►
From YouTube: Kubernetes WG K8s Infra - 2021-06-10
Description
A
God
on
the
cloud:
okay,
so
welcome
to
everyone.
This
is:
we
are
june
10.
This
is
getting
from
meetings.
I
will
be
your
host
today.
My
name
is
adam
mccam.
I
just
want
to
remind
you.
This
meeting
is
under
the
code
of
contact,
so
I'll
suggest
you
to
behave
on
your
have
a
good
behavior
and
if
you
have
any
issues
with
this
meeting,
you
can
reach
out
to
the
collaborative
community
at
code
contact
at
kubernetes.io.
B
The
only
two
action
items
I
know
I
put
on
the
meeting
agenda
notes
were
getting
the
recordings
for
the
last
two
meetings
uploaded,
which
I
did.
The
automation
that
automatically
uploads
this
to
kubernetes.io
or
to
the
kubernetes
youtube
channel
seems
to
be
broken.
I'm
working
with
contribex
to
see
if
we
just
need
to
consider
that
abandoned
or
if
we'll
ever
get
that
working
again
but
yeah.
B
I
think
arno
went
through
and
groomed
some
of
the
issues
related
to
kubernetes
kubernetes
ci
and
the
projects
that
that
uses
and
seeing
if
we
can
further
reduce
our
reliance
or
dependence
on
google.com
projects.
But
I
personally
am
not
prepared
to
talk
about
that
at
this
meeting.
Given
how
much
other
stuff
we
have
on
the
agenda.
A
A
A
B
Yeah
yeah,
I
would
imagine
we're
kind
of
getting
into
that
part
of
the
release
cycle
where
we're
gonna
start
to
see
more
ci
usage.
But
that's
about
all.
I
can
speak
to.
B
It's
true:
you
can
all
right
I'll,
stop
sharing
unless
there's
anything
else
and
back
to
you
or
no.
A
Okay,
so
to
before
we
continue
do
we
have
people
new
to
this
call
to
this
meeting.
I'm
sorry.
A
G
A
I
have
a
question
to
rehand
before
we
continue
you,
I
see
you
mentioned
shared
data
graph
and
cost
per
company.
Is
this
something
we
want
to
have
on
the
record.
H
I
J
This
is
a
design
doc
that
I'm
looking
to
put
under
review,
I'm
working
under
linus
at
google
and
I'm
particularly
interested
in
the
container
image
promoter
on
which
we're
looking
to
reduce,
build
maintenance
and
realistically
what
that
means
is
remove.
Bazel
and
one
of
the
reasons
we're
doing.
J
That
is
because
the
official
kubernetes
repository
got
together
and
decided
that
they
don't
need
to
build
systems
they're
just
going
to
rely
on
make,
and
I
have
a
bunch
of
details
on
that
background-
why
they
made
that
decision
and
why
we're
looking
to
do
that
in
the
cip
tool.
But
if
you're
interested
at
all
feel
free
to
click
on
the
link.
I
can
also
drop
it
in
this
chat
and
leave
any
comments
you
see
fit
because
I'm
looking
for
pretty
much
any
feedback.
B
I
guess
I
haven't
had
time
to
dig
too
deeply
into
it.
What
do
you
feel
is?
Where
do
you
feel
like
you
need?
I
guess
where
do
you
feel
like
you
need
the
most
feedback,
or
what
about
this
do
you
feel
is
hard
of
when
we
think
like.
Why
isn't
it
just
like
s,
basil,
slash,
make
or
slash
go.
J
Whatever
so
so,
there's
some
relying
infrastructure
not
to
go
too
deep,
but
we
have
a
few
end-to-end
tests
that
work
heavily
with
prow.
J
So
any
time
we
submit
pr
requests,
there
are
proud
jobs
that
run
these
end-to-end
tests
and
bazel's
used
in
these
end-to-end
tests
heavily
and
there's
actually
a
particular
function
that
bazel
uses
that
docker.
Doesn't
that
basically
relies
on
every
time
you
build
an
image.
The
image
digest
remains
the
same,
so
that's
something
that
docker
doesn't
do,
and
it's
not
supposed
to
do
that.
So
it's
a
little
hack
on
bazel's
part,
but
our
end-to-end
tests
rely
on
that
behavior.
J
K
Sorry,
I
guess
it's
also
worth
mentioning
that
tyler's
trying
to
get
started
implementing
this
stuff
pretty
soon
like
on
the
order
of,
in
a
couple
days
like
you're
trying
to
wrap
up
the
design.
So
if
there
are
comments,
please
do
look
today
or
tomorrow
at
the
latest,
so
that
he
can
get
started.
G
You're
not
talking
about
reproducible
builds
when
you
say
that
students
stay
the
same.
L
Used
to
who
is
that.
L
J
Interesting,
okay,
I
can
definitely
look
into
that.
It
seems
adding
an
extra
dependency
might
not
be
the
best
way
to
go
since
I
do
have
a
proposed
solution
that
will
just
use
docker
in
which
you
can
save
archives
of
the
images
and
then
load
them
as
you
need
them.
So
you
can
push
those
around
and
you
don't
actually
have
to
build
at
all,
but
I'll
also
take
a
look
at
calico.
J
Sweet
yeah,
so
any
other
questions
and
if
not,
you
can
always
reach
out
to
me
offline
or
just
leave
a
comment
on
the
design
doc.
A
G
Got
a
few
the
first
one
is
just
the
diagram
for
what
registry
dot
case
that
I
o
might
be
yeah.
Don't
need
to
spend
very
long
on
this
one,
but
it's
just
how
everything
would
connect.
G
G
B
B
Again-
and
I
don't
wanna-
I
don't
wanna
play
all
scope,
I'm
just
like
when
I
look
at
a
diagram
like
this.
I
want
to
expect
to
understand
two
use
cases
really
quickly,
one
as
a
user
of
kubernetes.
How
am
I
getting
my
artifacts,
so
I
can
stand
up
my
kubernetes
cluster,
two
as
a
kubernetes
contributor.
B
How
do
I
push
my
artifacts
to
this
infrastructure
and
so
for
me
I
don't
see
little
like
bigger
people
in
the
diagram,
so
I
don't
immediately
understand
what
that
sequence
of
events
looks
like,
but
I
am
a
simple
simple
man
who
likes
stick
figures.
G
Fair,
fair
thanks
for
the
feedback
here.
Thank
you.
Let's
move
on
from
that
one
I'll
revisit
that
the
next
thing
is
a
dock
on
becoming
a
mirror
for
registry.kits
today.
G
So
this
is
in
the
case
that
we
reach
out
to
vendors
and
say:
hey:
can
you
post
your
own,
transparent
proxy
or
something
like
that
of
whatever
sorry
if
they
if
they
can
host
their
own,
transparent
proxy
cage
of
kids?
The
registry
was
a
kids.gci,
the
io,
so
then
it
can
save
costs
and
then
it
just
goes
through
them.
First
part.
E
Of
this
came
from
a
conversation
with
dems
about
how
the
apache
foundation
works
and
they
have
a
requirements
doc
and
how
to
without
having
to
interact
with
the
organization
how
to
set
up
a
local
mirror,
and
so
we
took
some
of
that
and
brought
it
in,
and
this
is
just
a
work
in
progress
for
feedback.
Is
this
the
direction
you
want
to
go
versus
the
more
complex
options.
B
B
B
If
something
went
wrong,
we
haven't
dug
into
the
details
of
whether
our
architecture
is
going
to
be
resilient
to
failure
of
mirrors
or
poorly
behaved
mirrors,
but
we
definitely
need
I
don't
know
if
we
go
as
far
as
having
like
a
signed
contract
or
whatever,
but
I
would
expect
the
same
level
of
scrutiny
be
applied
to
somebody
participating
in
this
program
as
applied
to
people
participating
in
the
security
distributors.
B
Announce
list
where,
like
there
is
some
cutting
of
contact
information,
responsiveness,
things
of
that
nature.
B
B
I
don't
I
don't
quite
see
that
yet,
but
it's
me
you
know,
maybe
I
I
will
have
to
go.
Re-Read
this
really
clearly,
but
it
could
be
that
this
doesn't
really
necessarily
spell
that
out
either.
But
I
felt
like
when
we
were
talking
this
through
with
dimms
in
a
very
clear
picture
in
his
mind
of
some
of
the
like
process
and
contact,
information
and
stuff
we'll
want.
E
We'll
try
to
pull
some
more
of
that
in
and
also
swing
by
them
to
get
some
more
feedback
from
him.
Okay,
and
I
got
it
backwards.
This
is
the
more
complex
one
where
it
does
require
a
lot
of
the
interactions
with
the
the
person
using
it.
The
next
one
is.
The
alternative
that
was
also
pushed
by
them
is
how
to
set
up
a
local
mirror,
transparent
proxy
for
our
artifacts,
so
that
you're
not
hitting
it,
and
it
also
improves
the
use
locally
without
us
being
involved.
D
We,
I
think
we
need
to
be
careful
and
explicit
about
the
difference
there,
because
part
of
the
goal
here
is
to
retain
sort
of
the
authoritative
nature
of
what
is
the
official
release,
images
that
we
put
out
there
and
the
way
the
most
obvious
technical
manner,
for
that
is
to
say
that
when
you
fetch
the
the
shahs
for
your
blobs
right,
when
you
do
the
first
step
of
the
two-step
registry
protocol,
you
go
to
a
canonical
server.
That
will
give
you
the
known
good
shaws.
D
E
I
think
if
this
one
was
definitely
not
to
create
a
mirror,
but
just
to
create
a
cache
and
it's
the
the
go
back
to
the
one,
I'm
sorry
I'm
looking
at
the
w
comment,
not
this:
it's
not
becoming
a
mirror.
Blank.
We've
moved
on
to
the
next
topic,
the
setting
of
the
transparent
cache
and
full
of
that
that
list
there.
This
is
not
about
creating
a
mirror.
E
This
is
about
putting
a
solution
in
place,
possibly
in
cluster
or
or
possibly
in
data
center.
For
that
I
guess
it's
much.
It's
much
more
pushed
further
to
the
edge
and
sure,
even
if
they
we
do
do
something
complex.
This
is
this:
is
the
band-aid
that
anyone
can
use
right
now
to
offsload
stuff
got
you
and
it
felt
like
a
we
shouldn't
discuss.
This
is
a
first
step
and
then
ongoing
if
you're
experiencing
pain.
Here's.
E
D
Sure
that's
completely
fair.
Can
I
can
ask
a
question
about
the
the
diagram
or
the
idea
of
the
diagram.
It
had
a
some
decision
points
implied
in
the
diagram
or
stated
in
the
diagram
right.
Sorry,
the
first
diagram
can
you
make
it
a
little
bigger
yeah
there
we
go.
Thank
you
envoy,
envoy,
or
gowasm,
or
artifact
server
based
implementation,
sql
or
config
map.
I'm
interested
to
know
what
the
next
steps
are
in
resolving
those
open
questions.
D
E
E
Where
did
where
did
they
come
from,
and
where
do
you
want
to
send
them
where's,
the
302
rebreath
and
getting
that
data
to
decide
so
the
the
pr
that
brno
created
here?
If
we
want
to
pull
that
one
up
is
kind
of
the
end
like
this
is
where
he
was
where
caleb
was
talking
about
registry
workflow,
how
to
become
a
mirror.
Part
of
that
was
creating
a
pr,
and
let's
see
this
is.
E
And
this
is
this
is
just
a
sense,
so
maybe
not
this
one,
but
if
we
go
back
up
into
the
repo
yeah,
the
deciding
where
to
go
would
probably
be
based
on
the
asn's
in
this
and
then
adding
a
another
key
field
there
that
some
of
them
already
have
that's
not
valid
or
used
yet
maybe
use
amazon
because
amazon
we're
not
doing
anything
interesting
there,
but
amazon
has
their
list
of
asn's
and
a
where
to
302
redirect
in
the
future,
at
some
point
on
line
four
and
five,
two
kubernetes
dot,
east
or
four
part
three
equivalent
there
and
I
think
that's
a
this-
is
a
little
bit
like
it's
kind
of
sidestepping
brno's
pr
to
discuss
it.
E
But
this
is
that
tying
together
of
that,
where
what
asm
did
you
come
from
and
where
will
we
send
you
and
whatever
solution
we
have?
This
is
the
public
authority
on
that,
and
then
we
have
things
around
abused,
ips
or
stuff
where
we
do
blocks
or.
D
So
that
is
that
that
answer
the
answer's
part
of
my
question,
but
I'm
also
interested
in
the
the
sort
of
like
technical
design
of
even
if
we
assume
that
the
the
lookup
table
is
one
entry
which
is
default,
gcr.catestadio
or
kates.gcr.o.
How?
How
do
we
go
about
like?
What
is
our
decision
in
terms
of?
Are
we
going
to
deploy
some
go
code
that
we
wrote
ourselves?
Are
we
going
to
do
it
in
wasm
with
envoy?
What
are
the
trade-offs
there?
How
are
we
going
to
deploy
that?
D
How
are
we
going
to
scale
it
and
like
actually
just
activating
that
as
the
in
between
as
a
way
of
like
proving
that
we
can
actually
do
it
and
and
manage
it
and
start
the
load,
get
monitoring
and
alerting
set
up?
For
that
thing,
we
can
figure
out
the
asms
and
the
actual
mapping
table
in
parallel,
but
being
able
to
just
start
with.
We
are
moving
from
peopleaccesscates.gcr.io
and
they
instead
access
registry.kates.io,
that
one
extra
level
of
abstraction
and
then
once
we're
happy
with
that.
D
We
have
to
go
and
make
about
75
prs
against
all
of
our
different
repos
to
switch
them
over
to
use
this
new
name,
which
I've
done
once
and
I
don't
want
to
do
again.
But
but
I'll
do
it
if
we
have
to
right
and
so
like
that's
completely
independent
from
figuring
out
the
asn
map
of
the
internet,.
B
So
I
think
we
go
ahead.
I
want
to
jump
in
a
little
bit.
I
feel
I
forget
if
you
were
at
the
last
meeting,
but
I
felt
like
there
was
a
demonstration
of
some
of
the
specific
potential
implementations
that
we
could
use.
It
was
pretty
cool.
The
democrats
were
relatively
kind
to
caleb.
I
was
pulling.
B
We
need
checked
or
what
are
the
different
dimensions
that
we're
evaluating
these
implementations
against,
and
I
also
felt
like
we
were
lacking
a
lot
in
terms
of
how
are
we,
you
know,
planning
on
managing
the
relationships
with
like
what's
the
whole
process
around
registry
and
stuff.
So
I
want
to
make
sure
we're
not
giving
conflicting
advice.
I
don't
think
we
are
like,
I
think,
like
a
proven
produce
of
concept,
and
now
you,
you
just
identified
a
number
of
dimensions
against
which
we'd
want
to
evaluate
these.
D
Yes,
I
I
don't
think
we're
in
conflict,
I'm
going
to
go
out
on
a
limb
and
assert
that
we
will
figure
out
how
to
get
even
one
other
mirror
right,
even
if
only
amazon
stepped
up
as
the
only
other
mirror,
it
would
still
be
a
huge
win
for
the
project
so
like
I
certainly
will
figure
that
out.
D
D
I
don't
know
how
to
do
the
other
one
at
all,
but
maybe
the
other
one's
better
and
what
are
the
reasons
that
we
would
choose
it,
and
how
would
we
monitor
it
and
who
are
we
going
to
alert
on
it
and
how
are
we
going
to
scale
it
and
like
taking
it
and
and
working
out
the
the
effectively
the
pr
for
it
right
like
we
haven't
really
do
we
did
we
write
it
kept
for
this?
I
don't
think
we
did.
Did
we
like
if
we
were
writing
a
cap,
this
would
be
the
production,
readiness.
E
Review
there
wait,
I
think,
for
initially
we
piggybacked
on
top
of
another
cap.
That
was
part
of
the
release,
I
think
for
artifact
management,
and
it
was
discussed
in
here.
I
think
even
they
came,
but
if
it
feels
it
may
be
that
we
need
to
just
pull
this
out
and
have
its
own
cap,
I
will
champion
and
push
forward
with
that.
If
that's
our
call.
D
Yeah,
I
don't
have
a
strong
feeling
about
that.
I
mean
as
long
as
it's
documented
somewhere,
but
the
main
point
now
is
it's.
I
feel
like
it's
like
the
demos
and
the
I
didn't
see
the
proof
of
concept,
but
it
sounds
awesome.
Let's
start
pinning
down
some
of
the
some
of
the
decision
points.
D
Right
it's
down.
What
are
the
criteria
right
like
maintainability
is
clearly
one
of
the
top
criteria.
It
would
be
nice
if
there's
a
problem
with
the
service
that
anybody
on
this
call
could
pop
the
hood
and
go
fix
a
bug
right.
I
don't
know
anything
about
wasm,
honestly
other
than
the
idea
like
I
don't
know
how
to
go,
fix
a
bug
and
wasm.
How
would
I
go
look
that
up?
I
do
know
how
to
use
go
code.
I
don't
know
how
much
more
performant
the
wasm
would
be
than
the
go
code
you
know.
D
I
mean,
I
guess
that's
what
the
kep
would
be
right,
so
if,
if
we
were
to
start
off
a
separate
design
doc
for
this,
maybe
I
don't
know
if
we
really
do
sub
caps,
but
it
sort
of
feels
like
a
a
more
deep
dive
cap
on
one
specific
topic.
How
are
we
going
to
host
the
registry
mirror?
I
would
love
to
see
those
trade-offs.
E
The
enhancement
proposal,
the
support
of
the
other
one
by
having
the
the
infrastructure
underneath
it
I
think
it's.
It
would
be
a
bit
intense
to
include
all
of
the
technical
details
for
bringing
that
up
when
they're
interested
in
the
process
of
the
people-
and
we
are
too,
but
it's
a
different
audience.
A
So
we
can
basically
I've
been
talking
about
and
described
with
the
current
problem
we
want
to
address
and
the
possible
solution,
because
I
think
it
is
maybe
only
a
few
people
in
this
call
understand
what
we're
talking
about.
But
if
you
want
to
having
more
feedback
for
a
broader
audience,
it's
a
fairly
it's
better
to
have
a
designed
up
and
people
can
give
the
feedback.
I
think.
E
All
right
we'll
walk
away
with
an
action
item
to
attach
in
a
design
dock
to
the
existing
cab,
and
if
there
is
agreement
between
both
the
existing
folks
in
the
existing
cabinets
and
tear
it
off.
We'll
wait
until
that
point.
If
it's
necessary.
Okay,.
E
On
pr
that
was
what
we
were
kind
of
wanting
to
show
is
that
we
have
a
bunch
of
data.
E
If
we
pull
that
up,
you
can
actually
see
the
sql
query
for
that
within
a
data
structure
that
was
all
public
data,
there's
nothing
secret
sauce
there,
but
it's
it's
all
cobbled
together
and
not
terribly
lovely
and
that
there's
lots
of
missing
pieces
and-
and
some
of
this
is
to
identify
when
we
see
large
spikes,
some
of
us
to
identify
if
we
see
misconfigurations,
to
be
able
to
contact
the
right
people
when
there's
a
misbehaving
host
at
apache,
they
reach
out
to
the
owners
of
that
attempt
to
to
say
we're
going
to
block
you
in
about
a
month
or
two
or,
however
long
if
you
can't
rectify
this
or
point
them
to
how
to
set
up
a
local
cache
and
the
data
that
data
being
important
helps
us
to
do
many
things,
and
I
just
wanted
to
point
out.
E
O
Yeah,
I
just
I
want
to
make
sure
I'm
understanding
here,
so
we're
talking
in
the
sense
of
a
mirror
for
the
registry
is
that
I'm
put
on
my
employer
hat
for
a
second
is
that
a
we
provide
a
amazon
registry
for
the
release
team
to
publish
into
is
that
we
pull
the
images
somehow
because,
like
we
talked
about
last
time
like
I
have
the
green
light
to
get
that
work
started
on
our
end.
So
if
I
just
need
to
get
a
registry
together
or
what
can
we
do.
D
D
E
E
E
And
I'm
super
excited
to
look
forward
to
that
in
the
next
week
or
two
or
even
this
week.
Do
we
want
to
continue
that
now
or.
D
Need
it
right
now
the
short
answer
is
we
don't
have
an
answer
yet
right.
If,
if
we
went
as
far
as
doing
what
I
suggested
earlier
and
actually
standing
up
an
implementation
that
says,
you
know
for
all
ips
send
them
to
google.
We
could
then
pick
which
is
one
of
the
amazon,
asn's
and
say:
okay,
for
this
range,
oh
hell,
we
could
take
your
home
dsl
ip.
D
If
we
wanted
to
right
say
for
eddie's
ip
we're
going
to
send
him
to
the
amazon
server
and
let's
prove
that
that
works
right
and
then
we
can
start
to
build
up
the
monitoring
and
the
dashboarding
and
the
alerts
and
etc
from
there.
And
then
we
can
figure
out
what
is
the
protocol
by
which
we
mirror
right,
and
then
we
can
figure
out
what
does
it
mean
to
be
a
good
actor?
And
how
do
we
notify
you
if
your
mirror
is
misbehaving
right,
all
the
cool
stuff
that
dims
brought
up
last
time?
D
O
D
Not
me
not
not
me,
it
must
be
justin,
justin.
Sorry.
O
So
is
this
something
that
we
we
need
to
make
that
decision
like?
Does
this
live
in?
That
account
does
like
every
cloud
need
to
give
an
account
to
the
cncf
for
all
this
to
live.
Does
this
live
in
the
clouds
themselves.
D
This
is
a
great
question
right.
I,
on
the
one
hand,
I
love
the
idea
that
the
cloud
providers
give
money
to
spend
on
this,
so
that
when
we
do
the
billing
report,
we
can
look
at
the
billing
report
for
the
amazon
services
and
for
the
google
services
and
that
level
of
transparency,
I
think,
is
super
nice.
O
Yeah,
I'm
I'm
fully
behind
the
transparent
option
as
well.
So
that's
the
decision
that
we
we
need
to
make
those
decisions
right.
So,
yes,
design
document
is
good.
E
I
think
they're,
probably
we
could
look
at
having
the
because
it's
it's
it's
the
it's
that
who
takes
care
of
things
right
and
who,
and
example,
we
were
doing
with
google,
where
we
have
the
different
permissions
and
everything
there.
E
That's
a
that
is
an
extra
level
of
conversation
and
and
and
transparency
that
we
don't
have
yet
for
the
amazon
and
probably
since
we're
doing
this,
let's
make
sure
we
set
policies
going
forward-
and
I
think
part
of
that
is
tying
in
the
the
work
that
we've
done
here
to
pioneer
that
with
google
to
make
it
a
little
like
a
generic
process,
if
possible.
So
we
can
apply
it
to
other
projects
or
that
other
even
other
entities
that
are
not
cncf.
Slash.
D
Kubernetes-
and
it
may
end
up
that-
we
want
sort
of
a
bimodal
answer
where
the
big
cloud
providers
we
go
for
the
transparent
solutions,
because
it's
important
for
the
community
and
we
have
a
longer
tale
of
smaller
mirrors
that
people
could
volunteer
to
set
up
on
their
own
and
as
long
as
they
confirm
and
they
go
by
the
guidelines,
then
we're
not
gonna
like
hold
their
feet
to
the
fire,
particularly
I
don't
know,
but
that
can
be
longer
term.
B
I
was
just
gonna
throw
out
one
thing
that
can
be
done
now
to
help
us
move
in
the
direction
of
transparency.
Is
we
lack
any
kind
of
billing
report
for
that
aws
account?
As
far
as
I'm
aware,
when
we
go
through
how
much
money,
how
how
much
of
the
cncf's
credits
are
we
spending
on
the
project
right
now?
B
See
that
so
I
think
that
could
be
a
good
place
to
to
start.
O
B
I'm
in
the
same
boat,
but
I
think
it's
just
a
matter
of
like
yeah,
finding
somebody
who's
got
the
expertise
and
bandwidth
to
work
on
it
and
I'd
love
for
you
to
be
that
person
or
find
that
person
and
reaching
out
to
justin
sounds
like
a
great
place
to
start.
I
just
view
that,
as
like
setting
us
up
for
the
ability
to
brag
about
how
awesome
amazon
providing
credits
to
the
cncf
is
and
how
well
that's
and
effectively
that's
being
used.
E
I
imagine
that
over
the
next
couple
of
weeks,
I'll
try
to
connect
our
amazon,
friends
and
priyanka
and
get
some
of
the
exposure
there.
Just
that
those
conversations
are
happen.
E
A
H
Thank
you
for
that,
and
here
is
basically
what
we
did
is
in
the
coats
infra.
We
looked
earlier
at
the
asn,
so
we
got
the
yaml
files
for
specific
asn.
So
I
took
some
of
that
and
we
created
this.
So
basically
the
null
is
ips
that
is
not
married
to
asms.
Yet
we'll
speak
a
little
bit
about
that
process
is
not
as
easy
as
one
would
think.
So
those
are
we
are
still
working
on
then.
Basically,
this
is
three
big
ones
that
I've
got
so
the
laughing
lion
got.
The
lion's
share.
H
O
H
What
we've
done
is,
as
I
said,
we
keep
on
matching
and
I
did
we
did
some
additional
matching
of
after
we
spoken
so
so
it
slightly
changed
as
well.
That
way,
as
we
start
matching
our
face
ends,
and
now,
if
we
add
on
more
companies,
the
spread
would
probably
change,
but
so
that
was
just
an
alert.
Some.
H
Frame
is
for
the
last
from
april
9th
until.
H
Before
june
7.,
so
I
I
basically
use
all
the
logs
that
they
have
available.
I
looked
I
pulled
in
this
week
the
extra
day.
The
last
time
I
had
only
five
weeks
and
now
I've
pulled
in
the
rest.
This
week
the
trend
seems
to
be
much
the
same.
I
pulled
the
same
grass
that
the
same,
and
I
didn't
want
to
show.
H
N
H
H
H
E
And
as
far
as
I
can
tell
looking
at
the
data,
it's
primarily
images.
There
are
it's
a
lot
of
stuff,
so
some
of
it
doesn't
seem
to
fit
in
the
right
buckets,
but
I'd
say
primarily.
This
is
image
60.
Confident
in
that
statement,.
E
E
So
we
need
all
these
data
sources
are
via
proxy
and
the
actual
registries
themselves,
that
are
the
authority,
do
not
allow
redistribution
of
that
data.
Hence
all
these
other
projects
to
try
to
proxy
access
to
it.
E
So
I
I
asked
the
chairs
earlier
in
the
week
if
I
could
reach
out
to
legal
when
I
have-
and
so
I
I
don't
know
how
this
is
going
to
work
like
I
I
I
got
to
go
in
for
legal.
I've
got
to
answer
some
questions
from
legal
around
who,
who
the
things
should
be.
E
I'm
kind
of
feeling
that
it's
a
linux
foundation
knock
account
nearly
so
that
they
have
a
position
at
linux
foundation,
because
that's
the
organization
that
has
to
sign
the
thing
that
actually
grants
access
and
then
legally
the
linux
foundation
and
the
cncf
have
to
curate
that
data
in
a
way
that
we
don't
allow
arbitrary
queries
to
it,
though,
we
can
publish
data
based
on
that
as
long
as
it's
not
a
full
dump,
and
these
are
the
five
dumps
that
were
that
we,
the
the
regional
internet
registries,
that
would
give
us
absolute
correct
data
that
they
would.
E
We
could
update
on
a
minute
by
if
necessary,
but
it
is.
I
would
feel
super
confident
that
that
would
be
accurate
and
have
impact
for
us
to
make
decisions
beyond
this
group
beyond
the
cncf
kept
two
that
all
of
the
different
things
that
the
linux
foundation
supports.
C
If
you've
got
a
specific
one,
so
I've
gone
through
about
five
of
them
that
say
they're
at
scale.
They've
got
query
limits
that
I'm
not
going
to
be
doing
direct
traffic
look
up
for
them
and
even
between
them.
I
have
a
variation
of
the
one
gave
me
900
000,
if
I'm
pulling
directly
from
the
bgp
and
parsing
for
asm
to
ib,
and
then
one
that
is
like
the
industry
like
come
use
all
our
stuff.
When
I
looked
at
theirs,
they
had
like
400
000
matches
that
they
could
bring
up
after
the
end.
C
That
was
up
and
yeah
for
bearing
db.
So
so
just
there's
a
very
big
variation
in
what
the
providers
end
up
coming
up
with,
and
it
seems
like
going
back
to
the
registrars
and
following
their
databases,
because
all
of
them
have
database
setups
as
well.
So
I
mean
yes,
it
would
be
how
we
programmatically
use
that,
but
that
information.
E
That
we
can
think
of
it
this
way,
also
or
not,
and
particularly
to
answer
tim's
question:
how
do
we
decide
where
to
send
the
stuff
where
the?
Where
do
we
come
from?
Where
do
we
go
inside
of
this
routing
engine,
and-
and
some
of
that
is
how
to
figure
out
what
goes
in
those
decision
making
processes,
and
this
data
helps
us
to
to
figure
that
out
the
asns
and
the
ips
and
the
companies
it
does
help
with
the
logging
it
does
help
with
the
routing
it
helps
with
several
different
areas.
A
I
have
more
questions
about
this,
but
yeah
we
may
be
out
of
time
in
seven
minutes,
so
I
want
to
keep
up
with
a
different
subject
because
I
feel
like
I
know
there
are
basically
public
libraries
able
to
do
that
without
reach
out
to,
for
example,
erin.
A
C
I
would
love
to
catch
up
with
you.
My
asm
is
the
closest
library
I've.
Seen
to
that.
If
there's
more,
I
would
love
to
see
yeah.
That
would
be.
If
you
have
time
if
we
can
set-
or
I
mean
I
think
we
can
catch
up
because
I'd
love
to
see
any
additional
places,
I've
been
through
a
whole
a
few
of
them
now,
but
I'm
sure
there's
more
so
that
would
be
amazing.
C
B
I
think
sorry
I
didn't
raise
my
head.
I
was
just
gonna
say
I
think
I
understand
why
you
want
legal
to
be
involved
in
accessing
more
and
more
granular
asn
data-
that's
maybe
not
necessarily
public.
I
get
it
for
sure.
My
I
think,
maybe
putting
on
tim's
like
merge
and
iterate
heavy
hat.
Like
really
excited
about
this.
Let's
go
sort
of
thing.
I
would
want
to
understand
how
much
of
a
blocker
you
see
this
being
because
it
feels
like
it's
a
long
tail.
E
E
Maybe
we
don't
know
how
good
they
are
they're,
just
they're
as
good
as
we
can
with
what
we
have-
and
I
think
that's:
okay,
yes,
but
at
some
point,
I'd
love
to
feel
really
solid,
that
we
have
accurate
data
and
this
is
going
to
the
source
it
may
take
a
year.
I
don't
know,
but
it's
all
between
linux.
It's
not
it's!
No
extra
cycles
for
us
at
the
moment.
It's
linux
foundation
reaching
out
and
signing
these
things
and
eventually
giving
us
data
months
or
years
down
the
road.
A
B
Okay,
I
just
wanted
to
give
a
brief
update
on
like
what,
where
have
I
been?
What
have
I
been
doing?
I've
been
really
trying
to
put
in
a
bunch
of
work
on
improving
the
state
of
like
the
bash
in
our
infra
gcp
directory
and
better
auditing,
and
keeping
track
of
exactly
what
every
like
what
we're
doing
everywhere.
B
So
I
won't
walk
through
all
the
weeds,
but,
like
the
audit
pr
job
at
this
point
can
now
supports
dumping.
A
lot
more
information
about
all
of
our
gcs
buckets.
It
dumps
information
about
our
logs.
Our
monitoring
dashboards
are
pub
sub
subscriptions
and
topics,
organization
policies
and
a
number
of
other
things.
B
Almost
comfortable
at
this
point,
like
not
iterating
too
much
further
on
that
and
instead
looking
into
like,
should
we
be
using
cloud
asset
inventory
to
dump
a
similar
set
of
files,
or
is
there
something
else
we
could
be
using
cloud
asset
inventory,
for
example
like
lets
you
hook
up
to
a
pub
sub
topic
or
a
subscription
and
like
see
changes
as
they
happen.
It'd
be
cool
to
see
that
automatic,
like
I'm
just
trying
to
reduce
the
feedback
cycle.
So
I'll.
B
Just
call
out
that,
like
I'm,
seeing
a
lot
of
churn
happen
in
the
kate's
infra
sandbox
project
and
I'm
trying
to
call
it
all
out
when
I
see
it
because
I
don't
see
any
code
being
checked
in
that
makes
these
changes,
which
is
cool,
because
it's
a
sandbox
project
and
y'all
are
iterating
proof
of
concept
stuff.
But
as
we
get
to
the
point
where,
like
we
actually
think
about
standing
stuff
up,
I
want
to
make
sure
we're
kind
of
doing
things
in
the
agreed-upon
way.
B
So
there's
that
the
other
thing
I
spent
a
bunch
of
time
working
on
was
an
image
called
the
kate's
infra
image.
I've
linked
it
in
the
meeting
notes.
Basically,
all
of
our
ci
jobs
now
run
this
image
and
it's
got
binaries
for,
like
all
of
the
things
we
would
need
to
test
or
deploy
just
about
anything,
including
things
like
terraform,
open
policy,
agent,
conf,
test,
jq,
yq
ctl,
whatever
you
name
it,
so
I
think
I'll
open
up
an
issue
or
find
the
issue
about
like
so
what
it's
like.
B
What
is
it
going
to
take
to
make
us
comfortable
having
this
like,
deploy
more
things
on
posts
a
bit,
because
right
now
deploy
more
things
does
mean
like
deploy
bash,
but
I
feel
like
at
the
moment
I've
got
a
really
good
handle
on
what
our
bash
looks
like
and
and
it'll
fail
really
quickly
if
there
are
typos
or
accidents
rather
than
accidentally,
delete
things
or
accidentally
expose
privileges.
B
Finally,
I've
added
the
kubernetes
external
secrets
thing
that
arno
set
up
for
the
aaa
cluster.
I've
set
that
up
for
the
trusted,
proud
cluster
and
I'll
work
to
migrate.
B
The
token
that
the
audit
job
is
using
to
that,
and
I
think
with
that
in
place,
we
are
not
that
I
think
it's
totally
possible
to
create
jobs
that
automatically
deploy
apps
to
the
aaa
cluster,
including
secrets,
instead
of
having
to
find
the
right
humans
who
know
how
to
like
cloud
shell
in
and
then
manually,
deploy
stuff
and
whatnot.
A
Yeah,
okay,
with
that
accept
your
phone,
because
the
I
think
anyone
expect
anyone
walking
with
their
family
have
some
issue
at
the
first
summit,
because
sometimes
there
from
apply
can
give
you
back
an
error
coming
from
the
api,
and
you
didn't
see
it
in
the
chat
from
plan.
B
Yeah,
I
know
that's
the
that's.
The
fun
is
it's
like
I
mean
I
recognize
I
maybe
I'm
used
to
a
much
older
version
terraform,
but
I
still
have
a
very
healthy
distrust
of
letting
terraform
do
things
wildly.
I
feel
like
the
right
way
to
do
a
terraform-based
pipeline.
Is
you
get
something
that
can
create
a
plan
file
and
then
you
can
review
the
plan
file
and
then
see
that
get
applied,
but
I
don't
yet
have
experience
setting
something
like.
N
B
The
with
proud.
A
I'm
I
want
to
clarify
I'm
okay
with
everything
except
terror
from
at
the
person.
Okay,
and
we
can
do
everything
we
want
and
pre-summit
or
periodic,
but
at
first
summit
we
are
sometimes
you
can
have
some
very
bad
issue.
I
think
I
feel
like
jim
wants
to
give
an
advice.
F
Yeah,
all
I
was
gonna
say:
is
there
used
to
be
a
project
called
atlantis
that
did
that
kind
of
style
where
it
would
run
the
plan
and
update
the
pr
with
the
output
of
the
plan?
So
you
could
see
everything
that
company
did
get
acquired,
I
think
by
terraform
and
they
used
it
to
build
their
enterprise
offerings.
I
don't
know
the
status
of
that
project,
though.
A
A
B
Yeah
all
right,
I
totally
hear
you
for
yeah,
I
guess
I'll
say
I
felt
like
a
lot
of
the
the
the
image
stuff
is
to,
hopefully
let
us
iterate
a
little
faster
or
more
consistently.
The
audit
stuff
is
mainly
because
I
know
much
of
what
we
have
to
migrate
things
like
gubernator
and
triage
and
kettle
all
needed
things
like
bigquery
data
sets
and
permissions
and
whatnot,
and
I
know
that
the
ii
team
has
also
been
working
around
that
stuff
a
lot
and
have
had
permissions
issues
in
the
past.
A
A
Q
I
can
follow
this
on
on
slack
asynchronous
as
well,
but
this
is
just
a
good
news
about
opening
prs
to
reduce
image
size
right.
So
I
can,
I
can
go
through
it's
like,
but
mostly
we
could.
We
could
reduce
kubernetes
proxy
image,
30
percent
and
as
this
is
the
main
image,
it's
probably
going
to
have
a
huge
impact
on
on
the
on
the
budget.