►
From YouTube: Kubernetes SIG K8s Infra - 20220608
Description
A
A
Anyone
can
start.
Let
me
share
my
screen
quickly.
A
B
Hi
there
I'm
mohammad
I'm
I'm
new
around
here,
but
are
now
done,
I
think,
was
it
rob.
I
keep
on
I'm
interested
in
some
of
the
work
that's
happening
in
68
so
far,
so
here
it's
help
out.
A
A
A
A
A
A
We
basically
all
the
the
app
stream
and
downstream
distribution
will
now
use
that
endpoint,
which
means
we
need
to
pay
for
processing
of
all
the
requests
going
through,
which
you
see
get
subtitle.
A
D
So
so
justin
I'm
kind
of
new
to
looking
at
the
at
the
bills,
and
so
so
what
do
we
want
to
capture
in
the
minutes
on
on
this?
No.
A
Nothing
there's
nothing
special
about
about
what
I'm
saying
here.
It's
just
the.
A
We've
been
seeing
for
like
for
like
a
month
for
like
a
year.
If
I
want
to
be
honest,
we.
A
D
A
C
A
Yeah,
but
I
think,
there's
a
there's,
an
effort
to
basically
remove
or
fix
all
the
permafrailing
tests.
I
check
recently
the
failure,
the
failure
file
for
that
I
see
some
jobs
gone
and
I'm
happy
about
that.
So
I
hope
we
have
that
a4
improving
over
time,
so
we
basically
have
just
one
two:
three
we
have.
We
have,
I
think,
job
failing
less
than
90
days.
C
Yeah,
I
I
think
that's
still
not
going
to
make
a
substantial
dent,
though,
because
those
are
just
the
most
egregious
jobs
that
don't
even
work
and
immediately
fail
and
produce
no
results.
Yeah,
there's
lots
of
other
things
that
are
like
cut
and
paste
ci
that
run
more
or
less
the
same
thing,
but
slightly
different
set
of
tests
or
something
that
aren't
necessarily
being
monitored.
That
will
still
mostly
pass
without
being
touched
because,
like
we
have
some
automated
maintenance
of
the
ci
config.
A
C
I'm
saying
that,
even
if
humans
aren't
putting
effort
into
keeping
like
if
I
stand
up
a
ci
job
for
like
run,
kubernetes
e2e
tests
but
with
json
logging
enabled
there's
a
very
good
chance
that
will
get
carried
forward
to
all
future
releases.
So
as
we
get
more
release
branches,
since
that
release,
we'll
have
more
branches
that
are
running
it
and
the
automation
will
handle
things
like
making
sure
it's
using
a
current
image
and
being
forked
per
release
and
so
on.
C
So
it
will
kind
of
just
automatically
get
carried
forward
and
because
there
is
a
lot
of
overlap
in
how
ci
is
run.
If
we
wanna,
you
know,
break
how
e2e
tests
are
run,
then
you
need
to
go
patch
all
the
ci
running
e2e
tests,
without
necessarily
caring
about
the
individual
jobs.
So
there's
a
pretty
there's
a
there's.
A
lot
of
ci
like
that,
where
just
because
it
isn't
perma
failing,
doesn't
mean
that
anyone's
using
the
signal,
and
I
would
still
expect
like
usage
to
only
grow
right.
C
D
C
Right
yeah,
I
think
that
previously
the
sig
has
talked
about
doing
that
sort
of
thing
like
after
we
finish
migrating
depending
on
funding,
goes,
I
kind
of
suspect
we
might
have
to
start
having
that
kind
of
harder
conversation
sooner
even.
A
C
C
I
think
it's
a
can
of
worms
we'll
discuss
at
some
point,
but
you
know
this
isn't
on
the
agenda.
So
when
we're
talking
about
like
oh
the
you
know,
the
resources
are
going
up,
it's
like
yeah,
they
are
and
they
will
and
yeah.
D
F
No,
I
want
to
talk
about
it.
The
first
one
is
great.
The
s3
buckets
afford
aws
regions.
I
think
the
only
thing
outstanding
is
for
some
of
the.
I
am
roles
which
jay
pipes
is
working
on.
He
said
he
would
have
been
already
by
the
meeting,
which
I
assume
is
probably
just
caught
up
in
something
else.
So
I
think
that's
the
only
thing
that's
outstanding
for
us
to
to
be
able
to
use
the
the
buckets.
F
A
F
F
There
is
a
list,
but
the
list
is
in
the
issues.
If
you
say
I
get
a
full
list,
yeah
it's
up
in
the
issue
at
the
second
comment
in
the
issue.
No.
C
C
Everything
else
is
pretty
much
in
place.
We
have
pretty
solid
testing
and
so
on.
A
A
D
A
Depend
of
the
usage
we
want
to
do
because,
basically,
I
want
to
say
both
for
the
simple
reason
that
those
books
are
going
to
be
used
during
the
release
process
and
the
release
process
need
human
interaction
and
use
because
we
use
we
have
a
human
interaction
during
the
release.
Process
is
not
interesting
to
our
vocal
identity
or
fetish
confidation
of
identity
between
gcp
and
aws.
B
A
B
If
you
are
using
aws,
I'm
guessing
someone
went
and
sorted
out
idols
organizations
and
sso
to
at
least
kubernetes
iot
suite,
so
that
the
right
people
can
make
the
right
way
to
where
they
need
to
go.
C
C
It'll
be
used
in
gcp
or
not
right.
Now
we
need
any
way
possible,
get
some
buckets
live
that
have
most
of
the
current
images
and
as
long
as
they
have
you
know
the
bulk
of
it,
we
can
shift
a
lot
of
traffic
and
circle
back
to
the
ongoing
sync
for
the
ongoing
sync.
I
think
we're
still
looking
at
doing
the
image
promoter
and
adolfo
can
maybe
remind
us
if
that
is
running
in
kubernetes
pro
or,
if
that's
actually
in
cloud
build.
A
A
A
B
Yeah
so
yeah,
that's
right,
so
the
issue
307
is
for
kubernetes
workloads,
doing
things
in
aws,
which
is
going
to
happen
at
some
point
for
humans
doing
things
they
do
this.
I
think
that
was
a
separate
work
that
somebody
else
was
working
on.
This
is
what
you
need
for
pro
anyway,
so.
C
A
C
A
B
A
C
E
Okay,
so
I'm
just
I
have
a
one
question:
can
you
not
federate
the
the
workload
identity
inside
of
a
cluster
all
the
way
to
the
aws
identity,
like,
like
I
mean
just
using
federation
of
idc,
just
as
in
I
mean
just
in
the
same
way
that
you
can
take
the
identity
of
the
service
account
in
gcp?
Just
do
the
same
for
aws.
A
A
So
we
don't
know
what
the
structure
will
look
like
inside
cncf
aws
organization,
and
because
of
that
I
can
say,
let's
go
with
oigc
right
now
and
try
to
figure
out
things
because
there's
a
lot
of
I
know
on
the
aws
side.
So
what
I'm
trying
to
do
here
is
basically
do
a
manual
basically
having
a
aws
iom
user,
with
access
skin
secret
k.
Put
that
inside
gcp
in
secret
manager
and
use
that
for
manual
open.
I
mean
at
the
beginning
and
later
we
can
talk
about
workload,
identity.
A
Yeah
I
understand,
but
I'm
like,
like
I
say,
there's
still
a
lot
of
things
to
do
on
the
cncf
side
and
we
don't
have
access
to
that
problem.
So
we
need
to
trust,
hi,
folks
and
caleb
and
jay
to
work
on
that
finish,
the
work
and
tell
us:
oh,
we
are
ready
to
use
workload,
identity,
pushing
gcp
and
they
do
yes,
but.
A
There
we
there
there
was
some
change
at
some
point
during
the
conversation
we
had.
So
that's
what
I'm
saying
between
the
moment.
We
talked
about
it
and
now
there
was
some
changes
and
some
and
no
and
no
problem,
not
only
the
program
problem
related
to
how
we
want
to
operate.
B
Yeah,
so
I
would
say
sort
that
I
need
to
bootstrap
the
edwards
organization,
get
all
the
accounts
created
and
all
that
stuff.
So
yeah,
all
that's
ready
and
you've
already
worked
out
how
humans
access
that
account.
You
then
bootstrap
it,
and
then
you
let
the
issue
all
the
stuff
on
this
page
then
magically
works.
B
D
A
A
The
one
thing
we
need
right
now
is
basically
have
a
user
access
to
a
user,
basically
have
the
access
here
in
the
security
for
that
user,
and
we
basically
push
blobs
on
the
container
image
to
those
production
brackets,
because
I'm
assuming
the
production
bucket
I
create,
we
just
need
to
push
the
blobs
and
those
buckets
I'm
not
supposed
to
move
so
access.
This
is
all
the
conversation
about
is
about
security
access
right
now,
so
we
can
change
that
over
time,
yeah.
A
So,
in
the
meantime,
we
can
begin
with
just
a
simple
authentication
using
assets
key
and
secret
key
and
later
talk
about
oidc
integration
with
gcp
and
move
forward
by
saying,
okay,
we
we
flip
for
am
user
to
workload,
identity.
It's
not
change,
nothing
change
during
the
release
process
or
everything
we're
doing
it's
just
one
step.
We
change.
We
change
the
way
we
we
authenticate
to
the
bucket.
That's
why
changing,
but
the
bucket
will
exist.
We
need
to
push
them.
Yeah
ben!
You
have
a
question.
G
For
a
while,
okay
eddie
speak,
oh
no,
I
was
just
gonna
say
anything
that
we
need
in
terms
of
account
access.
We
have
right
like
I
folks
are
admins
on
the
account,
so
we
can
hop
in
there
and
then
I'm
pretty
sure
we
can
use
the
aws
federation
stuff
to
federate
from
a
google
group
and
then
through
gcp
and
then
into
aws.
So
all
that
should
work
pretty
simple.
A
I
I
don't,
I
don't
say
it's
a
blogger,
it's
about
it's
about
progress.
It's
about.
We
can
do
everything
at
once,
because
we
are.
We
are
in
the
staff
for
all
of
this.
So
right
now
I'm
trying
to
be
to
progress.
So
we
don't.
We
are
not
blocked
by
something
not
required,
because
oracle
identity
is
not
a
requirement
to
make
progress
about
this.
A
I
don't
for
you
are
your
question.
You
are
your
end
race.
E
E
We
should
probably
establish
some
well
build
process
and
some
documentation
and
define
who
has
access,
and
all
of
that
is
all
work
and
well,
we
may
yolo
some
of
that
stuff,
I
mean,
wouldn't
the
human
effort
be
spent
better
in
handling
building
the
workload
identity?
I.
C
Think
we're
actually
really
overthinking
this
and
and
overestimating
the
security
concern,
while
not
making
progress
on
the
cost.
The
the
the
way
that
we've
structured,
the
redirector
here.
The
only
thing
we're
serving
are
content
address,
blobs
so
worst
case
for
access
to
the
bucket
is
some
kind
of
denial
of
service,
and
even
if
that
happened,
then
we
just
revert
to
not
redirecting
aws
users
to
the
to
the
bucket.
C
C
If
you
somehow
manage
to
hijack
the
bucket
contents
and
either
write
garbage
or
delete
things,
that
is
also
something
that
we
can
very
easily
very
quickly
mitigate
by
just
shipping,
an
update
to
the
redirector
to
like
stop
redirecting
to
that
bucket.
C
A
A
C
A
D
Yeah,
so
so
that's
what
I
that's,
what
I
want
to
get
the
the
the
next
best
step.
I
know
yeah,
so
so
so
so
the
next
best
step
here
is
is
a
a
clarification
of
what
the
current
policy
is.
Make
that
available
to
the
to
the
rest
of
the
community
and
move
forward
from
there.
E
D
D
Yeah
yeah
so
yeah
we
will
commit
to
getting
that
sorted
out
in
terms
of
access
to
people
who
have
that
information.
We're
talking
caleb
and
jay.
Is
that
correct.
A
D
A
Yeah,
that's
that's.
There
is
basically
I
mean
just
to
update
robert
there's,
like
you
know,
there's
a
repo
where
we
basically
calibrate
you
been
working
for,
I
think
it's
the
organization,
the
github
organization
is
sincere
and
fra
and
the
repo
is,
I
don't
remember
the
name.
D
A
D
A
E
E
A
We
are
to
the
point
we
need
to
push
the
blobs
to
the
bucket
for
production
and
we
can
basically
basically
make
progress
on
oci,
proxy,
okay,.
D
So
so
it's
access
off
mechanism
and
the
rest
yep
yeah.
Okay.
I
got
that
so
so
yeah,
so
so
rihanna.
I
I
can
chase
up
on
that
and
I
I
can.
I
can
yeah
yeah
I'll
take
that.
A
Okay,
so
I
think
we
can
move
forward
with
the
next
subject.
Rian,
the
second
subject:
it's
you.
F
Right,
yes,
I
just
added
it
to
the
agenda.
So
it's
a
discussion
here
as
well.
I
assume
everybody
saw
it
was
added
by
dims
to
the
mailing
list
and
he
basically
just
created
the
main
english
report
say
this
drive
traffic
in
125.
So
I
thought
I'd
just
add
that
as
let's
be
aware
them
cited
that
and
just
have
it
on
the
agenda
as.
A
Okay,
any
any
question
about
this.
Basically,
it's
it's
the
dim
sun
email
last
sunday
about
shifting
from
kgc
dot
io
to
hd
kids,
dot
io.
E
I
have
one
so
just
I
wonder
if
someone
has
identified
what
would
be
the
the
best
clients
to
jump
in
and
modify
the
the
registry
address.
I
spoke
with
james
and
he
told
me
that
kaiops
is
one
of
the
prime
candidates,
but
are
there
any
other
that
that
you
think
that
would
be
like
a
good
candidate
to
update
and
then
so
that
we,
even
if
people
responsible
projects,
are
not
doing
the
job
right
now
we
can
just
jump
in
and
start
moving.
The
register
yeah.
C
We've
been
strategizing
this
for
a
while
chaos.
I
believe
we've
already
moved
and
that's
like
the
top
one
but
cube
spray
comes
to
mind
is
another
project
in
the
repo
and
I
think
cluster
api
provider
aws.
I
mean
from
our
point
of
view.
Actually
the
main
thing
that
we
need
to
move
is
whatever
we
expect
might
be
used
on
aws
everywhere
else.
A
So
we
identify
that
cops
is
the
ma,
the
most
biggest
user
for
those
endpoints,
and
we
make
that
change.
So
the
future
release
of
cops
will
use
rationing
kits
at
io,
but
we
don't
know
other
installer
or
custom
registration
using
aws.
I
I
made
the
chain
for
one
container
running
time
cryo.
So
next
version
of
cry
will
use
this
registry
case
scenario,
but
it's
difficult
to
identify
all
the
tools
or
installer
using
those
endpoints,
especially
on
aws.
A
So
I
I
think
the
I
think
the
we
just
need
to
carry
team's
world
on
basic
saying
telling
to
everyone
that
oh,
we
need
to
up.
You
need
to
update
that
endpoint.
So
I
also
talked
to
the
marketing
team
about
this.
I
need
to
go
back
on
them
on
about
specific
subject,
and
my
next
point
talk
about
this.
So.
C
We
also
have
some
ai's
from
from
dims's
main
pr
that
changed
that
around
making
sure
that
we
have
some
kind
of
dedicated,
alerting
and
making
sure
that
the
production
one
is
like
fully
source
controlled.
A
Yeah,
I'm
gonna
work
on
that
in
the
next
week,
but
I'm
not
sure
this
is
directly
related
to
just.
C
D
A
Basically,
we
we
do.
We
we
we,
oh
I'm
gonna,
say
that.
D
A
A
D
Okay,
so
so
yes,
this
is,
this
is
the
the
this
is
the
call
from
if
I
just
look
above
this
is
the
call
and
please
drive
traffic
to
registry.kids,
yeah,
okay,
so
so
yeah.
Okay,
so
is:
is
there
an
action
here
in
in
terms
of
driving
that
or
is
there?
Is
there
calms
that
we
need
to
push
out.
A
A
Yeah
close
april,
I
started
to
make
the
switch
recently.
All
the
other
open
suspension
also
start
to
make
the
switch.
I
I
will
try
to
go
to
controller
g
meetings
to
talk
about
this.
They
have
meetings
tomorrow
tomorrow
morning.
My
time
zone,
I
think,
is:
I
need
to
check
the
timeline
trying
to
open
the
pull
request
against
controller
t
ripple
and
try
to
get
that
merge
for
continuity,
one
one,
seven!
A
D
So
so
so
so
to
be
clear,
then
are
we
going
to?
Are
we
going
to
leverage
the
comms
team
to
push
this
message
out?
Yep.
A
F
Just
a
question
about
redirecting
now
and
getting
that
in
on
125
yeah.
Are
we
going
to
try
and
get
back
14
for
other
releases,
or
are
we
going
to
grow
into
this
over
the
next
three
four
releases
and.
A
C
If
you're
doing
things
like
restricting
what
images
are
allowed
to
be
pulled
in
your
environment
or
things
like
firewalling,
dns
filtering,
whatever,
there's
lots
of
ways
that
advanced
end
users
may
have
to
update
their
environment
to
accept
this.
So
it's
not
something
that
we
can
easily
convince.
F
C
F
A
A
So
my
because
basically
the
next
item
is
me,
so
it's
really
to
the
conversation
we
had
earlier
is
basically
sick
controversy
as
to
give
an
update
about
which
is
two
cases
of
io.
So
I'm
not
sure
I
can
be
there.
So
I
would
like
ben
teams
ben
all
teams,
giving
an
update
next
week
during
the
monthly
community
communities
community
meeting
about
this
and
trying
to
basically
extend
the
world
around
that.
C
A
C
I'll
follow
up
with
you
offline
to
just
ask
a
question
about
context.
A
A
C
I'll
I'll
follow
with
you
in
tim's,
after
the
call
okay.
A
A
Open
yeah
deadline
is
july,
something
around
july.
I
basically
hope
to
submit
a
an
application
for
that
and
basically
domain.
The
main
update
about
this
will
be
the
work
we're
doing
about
this.
A
I
will
try
to
follow
up
with.
If
I
can
make
it
to
teacher,
I
would
try
to
follow
up
with
someone,
because
I'm
not
sure
I'm
going
to
be
trying.
That's
a
pro.
G
C
Okay,
I'm
also
going
to
be
doing
this
for
sick
testing
and
then
figuring
out
like
who
wants
to
field
it.
We
have
a
thread.
I
would
be
interested
in
your
template.
Eddie.
It's
been
a
long
time.
C
C
A
Okay,
we
have
20
minutes
left
to
cover
two
subjects,
so
my
next
subject
is:
I
always
switch
one
of
the
two
monthly
meetings
we
have
to
make
that
one
to
make
one
friendly
for
people
in
europe
and
some
specific
specific
sony
in
asia,
because
I
had
a
lot
of
people
wish
to
give
some
help,
but
they
basically
can
attend
this
meeting
because
it's
too
late
for
them,
so
I
will
try
to.
I
will
send
an
email
next
week
about
with
a
doodling
asking
a
new
time
slot
for
a
kitten
from
meeting
okay.
A
Oops,
okay.
So
next
last
item
is
ben.
C
Yeah
so,
as
I
previously
mentioned
to
the
sig
tim
hawkin
and
I
reached
out
to
the
gcr
and
artifact
registry
teams
and
got
well
same
team,
got
a
meeting
with
them
to
discuss
their
options
around
this,
so
they
currently
control
or
and
provide
for
us
the
kates.gcr.io
special
gcr
domain.
One
possibility
that
is
definitely
open
is
that
we
may
be
able
to
alter
what
that
points,
to
get
it
surfing
to
the
oci
proxy
and
then
have
oci
proxy
point
at
something
else.
C
That
said,
they
are
not
necessarily
thrilled
about
introducing
new
things
for
gcr
gcr
is
supposed
to
be
totally
maintenance
mode,
not
doing
any
more
gcr
changes.
So
there's
some
interest
in
having
this
use.
Artifact
registry,
in
which
case
we
need
to
be
talking
about
setting
up
artifact
registry
registries
to
it
instead
of
the
gcr
sub
registries.
C
We
have
today
that
are
the
real
backing
registries,
promoting
things
into
that
and
then
making
some
kind
of
cut
over
with
the
domains
we're
talking
to
them
about
if
they
would
still
be
able
to
give
us
a
like
global
redirector
domain,
or
we
may
need
to
do
it
ourselves,
independent
of
what
the
gcr
team
is
interested
in.
C
We
may
need
to
be
looking
at
moving
to
artifact
registry
anyhow,
just
because
there
will
be
no
new
features
in
gcr
and
artifact
registry
may
be
better
for
us
from
our
cost
perspective,
because
it
doesn't
the
g
it
doesn't
expose.
The
gcs
bucket
like
gcr,
does,
and
the
gcs
multi-regional
pricing
is
going
to
change
and
hit
us
in
like
october
and
spiker
costs
quite
a
bit,
whereas
with
artifact
register
we'd
probably
be
more
likely
to
use
to
not
use
multi-regional
and-
and
it's
not
exposed
anyhow,
so
they
have
their
own
pricing
structure.
C
C
C
You
know
attempt
to
exploratory
explore
like
what
they're
open
to
what
they
think
our
options
might
be,
so
we
might
be
able
to
get
them
to
just
take
the
existing
domain
and
get
it
routing
through
our
own
thing
in
the
future
and
have
that
forwarding
to
s3.
There's
a
couple
more
details
on
why
that
may
or
may
not
be
a
thing,
and
also
if
we
do
that,
we
lose
the
fact
that
the
current
one
handles
geolo,
guip
localization
for
us
for
all
traffic
that
isn't
coming
from
aws.
C
Okay,
slash
all
the
current
traffic
today,
and
so
we
might
either
have
to
implement
that
in
oci
proxy,
which
will
be
a
very
different
problem
for
what
we're
doing
today
with
the
known
aws
ip
addresses
yes
or
we
will
need
them
to
give
us
a
new
different,
auto
regionalizing,
address
and
they're,
not
currently
super
inclined
to
to
do
that
or
things
on
gcr,
but
they
might
be
able
to
implement
that
on
artifact
registry.
It's
not
currently
something
they're
doing,
but
it's
like
on
their
radar.
Okay.
C
B
Okay,
that's
ben
on
that.
No,
I
have
a
quick
question.
One
of
the
things
is
missing
from
martial
regis,
because
I
kind
of
looked
at
the
same
thing
created
a
while
back
is
with
gcr.
You
can
kind
of
get
an
idea
of
who's
downloading
your
images
right
by
looking.
B
C
I
don't
know
that
is
a
good
point
and
is
not
something
that
came
up.
We
were
pretty
focused
on
the
domain.
Okay.
This
is
also
like
something
that
was
booked
pretty
far
in
advance,
getting
some
high-level
folks
involved.
I
think
I
know
someone
on
the
team
that
I
could
ask,
but
you
know
I
would
guess
that
pretty
much
they're
just
gonna
point
to
like
whatever's
publicly.
B
C
In
our
case,
if
we
want
to
track
that
we'll
be
moving
to
having
the
redirector
in
front
anyhow,
I
guess
people
could
technically
reach
around
and
do
that,
but
that
that's
also
true
today,
right
now,
people
could
the
case.
Rgc
is
actually
three
registries.
C
C
But
that
sounds
like
something
that
you
know
I
should
pass
along
as
like
a
product
feature
request
yeah.
It
is
it's
a
good
feature.
C
I
mean
we.
We
have
currently
used
that
here.
You
know
the
analysis
indicating
that
we
should
be
looking
at
moving.
Database
traffic
is
based
on
the
gcs
logs,
so.
B
C
I
will
who's
the
who's,
the
right
person
for
that
and
pass
something
wrong.
Otherwise
we
got
a
little
bit
of
an
ongoing
thread
with
them.
I'm
sorry,
I'm
plenty
of
my
notes
and
they're
looking
for
us
at
like
what
project
we
will
have
the
oci
proxy
serving
on
long
term
because
of
some,
I
think,
there's
like
there's
like
some
legacy
stuff,
involving
like
a
firewall
allowance
in
some
cases
for
the
for
kate,
such
a
cdo
that
involves
the
actual
back-end.
C
So
if
we
want
to
route
it
to
something
else,
then
they
need
to
know
you
know
what
project
to
allow
if
this
stuff
happens.
So
that's
one
of
the
asks
from
us
besides,
looking
at
the
artifact
registry
stuff
is
pinning
down.
C
Where
are
we
hosting
this
back
in
that
they
would
potentially
be
adding
traffic
to.
C
If
I
find
out
more
I'll,
bring
it
back
to
this
group
and
we
can
discuss
in
the
future
from
my
point
of
view,
this
is
not
something
we
can
plan
to
rely
on,
but
it
is
potentially
something
we
may
be
able
to
leverage
to
move
a
lot
of
traffic
very
soon
if
it
pans
out,
but
even
then
we
also
may
have
to
meet
some.
A
A
A
Well,
stephen
did
some
some
investigation
about
this.
There's
not
real
complexity
about
that,
but
I
remember
we
had
some
open
question
about
this,
so
we
we
might
need
to
look
deeper,
but
I
think
the
the
first.
The
first
thing
is
we'll
lose
access
to
jesus
bucket
and
it's
going
to
be
impactful
to
what's
that.
C
Should
make
it
some
very
small
change,
we're
already
for
for
j's
thing,
where
I
already
need
to
read
the
image
from
the
registry
endpoint
to
get
the
to
identify
the
layers,
so
it
should
be
a
really
small
change
to
read
the
layers
from
the
registry
endpoint.
If
it's
not
already
doing
that,
I
will
guess
somebody
is
already
doing
that
for
our
manual
sync.
We
would
have
to
hack
up
a
tool
instead
of
just
doing
object.
Sync.
C
And
copy
from
elk
from
an
oci
endpoint
to
a
to
a
bucket
okay
and
not
a
very
complicated
thing
for
us
to
deal
with
if
that
comes
across,
but
it
is
something
we'll
have
to
do.
Okay,
that's
all
a
number
of
ifs,
though
so,
mostly
I'm
saying
we
should
try
to
get
back
to
them
about
where
we
plan
to
host
this
and
make
sure
that
we
know
that
we
have
that
pretty
locked
down
ourselves.
C
This
is
this:
is
the
project
we're
hosting
and
we
should
start
investigating
artifact
registry
again,
so
we
know
if
that's
something
we're
okay
with
so
so
so.
D
So
what
what's
the
best
way
to
track
this
kind
of
like
this
design,
thinking.
C
The
artifact
registry
already
has
a
tracking
issue:
okay,
yep,
the
I
don't
have
anything
but
okay,
but
we
have
a.
I
commented
on
recently.
We
have
a
tracking
issue
for
artifact
registry.
We
don't
have
one
necessarily
for
the
oc
project
proxy
project.
We
have
a
one
today.
I
don't
know
if
we're
considering
that
we
want
to
rename,
because
we
think
that
the
name
is
not
the
most
correct
or
anything.
C
Or
there
was
one
indication
at
some
point
that,
like
it
might
be
easier
if
we
just
stick
it
into
the
current
production
project
for
image
hosting
instead
of
a
separate
one,
all
right,
the
kids
are
effects
prod,
but
I
don't
think
we
need
any
of
that.
I
think
we
just
need
to.
C
D
C
D
C
A
C
C
D
A
C
So
I'll
so
for
me,
the
action
is
to
confirm
that
with
them
and
then
the
follow-up,
otherwise
is
just
if
someone
wants
to
start
poking
into
what
it
would
look
like
for
us
to
start
using
artifact
registry.
I
think.
C
Even
even
without
necessarily
making
active
movement
to
switch
just
kind
of
getting
a
feel
for
like
if
that's
something
we'd
be
willing
to
agree
to
do,
if
that's
a
condition
of
having
the
domain
shuffling
and
trying
to
get
a
new
globalizing
endpoint,
because
also,
if
it's
not
that's
fine,
they
might
even
do
the
redirect
for
us,
but
then
we
might
need
to
make
oci
proxy
handle
go
ip
for
non-aws
traffic
and
that's
not
something
we've
currently
designed
for
it
makes
sense
from
a
layering
problem,
but
it
it'll
be
a
new
technical
hurdle.
B
We
don't
necessarily
need
sorry
about
rerouting
geoip
traffic
right.
You
can
kind
of
cheat
and
run
multiple
copies
of
the
cloud
run
service
behind
a
global
advisor
right.
C
C
Well,
so
then
we
need
to
hand
off
redirects
to
the
the
gcr
thing,
but
we
could
do
something
like
identify
what
region
that
the
cloud
run
app
is
in,
and
there
are
ways
that
we
can
approach
this.
It's
just
a
matter
of
there's
a
couple.
C
Approaches
here
we
we,
you
know
we
need
to
be
aware
of
like
if
any
of
these
are
things
we're
willing
to
agree
to
as
a
as
a
part
of
implementing
the
registry
team,
helping
us
swap
out
the
domain
so
that
we're
routing
traffic
through
the
the
new
thing,
because
the
because,
because
the
existing
domain
is
special
and
does
geo
route
to
different
gcr
registries,.
H
C
C
They
separately
indicated
that,
from
a
cost
perspective,
they
are
going
to
expect
us
to
want
to
shift
to
artifact
registry,
not
to
mention
features,
so
it's
worth
exploring.
I
think
just
even
if
our
answer
is
no
just
knowing
like
how
does
the
project
feel
about
switching
to
artifact
registry
in
the
near
term,
if
we
think
that's
feasible,
that
might
be
part
of
how
we
solve
having
this
option.
If
it's
not,
then
either
we'll
need,
we
might
need
something
else
we
might
need
to
push
back.
C
Carter
gets
them
to
try
to
get
it
some
other
way,
or
we
might
just
not
shift
the
case
of
gcr.o
traffic.
It
remains
to
be
seen
how
much
we
need
that.
C
Also,
it's
not
clear
that
they
can
definitely
do
that
yet
they're
still
exploring
like
what
are
their
options
for
doing
that,
redirect
that
not
just
technically
feasible
but
like
within
compliance
and
everything,
since
that
is
a
production
domain.
A
D
D
D
C
It
took
actually
about
a
month
out
to
have
the
right,
meaning
and
I
think,
we're
still
kind
of
an
exploratory
stage.
I
just
want
to
let
people
know
that
we've
reached
out
to
ask
if
it's
possible
and
and
to
ask
for
them
to
explore
this,
and
this
is
our
sort.
E
C
But
they're,
but
just
in
having
a
chat
about
it,
because
they're
kind
of
the
initial
concerns
raised
that
like
they
might
want
us
to
do
x,
y
or
z,
and
return
to
to
make
this
work
out.
So
whenever
they
get
back
with
like
this
is
what
they
think
could
work
same
thing,
I'm
just
starting
an
initial
conversation
to
figure
out
like
where
what
is
our
stance
on
on
these
topics?
C
If
we
get
to
the
point
where
we're
talking
about
actually
flipping
things
somewhere,
they'll
have
to
be
some
more
cross
communication,
but
I'm
not
sure
like
which
of
these
people
will
come.
Do
this
or
like
how
fun
or
whatever
right
now
it's
just
like
a
you
know,
informal
and
transparent.
C
Do
and
then
we
discuss
to
like
sure
we
can.
We
can
bring
up
these
things
cool
with
one
or
two
engineers
and
and
like
management.
C
So
I
think
we
kind
of
pretty
well
it's
just.
We
came
out
with
a
couple
of
questions
that
we're
not
sure,
but
the
biggest
thing
remains
that
we're
we
still
don't
know
if
they
even
can
serve
a
redirect
to
us
or
like
a
direct
aliasing
that
the
name
to
our
traffic
or
whatever,
besides
technical
limitations,
internally,
that
there's
some.
You
know
policy
question
it's
not
very
usual
to
have
a
google
on
production
domain,
routing
to
something
that
isn't.
C
Actually
you
know
technically
internal
google
serving
it
it's
not
totally
off
the
table,
which
is
better
than
I
hoped
for,
but.