►
From YouTube: Kubernetes WG K8s Infra - 2019-10-30
Description
Recording of bi-weekly Kubernetes Infrastructure Working Group (k8s-infra-wg) meeting which happened October 30 2019
A
A
C
C
A
A
You
could
actually
I
think
I
can
and
I
can
tell
about
the
error
back
rows,
because
I
created
some
initial
version
of
this
back
rows
and
I've
put
it
on
github
issue,
and
there
are
like
a
few
questions
which
I
also
put
a
discussion
later
I'm,
sending
the
link
for
the
one
second
four
hours
like
for
for
the
github
issue,
and
there
are
three
things
which
I
want
to
discuss.
One
thing
is:
if
these
resources
are
enough
to
the
user,
so
let
everybody
can
check
if
they
think
that
this
is
this.
A
This
this
resource
will
be
enough
for
the
user.
The
other
thing
is
what
we
are
missing,
I
feel
like
or
I.
Don't
have
enough
information
about
way
of
authorization
where
we
can
use
our
gmail
accounts
actually
to
authorize
ourselves
to
use
the
cluster,
because
I,
checked
and
I
didn't
have
access,
as
my
Google
account,
but
I
had
access,
as
just
as
a
cluster
name
inside
inside
the
terminal
of
disappea.
D
I
so
we've
set
up
the
cluster
as
a
private
cluster
and
we've
disabled
all
public
access
to
the
master,
which
means
that
anybody
who
wants
to
use
the
cluster
has
to
go
through
cloud
shell,
which
means
that
everybody
goes
to
cloud.
Shell
has
to
have
some
set
of
permissions
to
be
able
to
get
that
far.
That
is
an
excellent
point
which.
A
D
We
could
do
that
or
we
could
why
we
talk
about
UX
here
or
we
give
everybody
who's
in
one
of
these
administrative
groups,
the
ability
to
use
cloud
shell-
and
we
just
document
that
this
is
the
way
you
access
the
cluster,
and
you
know
it's.
It
is
cube
cuddle,
it's
not
actually
different
from
anything
else.
It
just
means
that
people
have
to
have
a
they
have
to
pop
up
in
a
browser
to
do
it.
Yeah.
A
A
E
D
D
Did
there's
some
debate
about
whether
it's
actually
valuable
enough
like
if
it
streamlines
the
UX
enough
right
now?
The
thinking
is
maybe
not
like.
It
changes,
one
step
which
is
submit
a
PR
to
pro,
with,
like
two
other
steps,
which
is
go
and
activate
this
GCB
account
and
go
make
this
linkage
so
substituting
one
for
two,
probably
isn't
the
the
right
trade-off
to
make
I
was
trying
to
streamline
UX.
It
doesn't
look
like
it's
gonna
get
any
more
streamlined,
so
I'm
gonna
dig
a
little
bit
more
or
I'm.
A
F
Hello,
so
I
posted
or
sorry
I
created
a
wiki
page
that
has
the
pretty
much
all
the
context.
The
two
main
items
around
this
area,
which
is
backups
and
already
I,
am
NOT
actively
working
on
it
right
now,
but
I
will
work
on
it
probably
later
this
week,
but
until
then
I,
hopefully
I
can
offload
more
like
context
to
other
people
who
are
interested
in
working
on
this
area.
D
A
D
A
I
have
no
updated
contacts
on
this
yeah
me
too
I
don't
know
there
is
no
different
themes,
I
conceived
in
sin,
so
let's
move
forward
and
you
there
will
be
Dean's.
We
can
go
back
to
this
topic.
The
only
thing
in
our
like
action
item
list
is
the
end-to-end
test
and
I
see
that
also
there
was
teams
who
need
to
be
there
to
tell
us
something
about
it.
So,
let's
move
forward
and
wait
for
games
about
it.
A
A
D
So
the
first
ones
are
the
ones
that
are
almost
across
the
finish
line.
So
we've
got
this
new
cluster
up.
We've
got
certain
manager
up
we're
working
to
make
sure
that
we
have
the
ability
to
access
control
it
and
once
that
work
which
part
is
doing,
but
other
people
are
free
to
participate
in
once
that
is
done,
then
we
can
open
the
gate
to
migrating
the
half
dozen
or
so
other
projects
to
run
in
that
cluster
and
for
each
of
those
projects.
D
We
need
a
team
of
people
who
are
going
to
sign
up
to
own
it
and
pay
attention
to
it
and
think
about
how
it
runs.
Hopefully,
most
of
these
are
low
requirement
roles
like
they're.
They
don't
take
alerts
very
often,
but
they
need
somebody
who
says
this
is
my
problem,
so
it's
really
getting
it
across
the
finish
line
right
now.
The
other
part
of
it
is
the
GCR
migration
which
Linus
is
here
representing
that's
one
of
the
largest
tasks
that
we
have
identified.
D
Getting
it
again,
a
classic
80/20
thing
getting
it
across
the
finish
line
is
the
hardest
part.
Once
it's
across
the
finish
line,
we
do
that
migration
and
then
hopefully
it's
not
very
high
impact
beyond
that,
then,
and
then
we
start
the
process
of
and
what
else.
So
now
we
have
targets
like
Bosco's,
which
is
a
project
rental
service
that
lets
tests,
get
projects
clean
them
and
use
them
for
running
CI,
the
overall
CI
systems,
the
prowl
stuff,
all
the
other
little
bits.
D
A
D
The
short
answer
is
no
but
kind
of
mostly
not
really
some
things
like
the
website,
which
we
run
on
net
liffe
iso
kubernetes,
that
io
runs
on
metal
affine,
that
is
CN,
CF,
owned
and
paid
for
and,
frankly,
I
don't
actually
know
who
gets
notified.
If
it
goes
down,
I
know
I
have
monitoring
of
it,
so
I
will
get
paged
if
it
goes
down,
I
don't
know.
Who
else
does
that?
It's
not
formalized
very
well.
Okay,
thank.
A
D
Can
I
add
one
more
just
just
for
the
for
the
sake
of
people
who
are
interested
in
what
else
is
going
on
in
the
infrastructure?
We
also
have
a
Google
G
suite
account,
which
is
community
as
CN
CF,
owned
and
paid
for,
and
that
is
run
by
mostly
steering
people.
The
steering
folks
have
access
administrator
access
to
our
G
suite
account,
and
there
was
one
more
thing
that
I
thought
was
interesting.
Now
all
our
github
stuff,
which
we
have
a
github
admins
team,
volunteer
team.
A
A
Another
question-
and
this
question
is
from
also
from
news:
is
there
like
a
delegation
model
present
for
privileges
I'm
asking
this?
For?
If
monitoring
standby
is
one
of
the
main
concerns,
we
should
enable
people
to
perform
specific
actions
or
see
specific
log
into
info
to
identify
in
identified
fix
an
issue.
D
Yes,
one
of
the
I
think
one
of
the
big
issues
that
we
have
right
now
is
because
we
haven't
had
a
diversity
of
owners
of
things.
It's
been
the
same
two
or
three
people
who
have
had
access
to
everything
or
who've
been
managing
everything.
It's
been
sort
of
informal.
We
have
through
the
commune
effort
here,
we've
been
really
pretty
good
and
rigorous
about
setting
up
Google
Groups,
which
are
governing
all
access.
A
Perfectly
the
last
question
from
muse
is
what
kind
of
knowledge
should
be
consumed?
First
to
speed
up
our
contribution
to
the
work
group
and
I?
Think
I
can
answer
this
question
because
I
for
the
onboarding
session
I
prepared
the
document
which,
where
I
spent
some
kind
of
amount
of
time
where
I
think
that
are
all
links
which
will
be
helpful
for
everybody
who
wants
to
start
as
quickly
as
possible.
There
is
around
like
a
twenty
links
and
what
I
did
when
I
started
almost
a
year
ago
here
was
to
watch
all
of
our.
A
A
Another
question
which
is
from
joy
and
as
a
new
contributor
to
this
project,
while
doing
any
work,
I
might
need
some
help,
questions
to
be
answered.
What
is
the
engagement
model
look
like
in
such
cases?
I?
Don't
think
we
have
something
planned.
So
what
I
would
suggest
is
to
use
our
slack
channel
as
the
first
place
and
if
it's
something
were
which
have
in
mind,
you
can
structure
it
or
you
can.
A
You
want
to
write.
It's
quite
more
informations
is
to
create
an
github
issue
and
then
pink
some
people
on
slack
to
discuss
it.
If
there
is
something
which
you
don't
know,
or
it's
really
hard
to
discuss
on
a
selection,
I'm,
open,
I'm
slack
and
you
have
my
email
address
in
these
documents-
feel
free
to
write
to
me.
I
can
help
you
to
point
the
people
who
could
help
you
if
I
will
have
no
lecture
if
I
want
I
will
just
ask
some
people
how
we
can
help
you
or
how
you
can
solve
the
problem.
Please.
A
D
With
that
and
if
I
can
add
to
that,
the
slack
channel
is
actually
the
right
place
because
it
has
the
most
people
who
are
available
at
most
hours
of
the
day.
You
know
Bart
is
often
on
Europe
time.
Dimms
is
on
East
Coast,
u.s.
time
I'm
on
West
Coast
u.s.
time.
So
we've
got
a
fair
coverage
of
current
time
zones
and
hopefully,
as
we
grow
more
people
more
contributors,
we
will
have
even
better
coverage
and
we'll
be
able
to
get
help
on
the
fly,
while
I'm
not
paying
attention
to
slack
every
minute
of
the
day.
D
A
And
another
question:
this
is
from
Alessandro
doing
it
special
token
access
to
work
with
the
infra
or
all
the
work
flow
is
managed
by
a
github
pro,
and
this
answer
to
this
question
I
think
that
we
partially
answered
before
discussing
about
the
AAA,
which
is
a
new
cluster
for
our
infrastructure.
We
are
working
on
that
and
part
of
all
these
roles
and
resources
which
will
be
available
for
users.
A
We're
trying
to
fix
you
guys
to
clear
user,
and
the
last
question
from
the
list
is
the
question
about
the
subgroups
where,
where
DNS
management
like
new
gates
that
IO
subdomains,
even
auditing
the
site
and
other
artifacts
fits
on
I,
don't
know.
Actually
we
can
I
think
that
we
have
the
the
document
which
we
are
working
about.
The
subgroups
about
this
idea
of
the
subgroups
is
still
it's
just
fresh,
so
you
can
suggest
the
places.
If
you
think
up
there,
there
is
there
is
something
missing.
A
G
How
the
genus
is
managed?
It's
currently,
basically
in
a
llamo
file
inside
the
Kate,
said
IO
repository
and
then
get
synced
by
octo
DNS
package,
basically,
but
that's
sort
of
manual.
So
we
have
different
stages.
We
have
a
stage
staging
stage,
basically
I,
which
then
gets
automatically
tested,
and
then
it
needs
to
be
reviewed
and
finally
approved
to
auto
deploy
sort
of
so
we're
still
in
the
process
of
figuring
out.
A
I
think
that
the
question
was
mostly
related
about
this
suburb.
I.
Do
you
know
the
subgroup
or
maybe
not
everybody
know
about
it,
because
there's
so
many
people
who
can
help?
We
thought
that
the
best
idea
to
to
get
everybody
to
start
hopping
is
to
divide
our
job
into
subgroups
with
the
mentors
and
the
people.
A
You
don't
amenities,
and
the
question
I
think
was
where
these
particular
three
things
fits
two
subgroups
and
the
answer
is
I,
don't
know,
but
we
definitely
can
discuss
it
and
I
think
that
the
asynchronous
discussion
about
it
is
is
really
really
great
on
github,
so
definitely
suggest
something
there.
So.
D
I'm
I'm
happy
to
sign
up
to
mentor
comment
or
the
DNS
subgroup
and
I
think
Michael
just
gave
really
great
State
on
where
we
are
there's
work
to
be
done
in
the
medium
term.
Once
we
have
the
cluster
really
turned
up,
we
want
to
fully
automate
the
what
we
currently
do
manually
and
then
over
the
long
term.
The
I
think
what
the
DNS
effort
is
merely
agree
to
understand
why
we
have
DNS
records
and
VD
approver
for
when
things
change
and.
A
That's
a
really
great
great
way
of
another
topic,
which
actually
is
that
topic
about
discussion
about
the
subgroups
team
suggested
few
subgroups.
But
this
is
not
the
the
like
end
list
and,
as
I
said
before,
we
have
like
in
the
next
two
weeks
for
talking
about
it
and
actually
I
want
before
the
next
session.
I
want
to
have
a
list
of
these
subgroups
with
mentors
to
start
actually
creating
these
subgroups
with
people
who
can
join
these
subgroups
at
the
next
session.
Is
there
somebody
who
can
have
some
suggestions
about
it?
A
B
I
This
is
I
think
we
were
talking
about
how
to
do
subgroups
and
storing
the
information
as
far
as
how
we
work
with
our
repo
one
of
the
things
I've
seen
us
do
in
the
other
Rusty's
donor
smiles.
So
you
have
the
people
who
are
kind
of
like
the
approvers,
and
so
those
are
the
people
who
have
the
deep
knowledge
to
say
yes
for
sure
for
sure
and
then
putting
the
people
who
are
red
stepping
up
to
be
entered
as
the
I
believe.
I
A
J
These
issues
requires
you
know,
synchronously
working
with
some
with
the
test
and
Bron
call
and
I
want
to
start
a
discussion
to
see
if
it
would
be
possible
to
publish
those
logs
somewhere
that
are
more
easily
accessible
for
folks
that
are
trying
to
figure
out.
You
know
and
troubleshoot
why
some
particular
test
runs
may
have
failed,
related
problems
like
these.
Yes,.
K
So
if
we
move
the
CI
cluster
to
the
community,
which
would
be
some
awesome
work
to
help
with
then
we'll
have
the
logs
right
now,
those
logs
are
because
it
runs
has
to
run
alongside
the
CI
workloads
they're
in
the
CI
cluster.
So
we
have
like
stackdriver
logging
for
this,
but
I.
Don't
think,
there's
a
super
great
way
to
like
take
that
and
like
like
republish
it
or
something.
J
K
J
K
Mean
so
the
projects
that
it
operates
a
fairly
easily
Bosco's
itself,
like
I,
said
it
needs
to
run
I
mean
so
the
way
that
we
control
access
to
this
is
just
that
it
runs
as
a
service
inside
the
CI
closer
and
there's
just
like
a
a
rest
endpoint
that
the
see
our
hoods
can
talk
to
so
I
think
the
way
that
it
is
designed
and
operated
currently
we'll
want
to
have
the
CI
cluster
move.
Okay,
that
that's.
D
K
L
K
K
A
A
K
So
I,
wouldn't
when
did
you
start?
It
I'm,
not
sure
where
it
is,
but
there's
there
not
really.
It's
really
separable
I
mean
inseparable
from
like
the
proud
services,
but
it's
not
really
separable
from
the
workloads
that
cluster
it's
kind
of
whole
point.
It's
a
service
for
the
workloads.
Bosco's
is
a
service
that
Reds
things
like
GCP
projects.
A
K
Think
I
addressed
that
it's
it
rinse
it
rinse
GCP
projects
AWS
projects
and
ensures
that
they're
kept
cleaned
up
after
things
are
done
with
them.
So
that
way
we
can
spin
up
into
in
test
clusters
and
like
when
we're
done
running
the
tests.
We
can
ensure
that
all
the
resources
are
deleted
and
ready
for
the
next
run
at.
K
D
Of
all
this
goes
back
to
the
other
conversation
about
me.
Oh
maybe
Bosco
should
be.
We
like,
as
a
community
on
project.
Maybe
Bosco's
should
be
evolved
to
more
dynamically,
create
and
destroy
projects
whole
projects,
as
opposed
to
trying
to
clean
them
up,
but
that's
a
separate
project
that
is
through
sync
testing
which,
by
the
way,
if
anybody
on
this
call
wants
to
get
involved
in
I
could
certainly
use
eyeballs
well,.
J
M
K
K
Well,
so
the
in
I
mean
they're
coming
at
it
from
the
perspective
of
they're
trying
to
ensure
that
they
locate
and
delete
everything
that
that
were
aware,
we
should
be
locating
and
deleting,
as
I
said,
there
is
not
a
single
unified
like
is
there
anything
there's
more
like?
Is
there
one
of
this
type
and
at
least
I
only
know,
but
I
also
only
really
know
about
this
from
the
GCP
site.
J
We've
done
a
lot
of
work
to
make
sure
that
we're
cleaning
things
up
that
we
create,
however,
I
think
some
of
the
resources
that
we're
running
into
are
ones
that,
were
we
weren't
doing
so
well
about
previously,
and
it
that
you
know
it's
very.
You
know
right
now
we're
at
the
point
where
we
need
to
start
investigating
kind
of
the
janitor
lives
to
see
you
know
kind
of.
K
J
C
J
K
So
I'm
going
to
say,
there's
things
we
do.
We
should
take
this
to
stick
testing
and
we
can
also
look
at
like
exposing
those
metrics.
If
that's
what
you
need,
we
should
look
at
if
we
can
just
expose
the
logs
from
the
current
infrastructure
and
a
better
way
and
then,
as
far
as
this
group,
we
should
look
towards.
Can
we
move
to
using
projects
that
are
under
the
CN
CF,
and
can
we
move
towards
moving
the
CI
so
that
you
can
generally
debug
the
CI?
K
J
D
K
Like
so
that
I
would
say
it's
probably
more
of
a
like.
We
should
go
talk
about
this
under
sig
testing,
because
it
because
on
this
it
workgroups
and
we'll
just
needs
like
maybe
the
storage
endpoint
or
something
we're
not
like
the
that
will
have
to
be
something
done
with
the
current
infrastructure.
Okay,.
M
There's
also
an
easy
thing
we
can
do,
which
is
like
the
way
these
were
previously
cleaned
up
was
that
we
would
clean
up
periodically
any
resources
that
had
existed
for
longer
than
some
threshold
of
time.
That
job
is
public.
You
can
see
a
logs
for
it,
it's
in
desperate
and
it
like
logs
or
it's
very
verbose
in
what
it
logs.
So
you
can
see
anything
that
is
leaked
and
if
it
determines
it
should
be
removed,
it
will
try
to
delete
it
and
if
it
fails,
it
will
log
long
error
messages.
A
Okay,
so
let's
I
think
that
the
next
topic
we
already
discussed,
which
is
like
these
Arabic
rows,
so
I'm
not
going
to
mention
it
anymore,
and
we
have
like
almost
more
than
15
minutes
about
other
discussions.
So
if
you
have
any
questions
which
were
not
asked
yet
or
want
to
suggest
something
to
discuss
something,
this
is
the
perfect
opportunity
to
do
so
know.
Anything.
D
Is
fair
game
so
there's
a
lot
of
new
people
here
and
I
will
be
the
first
to
admit
that
I
was
a
little
unprepared
for
the
swell
of
people
who
volunteered
to
help
out
so
I'd
say
we're,
maybe
underprepared
for
having
actionable
things.
But
if
people
have
questions
or
thoughts
or
suggestions
like,
please
feel
free.
D
K
D
K
L
A
That
that
one
of
the
goals
which
I
have
right
now
is
to
create
that
kind
of
document
session
as
a
single
source
of
truth
after
the
initial
like
the
work
of
the
subgroups.
So
if
we
will
know,
for
example,
what
was
done,
which
needs
to
be
done,
I
think
that
it
will
be
much
easier
to
then
to
create
like
it
will
combine
the
whole
efforts
in
one
place
and
then
to
look
at
least
what
what
is
the
design
of
that
everything.
B
D
K
G
Oh
and
I
we're
discussing
a
bit
about
policies.
So
currently
it's
mainly
getting
a
suggestion
and
then
trying
to
get
time
from
dim.
Sir
came
to
finally
do
decision,
which
is
firstly
not
document
it
and,
secondly,
really
draining
on
basically
the
time
from
Tim
and
Seth.
So
we
were
thinking
about
running
down
or
starting
to
write
down
the
different
policies.
G
Even
if
it's
just
a
suggestion
like
how
would
it
work
from
a
community
perspective,
such
as
when
is
a
DNS
change,
actually
going
to
be
in
case
today,
for
example,
what
Tunis
is
actually
going
to
be
in
there
and
then
going
from
that?
Which
clusters
are
we
trying
to
run?
Do
we
have
a
highly
secure
cluster
to
have
a
utility
cluster
that
is
more
open
and
more
open
to
run
non
project,
white
utilities
or
something
like
that?
And
then
what
runs
in
which
cluster
like
that?
G
We
have
a
policy
defined
where,
instead
of
going
to
a
specific
version,
we
can
say.
Ok,
we
have
a
group
of
people
and
they
can
always
reference
a
specific
dock
and
as
far
as
I
know,
we
don't
have
anything
so
I
wanted
to
get
that
started
and
especially
because
it
might
be
interesting
to
get
input
from
like
the
community
at
large
and
I
added
a
few
questions.
G
So
basically
the
main
things
would
be
DNS
changes
allowed,
which
are
the
different
clusters,
a
higher
security
cluster,
for
something
like
the
promoter
or
something
where
not,
everybody
needs
access
and
most
likely
no
one
should
have
access,
because
it's
such
a
sensitive
topic
that
yeah
that
the
risk
of
exposing
that
might
be
too
high
and
that
we
have
a
utility
cluster
that
allows
a
lot
more
wiggle
room
in
terms
of
who
has
access
its
might
just
be
scoped
via
our
back
into
different
namespaces
and
then
to
each
cluster.
What
runs
in
there?
G
D
I
think
those
are
great,
there
are
say
at
least
three
categories
of
policy
that
you
talked
about
and
they
all
need
individual
documentation,
but
I
think
that's
fantastic.
I
definitely
want
to
get
myself
out
of
the
loop
as
much
as
I
can
so
that
people
can
do
things
and
make
decisions
without
me
having
to
block
him.
The
security
question
I
think
we
don't
have
to
cross
quite
yet
because
for
now
the
promoters
still
running
in
prowl
so
or
rather
for
now
it
is
in
prowl
and
prowl
is
in
Google
space
until
prowl
moves
over.
D
We
don't
really
have
to
cross
that
DNS
is
a
fairly
obvious
one
and
I
forgot
the
third
one
that
I
had
to
called
out.
But
yes,
there
are
Oh
sings,
I,
think
that's
a
great
one
that
we
have
never
written
down.
Right
like
we
want
this
infrastructure
to
be
available
to
SIG's
and
I.
Don't
really
want
to
micromanage
what
SIG's
and
some
projects
are
doing
with
their
resources,
so
yeah
getting
policies
right
now
we
would
be
awesome.
I
appreciate
your
efforts.
There
also.
G
To
that
specific
thing,
so
one
thing
that
might
be
the
first
step,
especially
because
we're
already
in
the
in
the
vicinity
of
discussing
is
the
promoter
because
of
something
new.
So
a
policy
written
down
might
reflect
the
current
thoughts
and
we
can
like
the
policy,
can
influence
what
the
promoter
does
and
what
filter.
So
what
is
the
policy
and
that
such
thing
that
kept
on
coming
up
anyway?
What's
the
policy
on
mirroring
things
into
communities
such
as
Cardenas,
which
is
currently
just
being
pulled
in
externally?
G
That
would
be
one
solution
and
the
other
one
is
keep
on
going
like.
We
do
we're
just
basically
just
reference,
extol
images
and
then
hope
for
the
best
and
with
the
first
suggestion
of
we
actually
taken
control
more
the
question
is,
or
the
policy
is
or
should
we
discuss?
What
is
the
hurdle
of
getting
a
staging
repo
and
getting
something
into
a
staging
Reaper?
Is
this
something
that
is
used?
Is
it
something
that's
essential
like
or
deem
as
versus
I?
Don't
know
like
a
small
running
tool
or
something.
D
A
E
E
D
G
Suggestions
so
I
was
trying
to
get
because
writing
a
policy
without
actually
doing
the
this.
The
the
workflow
is
always
sort
of
weird,
so
I
was
trying
to
get
some
of
the
workflows
down
first
and
then
distill
it
policy
from
that
so
happy
to
do
that
and
open
a
general
like
midday
issue
as
well.
So
what
are
the
things
that
will
help
I
think
I.
G
H
D
A
For
me
and
as
I
said,
feel
free
to
ask
questions
on
slack
and
being
me
myself
personally,
if
you
want
I
would
try
to
my
best
to
help
if
anything-
and
there
is
no
like
a
bad
questions.
Everybody's
welcome
so
I
think
that
is
a
good
time
to
finish
our
this
meeting
and
I'm
very
grateful
for
you,
happy
Hucker
for
doing
hangouts
and
I'm
again
really
have
really
glad
to
see
all
of
you
here
and
see
you
in
two
weeks.