Kubernetes Weekly Community Meeting Notes

May 2, 2019

(No video handy, will post when I have it)

  • Moderators: Lachlan Evenson (SIG-PM, 1.15 release team)

  • Note Taker: Solly Ross (Google / Kubebuilder)

  • [ 0:00 ]** Demo **-- k8dash [Eric Herbrandson (eric@herbrandson.com)] (confirmed)

    • Link to slides
    • Link to repo
    • Alternative k8s dashboard
    • Native OIDC integration (no proxy)
    • Uses watch APIs to update in real-time (no refreshing)
    • Filterable, sortable views for
      • Metrics: Resource usage using websockets API – lots of graphs integrated into other views
      • Pods
      • Workloads (see live rollouts, etc)
      • Storage
      • Secrets (blurred so still easy to copy)
      • RBAC
    • Editing
      • YAML editor
        • Context-aware documentation in YAML editor
        • Can kubectl-apply via UI
      • Scale
      • Delete
    • Views are response (works fine in mobile, nicely resizes to fit)
      • Debug pods on the go!
    • Looking for feedback on:
      • What’s missing for your team?
      • How to promote within the community
    • Questions
      • Q: What’s the difference between k8dash and kubernetes/dashboard
        • A: Real-time updates are the big difference (no refreshes, easy to see live updates)
        • A: OIDC integration
        • A: uses metrics-server for stats, not heapster (which is deprecated)
  • [ 0:00 ]** Release Updates**

    • Current Release Development Cycle [Claire Laurence - Release Manager]
    • V1.15.0-alpha.2
      • Week 4 of release cycle (past/current week)
        • 2nd alpha release (Monday)
        • Enhancements freeze was Tuesday
          • 43 enhancements for 1.15 before freeze
          • 35 enhancements for 1.15 after (including 5 approved exceptions)
      • Week 5 (upcoming week)
        • 1.11.0 jobs removed (May 7)
        • 3rd alpha (May 7th)
    • Patch Release Updates
      • v1.14.2 tentative 5/14
      • v1.13.6 coming 5/8
      • v1.12.8 released 4/24
      • v1.11.10 released 5/1 - this was the final 1.11 patch release
  • [ 0:00 ] KEP of the Week [Kubernetes Enhancement Proposals]

    • Add revised IPv4/IPv6 dual stack KEP - [Provisional seeking implementable]
    • follow up #k8s-dual-stack on slack or k8s discuss
    • Motivation: enable dual stack support in kubernetes – pods with ipv4 and ipv6 support addresses side-by-side
      • IPv6-only has existed for a while in Kubernetes
      • Dual stack is common migration path
    • Multi-release KEP
      • 1.15 target is to get multiple IP addresses on a pod, all nodes to have multiple CIDRs
  • [ 0:00 ] SIG Updates

    • SIG Storage [Saad Ali] (confirmed)
      • [slides here]
      • Kubernetes 1.14
        • Local PVs moved to GA (local-to-node disk as PV, like hostPath but with scheduler support, blog on k8s.io [link here])
        • CSI improvements: moving towards feature parity with in-tree volumes
          • [beta] Raw block volumes (block device in container instead of FS)
          • [beta] topology (support for expressing that volume is only available to certain nodes for scheduling)
          • [alpha] resizing (request more size on volume)
        • [alpha] in-tree → CSI migration (adapters to point in-tree plugins to CSI so we can remove third-party code without breaking users)
        • Pluggable e2e test framework to make writing tests for all volume plugins easier (lots of volume plugins were untested because tests were very specific)
      • Kubernetes 1.15
        • [beta] in-tree → CSI migration (may end up staying alpha)
        • CSI features
          • [beta] resizing (may end up staying alpha depending on KEP)
          • [alpha] ephemeral inline volumes (better support for local, ephemeral volumes like secrets or configmaps in CSI without needing to create a PVC first, inline in pod definition instead)
          • Volume capacity and usage metrics (exists for in-tree volumes, need support for CSI)
        • Snapshots
          • CSI-only feature
          • [alpha] pause/resume hooks for application-level consistency (instead of just crash consistency)
          • [in design] volume consistency groups – multi-volume snapshots
        • [alpha] Cloning (immediately duplicate volume copy-on-write style if supported by plugin)
        • [redesign] volume attach limits (most storage systems have limits about how many volumes can be attached to a node, scheduler needs to be aware of this, needs improvement for CSI)
      • Come learn/participate
    • SIG Docs [Zach Corleissen/Jennifer Rondeau] (confirmed)
      • [slides here]
      • Last cycle
        • 1.14 docs :slight_smile:
        • New meta-documentation on docs release lead
        • +6-7 more localizations
          • Starting more meta-documentation on localization
          • Lots of good fixes to english docs when translation issues are encountered as well
        • More roles, mentoring support – help bring new folks on and get them contributing faster/more easily
        • WG-ish group about how to organize security content in docs (talk to @zparnold)
          • Get involved: #sig-docs-security
        • Figuring out subdomain-hosting for subprojects (e.g. kind.k8s.io)
        • Getting more tech writers for pain points in the docs (e.g. “pick the right solution”)
      • Upcoming plans
        • Mentorship – path to approver, new contributor ambassador
          • Better path for first issue → merged PRs
        • 1.15 docs :slight_smile:
        • Better issue triage
      • Upcoming doc sprints
        • KubeCon EU (not WriteTheDocs, since it conflicts with KubeCon EU)
        • KubeCon Shanghai
        • OpenSource Summit Tokyo
      • Using shadows for leads due to lead visibility (comes with a good pun, see the recording)
      • Kubernetes Blog is officially subproject of SIG Docs
      • How to contribute:
  • [ 0:00 ] :mega:Announcements :mega:
    *

    👏 Shoutouts this week (Check in #shoutouts on slack) 👏
    
    • paris - thanks to @deads2k and @soltysh for joining us today for the first meet our contributors session. tons of great answers to API and CLI contributing questions - thanks for being mentors!
    • Soltysh - big thanks to @paris and @castrojo for organizing meet our contributors

May 9, 2019

  • Moderators: Jorge Castro [SIG Contributor Experience]

  • Note Taker: First Last [Company/SIG]

  • [ 0:00 ]** Release Updates (Going first this week)**

    • Current Release Development Cycle [Claire Laurence - Release Manager]
      • Third alpha cut this week
      • Next week will be the first beta
        • 1.15 branch cut
        • 1.15 jobs created
        • 1.11 jobs removed
      • Tracking for 47 enhancements, but we’ll see how that changes closer to code freeze (May 30th?)
        • Alin the next day or two
        • Important for communicationscommunications and blog posts around the 1.15 release
      • SIG leads:
        • Start thinking about different themes for your SIGs
        • If you haven’t heard from SIG Release, you will
      • For those at Kubecon EU
        • Meetup on day 1
    • Patch Release Schedule Updates
      • v1.14.2 coming soon cherry pick merge deadline 5/10 ahead of 5/14 release
      • v1.13.6 released yesterday…5/8
      • v1.12.8 released 4/24, next TBD May?
  • [ 0:00 ]** Demo **-- Stefan Prodan, Flagger (confirmed)

    • Link to slides
    • Link to repositories
    • Overview
      • A kubernetes operator that automates promotion of canary deployments in order to route traffic
      • Goal is to make deployments observable (plugins for slack, pagerduty, etc.)
      • Workflow is driven using git (leveraging reviews before applying changes to infrastructure for example)
      • Grafana dashboard and alerting is included
      • Gracefully promotes or rolls back deployments based on configurable success rates
      • Also supports A/B testing, based on specific HTTP headers or cookies
    • Questions
      • Is the plan to offer this to the K8s community, CNCF, or some other upstream location?
        • open source project under weaveworks
        • plan to submit to CNCF sandbox at some point
        • API is still alpha
  • [ 0:00 ] **Contributor Tip of the Week **[First Last]

  • [ 0:00 ] KEP of the Week [Kubernetes Enhancement Proposals]

    • [Andrew Kutz] - Kubeadm Machine/Structured Output
      • WIP: https://github.com/kubernetes/enhancements/pull/1054
      • Looking for feedback
      • Aiming for alpha in 1.16
      • Looking to add structured output to kubeadm for better tooling/integration.
        • Need to be able to parse in deterministic way.
      • support json, yaml, and go-templates
      • Will be updating the KEP to emit versioned objects
      • Looking to promote to beta in 1.17 if people are happy with it
  • [ 0:00 ] SIG Updates

    • SIG Leads, check out this set of recommended topics to cover during your update
    • Slide template if you need it
    • Please also check the SIG Update Schedule!
    • SIG AWS [Nishi Davidson/Justin Santa Barbara] (confirmed)
    • SIG Contributor Experience [Paris Pittman] (confirmed)
      • SIG Intro session @ KubeCon
      • SIG Deep Dive @ KubeCon
      • new contact: contributors@kubernetes.io
      • building teams:
        • triage team
        • events team
        • marketing team
      • looking for apac coordinator
      • mentoring / succession planning / contributor growth
      • Automation / GitHub Management
        • Improve automation around OWNERS files
        • Audit of inactive owners
        • remove inactive reviewers/approvers from owners
        • Emeritus is for domain exports who may not be active in area, and will be ignored by prow, but can still be referenced if needed.
        • Improved owners file hygiene (only members added to owners files)
        • fejta-bot issue lifecycle automation enabled on all orgs
        • needs-rebase plugin enabled on all orgs
        • trigger plugin adds needs ‘ok-to-test’ label
        • restricted @mentions and other messages in commit messages
        • 30 new repos created from last community update
        • team membership managed through k/org
        • process for adding subproject sites (netlify) in flight
      • slack infra
        • “gitops” for slack management
        • shoutout to @katharine for being awesome
        • report message feature added
      • community site relaunched [link]
      • Community management
        • improving training etc for sig chairs and TLs
        • Assist in bootstrapping and disbanding working groups
      • events
        • Barcelona Contributor Summit
          • Seats still available for New Contributors
      • communication
        • Moderators have more than doubled in size since last update
      • Contributor documentation
        • contributor/developer guide improved
      • Future
        • tie sigs.yaml to everything
        • build more mentoring programs
        • more training
    • SIG Scheduling [Bobby Salamat] (confirmed)
      • SIG Intro session @ KubeCon
      • SIG Deep Dive @ KubeCon
      • last cycle (1.14)
        • improve performance and stability of scheduler
        • 3x performance improvement
          • 100/pods/second in 5000 node clusters
        • pod priority and preemption graduated to stable
        • improve scheduling fairness
          • add back-off mechanism to unschedulable pods
        • fixed a few race conditions
      • future (1.15)
        • improve workload reliability
          • new feature: even pod spreading [link]
            • how many pods / arbitrary failure domain
            • deprecate some inter-pod anti-affinity capabilities in the future
        • improve extensibility of the scheduler
          • pluggable scheduler [link]
          • alpha KEP
        • better pod priority for batch workloads
          • support non-preempting priority for batch workloads
          • goes to head of queue
        • supporting Lt / Gt operators for affinity
      • How these plans affect you
        • Generally backwards compatible
        • Cluster autoscaler may have issues with new scheduling framework
  • [ 0:00 ] :mega:Announcements :mega:

  • dims - @Damini Satya @jimangel @zparnold @sbezverk @jrondeau Congrats on your Google Open Source Peer Bonus win for your work on Kubernetes! https://opensource.googleblog.com/2019/04/google-open-source-peer-bonus-winners.html

  • gsaenger - Shoutout and :sparkles: to @soltysh for the most amazing codebase walkthrough to get me ready to share with new contributors at KubeCon! Thank you so much, I learned a lot!

  • JeremyWx - Big shoutout to @atuvenie for helping me with an aks-engine problem! After banging my head on my desk for most of the week she pointed out I was using an version with a bug. My head and my desk, thank you very much!!

Sorry this one is late, KubeCon had me busy!

May 16, 2019

  • Moderators: Dawn Foster [SIG Contributor Experience/Pivotal]

  • Note Taker: Jorge Castro [SIG Contributor Experience/VMware]

  • [ 0:00 ]** Demo **-- Metal3: Bare metal host management for Kubernetes backed by OpenStack Ironic [Chris Hoge, chris@openstack.org] (confirmed)

    • Link to video - (time lapsed as it’s on real bare metal)
    • Metal3 Repo - pronounced “metal kubed”
    • Ironic controlling the infra, small set of services, running in podman in this example, but can run in k8s.
  • [ 0:00 ]** Release Updates**

    • Current Release Development Cycle [Claire Laurence - Release Manager]
    • 1.15 - No change at # of enhancements being tracker, 46. 23 alpha, 19 beta, 4 stable.
    • We cut the 1.15 branch and first 1.15 beta.
    • 1.15 jobs created, 1.11 jobs removed
    • For next week:
      • F2F session during the contributor summit
      • No major milestones
      • Burndown starts May .28
      • Patch Release Updates
        • None this week
  • [ 0:00 ] **Contributor Tip of the Week **[Nikhita Raghunath or Christoph Blecker]

    • A reminder to set your GitHub status to “Busy” only if you are really busy, since this will now prevent automatic PR review requests. Please take care in how you use your busy status to avoid overloading other reviewers. See thread for details.
  • [ 0:00 ] KEP of the Week [Kubernetes Enhancement Proposals]

    • Even Pods Spreading - [Implementable] - SIG Scheduling, Bobby (Babak) Salamat (@bsalamat)
      • Allow users to specify what topology domain a pod can be spread over.
      • Spread a pod “Among zones, or among nodes” or any arbitrary thing.
      • Interpod-anti-affinity works, but limited to only 1 pod per topology domain.
      • This allows you to spread as many pods as you want across all your topology domains.
      • API bandwidth is a problem, this feature is at risk for this release.
        • Jordan Liggitt has gone above and beyond trying to help fix this problem.
        • API review is complex, takes people a long time to become a competent API reviewer.
  • [ 0:00 ] SIG Updates

  • [ 0:00 ] :mega:Announcements :mega:

    • SIG Meet and Greet and Contributor Summit Update - Paris PIttman

      **#:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:

  • mrbobbytables: shoutout to @claudiajkang, @Felipe, and @irvifa for localizing the contributor cheatsheet to Korean, Portuguese and Bahasa Indonesian, and @rui for organizing the effort!

  • gsaenger: Shoutout to @jonasrosland for tireless slide edit magic

  • Bentheelder: shoutout to @mrbobbytables for driving home the subproject site hosting process, it’s almost done document all the things!!

  • Jonasrosland: HUGE SHOUTOUT to @paris @Dawn Foster @castrojo @Deb Giles @ihor.dvoretskyi @coderanger @mrbobbytables for an amazing job planning out the Kubernetes Contributor Summit in Barcelona these past months!

  • Jonasrosland: And an enormous shoutout to @tpepper and @gsaenger for updating and taking on the role of workshop leads for Kubernetes Contributor Summit BCN!

May 30, 2019

  • Moderators: Paris Pittman [SIG Contributor Experience/Google]
  • Note Taker: [your name here]
  • [ 0:00 ]** Demo **-No Demo this week!!
  • [ 0:00 ] **Contributor Tip of the Week **
    • SIGs are doing live bug scrubs, review how tos, and more - just ask!
      • API Machinery is Friday! Join their mailing list to get the invite
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Claire Laurence - Release Manager]
      • Only 29 folks have responded about docs! Get those docs PRs in!!
      • Starting daily burn downs next week
      • 1.15 retro doc - talk about timelines/deadlines/opinions there
  • [ 0:00 ] SIG Updates
    * SIG Leads, check out this set of recommended topics to cover during your update
    * Slide template if you need it
    * Please also check the SIG Update Schedule!
    * Service Catalog (Jonathan B, confirmed)
    * Moving to kubernetes-sigs from incubator
    * Team re-org
    * Supporting api server version 9 months
    * Rewriting docs; has a doc website but most is outdated at this point
    * New folks from SAP participating; looking for new contributors and a new chair - get in contact with Jonathan (current chair)
    * IBM Cloud (Sahdev, confirmed)
    * Slides
  • [ 0:00 ] :mega:Announcements :mega:
    • The Shanghai Contributor Summit Committee is looking for experienced contributors and SIG Leads to lead sessions for the current contributor track. If you might be available for this, please contact @jberkus or @puja on Slack, or email jberkus@redhat.com.
    • Meet Our Contributors is next Wednesday!!
      • On demand mentoring from another contributor
      • Watch past episodes here
      • Yes - you can ask for a live code review (we need advance notice)
      • Yes - you can ask for a code base tour (we need advance notice)
      • Join #meet-our-contributors to ask questions and find out more
    • **#:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:
    • hhorl shoutout to:
      • @tpepper for consistently being a great context-giver, helper, recruiter, describer, mentor,
      • @sumi for publishing our packages, especially on not-so-convenient occasions
      • @Katharine for jumping in, figuring out, and fixing our testgrid (or testgrid config or something else – still not sure what the exact problem was :wink:) issue
    • **Bentheelder Shout-out to **
      • @aojea @Olav @pbnj (and anyone I missed!) for helping answer lots of questions in #kind. I especially appreciate it now while we have an influx of new members and I’m jetlagged out after KubeCon. Thank you all :slightly_smiling_face:
    • **bentheelder shout-out to **
      • @paris @tpepper for organizing and @castrojo for hosting the Networking + Mentoring sessions at KubeCon, really awesome experience :slightly_smiling_face:
    • **gsaenger huge thanks for **
      • @Deb Giles for making the contributor summit run smooth like butter, especially given some unique challenges with the location!
    • Parispittman shout out to:
      • Diversity Lunch participants, leads
      • Mentoring Session participants, leads

June 6, 2019

  • Moderators: Vallery Lancy [Lyft]
  • Note Taker: Jorge Castro [VMware]
  • [ 0:00 ]** Demo **-- KubeOne Lifecycle management tool for Kubernetes HA clusters - [Marko] marko@loodse.com] (confirmed)
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Claire Laurence - Release Manager]
      • Doc PRs merged on tuesday
      • Cut our first beta yesterday, June 13 cherry pick deadline,
      • Release is on for June 17
      • Current release status is yellow due to some issues (3)
      • SIGs, please give the release team your release themes if you have not done so already
      • Lachlan Evenson will be your 1.16 release lead.
    • 1.13.7 and 1.14.3 releases coming today (June 6)
  • [ 0:00 ] SIG Updates
  • [ 0:00 ] :mega:Announcements :mega:
    • Announcement Foo #1

      **:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:

    • Stefan Schimanski - shoutout to @liggitt (Jordan Liggitt) for having done insanely many reviews—again and again, in super high quality—this release cycle for CRD+webhook-admission related topics.

    • Andrew Sy-Kim - Big shoutout to @khenidak (Khaled Henidak) for driving the IPv6 dual stack effort! Some great progress made there this release!

    • Tim Pepper - Shoutout to @msau42 (Michelle Au) …pretty much every time over the past year I’ve gone to look at a release blocking test failing on storage, @msau42’s a couple hours ahead of me, has the issue triaged and line of site on potential fix if not fix already in test. Way to represent SIG Storage!!

    • @stealthybox (Leigh Capili) and @vincepri (Vince Prignano) props to @Leah (Leah Hanson) for taking stellar notes at lightning speed for Cluster Lifecycle and cluster-api meetings
    • @vllry (Vallery Lancey) - Thanks to all the contribex folks for all their onboarding/growth resources. and just keeping things running :heart:

June 13, 2019

June 20, 2019 - Release Retrospective for 1.15

July 11, 2019

:clap: Shoutouts this week (Check in #shoutouts on slack) :clap:

  • @bentheelder (Benjamin Elder): Shoutout again to @aojea (Antonio Ojea), thanks to his work we finally have CI passing all conformance tests with an IPv6 #kind cluster!

July 18, 2019

  • Moderators: Jeffrey Sica [SIG UI/ContribEx]
  • Note Taker: Bob Killen / Chris Short - Contribex
  • [ 0:00 ]** Demo **-- Cluster API Docker Provider - Chuck Ha (chuckh@vmware.com)
    • GitHub: https://github.com/kubernetes-sigs/cluster-api-provider-docker
    • Cluster API has been built extensible enough to be able to provide a generic interface for multiple providers.
    • A bootstrap or management cluster is required to host the CRDs and configs for the desired clusters.
    • Docker provider backend was built for fast local testing.
    • cli-tool - capdctl
      • Uses KinD as a backend.
      • Strips out some cloud service bits that aren’t necessary from clusterctl
    • Only requirement is an “external” load balancer.
    • Can modify clusters after initial provisioning.
    • Provisioned clusters pass standard conformance tests.
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Jeffrey Sica - Release Manager Shadow]
      • 7/16 - 1.16.0-alpha.1
      • 7/30 - Enhancements freeze
    • Patch Release Updates
      • 7/18 - 1.15.1
  • [ 0:00 ] **Contributor Tip of the Week **[???]
    • ???
  • [ 0:00 ] KEP of the Week [Kubernetes Enhancement Proposals]
    • [Link to KEP or PR] - [Status] - where to follow up discussion
  • [ 0:00 ] SIG Updates
    • SIG Leads, check out this set of recommended topics to cover during your update
    • Slide template if you need it
    • Please also check the SIG Update Schedule!
    • SIG Azure [ Stephen Augustus ] (Confirmed)
      • Slides
      • Aiming to move out of tree by the 1.18 release.
      • Last Cycle
        • Improving testing for out-of-tree cluster providers
        • New SIG Azure Chair - Craig Peters
      • Upcoming Cycle (1.16):
        • continue working on moving azure cloud provider out of tree
        • move Azure availability zones to GA
        • move Azure Cross-resource group nodes to GA
        • Cluster API Azure
          • VMSS integration
          • Better AZ Support
          • Work on v1alpha2 implementation
        • Complete Administrative work related to SIG Cloud Provider consolidation.
      • Looking for help/contributors for out-of-tree Azure provider
    • SIG Release [ Tim Pepper ] (Confirmed) slides
      • Last Cycle
        • Improved Shadow process
        • Made improvements to documentation and automation
        • “test-infra” role has been automated completely
        • New release notes website.
        • Last scalability issues in 1.15 release almost derailed release, but only caused a slight delay.
          *
        • Patch release team has been grown and documentation improved
        • Release Engineering subproject has been kicked off.
      • Upcoming Cycle (1.16)
        • Release Engineering Subproject along with the WG-K8s-infra group
        • Release Team
          • refine release blocking criteria
          • improve testgrid blocking/informing dashboards
          • branch management role shifting to “release manager” team
          • work closer with sig-scalability
      • Things needed from community
        • Ongoing attention to CI Signal
          • deflake tests
          • make sure tests are owned and get notified of failures.
          • Keep tests green.
      • Licensing subproject:
        • looking for more contributors (reach out ot nikhita)
      • Release Team:
        • Big shoutout to Josh Berkus as emeritus lead and keeping things going.
      • Release Managers / Release Engineering subproject:
      • Related Working Group Status
        • WG LTS
          • Improve conformance
          • Move more APIs to stable
  • [ 0:00 ] :mega:Announcements :mega:
    • ???
    • **:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:

July 23, 2019

  • Moderators: Jorge Castro [SIG Contributor Experience]
  • Note Taker: Josh Berkus [RH/Release]
  • [ 0:00 ]** Demo **-- Conftest - (7/25) using Open Policy Agent to write unit tests for Kubernetes configs - [gareth@morethanseven.net] (confirmed)
    • Link to slides
    • https://github.com/instrumenta/conftest
    • Lots of us have written bad kubernetes configs – it would be good to validate them before deployment.
    • Write policies for Open Policy Agent using Rego, OPA’s DSL
    • Then point it at a config file and it will unit test it
    • Can also validate arbitrary JSON docs (YAML, etc.)
    • Did several demos, including validating a MySQL Helm chart
    • #conftest channel on slack.openpolicyagent.org
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Guinevere Saenger - Release Manager Shadow]
      • Enhancements Freeze Tuesday July 30th.
      • We will also release Alpha 2 that day
    • Patch Release Updates
      • none this week
  • [ 0:00 ] SIG Updates
    • SIG Leads, check out this set of recommended topics to cover during your update
    • Slide template if you need it
    • Please also check the SIG Update Schedule!
    • SIG Testing [Aaron Crickenberger] (confirmed)
      • Slides
      • SIG-testing creates infrastructure, they dont’ write the tests.
      • Subprojects:
        • KIND (kubernetes-in-docker)
          • Now has support for IPv6
          • Only deployment of Kube currently passing* Conformance
          • Much faster than it used to be
          • Looking ahead to “road to 1.0”
          • Going to remain focused on core feature set
          • Need contributors!
          • Would like to support more runtimes
          • Also want to support more E2E tests
        • Prow (github automation)
          • New plugin: Nikita added auto-milestone-add for PRs (would be nice to backfill for this, anyone want to write it?)
          • Spyglass shows the Prow job results, you can now link to specific log lines for failed jobs.
          • Prow now works with Bugzilla and Gerrit
          • Beta support for Tekton pipelines (as well as existing support for Podspecs and Build CRDs)
          • is now an active project that is distinct from Kubernetes, needs a roadmap (help wanted)
          • Several KEPs in progress
          • We also need unit testing for Prow (help wanted)
        • Test-Infra
          • go test bench creates junit test results
          • working on better local testing of Prow jobs
          • trying to break up Testgrid config file instead of having One File To Rule Them All so that folks can make their own changes
          • need to measure unit test coverage
          • triage tool needs rewriting in go (help wanted)
          • existing python tooling needs to be upgraded to Python3 (help wanted)
        • Testing-Commons (making repeatable testing frameworks)
          • Trying to shrink the body of 40+ Kube test images down to just 1-2
          • Move E2E tests out of tree, maybe migrate to new framework instead of ginko
        • Workgroup: wg-k8s-infra
          • Takes all of SIG-testing stuff and implements it on Google Cloud so that we can actually run testing
        • We are also open sourcing TestGrid! (help wanted)
        • SIG is re-thinking meeting schedule, to accomodate other time zones
        • Have lots of Good First Issues for you to help with
    • [ 0:00 ] :mega:Announcements :mega:
      • Don’t forget about the API deprecations!
      • Protip - book your Kubecon travel if you’re planning to attend. :smiley:
      • SIG instrumentation, SIG Storage, SIG Docs, and the Product Security Committee will be giving their updates next week.
      • Want to help host this meeting? Ping @castrojo, we’re always looking for new people to help run this meeting!
    • **:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:
  • Bentheelder (Benjamin Elder) - Shoutout again to @aojea (Antonio Ojea), thanks to his work we finally have CI passing all conformance tests with an IPv6 #kind cluster!
  • June.yi (June Yi) Shoutout to @seungkyua (Seungkuu Ahn), @ianychoi (Ian Choi), @Jesang (Jesang Myung) and @Seokho (Seokho Son) for encouraging docs localization as an event host, a session speaker or an attendee at the local community event, Open Infrastructure & Cloud Native Days Korea 2019.
  • Detiber (Jason Detiberus): Shoutout to @thockin (Tim Hockin) for helping with troubleshooting and fixing a head scratching permissions issue related to the image promotion process

July 23, 2019

  • Moderators: Jorge Castro [SIG Contributor Experience]
  • Note Taker: Josh Berkus [RH/Release]
  • [ 0:00 ]** Demo **-- Conftest - (7/25) using Open Policy Agent to write unit tests for Kubernetes configs - [gareth@morethanseven.net] (confirmed)
    • Link to slides
    • https://github.com/instrumenta/conftest
    • Lots of us have written bad kubernetes configs – it would be good to validate them before deployment.
    • Write policies for Open Policy Agent using Rego, OPA’s DSL
    • Then point it at a config file and it will unit test it
    • Can also validate arbitrary JSON docs (YAML, etc.)
    • Did several demos, including validating a MySQL Helm chart
    • #conftest channel on slack.openpolicyagent.org
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Guinevere Saenger - Release Manager Shadow]
      • Enhancements Freeze Tuesday July 30th.
      • We will also release Alpha 2 that day
    • Patch Release Updates
      • none this week
  • [ 0:00 ] SIG Updates
    • SIG Leads, check out this set of recommended topics to cover during your update
    • Slide template if you need it
    • Please also check the SIG Update Schedule!
    • SIG Testing [Aaron Crickenberger] (confirmed)
      • Slides
      • SIG-testing creates infrastructure, they dont’ write the tests.
      • Subprojects:
        • KIND (kubernetes-in-docker)
          • Now has support for IPv6
          • Only deployment of Kube currently passing* Conformance
          • Much faster than it used to be
          • Looking ahead to “road to 1.0”
          • Going to remain focused on core feature set
          • Need contributors!
          • Would like to support more runtimes
          • Also want to support more E2E tests
        • Prow (github automation)
          • New plugin: Nikita added auto-milestone-add for PRs (would be nice to backfill for this, anyone want to write it?)
          • Spyglass shows the Prow job results, you can now link to specific log lines for failed jobs.
          • Prow now works with Bugzilla and Gerrit
          • Beta support for Tekton pipelines (as well as existing support for Podspecs and Build CRDs)
          • is now an active project that is distinct from Kubernetes, needs a roadmap (help wanted)
          • Several KEPs in progress
          • We also need unit testing for Prow (help wanted)
        • Test-Infra
          • go test bench creates junit test results
          • working on better local testing of Prow jobs
          • trying to break up Testgrid config file instead of having One File To Rule Them All so that folks can make their own changes
          • need to measure unit test coverage
          • triage tool needs rewriting in go (help wanted)
          • existing python tooling needs to be upgraded to Python3 (help wanted)
        • Testing-Commons (making repeatable testing frameworks)
          • Trying to shrink the body of 40+ Kube test images down to just 1-2
          • Move E2E tests out of tree, maybe migrate to new framework instead of ginko
        • Workgroup: wg-k8s-infra
          • Takes all of SIG-testing stuff and implements it on Google Cloud so that we can actually run testing
        • We are also open sourcing TestGrid! (help wanted)
        • SIG is re-thinking meeting schedule, to accomodate other time zones
        • Have lots of Good First Issues for you to help with
    • [ 0:00 ] :mega:Announcements :mega:
      • Don’t forget about the API deprecations!
      • Protip - book your Kubecon travel if you’re planning to attend. :smiley:
      • SIG instrumentation, SIG Storage, SIG Docs, and the Product Security Committee will be giving their updates next week.
      • Want to help host this meeting? Ping @castrojo, we’re always looking for new people to help run this meeting!
    • **:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:
  • Bentheelder (Benjamin Elder) - Shoutout again to @aojea (Antonio Ojea), thanks to his work we finally have CI passing all conformance tests with an IPv6 #kind cluster!
  • June.yi (June Yi) Shoutout to @seungkyua (Seungkuu Ahn), @ianychoi (Ian Choi), @Jesang (Jesang Myung) and @Seokho (Seokho Son) for encouraging docs localization as an event host, a session speaker or an attendee at the local community event, Open Infrastructure & Cloud Native Days Korea 2019.
  • Detiber (Jason Detiberus): Shoutout to @thockin (Tim Hockin) for helping with troubleshooting and fixing a head scratching permissions issue related to the image promotion process

August 8, 2019

August 15, 2019

August 22, 2019

August 29, 2019

  • Moderators: Dawn Foster [Pivotal/ContribEx]
  • Note Taker: Craig Peters [Microsoft/SIG-x]
    • Subscribe to this thread to get these notes in your inbox
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Lachlan Evenson - Release Manager]
    • 1.16 Upcoming Milestones
      • 8/29 - 1.16 Code Freeze - label your PRs appropriately! The backlog is big and you don’t want to miss the train
      • 9/3 - Docs PRs ready for review - next Tuesday
      • 9/4 - 1.16.0-beta.2
    • Patch Release Updates.
    • Reminder these pending dates are announced on:
  • [ 0:00 ]** Demo **-- Ignite [@luxas] - confirmed
    • Slides
    • Simplified firecracker UX using the GitOps management model
    • Questions
      • Use of Virtual Kubelet vs CRI (easier development and UX), and
      • Difference from kata + kubevirt (full VMs instead of containers)
  • [ 0:00 ] SIG Updates
  • [ 0:00 ] :mega:Announcements :mega:

September 5, 2019

Thanks to @markyjackson for helping on Jenkins credential issue and sharing his thoughts on Jenkins automation

September 12, 2019

bentheelder:fire: - shoutout to @liggitt for reviewing all of the things

1 Like

September 26, 2019

  • Moderators: Tim Pepper [VMware/SIG Release]
  • Note Taker: Lachlan Evenson [Microsoft/SIG PM]
    • Subscribe to this thread to get these notes in your inbox
  • [ 0:01 ] Demo – Octant: A web-based, highly extensible platform for developers to better understand the complexity of Kubernetes cluster [Bryan Liles, @bryanl; Wayne Witzel, @wwitzel3]
    • Web-based, but runs local, using your credentials (simplifies security)
    • Demo application troubleshooting via the Octant UI
      • Web app working
      • Kubectl apply updated app
      • Web app no longer working
      • Use Octact to determine the cause
    • Introduces the concept of “Application” which is a set of consistent labels “app.kubernetes.io/name:httpbin”
    • Visualization of dependency graph between Kubernetes resources. Detects that the Ingress is pointing to an invalid backend
    • Drill down into service via the visualization graph and we notice that are no endpoints.
    • Determine that it’s a bad selector and update and check that the graph is green again.
    • If you’re on a Mac you can install via brew install octant

[ 0:14 ] Release Updates

  • 1.17 Release Development Cycle [Guinevere Saenger - Release Manager]
    • Week 1
    • Shadow selection happening (application deadline yesterday)
    • Please be aware that this is a short release
    • Enhancements freeze 10/15 5pm Pacific
  • Patch Release Updates
    • UPCOMING RELEASE SCHEDULE link
    • Patch Release Cherry-picks deadline Target date
    • 1.16.2 2019-10-11 2019-10-15
    • 1.16.1 2019-09-27 2019-10-02
    • 1.15.5 2019-10-11 2019-10-15
    • 1.14.8 2019-10-11 2019-10-15
    • 1.13.12 2019-10-11 2019-10-15 (final release of 1.13)
    • …as always subject to change for critical-urgent security issues

[ 0:17 ] Contributor Tip of the Week [Bob Killen]

[ 0:19 ] SIG Updates

[ 0:43 ] :mega:Announcements :mega:

1 Like

October 3, 2019

  • Moderators: Jonas Rosland [VMware/SIG Contribex]
  • Note Taker: First Last [Company/SIG]
    • Subscribe to this thread to get these notes in your inbox
  • [ 0:00 ]** Steering Committee Election Results **[Dims]
    • The following candidates will be joining @dims, @tstclair, and @spiffxp on the Steering Committee (in github handle order):
      • Christoph Blecker (@cblecker), Red Hat
      • Derek Carr (@derekwaynecarr), Red Hat
      • Nikhita Raghunath (@nikhita), Loodse
      • Paris Pittman (@parispittman), Google
    • See the blog post for more information
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Guinevere Saenger - Release Manager]
      • We’re in Week 2! Shadow selection is 99% complete - congratulations and thanks to all of our hardworking team members
      • Enhancements Freeze is 15 October!
      • 1.17.0-alpha-1 was released yesterday
      • Next alpha scheduled for 15 October
    • Patch Release Updates
      • 1.16.1 released 1 October
      • Next patch releases scheduled for 15 October
      • y.x
  • [ 0:00 ] **Contributor Tip of the Week **[First Last]
    • A fun graph, contribex info, CI tips, etc.
    • [Link to a chart, a guide, a tool, etc]
    • Reach out to #sig-contribex in slack if there is no tip on the agenda yet. Backlog is pinned to the chat.
  • [ 0:00 ] SIG Updates
  • [ 0:00 ] :mega:Announcements :mega:
    • **:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:
    • tpepper:
      • shoutout to @nikhita for a PR description and commit messages in https://github.com/kubernetes/kubernetes/pull/82410 which makes a potentially daunting code review MUCH easier, and to @liggitt for similarly making the cherry-pick review MUCH easier with a stellar PR description text. Super time saving when there’s a diffstat of “+2,537 −59” but the “why” text focuses the reviewer in on two key lines of code and the associated bugs tracking the problem report.
    • jdetiber:
      • Shoutout to @dims for building out the e2e conformance tests using Cluster API and the GCP Provider

October 10, 2019

  • Moderators: Marky Jackson [ Sysdig/SIG Contribex]
  • Note Taker: Bob Killen
  • [ 0:00 ]** Release Updates**
    • Current Release Development Cycle [Guinevere Saenger - Release Manager]
      • We’re in Week 3…
      • Enhancement Freeze is next Tuesday (Oct. 15). Enhancements must be in by 5PM PT.
      • 1.17.0-alpha.2 scheduled release Tuesday Oct.15
    • Patch Release Updates
      • 1.16.1 released 1 October
      • Next patch releases (all branches) scheduled for 15 October
      • LAST release of 1.13.x
  • [ 0:00 ]** SIG Updates**
    • WG Security Audit [Jay Beale]
      • Slides: https://docs.google.com/presentation/d/1yKjbvFqU0xp3wq0wY9Qu99WNA8FRGDGkaH5nHoCKxVM/edit#slide=id.g401c104a3c_0_0
      • What we did last cycle
        • Led the first in a series of Kubernetes security audits
          • Choose vendors
          • Gave direction to focus effort
          • Participated in the threat modeling work that will be used for future releases of Kubernetes
          • Performed technical editing on the report
          • Worked on producing reusable artifacts
        • Complementary efforts to the bug bounty program
        • Threat model breakdown
          • Focus on 8 critical components
            • Kube-apiserver
            • Etcd
            • Kube-scheduler
            • Kube-controller-manager
            • Cloud-controller-manager
            • Kubelet
            • Kube-proxy
            • Container Runtime Interface
        • Threat model highlighted recommendations
          • Provide auditing information in a unified fashion to allow a trace of the user’s actions through the system
          • Warn users who configure a security control that will not be enforced
            • Network policies and pod security policies can silently fail.
          • Require transport encryption w/cert verification
            • Multiple components use http
            • Multiple components elect not to verify cert validity
          • Prevent node compromises from leading to cluster-compromises
            • Host access gives access to cli arguments, logs etc
          • Separate privilege levels among controllers
        • Vulnerability research during cycle
          • Discovered 37 vulnerabilities
        • Vulnerability highlights
          • Non authenticated HTTPS connections
          • Cert revocation unsupported
          • PSP Bypass (hostPath va PVs)
          • TOCTOU Race condition in Kubelet
          • Kubectl cp directory traversal
          • System logs containing secrets
        • Recommendation Highlights
          • Replace the many cases of logic reimplementation with central libraries
          • Ease security configuration (particularly defaults)
          • Improve code documentation around external dependencies
          • Continue development of security features
        • Security Audit report [link from report in k/community]
      • Next cycle:
        • Plan next security audit
        • Move towards more secure defaults
    • SIG Testing [fejta]
      • https://docs.google.com/document/d/1uTcLhxM2HwDgtGOiIvlFfRWzQDTvii6qd_XASAubHlk/edit?ts=5d9e6825
      • Last Cycle
        • Testgrid configs now live alongside their associated prow jobs
        • Automated the creation of jobs for the test-infra release team role
        • Deployed new and improved monitoring/alerting stack (monitoring.prow.k8s.io)
        • Reusable verify checks in bazel rules
        • KinD
          • Smaller images from providerless kubernetes builds
          • Release blocking IPv4 and IPv6 test coverage
          • Provides 75% of pull-kubernetes-e2e-gce coverage without any cloud resources
        • TestGrid partially open sourced
      • Next Cycle
        • Establish test-infra SLOs
        • Improve test-infra alerting to better detect and recover from outages
        • Make KinD a blocking presubmit in k/k
        • Automate image pushing on merge with a git-ops based promotion to prod method (working with #wg-k8s-infra)
        • Help repos with preexisting bazel rules adopt reusable verify checks.
        • Move prow out of test-ifnra into its own repo
        • Enable in repo prowjob configurations
      • How these upcoming changes affect you
        • Help define more reusable verify checks
        • Start thinking about how/whether your sig can move cloud provider dependencies out of k/k testing to release blocking postsubmits
    • [ 0:00 ] :mega:Announcements :mega:
      • Announcement Foo #1
      • **:clap: **Shoutouts this week (Check in #shoutouts on slack) :clap:
        • @jdetiber** **gave a shout to @dims for building out the e2e conformance tests using Cluster API and the GCP Provider
        • @mrbobbytables gave a shoutout to the other Steering Election committee officials @briangrant @castrojo @ihor.dvoretskyi for putting in the work to make this year’s election possible!
        • @ihor.dvoretskyi gave a huge SHOUTOUT to @mrbobbytables - another election official!
        • @cblecker gave a** **shout out to @bentheelder and @krzyzacy for late night debugging on GCE test infra failures