►
From YouTube: OKD Working Group 2021 05 11 Full Meeting Recording
Description
OKD Working Group 2021 05 11 Full Meeting Recording
https://groups.google.com/forum/#!forum/okd-wg
https://okd.io
B
Has
started
all
right
folks
welcome
to
this
edition
of
the
okd
working
group
meeting.
This
is
our
meeting
for
may
11th
of
2021,
and
I
would
encourage
folks
to
go
to
the
meeting
group
notes
and
put
in
your
name
for
the
little
attendance
sheet
there
under
may.
11Th
on
that
link
is
in
the
invite
and
I'll
also
put
it
here
in
the
chat,
real,
quick.
B
C
Some
engineering
points
of
on
the
yokiti
we
didn't
release
this
weekend
because
our
previous
signing
key
has
expired.
We
submitted
a
fix
for
the
new
one,
but
that
fix
is
not
being
accepted
by
cbo.
Yet
we
have
a
request
to
fix
that.
We
would
need
it
to
get
reviewed
and
hopefully
this
weekend
will
make
a
new
47
release
other
than
that.
C
I
think
just
a
bunch
of
small
fixes
landed
in
47,
so
it
shouldn't
be
anything
groundbreaking
last
week
or
was
it
the
week
before
that
we
released
a
release
candidate
for
okd
for
one
for
eight,
the
main
difference
is
well,
it's
kubernetes,
121,
based
and
the
way
we
pack
machine.
Os
content
has
changed
significantly
longer
real
life
on
fedora
cos
comets.
C
Instead,
we
build
from
the
same
configuration
using
the
same
rpms,
but
we
build
our
own
comet
layer,
cryo,
all
the
necessary
rpms
like
open,
vm
agent
for
for
alert
and
vm
tools
for
vmware,
and
that
helps
us
to
avoid
using
os
extensions.
So
that
should
make
initial
setup
and
upgrades
a
bit
faster,
because
all
we
need
to
do
is
just
turn
back
the
us3,
and
once
you
have
the
new
deploy
new
os
3
deployment,
you
would
be
able
to
check
the
versions
of
the
components
using
rpmqa
command.
C
So
that's
very
helpful
to
figure
out
what
versions
have
been
installed
and
most
important
releases
with
extensions.
You
no
longer
need
access
to
fedora
repos.
In
fact
we
disable
them
on
every
upgrade,
so
that
should
make
it
less
rather
more
error.
Prone
48
is
in
so-called
feature
complete
status,
meaning
significant
features
won't
be
added,
but
still
more
fixes
are
landing.
So
please
stay
tuned
file,
box
report,
issues
and
and
general
feedback
would
be
very
appreciated.
B
C
We
could
ask
for
a
copy
of
development
version
of
documentation
which
lists
some
new
features
in
48
like
proxy
protocol
support
in
ingress.
That
might
be
useful
for
those
who
want
to
preserve
the
forwarded,
ips
and
some
more
features
coming
in
parade.
These
would
be
very
useful
to
test
early
and
report
feedback
bootstrap
in
place.
That
one
is
a
tricky
beast,
but
some
early
testing
would
be
very
appreciated.
B
And
so
next
thing
I
wanted
to
do
is
I
wanted
to
sort
of
highlight
the
discussion
section
of
the
repo
which
has
gotten
a
little
bit
of
activity
lately
and
wanted
to
sort
of
go
through
these
to
see
if
there's
anything
outstanding
or
just
to
bring
it
to
people's
attention.
So
one
of
the
first
ones
that
came
in
was
the
suggestion
to
have
exact
links
to
the
fedora
core
os,
there's
nothing
that
I
know
of
right
now.
Actually,
my
script,
the
my
oct
cool
tools.
C
A
B
B
C
And
we
have
various
approaches
to
the
same
problem
because
well
the
use
cases
might
be
very
different.
Some
want
backups
on
requests,
so
maybe
a
text
on
task
would
be
easier
for
that.
Someone
to
persistent
snapshots,
so
an
operator
is
probably
the
best
pick
here.
I
think
various
approaches
having
some
code
scripted
for
a
start
would
be
great
and
then
we'll
see
which,
which
one
is
more
widely
adopted
and
wins
effectively.
D
No
something
like
that
dude
yeah
yeah,
some
crunch
up
that
at
least
would
be
sufficient.
I
think
for
the
most
critical
backups
once
a
day,
or
I
think
I
think
I
remember
that
we
have
to
call
a
backup
script
that
is
always
present
on
the
notes
to
do
a
ptcd
backup
and
such
a
cronjob
simply
could
call
that
script
regularly
and
yeah,
maybe
copy
that
away
to
external
location
that
you
can
define
by
changing
the
current
shop
scripts
like
that.
C
C
B
Let's
see
if
we
can
round
up
some
folks
there's
a
lot
of
ideas
floating
around
it'd
be
good
to
sort
of
get
a
concerted
effort,
maybe
get
a
repo
together,
I'm
happy
to
contribute
to
the
tech
town
aspect
of
it
and
I
think
it
would
it'd
be
cool
if
a
couple
folks
from
the
group
got
together
and
created
a
little
subgroup
to
come
up
with
something
all
right.
Next
one
is
transition
to
c
groups
v2.
B
C
A
A
E
C
A
A
F
Biggest
thing,
the
biggest
thing
for
me
from
a
v2
perspective
is
you:
can
trivially,
tie
resources
to
a
process
and
be
able
to
track
that
through
its
children,
because
the
groups
aren't
based
on
this
concept
of
controllers
of
different
types
of
resources,
they're
based
on
where
you're
instantiating
a
scope
for
a
process.
So
control
groups
are
actually
singularly
grouped
in
v2,
whereas
they're
multiply
grouped
in
v1,
and
that
makes
it
a
lot
harder
to
track
and
make
sure
that
things
are
actually
being
allocated
correctly
and
tracked.
F
And
that's
why
a
lot
of
things
like
umd,
psi,
tracking
and
stuff,
like
that?
They
all
depend
on
v2,
because
you
can
connect
all
the
resources.
You're
you're,
allocating
to
the
process
in
question
that
you're
trying
to
instantiate.
So
in
this
case
with
a
container
that'll,
instantiate,
a
scope
and
a
slice
and
a
and
a
resource,
you
can
tile
those
resources
directly
to
that
and
make
it
the
distinct
owner
of
those
resources.
B
C
Now
I
think,
starting
with
the
discussion,
is
a
good
idea.
Well,
two
starting
points
are
equally
fair
because
we
don't
know
if
it's
an
issue
in
oakley
initially
or
it's
just
here-
I
I
might
have
typoed
or
using
an
old
julie,
so
it
might
have
been
fixed.
The
we
can
anyway
convert
any
discussion.
Should
you
into
this
discussion,
so
that's
interchangeable.
C
B
C
It's
a
common
problem
in
for
seven,
including
a
recipe
where
folks
don't
know
what
they
want.
They
have
a
vsphere
platform,
but
they're
not
sure
if
they
would
be
using
machine
api
or
they
would
be
using
storage,
they
might
switch
to
csi,
which
doesn't
use
entry
drivers,
so
the
credentials
might
or
might
not
be
valid
and
the
installation
we
pass.
C
B
C
C
All
we
need
to
do
is
just
pull
one
podman
container
and
that's
a
basic
case
where
which,
for
the
request
ensures
so
once
we
can
control
the
whole
configuration
and
roll
back
the
nft
change.
If
we
have
a
good
reason
to
do
that,
but
I'm
thinking,
even
if
we
hit
issues
these
would
be
reported
to
the
sdn
team
and
they
should
be
fixing
it
because
eventually
nft
would
be
default
in
rail
if
it's
not
yet.
A
A
E
A
D
B
B
B
We
have
that
in
the
big
banner
on
the
website,
but
we
don't
actually
explain
what
is
community
supported
and
compute
community
driven
and
there's
two
reasons
that
this
is
important.
I
think
number
one
it's
unfair
and
to
the
people
who
are
red
hat
employees
who
are
providing
their
time
to
help
out
and
probably
wears
on
them
I'd.
Imagine
that
it
sort
of
stresses
them
out.
B
The
other
thing
is
that,
if
more,
if,
if
one
person
gets
tagged
and
one
person
is
the
target
for
it,
then
the
community
can't
help,
because
we
know
we've
got
our
institutional
knowledge
and
memory
and
whatever
to
help
on
these
issues,
and
also
we
don't
learn,
because
if
we're
not
privy
to
these
discussions
or
we're
sort
of
boxed
out
of
them,
then
the
rest
of
us
can't
learn
about
these
particular
things.
So
there's
there's
multiple
advantages
to
this.
So
we
talked
about
this
at
the
doc
groups.
B
Meeting
doc's
group
meeting
last
tuesday
and
we'll
be
talking
about
it
at
the
next
meeting.
If
anyone
can
join
us
at
the
doc's
meeting
to
chip
in
on
this
coming
up
with
a
couple
sentences
that
we
can
put
somewhere,
then
that
would
be
yeah
bruce
says
reference
the
goose
that
laid
the
golden
egg
fable.
E
Sorry
would
it
be
worth
putting
in
you
know
to
the
slack
channel.
Occasionally
you
know
a
boilerplate
message
indicating
that
you
know
this
is
community
supported.
You
know,
along
with
the
working
group
email,
you
know
saying
that
this
is
not
vadim
supported.
I
mean
not
specifically
saying
vadim,
but
you
know
the
idea
is
that
community
members
are
helping.
It's
not
just
one
person
it
just.
You
know
once
a
week
put
something
out
there
or
whatever,
so
people
get
the
hint.
I
mean
I'm
trying
to
help
people.
B
B
And
we
can
always
link
to
that
website.
What's
the
website,
that's
like
how
to
ask
questions,
there's
like
an
actual
url,
where
someone
set
up
a
site
that,
like
you,
go
to,
and
it's
actually
like.
How
do
you
ask
questions
for
support
and
for
for
for
troubleshooting
and
whatnot
john?
Did
I
hear
you
say
start
something.
E
Yeah,
I
have
a
I
have
a
delay
here,
so
I
think
you're
done,
and
I
start
talking
or
whatever
I
thought.
One
of
the
what
vaneem
said
earlier
is
doing
something
you
know
how
to
debug.
You
know
looking
at
you
know
when
you
get
that
huge
log
bundle,
you
know,
how
do
you
analyze
it?
I
think
something
like
that
would
be
great
to
send
us
a
go.
Go
look
at
this
youtube,
video
or
something
to
give
you.
You
know
the
basics.
Is
you
know?
How
do
you
get
the
log
stack?
E
You
know,
how
do
you
do
a
basic
analysis
of
it?
What
are
the
things
in
it
that
are
important
and
that
might
help
yeah
and
it
might
help
people
who
are
who
want
to
help
too,
because
some
of
that
stuff
in
there
is
very
esoteric
and
sometimes
you
just
have
to
stumble
across
it.
So
I
know
I'm
not
trying
to
put
more
work
on
vanim,
though,
but
that
might
be
well.
E
C
G
G
B
H
C
I
think
I
think
we
should
start
with
a
youtube
video,
because
it's
easier
and
I'm
not
sure
which
parts
of
the
process
should
we
focus
on,
for
instance,
there's
a
bunch
of
code
which
generates
certificates.
I
have
no
idea
how
it
works.
I
can
barely
handle
the
open,
ssl
cli,
so
I
probably
would
rather
discuss
the
versions
and
the
bootstrap
process,
but
this
thing
also
needs
to
be
covered
in
some
kind
of
a
blog
post
and
so
on.
C
C
C
E
B
Yeah,
I
think
that
that
would
be,
I
think,
john's
making.
A
good
point
was
really
if
we
could
just
get
some
pointers
from
you,
like
just
a
template
of
of
items
that
you
think
would
be
important
to
hit.
The
group
can
handle
john
himself,
who
can
do
the
video
anyone
else?
Can
chip
in
and
same
with
documentation.
We
don't
want
to
add
more
work
to
you,
but
you're,
the
one
who
handles
the
majority
of
the
tickets
and
also
knows
the
in
innards
best
of
anyone
in
the
group.
F
D
B
Well,
folks
should
feel
free
to
chip
in
so
vadim
can
get
us
something
within,
let's
say
within
the
next
month
right.
We
don't
want
to
put
too
much
on
his
plate,
but
if
vadim
gets
us
a
template,
then
folks
from
the
group
will
all
sort
of
divvy
up
the
tasks
of
getting
it
into
the
various
formats
coming
up
with
something
in
the
various
formats
blog
whatever
and
the
docs
group
I'll
mention
this
at
the
docs
group,
because
there's
some
people
going
to
the
docs
meeting
that
aren't
coming
to
this
and
vice
versa.
B
So
all
right
anything
else
on
this
topic
is
there
anything
else
that
we
can
do
that
folks
can
think
of
to
make
it
to
clarify
what
the
model
is.
The
support
model
is:
is
there
anything
else
we
can
do
other
than
providing
this
documentation
and
putting
some
boilerplate
language
into
various
places,
though,
where
we
have
a
presence
anything
else.
C
That
shouldn't
well
happen.
The
internal
knowledge
is,
of
course,
a
huge
source,
but
it's
not
being
used
in
every
single
report.
Most
issues
are
very
trivial
and
I
think,
like
three
or
four
of
our
architects
are
in
openshift
dev,
so
you
can
think
I
can
name
drop
later,
but
I
don't
think
they
would
like
it.
D
C
C
D
I
remember,
as
we
were
searching
for
jon
vadim
and
I
was
searching,
were
searching
for
an
ovn
kubernetes
problem
and,
finally,
I
think
vadim
got
us
the
first
first
steps
and
john
and
me
were
searching
through
the
community
and
finally,
I
think
the
guys
at
john.
Do
you
remember
at
the
network
manager?
D
D
C
E
And
it
may
be
that
there
are
bugs
that
you
know
you
know
like
we
did.
We
created
that
sort
of
private
slack
group
or
whatever
with
the
three
of
us,
but
there
may
be
issues
that
you
know
we
can
get
if
we
need
to
get
three
or
four
people
in
where
it's
easier
to
have
a
discussion
in
that
private
channel.
You
know
versus
the
open
discussion,
then
publish
the
the
findings
afterwards,
because
sometimes
you
get
chime
in
after
chime
in
after
time
and
and
it
gets
distracting.
C
C
B
B
B
C
C
H
E
C
C
The
problem
is
sharing
the
results.
The
log
bundle
is
built
in
a
similar
way,
but
some
information
might
be
considered
sensitive.
Let's
put
it
like
this,
I
don't
think
host
names
are
sensitive,
some
folks
thinks
they
are
and
we
need
some
way
how
to
have
them
replaced
with
some
fake
names,
but
still
make
sense.
In
the
end,
that's.
C
C
That
would
be
very
welcome
because
the
log
bundles
are
expected
to
not
have
all
the
sensitive
information,
and
the
same
applies
to
must
gather,
but
in
order
to
identify
all
the
issues
they
effectively
have
to
also
read
data
from
user
name
spaces
so
that
we
could
understand.
Maybe
it's
a
pdb
blocking
the
upgrade
or
something.
B
I
don't
want
to
spend
too
much
time
on
this,
because
we've
only
got
14
minutes
left
and
we've.
We
actually
had
a
larger
discussion
a
couple
months
ago
about
this
that
took
up
a
significant
amount
of
time,
let's
regroup
on
this
at
the
next
meeting,
but
maybe
if
we
came
up
with
a
list
of
things
that
people
do
feel
are
concerning
items
from
the
logs
that
are
concerning.
If
we
generated
a
list
and
then
said
okay,
how
could
we
tackle
this?
Can
we
tackle
this?
B
Actually,
we
could
do
it
in
there
in
the
discussions
just
generate
a
list
of
things
that
we
think
could
be
viewed
as
problematic
and
again
we're
just
we're
having
to
put
ourselves
in
other
people's
place
and
and
what
they
would
think
would
be
problematic
in
that
and
then
from
there
at
the
next
meeting
or
future
meeting
discuss
ways
in
which
we
could
ally
those
concerns.
A
little
bit.
Does
that
sound
good.
B
A
A
Apart
from
that,
I
think
we've
already
discussed
c
group
d2,
which
is
one
thing:
the
move
to
nfg,
which
is
second
one.
The
account
me
changes
are
coming
later
in
august,
just
a
reminder
for
folks,
starting
from
the
releases
in
august.
So
maybe
not
the
releases
you
know
in
august,
but
a
little
bit
later
defaults.
A
The
the
default
will
be
on
fedora
cores
that
you
will
send
account
me
requests
to
the
fedora
servers,
so
essentially
it's
a
very
privacy
friendly
way
of
counting
the
number
of
federal
cross,
node
leavings
running
on
the
planet
and
for
us
to
have
some
kind
of
statistics,
of
how
many
peoples
are
running
federal
courts
and
yeah.
So
this
one
is
coming
around
august
and
there's
already
instructions.
There's
a
magazine
article
coming
up
like
probably
next
week
or
this
week
or
next
week,
to
explain
how
to
disable
that.
B
A
A
I
would
say
so.
Maybe
maybe
I'm
wrong
here,
but
I
think
okd
should
not
be
impacted
by
that.
So
the
the
issue
in
general
is
that
if
you
start
from
a
very
old
federacy
node
and
you
update,
you
try
to
update
to
a
fresher
version,
you'll
get
issues
because
you
won't
get.
You
won't
have
the
signing
keys
to
verify
that
the
latest
version
is
actually
a
valid
one,
because
you're
in
a
very
old
node
and
potentially
you're
out
you
you're
way
out.
A
You
don't
have
the
latest
keys
to
verify
that,
because
on
federacrs
we
well
in
general,
we
only
ship
the
next
two
releases
keys
in
in
in
an
image.
So
if
you're,
starting
on
fedora
30
for
example-
and
you
want
to
upgrade
to
fedora
35-
then
you
won't
have
the
key
for
federal
certified,
but
that
should
not
be
an
issue
as
far
as
I
know
on
the
kitty,
because,
honestly
you,
the
updates
happen.
A
They
are
at
the
mco
so
and,
and
the
machine
is
content,
you
beat
it
on
the
cluster
and
there's
no
it's
it's.
It's
not
it's
not
pulling
any
content
from
a
from
a
sign
or
repo.
So
it's
it's
not
exactly
updating
the
same
way
that
we
update
the
classic
federal
course
notes.
So
yeah
I
made
I'm
not
100
sure
so,
maybe
about
him.
You
could
confirm
that,
but
yeah.
C
C
As
for
upgrades
right,
we
don't
use
native
core
os
mechanism,
we
upgrade
from
one
major
version
to
the
other,
so
it
may
not
even
span
fedora
releases
at
all,
but
in
the
worst
case
scenarios
fedora
is
33
to
34
and
we
can
also
pull
out
the
edge
to
prevent
that
upgrade
from
happening.
If
we
find
some
issues
with
that
so
yeah,
I
don't
think
that
would
affect
us.
B
I
just
wanted
to
bring
that
up
in
case
it
did,
and
at
least
we're
aware
of
that,
which
I
think
is
a
significant
change,
because
there
are
people
going
between
both
groups
and
sort
of
playing
with
fcos
and
playing
with
okd.
At
the
same
time,
in
the
last
few
minutes
we
have
seven
minutes
left.
I
want
to
talk
about
the
kubecon
office
hour.
What
did
we
learn
from
that
in
terms
of
our
audience
in
terms
of
our
our
ability
to
communicate
our
ideas,
our
ability
to
answer
questions?
B
D
B
C
E
C
Yeah
I
was
following
the
twitch
chat
and
apparently
had
copies
from
everywhere,
like
at
least
from
youtube,
but
following
the
moderator
was
apparently
a
better
idea,
because
they
know
how
to
like
switch
topics
and
slowly
move
from
one
topic
to
the
other.
So
you
wouldn't
have
a
whole
mess
of
different
chats.
C
My
impression
that
was
that
it
was
great
except
when
folks
started
with,
what's
coming
in
four
eight
and
four
nine,
which
are
very
technical
issues.
We
shouldn't
have
to
answer
them,
but
we
should
have
a
prepared
answer
like
here
is
where
we
post
the
release.
Notes
here
are
the
links
to
our
workgroup
meetings
and
so
on.
C
What
I
think
I
would
add,
some
more
discussions
about
that.
It's
in
not
just
a
free
version
of
ocp,
which
is
not
true,
but
it's
rather
a
community
version
where
you
can
affect
every
single
detail
of
your
okd
cluster
folks
who
are
asking
why
you're
not
starting
with
railcar
os.
That's
exactly
the
reason,
because
the
community
cannot
contribute
to
it
directly.
They
would
have
to
go
all
the
way
from
upstream
to
fedora
to
rail,
and
that
shows
the
value
like.
C
C
C
C
C
B
I
thought
one
thing
is
that
we'll
have
to
find
this
is
assuming
that
it
moves
forward.
Diane
was
saying
that
if,
if
it
went
well
that
we
had
the
chance
of
doing
like
a
bi-weekly,
I
think
that
would
be
fantastic.
I
haven't
heard
back.
If
that's
the
case,
one
thing
I
think
we
would
want
to
do
is
find
what's
the
right
level
of
support
to
provide
in
these
office
hours.
How
are
we
going
to
start
looking
at
people's
logs?
B
I
we
got
a
question
along
those
lines
of
like
here's,
a
big
log
error.
Are
we
going
to
start
looking
at
that
or
at
when
you
know
we'll
have
to
figure
out?
What's
the
threshold
low
and
high
for
saying,
okay,
this
needs
to
happen
offline
from
the
show,
because
otherwise
it
would
take
up.
You
know
a
significant
amount
of
time
on
this
one
particular
issue
and
we
wouldn't
get
to
anyone
else
so
that
that
would
be
my
only
thought.
Anyone
else.
A
I
I
guess
well
I
don't
know
the
weekly
might
be
a
little
bit
too
much
for
for
the
office
hour,
but
certainly
not
up
to
me
to
decide
but
yeah.
We
could
maybe
monthly
or
something
like
that
and
well.
I
I'm
not
sure
office
hours
are
great
for
debugging
session
either,
because
they'll
just
pin
down
a
lot
of
people
for
just
one
issue,
one
specific
issue
so
yeah,
I'm
not
really
in
favor
of
that
but
yeah.
It's
it's
still
open
for
question.
B
B
Your
meeting
oh
good,
meeting
jamie
yeah,
you're
you're,
welcome
and
if
folks
like
this
format,
then
we
can,
you
know
mention
it
to
diane,
I'm
happy
to
facilitate
in
the
future.
I
don't
I
don't
know
what
what's
behind
that,
but
she
might
be
interested
in
letting
me
co-chair
or
whatever
for
we'll
see.
I
don't
know
if
it
has
to
be
a
red
hat
person
or
not,
but
this
was
great
and
we'll
talk
in
two
weeks
and
also
online
and
use
the
discussions
and
don't
forget.