►
From YouTube: Cloud Custodian Community Meeting 20221011
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
All
right
welcome
everybody.
It's
October,
11th
2022.
This
is
the
bi-weekly
Cloud
custodian
community
meeting.
Please
remember
that
we
record
these
and
upload
them
to
YouTube
and
take
notes
and,
as
always,
the
cncf
code
of
conduct
is
in
effect,
so
please
be
excellent
to
each
other.
It
was
just
a
holiday
here
in
the
US.
So
thanks
for
everyone,
remembering
that
today
is
not
Monday.
I
almost
missed
this
meeting.
So
if
this
is
your
first
meeting,
what
we
do
is
we
have
an
open
Agenda
here.
A
It
is
available
at
this
URL
I'll
go
ahead
and
toss
it
into
chat
and
or
you
could
just
holler
and
I
can
add.
Stuff
I
will
go
over
a
few
things
and
then
we
will
go
over
some
of
the
outstanding
PR's
and
new
features
and
stuff
that
are
landing.
So
with
that
anyone
got
any
any
burning
issues
before
we
get
started.
A
All
right
governance
updates,
those
are
still
pending,
I'm
kind
of
just
keeping
those
there
for
us
to
review
it's
kind
of
a
work
in
progress.
Governance's
code
Day
is
next
week.
I
know
a
lot
of
you
here
are
doing
talks
for
that.
Just
a
heads
up
that
that
is
one
week
away.
A
If
you
still
need
to
register,
you
can
just
follow
the
URL
there.
Obviously
it's
the
amount
of
spree
like
it's.
It
was
last
year
and
it
was
virtual
and
we'll
be
making
sure
that
the
videos
and
all
of
that
stuff
will
be
available
but
hope
that
you
register
and
show
up
live
anyway,
because
that's
always
a
lot
of
fun
and
we
could
just
do
an
entire
day
of
everybody,
sharing
other
custodian
tips
and
tricks
and
that's
always
fun
so
follow
the
link
there.
A
Here's
the
schedule
we've
got
a
packed
agenda
as
well
as
a
keynote
from
Ashley
who's,
the
director
of
operations
at
the
fin
Ops
foundation.
So
that's
pretty
awesome
and
I
see
a
lot
of
you
in
this
meeting
that
are
in
giving
talks
there
so
check
that
out.
If
you
have
not
yet
already
we're
testing
slack
I
know
that
we
have
some
people
on
there.
I'm
posting
in
the
getter
to
remind
people
to
check
out
the
slack.
Anybody
have
any
anything
so
far.
A
I
know
I
do
I'm
in
the
process
of
redoing
the
website.
So
first
of
all
the
website
is
the
caucus.
30
website
is
now
up
to
date,
so
it
sends
people
to
slack.
So
that's
that's
a
useful
one,
but
for
kubecon
I'm
trying
to
get
up
like
a
a
big
button
that
says
join
slack.
A
So
we
can
get
a
lot
more
people
in
there
so
feel
free
that
this
is
the
URL
to
share
this
community
inviter.com
and
if
they
just
put
in
their
email,
they'll
get
an
invite
and
then
they
do
all
the
all
the
business.
So
that's,
that's
all
they're
gonna
need
to
do
that.
A
B
Yeah,
a
lot
of
the
to-do
items
have
been
crossed
off.
The
the
biggest
outstanding
change
is
probably
going
to
rename
the
mode
to
Kate's
controller
I.
Think
but
yeah
aside
from
that,
the
docs
are
now
in
a
separate
Branch,
but
aiming
to
get
that
stuff
all
out
by
kubecon
for
sure.
B
There's
also
some
additional
work
around
a
Helm
chart
for
this,
as
well
as
some
more
examples
on
how
to
deploy
and
actually
run
it
so
cool
stuff
to
come
to
come.
There's
also
going
to
be
a
talk
at
Governor's
code
day,
just
detailing
some
of
this
stuff,
like
a
architecture,
overview
demo,
discussion
of
features
and
stuff.
C
Hey
yeah
I'm
John:
do
you
want
to
go
to
custodian
helmchart?
Let's
show
that
yeah.
C
C
All
right,
so,
if
you
look
at
that
open
pull
request,
that's
going
to
be
the
work
that's
going
on
there.
It
adds
the
admission
controller
installs,
the
admission
controller
and
cluster.
It
sits
on
top
of
cert
manager
right
now
for
generating
the
ca
cert.
The
ca
bundle
for
the
admission
controller,
but
docs
are
in
there.
If
you
want
to
do
a
self-signed
cert
and
you
just
pass
that
in
there
with
the
ca
bundle
but
yeah.
So
all
of
that
is
ready
to
go
and
working.
C
D
C
C
This,
if
you
go
back
to
Sunny's,
PR
or
Sunny's,
repo,
I,
guess
yeah,
so
look
at
the
pull
requests
in
his
there's.
A
pull
request,
called
scaffold.
I
see
it
so
that
pull
request
sits
on
top
of
that
and
it'll
actually
use
it
and
it'll
run
the
admission
controller
and
everything
with
that
Helm
shirt
in
a
local
environment.
B
We
go
yeah
if
there's
any
kubernetes
users
in
the
crowd
today.
Definitely
let
me
know
if
there's
things
that
you're
looking
for
or
things
that
other
policy
execution
environments
don't
provide
you
yeah,
that's
it.
A
All
right
awesome
moving
on,
we
do
have
a
survey
running
I've
linked
this.
This
is
LinkedIn
slack
and
I've,
sent
it
out
in
the
notes
and
I'll
probably
send
it
out
again
this
week
on
infrastructures,
code
and
CI,
CD
hosting
Kapil
was
just
looking
for
more
information,
while
he's
doing
the
work
on
a
shift
left.
A
So
if
you've
got
a
chance
to
fill
this
out,
that
would
be
amazing
or
tell
a
friend
this
one
was
on
when
I
wanted
to
bring
last
week,
which
was
7553,
which
bring
us
to
the
defining
use
of
integer
variables.
Aj,
do
you
want
to
give
us
a
quick
summary
on
this.
E
Yeah
yeah
I
mean
it
was
a.
It
was
an
interesting
issue.
I
know
the
person
who
reported
it,
certainly
not
the
only
person
to
run
into
this
this
sort
of
deal
in
the
past,
but
the
idea
is
that
we
were
doing
string
formatting
so
anytime,
regardless
of
the
the
type
that
you
were
using
for
a
variable.
It
was
always
getting
forced
into
a
string
from
the
policy
evaluation
side.
E
So
I
took
a
look
at
it
and
said:
well
all
right
can
we
can
we
do
kind
of
a
special
case
handling
of
if
we've
only
got
one
variable
substitution
in
there
and
then
just
passed
through
the
type
of,
however,
you've
defined
it
in
your
C7
and
org
config
or
wherever
it's
coming
from
and
put
together
what
was
like
an
admittedly
naive
and
hacky
solution
to
say,
like
what
could
this
look
like
and
some
other
folks
helpfully
commented
on
it
and
Kapil
put
together
a
solution
that
was
like
actually
useful
and
that's
the
one
that
got
merged
so
that'll
do
that'll
just
pass
through
variable
type,
as
defined
in
compile
just
joined,
so
you
enjoyed
like
looking
like.
E
F
I
think
both
approaches
were
valid.
I
think
this.
The
support
like
AJ
also
put
together,
something
I,
think
actually
worked
and
would
have
solved
the
issue.
I
I
think
this
gives
us
I
think
both
atsl
Square,
where
the
technique
was
used
to
give
a
lot
more
things,
and
so
we
saw
this
as
a
potential
opportunity
for
places
that
we
could
grow
in
the
future.
But
and
it's
it's
been
an
issue
and
I,
don't
think
we
we
gave
the
right
answers.
F
Let's
say
the
first
time
around
as
far
as
fully
understand
the
problem,
so
but
I
think
we
just
accept
it
as
a
limitation
previously-
and
you
know
now-
it's
not
actually
as
a
follow-up
to
this
I'd
like
to
like
to
unblock
the
bar
support
on
the
regulatory
studio
and
cly.
F
F
Now
that
we
have
this,
I
think
this
is
a
question
to
make
sure
that
we
document
bars,
but
I'm
definitely
open
until
like
we
used
to
have
like
a
just
having
it
be
able
to
pass
in
a
bars
file
on
the
regular
student
run,
command
I
think
would
give
us
some
parody
aspects,
and
now
that
we
have
better
syntax,
I
think
for
preserving
richer,
more
complex
variables
than
strengths.
E
Because
yeah
that
got
something
helpful
and
just
passing
the
yaml
file,
like
we're
I
mean
since
we're
talking
about
shifting
left
in
terraform.
Anyway,
then
VAR
file
seems
very.
E
F
Yeah
wow
1993
938
and
then
is
probably
the
closest
thing
to
it.
E
F
F
I
think
the
other
one
is
maybe
I
can't
tell
the
other
one.
If
we
go
back,
I
mean
this
seems
like
the
right
one.
F
D
A
Yeah,
do
you
you
don't
want
me
to
like
master
or
put
this
on
the
roadmap
or
anything?
Do
you
yeah?
You
can
all.
F
Right
I
think
I
think
the
scope
went
from
large
to
small,
like
we
actually
had
this
like
the
CLI
flag
that
I'm
talking
about
it's
actually
common.
It's
commented
in
the
code.
It
would
just
have
to
pass
through
the
right
places
per
se
and
hanging
off
execution
context
of
it
get
policy
get
variable
stuff,
either
pull
pulls
from
it,
okay
or
but.
A
Does
that
work
yeah
there
we
go
a
quick
tip
here
for
those
of
you
that
do
not
know.
We
do
have
a
road
map
that
we
that
we
do
keep
updated
it's
just
at
the
org
level
and
not
in
Cloud
custodian,
Cloud
custodian.
So.
A
Yeah
this
is
a
this
is
V2.
How
do
I
know.
F
F
I
think
I
think
by
the
time
we
get
it,
it
was
limited
too
yeah,
okay,
but
which
is
fine
because
I
think
we
are.
We
want
to
go
across
about
the
repos,
so
I'm,
okay,
with
it
there,
but
just
pointing
out
that
it
can
be,
but
we
should
actually
probably
close
the
other
one
up
at
the
yeah.
We
have
actually
document
the
link
in
the
readme
like
the
actual
robot
blank
and
then
close
out
the
old
roadmap,
because
it's
it's
what
you
see
at
the
project
level
and
it
looks
kind.
A
A
So
I
remember
I,
remember
trying
to
clean
those
out,
but
we
also
weren't
sure
as
a
group
which
ones
needed
to
be
moved
over.
You
know
what
I
mean
whether
we
were
like
starting
from
scratch,
or
should
we
try
to
migrate?
Some
of
these.
A
F
A
A
All
right,
it's
gonna
be
a
great
keep
con.
Don't
worry,
we'll
sort
it
all
right
so
normally
ahead
of
times
what
I
do
is
go
through
all
the
PRS
and
find
out
some
of
the
interesting
ones,
but,
like
I,
said
I
thought
today
was
Monday,
so
any
of
these
jumping
out
at
anybody
I
wanted
to
make
sure
that
we
talked
about
75
53.
A
I
do
know
that
there's
been
more
work
on
the
10
cent
provider.
I,
don't
know
if
anyone
wants
to
give
a
30.
Second
update
on
that.
A
D
F
On
or
yeah.
B
There
are
a
few
things
that
need
to
get
resolved
in
the
920,
so
at
9
20.
It
might
be
a
fast
follow
on
this,
namely
we
did
a
poetry
version,
increase
that
been
inadvertently
pulled
in
some.
You
know
the
dev
dependencies
into
the
actual
requirements
for
installing
I,
don't
think
it's
gonna
particularly
affect
most
people
unless
you've
got
other
stuff
in
your
virtual
environment
that
you're
installing
custodian
into.
But
if
it's
a
clean
virtual
environment
installed,
the
only
thing
that's
going
to
affect.
It
is
a
slightly
longer
installation
time.
B
There
was
also
another
one
around
the
mailer.
So
when
we
added
gcp
support,
the
CSUN
and
gcp
package
was
a
required
package,
but
I
don't
think
it
was
added
as
a
actual
dependency.
Aj's
got
a
PR
up
and
I.
Don't
know
if
you
guys
talked
about
this
while
I
was
out,
but
that
PR
basically
makes
it
so
that
the
Azure
and
gcp
packages
become
optional
extras.
B
B
E
Now
I
think
I
would
just
say
just
thanks
for
the
reviews,
the
the
points
on
that,
because,
because
you're
right
it
can,
we
want
to
make
sure
it's
really
clear
to
people
if
we
don't
want
everybody
to
have
to
install,
and
thank
you
thanks
to
Scott
Schwartz,
for
bringing
this
up
from
the
gcp
side.
We
don't
want
people
to
need
all
the
providers
installed
to
run
mailer,
but
we
also
don't
want
to
surprise
people
and
have
them
get
some
kind
of
weirdo
error
message.
If
they
don't,
if
they're
missing
a
dependency.
E
Yeah
and
so
that
just
kind
of
that
weights
and
imports
the
the
C7
and
Azure
or
gcp
bits
later
and
then
and
then
throws,
and
if
the
package
isn't
there
just
tries
to
give
them
a
little
bit
of
guidance
at
the
command
line.
Say
you
know
install
this
with
the
extras.
D
E
I
know
Kapil
mentioned
needing
some
functional
tests
around
this,
so
I
guess
I'm
gonna
have
to
come
up
with
some.
F
Functional
testing
it
doesn't
have
to
be
a
functional
test.
I
just
want
to
make
sure
that
that
you
know
we
actually
like
we've
had
enough.
We
know
there's
there's
tests
of
gaps
against
Miller
frankly,
and
the
only
way
to
be
sure
when
we're
making
changes
is
like
a
better,
significant
or
is
to
actually
go
stand
it
up
and
run
it
so
to
speak.
You
know
if
you
want
to
set
up
a
harness
for
that.
That's
great!
E
Yeah
yeah
I
I
have
only
gotten
as
far
as
the
like
the
unit
level
testing
and
then
the
works
on
my
machine
about
useful,
useful
feedback
at
the
CLI.
So.
F
And
and
yeah,
and
to
be
fair,
I
think
we're
just
saying
works
on
my
cloud
for
two
clouds
like
one
of
them,
which
is
lazy
loaded,
is
all
we're
really
looking
for
I
think
to
to
get
to
that,
because
I
mean
this
is
pretty
normalizing,
it
looks,
fine,
looks
good,
I
think
it.
It
simplifies
some
stuff.
The
other
question
I
had
was
do
whether
or
not
we
are
are
we
differentially
uploading
packages
based
on
the
different
environments
like
this?
E
What
this
is
so
the
only
things
that
I
pulled
out
I
was
nervous
about
this.
Breaking
things
out
too
much
I
mean
yeah.
This
is
just
so.
It
does
make
C7
and
gcp,
and
the
Google
storage
package
optional
and
then
also
C7
and
Azure
makes
that
optional,
so
that
you
can
install
it
with
those
with
the
extras
definitions,
I
mean
I'm,
sure,
I
know,
Sunny
was
thinking,
we
might
be
able
to
pull
out
send
grid.
E
It
didn't
look
like
we
could,
but
there
may
be
other
stuff
that
we
can
pull
out
down.
The
road
I
just
didn't
want
to
go
too
hard
and
like
pull
out
something
that
somebody
cared
about
in
a
less
obvious
way.
F
E
Yeah
yeah
I
tried
a
couple
different
ways
too,
like
I
thought.
Maybe
we
could
make
it
like,
specifically
for
the
specifically
for
the
dev
install
I
tried
a
couple
different
revs,
but
but
some
ways
of
configuring
it.
It
would
like
uninstall
them,
as
as
it
tried
to
install
the
mailer
piece,
and
so
it
was
a
little
weird
there.
A
B
B
I'm
just
saying
like
for
the
dot
20
release,
if
there's
other
stuff,
that's
in
the
works
that
you
want
to
get
in
I
mean
we
can
also
cut
a
DOT
20
and
a
DOT
21.
F
It
would
be
nice
to
have
a
release
Crush
before
hockey
Stadium
day
so
I
don't
know.
A
F
F
Which
came
to
that
seat
in
a
moment
the
I
I
don't
know
that
we
need
to
like
on
the
roadmap
discussion
and
is
things
that
are
in
progress.
You
know,
I,
don't
know
that
we're
telling
you,
when
they're
rushing
the
project
to
speak.
F
F
F
You
know,
ASAP
is
showing
me
the
right
answer,
so
good
I
I
did
notice
something
that,
like
there's
a
couple
of
PRS
that
are
touching
packaging,
so
you're
gonna,
like
whichever
one
gets
merged,
is
going
to
conflict
with
all
the
others.
So
to
speak
or.
F
E
F
I,
don't
know
so,
like
typically
that
Python
3
Dev
package
you
need
requirement,
is
going
to
be
on
the
basis
that
something
had
to
be
compiled
right,
and
that
means
you
also
needed
a
you
know:
GC
sequential
compilers,
all
a
bunch
of
a
whole
bunch
of
other
stuff.
D
F
F
C
F
Don't
actually
have
it
a
Red,
Hat,
Linux
or
sorry,
an
Amazon
Linux
image,
so
I
also
don't
know
what
your
docking
ball
looks
like.
So
I
have
no
idea.
D
F
Out
of
curiosity,
why
why
use
one
of
those
images
versus
the
existing
Docker
files
that
we
distribute
and
support
and
test.
D
Oh,
this
is
just
the
normal
image
that
we,
oh
I,
have
to
test.
Everything
I
do
so
this
is.
This
was
just
the
latest
build
that
that
runs
a
whole
bunch
of
automated
containers,
yeah.
B
Actually
related
to
the
release
and
speaking
of
arm,
there
is
no
arm
support
on
the
latest
tag
and
9
19
tag
as
well
in
Docker,
and
those
images
are
also
signed.
But
this
I
think
it's
the
first
time
I.
B
F
A
Yeah
we
should
tweet
that
Sunny
I'll
chase
you
down
on
slack,
and
then
you
tell
me
what
to
tweet.
F
Sisterless
is
not
something
we're
going
to
support
like
it
is
negligible
to
both
sides.
Delta
it's
effectively
Debbie
and
strip
out
a
couple
things.
It
doesn't
really
it's
not
it's
not
meaningful
from
a
from
a
performance
or
size
perspective
or
security
protective
in
my
opinion,
but
that's
my
opinion.
Yeah,
like
our
images,
are
big
because
of
azure
and
yeah
service
does
not
solve
that.
Yeah.
D
F
It's
50
Megs
yeah
over
one
gig
image
that
that's
not
even
I'm.
F
D
F
How
custodian
packages
up
stuff
is
like
we
snipped
the
local
file
system?
This
is
partly
development,
use
cases
and
different
use
cases.
We
sniffed
the
local
Apostles
and
we
give
everything
up
and
we
stick
it
in
Melinda.
So
I
think
now
that
we
have
proper
arm
support.
I
think
the
right
answer
for
us
is
going
to
be
whatever
whatever
the
host
architecture
is,
is
what
we
default
to
yeah
yeah
as
we
go,
create
land
is
so
that
way
we
can
just
whatever
we
give
her
up.
F
If
there's
an
extension
or
a
binary
in
there,
we'll
do
the
right
thing.
If
we
well
the
the
cross
architecture
stuff,
it's
conceivable
I,
just
except
for
things
that
get
wonky
like
grpc
and
so
I.
Think
we'll
do
the
safe,
simple
thing
that
if
you're
already
running
R
for
your
host,
then
you'll
get
arm
members
yeah.
D
A
A
F
A
A
All
right,
so,
when
it's
custodian
day
about
a
week
from
now,
if
you
went
last
year,
we
kind
of
went
over
the
road
map
on
the
stuff
that
we've
accomplished
this
year.
So
if
you're
looking
for
a
summary
of
this
year's
worth
of
meetings,
basically
that's
what
I
will
Kapil
and
I
will
be
covering
there
so
I'll
make
sure
that
we
cover
all
of
this
stuff.
A
All
right
great
everyone
in
in
two
weeks
it
is
cubecon,
so
I'm
gonna
try
to
pull
off
a
we'll
try
to
do
the
community
meeting
as
normal
there.
Some
of
us
will
be
at
kubecon
and
we'll
figure
out
a
way
to
dial
in.
If
not
you.
E
A
Have
a
guest
house
to
be
determined
and
with
that
everyone,
if
you're
traveling
travel
safe
and
if
not
we'll,
see
everyone
in
two
weeks
thanks,
everyone
for
participating
and
notes
will
be
out
probably
first
thing
tomorrow
morning,
thanks
everyone.