►
From YouTube: k8s-infra-team's Bi-Weekly Meeting 20200205
Description
k8s-infra-team's Bi-Weekly Meeting Feb 5, 2020
A
Okay,
so
let's
go
go
further
and
if
there
is
any
topic
which
you
would
like
to
discuss
of
today's
meeting,
because
at
this
point
we
have
only
one-
and
please
add
it
to
agenda
still.
You
can
also
add
your
name
as
an
attendee
at
our
document
and
let's
jump
through
our
action
items
from
the
last
meeting.
So
we
did
the
billing
to
review
the
last
time,
so
we
won't
be
doing
it
again
today
and
Linux.
Can
you
give
us
a
few
words
about
each
promoter?
A
B
B
So,
for
example,
I
have
a
right
now,
service
account,
I
can
make,
which
would
have
zero
permissions,
and
then
I
would
we're
trying
to
minimize
the
number
of
permissions
that
were
trying
to
enable
for
the
testing
of
this
service.
So
just
to
give
a
little
background
in
the
end
goal
is
to
try
to
have
a
production
service
that
runs
at
cloud
run,
but
we
already
have
a
testing
like
mechanism,
for
that
should
run
in
a
test
account,
and
it's
in
that
test
account
we're.
B
Currently,
the
tests
are
failing,
because
the
test
account
does
not
have
well
doesn't
really
have
all
of
the
permissions
that
it
needs
to
carry
out
the
test.
So
the
cats,
the
test,
actually
needs
more
permissions
than
the
prod
account
would
because
for
tests
it
needs
to,
like
you
know,
start
the
cloud
run
service,
but
not
only
that
it
also
like
perhaps
logs
deletes
logs
to
you
know
for
each
test.
B
C
A
There
is
multiple
people,
and
also
here
who
knows
there
are
foreign,
are
able
and
one
could
help.
So
definitely
what
we
should
do
is
to
create
some
I
think
big
help
me
show
you
the
discussion
about
it
and
I'm
sure
that
there
will
be
a
lot
of
help
for
the
community.
But
if
you
have
like
some
direct
questions,
for
example,
if
you
will
be
working
and
you
need
to
immediate
like
answer
or
something
just
continue.
A
C
B
Right
now
so
I
don't
think,
there's
anything
open
that
it
can
be
addressed
by
the
commuter
right
now.
So
I
am
currently
undergoing
a
exercise
and
trying
to
sort
out
the
I
guess
the
best
way
to
phrase
it,
because
it's
an
internal
issue
that
we're
having
is
the
security
implications
of
opening
up
the
promoter
or
like
GA,
that's
something.
Obviously
the
community
can't
help
with,
because
it's
an
internal
thing,
but
other
than
that,
it's
mainly
yeah
running
or
deploying
the
promoter
auditing
service
that
I
just
I
just
addressed.
B
B
Secondly,
like
you
know
who
deploys
it
when
how
like
I
don't
know
those
rules
yet
so
that
needs
to
be
probably
written
down
somewhere.
You
know,
like
I,
can't
just
ask
you
or
Tim
to
just
run
the
I
guess.
I
could,
for
the
very
first
instance,
run
the
terraform
script
or
something
to
start
a
service,
but
yeah
that
needs
to
be
more
like
formalized,
so
that
actually
gets
into
the
earlier.
B
D
The
answer
to
every
I
only
answer
to
every
question
of
who
should
be
able
to
do
this.
The
answer
should
be
a
group
like
.
.
right
we've
got
a
bunch
of
conventions.
Now
is
in
the
groups
file
it's
getting
large.
We
may
at
some
point,
want
to
break
it
up
into
multiple
files,
but
as
it
is,
it's
not
actually
not
that
bad.
So
you
should
just
be
able
to
go
out
at
a
group
put
yourself
in
it,
and
then
we
figure
out
what
permissions
we
need.
D
D
A
A
E
The
general
timeline
from
google
Summer
of
Code
is
basically
until
February,
the
second,
the
application
deadline
for
the
mentoring
organization.
So
that's
nothing.
That's
all
done
from
Cynthia,
I
think
and
then
the
first
thing
that
basically
is
interesting
is
the
the
suitor
discussion.
Discussion
start
February
20th
and
then
the
actual
application
for
student
starts
March,
the
16th
and
then
application
deadline
for
students
is
the
31st
of
March,
and
then
it
goes
until
I
think
August
or
something.
A
D
D
A
E
Yeah
we
need
to
I
think
for
ji-suk
student.
The
general
notion
is,
one
mentor
is
good
to
two
is
better,
and
that
would
be
something
that
we
need
to
like
provide
from
there
from
the
general
working
group,
but
I
feel
like
the.
That
was
the
only
thing
that
came
to
mind
personally
was
monitoring,
because
that's
a
big
enough
scope,
while
also
being
breakable
into
small
enough
pieces,
so
that
we
have
the
ability
to
make
progress.
B
D
Think
the
short
answer
is
no,
and
my
feeling
having
done
interns
and
Summer
of
Code
is
if
we
don't
have
a
really
good
project
that
we're
really
confident
in
we
shouldn't
do
it,
because
otherwise
the
students
will
have
a
terrible
time.
It
won't
be
useful
for
them
and
it'll
just
be
a
drain
on
whoever
has
to
lead
it
to
find
things
to
keep
them
busy
and,
like
that's
a
really
crappy
situation.
A
D
A
I
try
to
discuss
with
other
people
who
are
not
here
yet
like
beans
and
pepper,
maybe
others
but
I
I.
Think
that
we
it's
it's
not
good
enough
to
ask
for
these
interns
these
people
to
help
so
the
going
back
a
little
bit
to
the
topic
of
terror
forum,
because
I'm
a
little
bit
afraid
that
I
don't
know
where
I
should
start
how
to
start
dividing
it
into
smaller
things.
So,
if
others
here
are
able
to
help
with
that,
I
will
use
it.
There
is
a
PR
yeah.
D
D
A
D
This
person,
who
wrote
five
to
three
Sergio
or
are
you
here:
okay,
I
yeah,
let's,
let's
get
like
either
a
slack
thread
or
something
going
where
we
can
talk
about
sort
of
how
we
want
to
model
it
and
the
people
who
know
terraform
best
can
sort
of
weigh
in
on
what
the
best
practices
for
that
sort
of
a
pattern
or
or
why
that's
the
wrong
answer,
or
whatever
yeah
or
even
slacker
email.
It's
fine
and.
A
D
I'll
say
we
have
a
bunch
of
open,
PRS.
I
haven't
actually
opened
the
PR
list
for
Kate's
that
I
own
hey.
You
know
in
a
minute
there's
a
bunch
open,
I'm
gonna
run
if
we
have
free
time
now,
I'll
run
through
them
and
approve
these
sort
of
obvious
ones.
There's
a
couple
of
staging
ones
and
then
I
would
love
to
just
take
the
time
to
go
back
through
these
PRS.
Some
of
them
are.
Some
of
these
are
gonna,
be
easy,
some
of
them
or
not.
D
Like
give
me
a
second,
of
course,
gmail
decides
right
now:
I
have
to
relock
it.
A
D
D
A
D
D
D
I
I
D
B
D
I
I
I
D
C
B
But
actually
I
was
going
to
address
this
at
some
point.
I
should
have
listed
here,
but
this.
If
you
look
at
the
Kate's
GCR
I/o
directory,
it
should
only
have
well.
It
should
have
two
directories
images
and
manifests,
and
the
PR
that
you
link
to
is
for
the
Kate
stage,
need
to
be
tested
images
which
has
the
manifest
directory
outside
of
the
like
the
parent,
manifest
directory
like
if
you
just
look
at
Katie
Sarah.
D
B
So
that
file
is
the
promoters
like
manifest.
That
has
the
metadata
for
which
registries
to
promote
from
and
to
the
product
stuff
is
inside
the
test
infantry
will
not
this
get
repo
just
so
that's,
basically
just
busted
yeah
I
mean
I
can
see
why
this
shouldn't
work.
I,
remember
seeing
this
before
I
was
gonna.
Ask
somebody
if
this
was
on
purpose.
I
thought
this
was
here,
because
what
we
didn't
want
it
to
run
just
yet
or
something.
Oh.
B
D
B
D
B
D
C
D
B
D
D
D
D
Well,
this
this
PR
can't
apply
with
the
file
in
the
place
that
it
is
so
there
either
we
can
like
I
can
ask
to
do
it
like
in
and
it'll
take
a
hot
second
for
him,
just
split
that
file
into
two
and
put
them
in
the
right
sub
directories,
and
then
you
have
to
totally
rebase
this
PR
or
you
could
just
do
it
in
this
PR.
Oh.
J
D
D
B
D
D
D
A
D
All
right,
I'm,
just
gonna,
do
that
so
I
can
get
it
in
and
then
we
could
iterate
it's
not
being
run
in
an
automated
way
anyway.
Yet
and
I
was
looking
at
this
just
the
other
day,
as
we
were,
adding
projects
for
conformance
I
thought.
Oh
I
should
rerun
the
audit
and
then
I
realized.
This
has
emerged
yet.
D
I
F
D
D
D
E
D
I
I
D
A
So
we
have
Steve
like
15
minutes.
Maybe
there
was
some
which
to
start
and
proceed
with
I'm.
L
Mostly
I
just
wanted
to
bring
up
it's,
not
a
Peter,
it's
an
issue
504,
it's
the
move,
kate's
io
from
old
Google,
only
clustered
a
triple-a,
and
it
been
mentioned
that
he
can
get
to
the
internal
one,
but
he,
oddly
enough,
can't
get
to
the
triple-a
cluster.
So
it
looks
like
that
issues,
sort
of
stuck
on
people
being
able
to
do
it.
Okay,.
D
G
D
D
D
So
the
last
time
we
talked,
we
had
discovered
that
we
were
serving
an
incredible
amount
of
DNS
queries
and
when
I
dug
I
asked
the
DNS
team
to
dig
into
those
logs
to
two
things
came
out.
One,
the
logs,
don't
go
back
far
enough
to
tell
us
what
that
huge
spike
actually
was.
So
we
will
probably
never
know
and
to
the
way
we
had
set
up.
D
Apparently,
people
are
probing
at
our
dns
because
of
the
bug,
bounty
and
other
reasons
trying
to
find
obvious
attackable
hosts.
So
people
were
probing
at
it.
They
found
canary
that
Kerry
existed,
and
so
they
were
desperately
trying
to
find
something
that
they
could
attack
and
every
probe
would
amplify
out
by
several
dozen
retries.