DNS
changes,
the
bash
script
would
call
the
octal
DNS
to
reconcile
the
DNS
records.
A
The
I
problem
is
I
feel
like
this
would
be
a
little
bit
rocky
too
much
and
I
spent
some
time
and
trying
to
understand
the
pro
jobs
and
how
we
could
achieve
this
with
products,
and
it
looks
like
it
can.
It
should
be
easy
easier,
but
the
problem
I
problem
which
I
faced
is
I,
don't
understand
how
we
can
connect
the
octo
DNS,
which
needs
the
service,
account
credentials,
we've
the
pro
secret.
So
this
is
the
finish
if
any
buddy
here
so.
E
So
we
can
use
this
workload,
identity
feature
which
basically
says
the
kubernetes
native
service
account
can
act
as
a
Google
service
account
without
having
tokens
for
it.
Basically,
we
will
use
the
YEC
from
the
cluster
as
the
authentication,
so
we
can
do
that.
We've
done
that
for
a
few
other
things
like
prowl,
where
we've
enabled
other
clusters
even
outside
of
our
own
territory,
to
be
able
to
do
this
yeah
and
that's
not.
A
E
A
E
A
I
will
play
with
that.
Another
item
is
the
artifact
server
progress
I.
My
actual
item
wants
to
do
some
research
about
what
we
need
and
what
we
should
do.
I
didn't
start
doing
it
focus
on
different
items,
so
no
progress
so
far,
and
the
next
topic
is
the
moving
term
to
the
triple-a
cluster.
It's
currently
running
with
the
subdomain
/
canary
dot
calculator.
A
All
it
looks
like
the
data
are
consistent
with
the
original
/
suitcase
I/o
I
confirmed,
confirmed
that
within
mathematics
trick
from
six
co-led,
the
only
problem
we
have
right
now
and
the
team
is
debugging.
This
currently,
is
that
the
people
from
the
Google
Group
it
looks
like
they
can
access
the
namespace
in
triple
a
cluster.
So
if
they
can
access
that,
they
will
not
have
any
option
to
update
the
project,
the
/,
so
when
we
will
figure
it
out,
it
looks
like
we
can
switch
in
DNS
to
the
triple-a
cluster
cluster.
So.
A
Also
the
publishing,
but
it
looks
like
we
have
most
of
the
things
to
just
deploy
them.
There
are
two
things
problematic
and
one
is.
We
currently
are
deploying
the
provision
with
infrastructure
with
terraform
and
if
as
if
we
want
to
add
you
know
some
resources,
like
storage
class,
given
any
storage
class,
why
are
the
terraform
as
it
was
suggested?
A
A
A
E
E
C
E
This
is
one
of
those
resources
that
is
halfway
between
infrastructure
and
and
applications
right,
like
I'm,
not
sure
that
I'm
fond
of
using
terraform
to
manage
deployments
and
services,
because
those
things
you
know
are
intended
to
be
living
resources,
storage
classes
really
kind
of
not
it's
really
kind
of
part
of
the
infrastructure,
and
it
is
really
sort
of
part
of
the
cluster
definition.
The
fact
that
we
have
node
pools
that
terraform
can
manage,
but
storage
classes
that
it
can't
is
an
artifact
of
the
implementation.
E
C
C
Notes
because
I
want
to
walk
and
talk
at
the
same
time,
so
cherry
picking
out
actions
can
be
difficult.
What
I'm
trying
to
do
right
now
is
just
highlight
things
and
assign
them
to
people,
and
then
that
way
after
the
meeting
I
know
to
go
back
and
take
everything
that
was
assigned
to
people
and
turn
it
into
a
github
issue
and
assign
it
to
that
person.
So
it
would
be.
This
role
would
be
helpful
if
we
kind
of
consistently
highlighted
actually
items
like
that.
A
Okay,
you
can,
we
can
try
and
from
the
next
meeting
I
will
actually
I
will
have
late
day
up
this
invite
and
we
will
try
to
do
it.
I
know
it
will
be
hard
because
there
is
not
many
people
who
like
to
do
notes.
So
probably
they
won't
hear
a
lot
of
people
who
like
to
do
action
items,
but
we
will
try
and
I
think
it
can
be
helpful.
I
think.
E
A
C
So
the
reasoning
for
this
is
that
the
see
there
are
CI
jobs
that
use
this.
These
CI
jobs
are
considered
release
blocking
if
they're
important
enough
to
be
released
blocking.
They
should
probably
be
important
enough
not
to
use
somebody's
personal
GCS
bucket
an
account.
So
Steven
Augustus
asked
that
we
use
community
infrastructure
to
host
these
like
latest
builds
of
kind
as
well
as
releases
of
time.
E
So
I
feel
like
I
would
say
that
that
seems
like
my
preference
I'm,
just
finding
the
link
now,
if
it's
not
I
mean
we
can
make
staging,
you
know
we
can
change
their
attention
on
staging
the.
The
point
was
to
make
it
small
enough
that
people
don't
treat
it
like
permanent.
If
you
know
if
we
needed
it
to
be
90
days
or
120
days,
I
wouldn't
object
to
hard.
E
A
If
I
understand
exactly
what
he
means
because
it
looks
like
he
doesn't
want
to,
because
if
he
wants
to
use
the
only
images
or
if
he
wants
to
use
some
binary
artifacts,
because
if
he
wants
to
use
the
images,
I
would
also
I,
don't
see
any
problem
to
use
just
the
production
bucket
canary
artifacts.
Exactly.
C
So
that's
we
has
two
columns
right
there
at
the
images
like
kinder,
node
and
stuff
like
that,
and
then
there's
the
kind
of
binary.
Then
so
Dindo
see
your
hand
raised,
but
what
I'm
trying
to
get
at
is
like.
We
seem
to
have
this
well-established,
staging
and
then
promotion
process
for
images.
We
lack
the
equivalent
for
binary
heart
of
America
unclear
to
me
whether
we
should
take
patient
agency
and
say
for
people
who
have
binary
artifacts
just
push
straight
to
prod
or
whether
we
should
be
coming
up
with
some
equivalent
solution.
There's.
E
For
the
time
being,
we
do
not
have
that,
and
so
there
are
a
handful
of
things
that
have
been
enabled
to
be
able
to
push
to
broad
like
the
Relan
stuff,
Stevens
Stevens
work,
the
CNI
project
actually
has
a
different,
yes
bucket,
that
we
created
just
for
them.
I
think
that
one
was
open
coated
I,
wasn't
part
of
the
review
on
that
one,
but
I
saw
the
result
of
it.
We
could
do
the
same
thing
for
kind
here.
Just
make
a
new
bucket,
create
a
service
account.
E
Great
point
just
to
be
clear:
I'm,
not
sure,
there's
a
need
for
a
new
script.
I
just
didn't
look
at
this
original
CNI
special
case
when
it
was
pushed
in
so
I
came
across
it
as
I
was
doing
something
else
and
I
threw
it
at
the
back
of
my
brain
to
come
back
and
look
at
it
and
then
I
forgot
about
it.
Instead,
until
just
now
so
I'm
more
than
happy
to
have
somebody
else,
you
know
take
a
look
at
it
and
do
the
actual
PRS.
A
C
I
personally
am
really
sad
that
it's
down,
because
it's
the
only
thing
I
know
of
that
it
has
like
friendly,
visible
views
of
like
data
that
goes
back
longer
than
90
days
about
our
tests
and
her
jobs
and
stuff,
but
like
the
velodrome,
is
actually
this
complicated
thing
that
runs
a
bunch
of
code
to
also
like
scrape
github
and
dump
stuff
into
a
cloud
sequel
store.
Did
anybody
realize
this
it
took
a
week?
We,
we
kind
of
discovered
this.
C
We've
only
been
using
it
as
like
a
cur
fauna
and
influx
thing,
so
it
might
be
cool
if
a
community
member
who
knew
her
fauna,
an
influx
kind
of
like
stood
up
a
more
modernized
version
of
that
stack
and
we
could
see
if
we
could
use
it.
But
again,
given
the
relative
lack
of
like
noise
about
it,
we
have
deemed
it
a
lower
priority.
E
E
So
I
can
leave
the
data
around
I
would
just
like
to
decommission
the
old
cluster.
There's
only
two
things
left
in
it,
one
of
them
being
perfect,
which
I
will
try
to
resolve
today,
the
other
being
velodrome.
If
velodrome
is
deactivated,
then
there's
literally
nothing
running
in
that
old,
cluster
and
I
can
like
move
it
down
to
zero
nodes
or
something
or
get
rid
of
it
entirely,
and
just
save
the
volumes
that
velodrome
jobs
are
using.
A
Okay,
so
the
next
topic
is
I
would
like
to
build
some
consensus
about
moving
the
slack,
in
fact,
our
new
cluster
I'd,
like
some
research
about
it,
it
looks
like
it
should
be
an
easy
thing
to
do.
The
only
only
thing
which
we
lack
right
now
are
the
secrets.
So
we
start
a
discussion
yesterday
and
I
also
to
discuss
the
topic
with
Catarina
today,
because
the
cluster
admins
will
have
access
to
the
slack
secrets
and
if
it's
okay
for
us,
of
course,
this
is
like
only
seven
people
or
so
and
I'm.
A
A
E
Mean
we
could
use
it
like,
we
could
go
off
and
do
a
different
key
management
system
and
give
different
groups
access
to
it
and
not
cluster
admins,
but
I.
Think
the
point
of
cluster
admins.
Was
we
it's
a
small
group
of
people
that
we
trust
to
manage
the
cluster
and
everything
in
it
like,
like
you
said
you
already
have
access
to
the
SSL
secrets
right.
A
Okay,
so
I
feel
like
we
have
a
consensus
that
action
items
which
we
need
actually
is.
It
would
be
good
to
have
the
secrets
and
one
config
map
into
the
repository.
It's
not
present
there,
so
I,
don't
know
who
have
access
to
this
cluster
at
who
could
add
these
to
the
repository
encrypted
by
a
deep
crypt.
Oh.
A
Don't
want
to
but
I
work,
so
I
I
think
I
checked
all
of
the
documents.
I
put
the
links
where
these
secrets
are
being
used
in
which
manifest.
So
there
is,
as
you
can
see,
like
six
secrets
and
one
config
map
which
is
not
present.
There
are
we
talking
about
one
for
the
publishing
back?
No,
this
is
just
for
the
slack.
This
is
the
okay.
A
Also
I
have
a
question
because
at
least
as
far
as
I
can
see
now
they
are
all
in
separate,
namespaces
and
I.
Don't
think
it's,
it
would
be
necessary
to
put
those
in
separate
main
spaces
in
our
people.
A
cluster
so
I
could
I
would
suggest
we
could
use
that
slack
tools
or
select
namespace
and
put
it
there.
A
In
different
namespaces
you
mean
yeah,
then,
as
a
convention
right
now,
we
would
have
to
create
four
different.
The
directories
into
the
repository
and
like
right,
documentation
about
how
to
deploy
separately
all
of
them
and
if
we
would
put
those
in
one
and
I'm
space,
we
could
just
you
know,
write
one
readme
file
with
deployment,
instructions
and
I,
don't
see
if
there's
like
any
and
you
need
to
have
separate
things
basis,
but
my
game
room.
A
A
A
And
there
is
like
a
next
topic
is
I
start
digging
a
little
bit
about
two
projects
which
I
see
in
the
issue
with
the
with
the
inventory
of
the
clusters
and
projects
right
now
and
I.
Don't
have
a
lot
of
knowledge
about
those,
and
these
are
cattle
and
greenhouse,
and
these
two
are
the
last
two,
not
counting
the
pro
and
you
and
the
pro
Bosco's,
the
first,
which
is
the
cattle
it
looks
like
it's.
It
should
be
easy
to
move
this.
C
Okay,
I
can
talk
about
Bethenny's
cattle
would
maybe
be
like
the
last
thing
I
tried
living
it
is.
It
is
very
brittle
and
very
creaky.
Nobody
has
touched
the
codebase
in
years
at
this
point
and
it
has
like
I
think
it's
up
to
a
500
gig
volume
for
reasons
that
nobody
has
taken
the
time
to
invest
a
factor.
Okay,
can
you
say
two
sentences
about
what
it
is
and
where
it
runs.
C
E
A
C
Relation
the
complicated
part
of
it
is
because
it's
so
creaky
there's
no
like
quick
and
easy
way
to
know
whether
or
not
it
works
a
complete
restart
of
kettled
to
get
it
up
and
running
again
takes
about
10
to
11
hours,
I'm
sure
somebody
who
knew
what
they
were
doing
capable
of
hacking.
The
codebase
could
maybe
bring
that
down.
But
again
it's
kind
of
been
a
lower
priority
thing
for
us.
E
A
Will
be
a
little
bit
more
into
the
code
and
I
will
try
to
understand
a
little
better
because
at
least
as
far
as
I
look
at
the
code
doesn't
didn't
work,
that's
hard
to
understand
at
least
Venus
famous
last
words,
my
friend
yeah
I,
know
I
know
because
of
that
I'm
not
suggesting
to
doing
it
right
now,
but
I
wanted
to
understand
it.
Okay,.
C
So
that's
cattle
greenhouse
is
a
homegrown
distributed
cache
for
basil.
So
it's
something
that
we
would
deploy
when
we
have
a
build
cluster.
So
it's
not
something
you
would
deploy
in
the
triple-a
cluster.
It's
something!
That's
slowly
there
to
service
crowd
jobs
running
in
a
a
prowl,
build
cluster
yeah.
C
Not
necessarily
so
like
I
was
trying
to
describe
last
week.
My
suggestion
would
be
that
we
we
first
focus
on
creating
just
a
build
cluster
basic
bare-bones,
build
cluster,
that's
capable
of
running
like
let's
say
some
of
the
image
builder
jobs
or
some
of
the
container
image
promoter,
jobs,
things
that
don't
have
to
spin
up
ETV
clusters
and
things
that
don't
use
basil.
C
As
I
say
it
actually,
I
think
the
image
builder
jobs
do
use
visible
and,
and
then
next
we
could
like
stand
up
greenhouse
and
try
running
jobs
that
use
basil
and
would
benefit
from
having
a
basil
cache.
And
next
we
can
stand
up
Bosco's
and
then
provision
a
bunch
of
projects
for
Bosco's
to
manage
so
that
we
can
start
running
ETV
jobs.
That's
they
end
up
clusters
in
those
projects.
C
C
C
C
G
You
try
that
so
one
reason
might
be
so
we
ran
into
that
with
the
backup
job
where
we
ran
into
quotas
that
resolves
it
in
others,
things
failing
and
that
in
my
mind,
could
be
happening.
Let's
say
the
trusted
thing
goes
out
of
hand,
built
wise
and
then
I,
don't
know
no
research
and
we
can't
get
another
one
up
because
of
quotas
and
right
make
our
actual
core
infrastructure,
not
work.
That
feels
like
a
case
that
might
actually
happening.
Yeah.
A
A
A
G
C
C
Okay,
I
will
take
an
AI
on
trying
to
have
up
plan
together
for
next
meeting.
This
is
kind
of
what
I
had
Hawk
said
last
meeting
and
then
some
things
happened
which
have
taken
up
my
time,
but
will
hopefully
give
me
a
lot
more
insight
into
you
exactly
what
prowl
needs
out
of
a
Google
Cloud
project
and
so
I'll
try
to
have
something
prepared
for
next
time.
A
I'm
Greg
and
the
last
topic
is
the
monitoring
for
delay.
We've
Scott
we've
started
discussing
a
little
bit
with
Scott
I,
suggested
Scott
to
take
initiative
and
suggest
some
things,
and
he
did
a
mentoring
a
little
bit.
Him
and
I
have
permissions
to
do
some
stuff.
So
we
want
to
have
some
proof
of
concept,
very
so
on
Scott
and
update.
H
No
I
got
you
the
configurations
you
can
apply,
so
we
can
try
that
soon
and
then
I
posted
in
the
slacker
about
any
kind
of
stack
driver
alerts
that
we
want
to
get
going.
I,
don't
think
I
got
any
replies
last
time,
I
checked,
but
yeah
are
there
specific
stock
driver
alerts
that
we
can
get
started
either
applying
are
either
defining
and
terraform
or
just
yeah
I
mean.
Are
there?
Is
it
just
like
standard
like
CPU
and
memory
usage
alerts
or
other
specific
kinds
of
alerts
that
the
group
would
like
to
see?
C
Yeah
I,
I
kind
of
agree
with
Michael
I
feel
like
starting
with
resources.
First,
without
understanding
what
a
normal
operational
workload
looks
like
could
lead
to
us
having
a
lot
of
noise.
I
come
from
the
school
of
thought
that
says.
If
you're
monitoring
an
application,
you
should
be
monitoring.
What
does
that
application
expect
it
to
be
doing
like
what
is?
A
E
Had
the
time
to
go
through
and
figure
out,
what
is
the
right
CPU
allocation
for
the
nginx
instances
that
are
running
Kate
said
I,
oh
I
know
it
doesn't
need
as
much
as
I've,
given
it
so
having
graphs
that
show
what
the
resource
usage
was
over.
An
extended
period
of
time
means
we
can
go
back
through
and
say
well
on,
average
is
less
than
a
half
a
course.
So
let's
give
it
a
half
sure.