►
From YouTube: Kubernetes SIG Testing 2018-01-09
Description
Meeting notes: https://docs.google.com/document/d/1z8MQpr_jTwhmjLMUaqQyBk1EYG_Y_3D4y4YdMJ7V1Kk/edit
B
So
I
think
in
humanities
itself,
the
cuber
new
security,
repo
and
downstream
organizations
that
use
prowl
similarly
have
repos,
where
developers
do
work
on
embargoed,
cds
and
in
the
next
two
quarters,
or
so
I
think
we
should
at
least
figure
out
our
plan
for
supporting
those
types
of
repos
I.
Think
for
us,
we'd
like
to
see
a
flow
where
a
developer
can
work
against
the
repo
develop
code
for
embargo
CVEs
and
have,
as
nearly
similar
a
workflow
as
they
would
have
on
a
normal
repo.
B
B
The
two
major
worries
in
this
process
are
going
to
be
making
sure
that
we
don't
leak
any
information
about
the
CVEs
or
what's
being
worked
on
and
also
making
sure
that
we
segregate
the
jobs
and
infrastructure
as
much
as
is
necessary,
so
they're
in
a
different
security
domain
and
I
guess
the
open
questions
that
I
have
that
we
could
touch
on
here
and
also
I'm
thinking.
We
should
do
a
break
up
getting
for
this
later.
B
B
B
B
C
It
would
be
relatively
straightforward
to
make
goober
nader
to
protect
pages
on
goober
there.
So
if,
if
you
only
gave
Cabrera
the
access
to
your
bucket
and
you
can
validate
the
github
users
are
inside
of
the
right
instead
of
some
arbitrary
group,
the
one
problem
is
some
of
the
other
stuff
like
browsing.
All
the
artifacts
might
have
to
change
to
maybe
be
done
through
the
GCS
browser,
and
some
of
the
other
features
like
expand.
All
logs
might
not
work
right.
B
And
so
I
guess,
they're
I
think
there's
there's
two
pieces
of
trust
there.
So
I
think
we'd
have
to
trust,
github
and
I.
Think
we
already
do
that
anyway.
Obviously,
the
reposted
control
that
stuff
around
github
so
I
think
using
github
Olaf
to
like
drive
the
vacation
into
those
views
seems
reasonable.
Would
you
expect
one
grenadier
instance
to
handle
all
of
these
things?
Would
you
expect
a
different
delivery
instance
inside
of
a
different
security
domain?
Does
it
matter.
C
B
C
C
B
C
A
Mean
I
kind
of
wonder
if
so,
I'm
not
super
familiar
with
the
way
that
prowl
currently
interacts
with
the
kubernetes
security,
github
organization
versus
the
rest
of
the
repos
and
organizations
that
it
interacts
with.
But
it
seems
like
a
pretty
clear
conceptual
break
to
me
if
you
were
to
have
a
completely
separate
Crowley
since
for
embargo
me
posed
or
private
repos
and
I'm
curious
like
it
seems
like
we
live
in
some
middle
ground
today,
I'm
curious.
A
Don't
have
to
worry
about
a
different
set
of
crowd,
jobs
or
different
repos
or
different
plugins
or
different
set
of
users
like
it's
all
in
a
completely
separate
deployment,
and
it's
not
quite
push-button,
but
it's
pretty
close
to
being
able
to
just
stand
up
a
prowl
any
anywhere
you
so
choose
so
I.
Don't
I
can't.
B
Speak
to
the
specific
choices
made
for
communities,
security,
but
I
do
know
that,
like
running
a
separate
pile
instance,
if
you're
not
using
a
hosted
Randi's
provider,
it
does
mean
also,
you
are
managing
another
queue.
Bernese
clustered
like
that's
a
non-trivial
amount
of
work.
Managing
prowl
is
pretty
minimal
these
days,
but
I
mean
at
the
same
time
that's
also
non-trivial
getting
the
web
hooks
delivered.
If
the
security
demand
for
the
thing
is
I'm
behind
a
firewall
or
whatever
I
mean
it
can
be
done,
but
there's
also
more
work
there.
B
B
A
I
think
they
could
probably
use
some
fleshing
out
in
the
name
of
completeness
or
feature
parity
making
sure
that
probably
haze
appropriate,
like
the
most
of
our
stack,
behaves
appropriately
for
private
repos
versus
publicly
post,
but
I
feel
like
that,
would
better
be
considered
via
proposal
works
like
here
the
sort
of
year
dents
that
we
have
rank
of
private,
repos
and
I.
Think
like
I
I,
don't
I,
don't
know
if
it's
impossible
to
run
two
instances
of
crown
on
the
same
kubernetes
cluster.
A
That
again,
conceptually
seems
like
something
we
money,
because
the
anime
to
support
the
proud
kind
of
operates
as
though
it's
got
to
occur
to
you.
If
it's
build
clusters,
since
it
genuinely
wants
them
to
capacitate
with
jobs
but
being
able
to
run
and
the
instances
of
proud
same
kubernetes
cluster
kind
of
makes
sense
to
me,
you
should
be
able
to
scale
them
up
my
name
space
or
something
like
that.
If
that's
an
issue
that-
and
let
me
Kevin
seems
like
sort
of
completeness
sake,
we
might
want
to
clean
that
up.
You.
E
A
So
I
mean
to
me
the
short
answer
would
be
if
you
know,
embargo
security,
where
clothes
are
super
important
for
the
foreseeable
future.
It's
probably
just
simplest
to
talk.
Can
you
kind
of
do
that
with
the
separate
distance
in
trou
the
overhead
it
takes
to
manage
a
separate
from
cluster
if
you
need
to
but
sort
of
at
least
documenting
like
how
how
you
can
do
that
and
how
that
differs
from
the
slightly
in
the
middle
thing
we
have
to
date
could
be
a
good
starting
point,
I
think
I.
B
F
F
F
Locally
as
well,
but
they
want
to
make
sure
that
when
the
patch
is
done,
if
they
go
to
upstream
it
to
the
original
repo
that
it
will
pass
the
test
there,
so
we
just
want
the
tests
to
be
the
same
around
the
same
way.
So
you
mostly
just
need
the
signal
like
your
past
log.
Viewing
would
be
great,
that's
like
kind
of
a
separate
issue.
B
B
F
B
G
There
is
assumptions
in
our
tooling
that
the
places
we
write,
things
to
GCS
is
publicly
readable,
so
I
feel,
like
you
know
long
term
I
think
would
be
great
if
we
could
have
a
Pro
single
crown
since
in
cooperate
or
in
sense
it
does
both
public
and
secure
repositories,
but
I
think
that
there's
gonna
be
you
know,
issues
that
we
need
to
tease
out
and
I
think
maybe
in
a
short
term
yeah
having
a
separate
deployment
might
be
easier,
but
I
think
yeah
I
think
there's
going
to
be
technical
issues.
G
That
would
not
allow
us
to
to
do
that
just
yet,
like
I,
don't
think
that
you
know
GCSE
rube
Webb
is
going
to
work
with
non-public
objects
and
I.
Don't
think
that
various
parts
of
our
tooling
will
work
if
it
can't
just
list
things,
but
those
are
things
we
could
fix
and
I
think
we
should
fix
them
over
time
and
do
you
feel
comfortable
moving
to
a
place
where.
F
B
A
So
it's
sort
of
in
the
interest
of
time
I
think
there
are
a
couple
warts
that
have
come
out
in
this
discussion
and
the
thing
I'm
not
aware
that
we
have
is
documentation
of
the
plan
that
we're
executing
on
right
now,
as
well
as
potential
desired
state,
so
whether
that's
an
umbrella
issue
for
what
we're
doing
today
or
a
document
or
a
proposal
for
somebody
powdered
rests
on
these
issues.
I
think
that's
where
we
should
proceed
with
some
of
this
discussion,
because
I
agree.
There
probably
cover
four
facets.
A
G
A
A
The
next
couple
days,
I'd
like
to
get
to
a
point
where
you
can
discuss
what
our
plans
are
for
110
next
meeting.
So
I
would
ask
that
everybody
here,
if
you're
working
on
stuff,
we're
planning
on
working
stuff
that
we
dump
it
in
there.
Alternatively,
we've
used
a
Google
Doc
to
sort
of
go
over
this
stuff
in
the
past,
usually
put
together
by
Eric
I'm,
totally
fine
with
us
collaborating
there,
but
I'd
like
to
be
able
to
showcase
that
milestone
to
the
community
and
in
kind
of
a
related
matter.
A
Roughly
speaking
area
testing
for
us
most
anything
that's
been
within
the
testing
for
repo
and
area
test
issues
are
things
that
correspond
to
you
like
the
e
to
the
framework
class
or
the
fact
that
tests
in
a
unit
or
an
integration,
an
EGD
level
could
stand,
have
certain
utilities
or
configurations
or
consistency
or
best
practices,
or
you
know
not
expect
error
not
to
have
occurred.
Stuff
like
that.
So
there's
that
something
else
that
I
sent
through
the
steering
committee
mailing
list
and
this
mailing
list
is.
A
This
brush
is
up
with
a
steering
committee
proposal
to
create
a
gift
of
organization
for
every
sink
and
then
have
each
sake
so
I'm.
Now
the
proud
squatter
of
some
20-something
github
organizations
right
now
and
I'm,
trying
to
make
kubernetes
state
testing
a
good
example
of
what
the
rest
of
those
organizations
would
look
like
and
what
patterns
you
should
follow
from
the
teams
that
are
on
there
to
how
you
might
support
redirecting
go,
get
those
repos.
A
So
an
open
question
I
have
for
people
in
this
group
is
you
know
today
we
have
Kate's
bio,
redirect
for
a
number
of
get
calls
and
I
was
wondering
about
having
testing
Kate's
do
redirect
to
kubernetes,
say
testing
repos
Tim
haka
did
put
together
some
pull
requests
to
try
and
replace
a
lot
of
hard-coded
stuff
with
something
that
was
more
regex
based
and
I.
Wasn't
sure
if
you
were
planning
on
proceeding
with
that
doing
something
else.
A
But
by
and
large,
mostly
people,
I
bumped
into
over
Coogan
and
contributor
summit,
all
sort
of
seem
to
naturally
think
that
the
slightest
touch
and
lack
of
discoverability
of
so
many
github
organizations.
It
does
kind
of
map
pretty
well.
There
are
all
these
things
that
make
up
the
kubernetes
project
and
they
have
an
ownership
of
different
pieces
of
code
within
the
project.
Maybe
the
refund
should
go.
There.
D
I,
like
the
proposal
and
the
execution
on
the
proposal,
I
realized
that
there's
gonna
be
some
latent
inefficiencies
with
like
any
organizational
structure.
We
choose
at
a
project
this
scale
right
in
it.
It's
all
basically
mecha
nations
around
the
fact
that
github
doesn't
provide
a
means
for
us
to
do
hierarchical,
organizational
structures
in
a
meaningful
way
that
doesn't
suck.
D
D
I
do
like
consistency,
though,
because
all
the
other
go
imports
will
be
Kate's,
io
/,
something
so
if
we
said
K,
it's
that
I
the
problem
with
doing
the
initial
cage
that
AO
/
something
you'd
you
you're
conflicting
with
the
main
repository
so
having
a
prefix,
makes
a
lot
of
sense
to
me
or
having
it.
Having
a
different
name
also
makes
a
lot
of
sense
to
me.
So
I'd
I
don't
have
strong
opinions
either
way,
but
just
make
sure
that
we
don't
override
with
KH
that
I.
Oh.
A
Yeah
I
mean,
from
my
perspective,
it
seemed
to
make
the
most
sense
for
discoverability
perspective
not
to
have
Kate's
bio
/foo,
be
capable
of
redirecting
to
any
one
of
20
plus
10
of
organizations,
and
so
to
maybe
have
a
subdomain
for
every
potential.
Kubernetes
github
organization
seem
like
one
way
of
separating
it.
I
just
think.
I,
don't
know
enough
about
whether
that's
a
technically
come
an
infeasible
idea.
D
A
C
Requesting
question
in
chat:
this
is
the
one
for
the
this
is
specifically
about
the
having
a
separate
worries
for
each
group
right,
yeah,
yeah,
that's
probably
doable.
It
will
take
a
little
bit
more
code.
We
might
have
switched
using
a
little,
it's
just
a
simple
template,
but
it's
all
doable.
It's
that's
not
going
to
be
a
blocker
for
that.
I.
Think
more
of
the
confusion
for
splitting
in
two
separate
sync-
or
this
will
be
just
how
we
suddenly
have
a
bunch
of
different
sig
orgs
and
it
gets
even
harder
to
track
everything.
A
C
Yeah
I'm
not
totally
convinced
it's
the
right,
directional
yeah
I,
wonder
if
we
can't
do
better
with
faking
hierarchical
groups
with
you
lists
and
some
other
way
where
we
make
our
own
external
lists
of
people,
and
we
can
use
that
I.
Think
a
droid
does
something
like
that
with
their
cloud
repositories
but
yeah,
and
it's
that's
totally,
that's
something
we
have
to
do
as
well.
Right,
yeah,
I,
don't
have
the
I,
don't
have
the
bandwidth
to
try
to
improve
thing
as
much
in
any
direction
here.
So
whatever
people
want
to
work
on,
it's
fine
all.
D
F
A
A
A
Yet
smartest
ok,
yeah
like
and
stuff
like
that
is
exactly
why
I
want
to
get
to
the
point
of
just
like
certain
roughly
to
finding
what
the
spec
looks
like
I'm
just
doing
the
dumping
as
a
human
now
to
see
if
it's
usable
by
us
humans
and
then
trying
to
do
it
with
as
mechanically
as
possible.
So
we
can
turn
that
into
the
spec,
for
how
a
bot
would
do
it
again.
I
recognize
we're
all
super
busy
with
other
stuff,
so
I've
been
told.
A
You
know
that
the
theory
the
CNC
F
has
money
and
CN
CF
is
favorable
to
well
Scout
efforts
that
can
be
contracted
out
as
opposed
to
this
sort
of
things
to
hire
FTE
sport,
and
so
we
could
take
some
well
written
with
proposals
that
are
run
through
this
group.
In
turn,
those
into
things
that
the
CN
CF
get
somebody
to
implement
on
our
code
on
our
behalf,
thus
making
proud
greater
and
more
reusable
for
things
the
CNC
that
might
be
interested
in
seeing
how
proud
could
be
more
reusable
for
more
of
its
project.
A
Okay,
I
will
attempt
to
ping
people
if
they
need
to
to
try
and
push
the
rest
of
this
forward.
I
think
I
had
something
else
in
the
meeting
notes.
Oh
yeah,
rolling
out
time,
tacitly
speaking
this
is
the
thing
I
just
want
to
keep
pushing
on
until
we
finally
get
it
done
and
I
think
some
fantastic
stuff
on
kind.
Ui
I've
been
starting
to
pick
the
highest
traffic
repos
according
to
dev
stats
and
just
volunteer
them
to
provide
I,
know.
E
A
D
A
Why
don't
you
use
this
cool
command
called
cold
or,
like
maybe
you
use
like
approve,
for
we
are
the
docs
people.
These
look
good
to
us
from
the
docs
perspective
and
then
you
can
hold
and
then
ask
somebody
for
mistake
to
do
like
tech
review
and
they
can
tell
GTM.
They
seem
pretty
happy
with
that
going
forward.
This
is
not
the
first
week,
though,
I
have
bumped
into
that.
E
Say
just
a
status
would
that's
the
main
barrier
yeah.
We
want
to
get
the
statuses
just
right
out
before
we
deploy
it
to
Kay
Kay.
Just
because
we're
you
know,
it's
gonna
be
a
lot
of
PRS
that
are
suddenly
affected
and
yeah
it'd
be
nice
to
test
it
on
the
like,
500
or
so
pr's
and
other
repos.
First
before
we
unleash
it
on
Kay,
Kay
and.
F
B
A
I
mean
I:
do
you
think
those
those
columns
can
maybe
use
a
little
more
explanation
and
to
me
one
of
the
prerequisites
for
turning
on
for
communities.
Communities
is
to
have
myself
or
somebody
from
this
group
do
a
walkthrough
at
the
community
meeting
and
make
sure
we
can
link
to
that
video
of
just
like
here's
meet
merging
a
PR
with
time.
Look
how
it's
exactly
the
same,
workflow
that
I've
always
used
it's
no
different,
but
here's
how
I
can,
like
you
know,
show
the
show
the
time
I
guess
to
show
how
you're
like
hey?
A
What's
going
on
with
my
PR,
it's
most
often
a
question
that
people
have,
and
so,
if
that
status
context
is
pretty
clear,
you
can
just
say,
look
at
you,
you
are,
and
we
can,
you
know,
walk
through
the
UI,
so
I
think
there.
There
is
some
of
the
touchy-feely
stuff
for
sure
before
we
turn
it
on
for
the
modern
community.
It
sounds
like
just
hammering
on
the
context
and
continuing
to
exercise
tide.
B
Columns
in
the
UI
as
well
I
think
they
solve
kind
of
different
questions
there,
at
least
in
my
opinion,
they're
more
like
an
administrative
like
what
is
going
on
with
tide.
I
feel
like
it's
probably
going
to
be
pretty
rare,
that
a
developer
ends
up
on
that
page.
If
we
do
the
status
correctly,
because
that's
answering
the
question
of
what
do
I
need
to
know
about
my
PR.
E
A
That'd
be
great.
That
would
be
awesome.
We
have
ran
out
of
time.
That's
all
that
I
had
anything
else.
Oh
Eric!
You
had
something
else
to
you.
G
G
You
know
interesting
to
try
and
have
like
get
together
on
at
least
once
or
potentially
a
regular
basis,
for
you
know
people
from
different,
like
Oh
company
working
day
or
something
where
we
try
and
gather
in
some
location,
and
you
know
see
if
we
can
be
more
productive
if
we're
all
in
the
same
coffee
shop
or
a
conference
room
or
something
so
I
would
be
interested
in
doing
that,
and
you
know
I'm
interested
in
feedback
from
this
group
and/or,
the
slack
channel
about
you,
know
your
thoughts.
A
A
Okay,
cool
well
great,
first
meeting
in
the
year,
everybody
happy
Tuesday
and
see
you
all
next
week,
Bank.