• Code Freeze
• Upgrades of cluster
• E2E test issues

• Code Slush -- draining PRs that are active. If there are issues for v1 to raise, please do so today.
• Drain timeframe will be about 1-week.
• Community PRs -- plan is to reopen in ~6 weeks.
• Key areas for fixes in v1 -- docs, the experience.

• Seen end-to-end tests go red.
• Plan is to limit merging to on-call. Quinton to communicate.
• Community committers, please label with LGTM and on-call will merge based on on-call’s judgement.
• Can we expose Jenkins runs to community? (Paul)
• Question/concern to work out is securing Jenkins. Short term conclusion: Will look at pushing Jenkins logs into GCS bucket. Lavalamp will follow up with Jeff Grafton.
• Longer term solution may be a merge queue, where e2e runs for each merge (as opposed to multiple merges). This exists in Openshift today.

• GCE will use Persistent Disk (PD) to mount new image.
• OpenShift will follow a tradition update model, with “yum update”.
• A strawman approach is to have an analog of “kube-push” to update the master, in-place. Feedback in the meeting was
• Upgrading Docker daemon on the master will kill the master’s pods. Agreed. May consider an ‘upgrade’ phase or explicit step.
• How is this different than HA master upgrade? See HA case as a superset. The work to do an upgrade would be a prerequisite for HA master upgrade.
• Mesos scheduler implements a rolling node upgrade.

• Downward plug-in #5093.
• Discussed that it’s an eventually consistent design.
• In the meeting, the outcome was: seeking a pattern for atomicity of update across multiple piece. Paul to ping Tim when ready to review.
• Regression in e2e #8499 (Eric Paris)
• Asking for review of direction, if not review. #8334 (Mark)
• Handling graceful termination (e.g. sigterm to postgres) is not implemented. #2789 (Clayton)
• Need is to bump up grace period or finish plumbing. In API, client tools, missing is kubelet does use and we don’t set the timeout (>0) value.
• Brendan will look into this graceful term issue.
• Load balancer almost ready by JustinSB.

• Speed application development, since containers can be re-used between teams and even larger communities
• Codify expert knowledge, since everyone collaborates on a single containerized implementation that reflects best-practices rather than a myriad of different home-grown containers with roughly the same functionality
• Enable agile teams, since the container boundary is a natural boundary and contract for team responsibilities
• Provide separation of concerns and focus on specific functionality that reduces spaghetti dependencies and un-testable components

Example #1: Sidecar containers

Example #2: Ambassador containers

Example #3: Adapter containers

• Stop and restart the Docker daemon (say for an upgrade) without having to kill the running containers and restarting them from scratch, losing precious work they had done when they were stopped
• Reboot the system without having to restart the containers from scratch. Same benefits as use case 1 above
• Speed up the start time of slow-start applications
• “Forensic debugging" of processes running in a container by examining their checkpoint images (open files, memory segments, etc.)
• Migrate containers by restoring them on a different machine
  

• Freezing a running application.
• Checkpointing the address space and state of the entire process tree to a collection of “image” files.
• Restoring the process tree from checkpoint image files.
• Resuming application from the point it was frozen.

1. State of a checkpointed container would show as "Exited".
2. Docker commands such as logs, kill, etc. will not work on a restored container.
3. The restored process tree will be a child of /etc/init instead of the Docker daemon.

• Docker 1.5 (old libcontainer, relatively stable)
• Docker 1.7 (newer, less stable)
  

• /proc/<pid>/fdinfo/<fd> contains mnt_id which isn’t in /proc/<pid>/mountinfo
• /proc/<pid>/fd/<fd> does not contain an absolute path to the opened file

• torvalds: bd9b51e7 by Al Viro
• torvalds: e4a0d3e72 by Pavel Emelyanov

• flocker and kubernetes integration demo
• Demo steps and DIY instructions at: https://clusterhq.com/blog/data-migration-kubernetes-flocker/
• Cool demo by Kai Davenport
• Flocker Q/A
• Does the file still exists on node1 after migration?
• Luke: still exists, but unmounted and cannot be written to. Data persists and can be used. Working on support for multiple storage backend.
• Brendan: Any plan this to make it a volume? So we don't need powerstrip?
• Luke:  Need to figure out interest to decide if we want to make it a first-class persistent disk provider in kube.
• Brendan: Removing need for powerstrip would make it simple to use. Totally go for it.
• Tim: Should take no more than 45 minutes to add it to kubernetes:)
• Derek: Contrast this with persistent volumes and claims?
• Luke: Not much difference, except for the novel ZFS based backend. Makes workloads really portable.
• Tim: very different than network-based volumes. Its interesting that it is the only offering that allows upgrading media.
• Brendan: claims, how does it look for replicated claims? eg Cassandra wants to have replicated data underneath. It would be efficient to scale up and down. Create storage on the fly based on load dynamically. Its step beyond taking snapshots - programmatically creating replicas with preallocation.
• Tim: helps with auto-provisioning.
• Brian: Does flocker requires any other component?
• Kai: Flocker control service co-located with the master.  (dia on blog post). Powerstrip + Powerstrip Flocker. Very interested in mpersisting state in etcd. It keeps metadata about each volume.
• Brendan: In future, flocker can be a plugin and we'll take care of persistence. Post v1.0.
• Brian: Interested in adding generic plugin for services like flocker.
• Luke: Zfs can become really valuable when scaling to lot of containers on a single node.
• Alex: Can flocker service can be run as a pod?
• Kai: Yes, only requirement is the flocker control service should be able to talk to zfs agent. zfs agent needs to be installed on the host and zfs binaries need to be accessible.
• Brendan: In theory, all zfs bits can be put it into a container with devices.
• Luke: Yes, still working through cross-container mounting issue.
• Tim: pmorie is working through it to make kubelet work in a container. Possible re-use.
• Kai: Cinder support is coming. Few days away.
• Bob: What’s the process of pushing kube to GKE? Need more visibility for confidence.
• Brendan: Not well documented, but released marked latest after GKE picks it up.
• GKE does lot of heavy testing before a version is blessed.
• gsutil cat gs://kubernetes-release/release/latest.txt
• $ curl https://storage.googleapis.com/kubernetes-release/release/latest.txt

• 1.0 Release Plan
• 0.21.0 is basically 1.0 but we plan to cut another release branch today  for 1.0.0
• This will be the 1.0 release modulo any cherry picks
• Please use the new cherry pick script to propose a cherry pick to the release-1.0 branch
• The first binary will be built today to soak over the weekend
• Gabe / Josh from Engine Yard: Demo/Overview of Deis + Kubernetes
• Deis is open source PAAS - make it easy to deploy and manage distributed apps on a CoreOS cluster (using docker and now kubernetes)
• 133 contributors
• Looked at many orchestration layers (Fleet, Mesos, Swarm, Kubernetes)
• Currently running on Mesos
• k8s APIs feel right for an orchestration engine and k8s feels like a great building block for a PAAS
• What does Deis add?
• Integrated http routing with https
• Builder (for push to deploy)
• Integrated docker registry
• Integrated ceph cluster for scale out storage
• Log routing and aggregation
• User management with LDAP and AD support
• Providing a CLI workflow to drive k8s
• Demo
• deis create example-go
• git push deis master
• packaging via Heroku build-pack -> Docker image
• push to registry co-located with the cluster
• done and deployed
• deis scale web=4
• deis logs …
• aggregates logs
• deis config
• application is running a release
• release is made up of config + build
• effectively sets environment variables
• deis config:set POWERD_BY=k8s
• tells example-go to print different output (based on the environment)
• deis releases
• ledger of changes that allows you to do rollbacks
• deis rollback v2
• actually a roll-forward to ‘v4’ with the old config
• deis run ‘ls -la’
• deisctl
• shows components on a 5 node cluster on AWS using CoreOS
• Future
• Plan to embrace k8s on a deeper level
• In the limit, run k8s with a small number of pods specific to Deis that turn the cluster into a heroku-like PAAS
• Working on HTTP Router post 1.0
• Going to use nginx or HAProxy (or both)
• Work on getting API right, then implement with existing solutions
• Google Intern Turbo Demos
• Daemons (per-node controller)
• Launch an application on every node of the cluster or on all nodes that have specific labels
• kubectl create -f sample_dc.json
• kind: DaemonController
• No label selection → runs on all nodes
• kubectl describe dc redis-master-copy
• Tells you that the daemon is supposed to run on 4 nodes and is running on 4 nodes
• kubectl create -f sample_dc_nodeselector.json
• spec: nodeSelector inside the template
• Will run on nodes that match the selector
• kubectl label node kubernetes-minion-f917 color=red
• Will run the pod on this node as well
• If the node is full, the pod will try to launch and will stay pending
• In the future, we may bump existing pods to make space
• kubectl label --overwrite node kubernetes-minion-f917 color=grey
• Removes the pod from this node
• If the daemon and replication controller overlap, then they will fight
• Can use a node selector or node name to restrict where the daemon runs
• Can it run on a % of nodes?
• Not in the current implementation
• DiurnalController (PR #10881)
• Varies the number of pod replicas that are running throughout the day
• Specify the times when the number of replicas change and how many to run at each time (uses absolute time -- currently in UTC)

• Eric Paris: replacing salt with ansible (if we want)
• In contrib, there is a provisioning tool written in ansible
• The goal in the rewrite was to eliminate as much of the cloud provider stuff as possible
• The salt setup does a bunch of setup in scripts and then the environment is setup with salt
• This means that things like generating certs is done differently on GCE/AWS/Vagrant
• For ansible, everything must be done within ansible
• Background on ansible
• Does not have clients
• Provisioner ssh into the machine and runs scripts on the machine
• You define what you want your cluster to look like, run the script, and it sets up everything at once
• If you make one change in a config file, ansible re-runs everything (which isn’t always desirable)
• Uses a jinja2 template
• Create machines with minimal software, then use ansible to get that machine into a runnable state
• Sets up all of the add-ons
• Eliminates the provisioner shell scripts
• Full cluster setup currently takes about 6 minutes
• CentOS with some packages
• Redeploy to the cluster takes 25 seconds
• Questions for Eric
• Where does the provider-specific configuration go?
• The only network setup that the ansible config does is flannel; you can turn it off
• What about init vs. systemd?
• Should be able to support in the code w/o any trouble (not yet implemented)
• Discussion
• Why not push the setup work into containers or kubernetes config?
• To bootstrap a cluster drop a kubelet and a manifest
• Running a kubelet and configuring the network should be the only things required. We can cut a machine image that is preconfigured minus the data package (certs, etc)
• The ansible scripts install kubelet & docker if they aren’t already installed
• Each OS (RedHat, Debian, Ubuntu) could have a different image. We could view this as part of the build process instead of the install process.
• There needs to be solution for bare metal as well.
• In favor of the overall goal -- reducing the special configuration in the salt configuration
• Everything except the kubelet should run inside a container (eventually the kubelet should as well)
• Running in a container doesn’t cut down on the complexity that we currently have
• But it does more clearly define the interface about what the code expects
• These tools (Chef, Puppet, Ansible) conflate binary distribution with configuration
• Containers more clearly separate these problems
• The mesos deployment is not completely automated yet, but the mesos deployment is completely different: kubelets get put on top on an existing mesos cluster
• The bash scripts allow the mesos devs to see what each cloud provider is doing and re-use the relevant bits
• There was a large reverse engineering curve, but the bash is at least readable as opposed to the salt
• Openstack uses a different deployment as well
• We need a well documented list of steps (e.g. create certs) that are necessary to stand up a cluster
• This would allow us to compare across cloud providers
• We should reduce the number of steps as much as possible
• Ansible has 241 steps to launch a cluster
• 1.0 Code freeze
• How are we getting out of code freeze?
• This is a topic for next week, but the preview is that we will move slowly rather than totally opening the firehose
• We want to clear the backlog as fast as possible while maintaining stability both on HEAD and on the 1.0 branch
• The backlog of almost 300 PRs but there are also various parallel feature branches that have been developed during the freeze
• Cutting a cherry pick release today (1.0.1) that fixes a few issues
• Next week we will discuss the cadence for patch releases

• Code Freeze
• Upgrades of cluster
• E2E test issues

• Code Slush -- draining PRs that are active. If there are issues for v1 to raise, please do so today.
• Drain timeframe will be about 1-week.
• Community PRs -- plan is to reopen in ~6 weeks.
• Key areas for fixes in v1 -- docs, the experience.

• Seen end-to-end tests go red.
• Plan is to limit merging to on-call. Quinton to communicate.
• Community committers, please label with LGTM and on-call will merge based on on-call’s judgement.
• Can we expose Jenkins runs to community? (Paul)
• Question/concern to work out is securing Jenkins. Short term conclusion: Will look at pushing Jenkins logs into GCS bucket. Lavalamp will follow up with Jeff Grafton.
• Longer term solution may be a merge queue, where e2e runs for each merge (as opposed to multiple merges). This exists in Openshift today.

• GCE will use Persistent Disk (PD) to mount new image.
• OpenShift will follow a tradition update model, with “yum update”.
• A strawman approach is to have an analog of “kube-push” to update the master, in-place. Feedback in the meeting was
• Upgrading Docker daemon on the master will kill the master’s pods. Agreed. May consider an ‘upgrade’ phase or explicit step.
• How is this different than HA master upgrade? See HA case as a superset. The work to do an upgrade would be a prerequisite for HA master upgrade.
• Mesos scheduler implements a rolling node upgrade.

• Downward plug-in #5093.
• Discussed that it’s an eventually consistent design.
• In the meeting, the outcome was: seeking a pattern for atomicity of update across multiple piece. Paul to ping Tim when ready to review.
• Regression in e2e #8499 (Eric Paris)
• Asking for review of direction, if not review. #8334 (Mark)
• Handling graceful termination (e.g. sigterm to postgres) is not implemented. #2789 (Clayton)
• Need is to bump up grace period or finish plumbing. In API, client tools, missing is kubelet does use and we don’t set the timeout (>0) value.
• Brendan will look into this graceful term issue.
• Load balancer almost ready by JustinSB.

• Private Registry Demo - Muhammed
• Run docker-registry as an RC/Pod/Service
• Run a proxy on every node
• Access as localhost:5000
• Discussion:
• Should we back it by GCS or S3 when possible?
• Run real registry backed by $object_store on each node
• DNS instead of localhost?
• disassemble image strings?
• more like DNS policy?
• Running Large Clusters - Joe
• Samsung keen to see large scale O(1000)
• Starting on AWS
• RH also interested - test plan needed
• Plan for next week: discuss working-groups
• If you are interested in joining conversation on cluster scalability send mail to joe@0xBEDA.com
• Resource API Proposal - Clayton
• New stuff wants more info on resources
• Proposal for resources API - ask apiserver for info on pods
• Send feedback to: #11951
• Discussion on snapshot vs time-series vs aggregates
• Containerized kubelet - Clayton
• Open pull
• Docker mount propagation - RH carries patches
• Big issues around whole bootstrap of the system
• dual: boot-docker/system-docker
• Kube-in-docker is really nice, but maybe not critical
• Do the small stuff to make progress
• Keep pressure on docker
• Web UI (preilly)
• Where does web UI stand?
• OK to split it back out
• Use it as a container image
• Build image as part of kube release process
• Vendor it back in?  Maybe, maybe not.
• Will DNS be split out?
• Probably more tightly integrated, instead
• Other potential spin-outs:
• apiserver
• clients

• Mesos Integration
• High Availability (HA)
• Adding performance and profiling details to e2e to track regressions
• Versioned clients

• Mesos integration
• Mesos integration proposal: https://github.com/GoogleCloudPlatform/kubernetes/issues/6676
• No blockers to integration.
• Documentation needs to be updated.
• HA
• Proposal should land today.
• Etcd cluster.
• Load-balance apiserver.
• Cold standby for controller manager and other master components.
• Adding performance and profiling details to e2e to track regression
• Want red light for performance regression
• Need a public DB to post the data
• See https://github.com/GoogleCloudPlatform/kubernetes/issues/3118
• Justin working on multi-platform e2e dashboard
• Versioned clients
• https://github.com/GoogleCloudPlatform/kubernetes/issues/4874
• https://github.com/GoogleCloudPlatform/kubernetes/issues/3955
• Client library currently uses internal API objects.
• Nobody reported that frequent changes to types.go have been painful, but we are worried about it.
• Structured types are useful in the client. Versioned structs would be ok.
• If start with json/yaml (kubectl), shouldn’t convert to structured types. Use swagger.
• Security context
• https://github.com/GoogleCloudPlatform/kubernetes/pull/6287
• Administrators can restrict who can run privileged containers or require specific unix uids
• Kubelet will be able to get pull credentials from apiserver
• Policy proposal coming in the next week or so
• Discussing upstreaming of users, etc. into Kubernetes, at least as optional
• 1.0 Roadmap
• Focus is performance, stability, cluster upgrades
• TJ has been making some edits to roadmap.md but hasn’t sent out a PR yet
• Kubernetes UI
• Dependencies broken out into third-party
• @lavalamp is reviewer

• Container oriented deployments. Package up your application components with all their dependencies and deploy them using technologies like Docker or Rocket.  Containers radically simplify the deployment process, making rollouts repeatable and predictable.
• Dynamically managed. Rely on modern control systems to make moment-to-moment decisions around the health management and scheduling of applications to radically improve reliability and efficiency.  There are some things that just machines do better than people, and actively running applications is one of those things.  
• Micro-services oriented.  Tease applications apart into small semi-autonomous services that can be consumed easily so that the resulting systems are easier to understand, extend and adapt.

• flocker and kubernetes integration demo
• Demo steps and DIY instructions at: https://clusterhq.com/blog/data-migration-kubernetes-flocker/
• Cool demo by Kai Davenport
• Flocker Q/A
• Does the file still exists on node1 after migration?
• Luke: still exists, but unmounted and cannot be written to. Data persists and can be used. Working on support for multiple storage backend.
• Brendan: Any plan this to make it a volume? So we don't need powerstrip?
• Luke:  Need to figure out interest to decide if we want to make it a first-class persistent disk provider in kube.
• Brendan: Removing need for powerstrip would make it simple to use. Totally go for it.
• Tim: Should take no more than 45 minutes to add it to kubernetes:)
• Derek: Contrast this with persistent volumes and claims?
• Luke: Not much difference, except for the novel ZFS based backend. Makes workloads really portable.
• Tim: very different than network-based volumes. Its interesting that it is the only offering that allows upgrading media.
• Brendan: claims, how does it look for replicated claims? eg Cassandra wants to have replicated data underneath. It would be efficient to scale up and down. Create storage on the fly based on load dynamically. Its step beyond taking snapshots - programmatically creating replicas with preallocation.
• Tim: helps with auto-provisioning.
• Brian: Does flocker requires any other component?
• Kai: Flocker control service co-located with the master.  (dia on blog post). Powerstrip + Powerstrip Flocker. Very interested in mpersisting state in etcd. It keeps metadata about each volume.
• Brendan: In future, flocker can be a plugin and we'll take care of persistence. Post v1.0.
• Brian: Interested in adding generic plugin for services like flocker.
• Luke: Zfs can become really valuable when scaling to lot of containers on a single node.
• Alex: Can flocker service can be run as a pod?
• Kai: Yes, only requirement is the flocker control service should be able to talk to zfs agent. zfs agent needs to be installed on the host and zfs binaries need to be accessible.
• Brendan: In theory, all zfs bits can be put it into a container with devices.
• Luke: Yes, still working through cross-container mounting issue.
• Tim: pmorie is working through it to make kubelet work in a container. Possible re-use.
• Kai: Cinder support is coming. Few days away.
• Bob: What’s the process of pushing kube to GKE? Need more visibility for confidence.
• Brendan: Not well documented, but released marked latest after GKE picks it up.
• GKE does lot of heavy testing before a version is blessed.
• gsutil cat gs://kubernetes-release/release/latest.txt
• $ curl https://storage.googleapis.com/kubernetes-release/release/latest.txt