►
Description
2022-11-02
[DB] Upgrade test on CI
[RI] What is our path to a 1.0 release? What are the main features/capabilities that Korifi is expected to have that it does not have right now?
[GC] Validations
[PC] ReplaceableNetworkerProposal
[KB] yq in makefiles (again)
yq installed in Korifi subsystem bin like the other binaries we use
…
A
B
A
Have
it,
this
is
just
a
reminder
from
our
previous
conversation
previous
meeting,
that
we
should
probably
have
some
sort
of
checks,
whether
the
upgrade
between
releases
work.
So
just
to
let
you
know
that
I
think
on
Monday,
not
sure,
but
it
doesn't
matter.
We
introduce
State
change
in
our
CI
that,
after
every
build,
it
would
uninstall
query
and
install
latest
release
latest
official
release,
which
is
currently
zero,
four
zero
and
then
on
subsequent
run.
It
is
going
to
deploy
the
current
commit
on
top
of
it.
A
B
C
Yeah
this
question.
Basically
some
comes
from
a
lot
of
folks
on
the
quote:
unquote
marketing
side
who
keep
asking
us
when
we
can
expect
like
a
major
Milestone
release
and
what
are
some
of
the
features
that
you
know
be
will
expect
to
have
and
what
it
is.
That
will
actually
take
us
over
the
line
for
a
1.0
release
or
like
a
major
push.
So
yeah
I
was
just
curious
in
terms
of
what
the
roadmap
is
and
I.
D
I
would
say:
I,
don't
know
exactly
what's
missing,
but
like
one
thing
that
is
definitely
missing
is
like
being
stable,
like
being
like
what
I
would
like
to
play.
I
would,
until
we
are
confident
that
this
thing
can
actually
run
in
prod.
Just
like
CF
does
I
I
wouldn't
call
it
1o,
that's
what
I'm
saying
so
like
how
do
we
get
there?
It's
an
interesting
question
but
like
to
me,
1o
would
have
to
be
like
stable
enough
that,
like
to
me,
wanna,
would
communicate
the
message.
Okay,
you
can
actually
run
this
in
prod.
D
The
feature.
Surface
is
interesting
because
of
course,
we'll
never
cover
100,
so
we
could
con.
We
could
think
of
which
features
we
think
are
like
in
terms
of
like
surface.
What
surface
do
we
want
to
cover
before
we
can
call
ourselves
1-0,
but
then,
on
top
of
that,
it's
like
all
of
this
surface
needs
to
be
like.
Actually,
it
needs
to
work
well
enough
that
we
will
be
confident
to
recommend
people
to
deploy
this
in
prod
and
give
it
to
the
development
teams.
And
you
know.
A
A
D
Yeah
I
mean
I'm,
not
talking
too
so
much
about
performance,
but
like
scale
like
how
big
can
you
get
before
it
falls
apart?
Basically
like
we
know,
there
are
CF
instances
that
are
like
huge.
They
have
many
many
many
many
Diego
sales
and
many
many
many
many
workloads
running
I,
don't
know
how
much
a
kubernetes
cluster
can
like
how
many
nodes
will
a
kubernetes
cluster
handle
before
it
falls
apart
and
how
many
pods
like
it
looks
like
at
the
moment.
E
I
wonder
how
like,
if
this
is
something
we
need
to
test?
How
are
we
going
to
test
it,
because
it's
this
pretty
expensive
thing
to
be
doing
as
well?
Isn't
it
yeah?
It
feels
like
something
you
want
to
partner
with.
If
somebody
wants
to
use
karifi
and
at
scale,
we
can
work
with
them
to
make
it
work.
If
we
borrow
some
of
their
resources
to
see
what
that
scale
looks
like
I,.
D
Also
wonder
if
this,
if
this
changes
by
provider
like
I,
don't
know,
maybe
I,
don't
know,
if
you
do
your
cluster
yourself,
you
can
push
it
further.
I,
don't
know
versus
having
the
classic
like
Cloud
clusters
from
the
main
vendors
I,
don't
know,
but
yeah.
That
is
definitely
one
question
because
like
if
we
tell
people-
okay,
it's
one
or,
but
we
only
do
endnodes.
We
only
run
on
one
single
cluster
I
think
it
would
be
a
fair
thing
to
say,
but.
D
E
F
Yeah
you
can't
go
to
the
the
outer
edges
of
all
of
those
envelopes,
necessarily
I.
Think
I've
seen
some
presentations
about
like
scale
limits
that
you
hit
in
the
API
that
are
a
result
of
different
sets
of
resources,
kind
of
compounding
as
well.
So
there's
a
there's,
a
more
complex
polytope
that
describes
the
actual
practical
operational
limits
that
I'm
sure
is
changing
all
the
time,
but
yeah
I
I,
think
that
you
know
on
the
multi-cluster
issue.
F
D
G
And
I
think
to
kind
of
trying
to
come
back
to
the
original
request
around
like
what
does
a
1-0
look
like
and
what
like,
when
we
get
people
asking
about
it
like?
What's
our
response,
ultimately
I
think
we're
on
where
you
were
coming
from
like
to
me.
It
feels
like
our
big
thing
is
stability,
but
we
can't
get
stability
without
engagement
from
people
who
are
using
it.
F
D
And
every
time
I
think
about
it,
I
think
of
so
many
things
that
are
missing
and
like
okay,
we
need
so
many
we
have
so
many
potential
API
features
to
add
and
the
all
these,
like
big
questions
about,
multi-class,
that
there
is
the
services
story.
There
is
the
buildbox
story,
there's
like
so
many
I
think
big
things
that
are
still
missing,
that
I
just
yeah
it's
hard
to
to
to
estimate
when
it
just
this
just
tells
me:
okay,
oneo
is
far
right
because
we.
A
D
Have
to
take
all
this
big
question
all
these
big
questions,
so
it's
something
that
I
maybe
will
think
one
like
I
feel
like
when
we
are
ready.
We
are
approaching
wanna,
we'll
we'll
feel
it
because
we
it's
going
to
be
harder
to
find
like
big
things
that
are
missing
big
gaps
but
like
we
have
definitely
far
from
that.
So
it
doesn't
really
concern
me
too
much
to
think
when
it's
gonna
is
going
to
be
one
hour,
we're
mostly
thinking
about
okay.
What's
the
next
big
thing,
we
can
the
next
big
gap
we
can.
C
C
You
know,
engage
more
with
the
community
and
try
things
out
and
let
us
know
what's
really
missing,
but
there's
also
just
you
know,
analysts
and
PR
folks,
like
the
public
relations
PR
I
have
folks
that
are
you
know
interested
in
coverage
interested
in
learning
what
the
positioning
is
and
my
answers
have
typically
been.
You
know
we
don't
have
the
services
story
in
yet
we've
not
figured
out
certain
things
about
how
you
would
push
an
existing
team
that
had
like
a
bunch
of
Docker
containers
to
use
corifi.
C
C
C
A
F
B
Good
discussion
there
I
think
it's
gonna
be
born
out
by
all
what
we
said.
Getting
people
engaged
and
figuring
out
what
the
shape
of
that
is
as
far
as
like
scale
I
think
we
should
do
a
little
bit
of
preliminary
testing
just
for
to
see
if
we
have
any
major
shortcomings.
But
yes,
we
if
we
want
to
actually
check
scale,
we
need
a
major
partner
so
anyway,
cool
thanks.
All
next
topic
is
validations.
D
Yeah
so
yesterday,
I
was
like
okay.
I'm
I've
got
some
spare
hours,
I'm
done
with
the
backlog
work.
Let's
pick
up
like
an
easy
story
to
just
you
know,
get
rid
of
very
quickly
and
call
the
day
with
something
done:
ticked
in
the
backlog
and
I
start
working
on
annotations
and
labels
and
I
realized.
Okay,
the
this
this
type
actually
has
validation.
D
And
then
this
date
has
been
sent
to
the
kubernetes
API,
where
it
either
needs
to
be
validated
again
or
otherwise?
People
will
bypass
the
validations
just
by
going
in
by
a
cube
cattle,
for
example,
so
also
some
of
these
validations,
for
example,
for
labels
I
think
they
kind
of
try
to
anticipate
they
try
to
catch
problems.
That
will
things
that
will
break
on
the
kubernetes
side
up
front,
but
sometimes
they
do
it
not
exactly
like
kubernetes
would
do
so.
There
is
some
sort
of
like
inconsistencies
and
stuff.
D
On
the
other
hand,
there
are
other
places
where,
like
we
don't
validate
on
the
API
side,
we
only
validate
on
the
crd
side,
but
it
looks
like
it's
a
bit
tricky
to
get
the
error
from
the
hook.
That
validates
like
the
the
admission
Web
book
that
validates
the
resource
and
produces
an
error
for
that
thing.
D
Fails
but
like
producing
the
proper
error
message
in
the
API
from
that
failure
seems
to
be
tricky
like
we
take
the
arrow
and
we
kind
of
serialize
it
and
stick
it
in
the
reason
so
that
it
gets
deserialized
on
the
API
side
and
then
presented
to
the
user.
But
it
also
doesn't
feel
great
because
the
reason
is
not
for
Json
serialized,
Json
stuff.
D
It's
for
Plain
language,
like
it's
from
plain
English
reason
of
the
failure,
so
I
don't
know
exactly
how
to
do
it,
but
I
will
be
really
tempted
to
just
get
rid
of
all
the
API
site,
validation
and
just
try
to
find
a
way
to
do
everything
in
the
hooks
and
make
the
API
just
present
errors
coming
from
the
hook
somehow,
so
that
we
avoid
the
duplication
and
yeah.
We
we
just
delete
all
that
stuff
and
we
don't
have
to
bother
about
testing
it.
If
we
want
to
keep
it,
we
should.
D
H
Yeah
well,
first
I
fully
agree.
It
probably
should
have
been
test.
I
think
it
might
be
worth
having
like
surfacing
some
of
this
stuff
in
slack,
because
I'm
I'm
not
sure
the
people
who
worked
necessarily
on
that
are
on
this
call.
They
might
have
more
detail
there.
One
one
hunch
I
have
for
why
patch
might
be
tested
differently
than
create
or
or
not
tested,
but
implemented
differently
is
because
Cloud
controller
has
some
special
behavior
for
patching
labels
and
annotations
that
doesn't
exist
in
the
kubernetes
API.
H
H
So
there's
like
there's
some
subtle
differences
there,
so
I
imagine
they
had
to
to
do
some
API
specific
things
for
that
part,
but
other
than
that,
like
the
only
reason
I
could
imagine,
duplicate
validation
was
for
air
Message
like
ease
so
that
I
don't
know
if
there's
a
way
to
get
just
get
that
from
the
rejection
from
the
kubernetes
API.
That
sounds
reasonable.
We.
D
Do
it
in
some
places,
but
it
just
doesn't
I'm,
not
very
happy
about
it.
The
like
we,
we
basically
come
back
with
a
Serial
given
we
need.
We
need
struck
like
a
semi-structured
object
to
come
back,
but
we
can
only
send
back
a
string.
We
just
serialized
the
object
inside
that
string,
but
that
means
that
someone
who's
using
the
API
just
by
who's
just
using
the
crds
they'll,
get
an
error
with
reason,
a
bunch
of
Json
that
is
unreadable
but
yeah
I,
don't
know
I.
D
C
H
D
D
G
D
Yeah
but
I
guess
we
can
take
a
deeper
look
at
this
and
just
because
to
me
if
we
could
just
eradicate
the
whole
validation
layer
from
the
API.
That
would
be
amazing,
because
then
we
it
means
we
have
one
place
and
one
place
only
where
the
validations
occur,
and
that
needs
to
be
on
the
kubernetes
API
side,
because
that's
our
ultimate
API,
like
that,
that's
our
innermost
surface
in
a
way
putting
everything
on
the
API
is
not
feasible
because
people
can
just
bypass
it.
H
H
B
D
Like
labels
are
special
because,
like
they're
validated,
given
they
map
so
closely
one
to
one
kubernetes,
we
don't
even
need
to
validate
them
on
the
kubernetes
side,
because
kubernetes
does
that
already
but
like
we
still
try
to
validate
them
at
the
API
set,
trying
to
imitate
what
kubernetes
would
do,
but
just
not
exactly
so.
That
means
some
things
get
blocked
at
one
level,
some
things
get
blocked
at
the
other
level,
some
things
just
slip
through
also
on
the
API
level.
D
D
Yeah
so
I
will,
before
I,
carry
on
with,
like
the
whole
annotations
and
labels
thing
I
will
will
probably
I'll
take
a
look
at
this
thing,
see
what
we
can
do
to
just
to
just
get
rid
of
it,
and
that
kind
of
also
eliminates
the
need
for
testing
them
and
and
stuff
like
that,
because
it's
lots
of
code
as
well.
It's
just
like
there's
lots
of
validations
that
we
do.
D
H
D
I
think
the
problem
is
mostly
like
returning
the
error
in
a
sensible
way,
because
I
think
it
just
fails
with
an
error
that
might
be
like
I
think
it's
a
400
or
400,
and
what
is
it
for
four
or
three,
maybe
like
it,
may
look
like
you're
just
not
authorized
it.
Just
doesn't
try
to
give
you
lots
of
information.
D
B
B
G
B
Yeah
I
can
definitely
read
through
it
and
take
a
look
at
a
bunch
of
the
rest
of
us
can
as
well
might
be
worth
this
making
sure
everyone
in
the
creepy,
Dev
Channel
I,
see
there's
already
a
link
from
Monday
but
just
sort
of
a
Last
Call
on
it
and
say
hey
everyone's
kind
of
on
board
with
this.
If
you
have
any
comments,
make
them
right
now,
because.
H
H
I
I
didn't
have
a
chance
to
really
look
at
until
yesterday.
I
added
one
comment
this
morning
for
Westworth.
It
doesn't
change
the
anything
too
deep.
But
it's
just
more
of
a
concern
about
the
number
of
separate
reconciler
separate,
like
images
and
components
were
splitting
out
versus
rethinking
some
of
that
and
maybe
just
making
them
conditionally
added
to
the
controller
manager
at
runtime.
D
H
The
reason
I
bring
that
up
is
just
we've.
We've
started
to
see
just
that
when
you
run
these
on
larger
environments
with
other
stuff
running
they
they
start
to
bloat
like
the
when
they're
all
running
as
one
process,
they
can
share
an
Informer
cache
and
everything,
and
you
can
just
give
that
single
deployment
a
ton
of
memory.
H
But
if
you
have
like
a
bunch
of
controllers
running,
then
operators
need
to
know
like
I
need
to
give
this
one
four
gigs,
this
one's
six,
this
one's
okay
with
two
and
it
like
the
design,
looks
really
good
like
from
like
a
diagramming
and
just
like
a
discussion
standpoint
but
I
think
like
practically.
It
might
be
better
if
the
default
ones
can
still
run
as
the
the
main
karifi
controllers.
H
D
G
A
D
I
Guess
I
feel
like
if
we're
gonna
do
that
we
should
probably
fast
power
away
with
consolidating
them,
because
it's
it's
kind
of
getting
unwieldy,
yeah,
I,
think
and
I
think
that
concern
about
memory
is
real.
I
was
just
looking
this
morning
at
declining
a
cash
code,
for
other
reasons,
for
the
controller
runtime
and
it's
incredibly.
C
D
I'm,
honestly
struggling
to
think
of
a
separate
of
another
component
to
extract
this
was
like
the
last
one
that
logically
was
missing.
Like
we've
got,
builds
running,
we've
got
tasks
running
we've
got
networking
what
else
could
come
out?
So
maybe
we'll
you
know
we'll
never
have
to
think
about
yet
another
component,
but
yeah
the.
A
D
E
Could
also
be
more
sensible
about
what
we're
caching
I
think
I
think
as
soon
as
you
do
a
get
or
something
in
a
controller
runtime
code,
whatever
you've
got,
starts
being
cached
the
whole
lot
of
it
so
go
and
get
a
pod
or
something
and
all
the
pods
on
a
system
end
up
in
there.
Even
if
we
don't
really
care
about
watching
them
or
anything,
I
think
you'd
be
explicit
about
what
you
want
to
cash.
E
D
But
if,
if
we
have
a
memory
consumption
problem,
maybe
we
need
a
memory.
Consumption
investigation
which
looks
at
how
do
we
reduce
memory?
Consumption
on
the
individual
controllers
is
that
the
way
to
grow
is
consolidating
the
way
to
go,
and
then
we
can
I
guess
reason
about
pros
and
cons
of
each
one
of
these
Solutions
like
it
looks
like
the
real
problem.
Is
we
end
up
taking
too
much
memory
right.
B
H
Exactly
like
I'm,
even
just
thinking
of
like
an
operator
who
might
be
installing
this
on
an
air
gap
thing
they
now
have
like
much
like
you
could
have
one
like
thick
image.
That's
like
50
megabytes
or
something
like
we
all
use
like
like
thin
base
layers
but
or
you
could
have
like
10
like
30,
gigabyte
or
30
megabyte
images
like
it.
It
just
starts
to
add
up
as
you're
tracking,
more
versions
of
them
and
stuff
over
time
and.
B
Lots
of
things
rate
limiting.
We
saw
that
at
kubecon,
like
everyone
got
rate
limited
immediately
by
Docker,
Hub,
so
I
think
it's
worth
probably
some
just
philosophical
discussion
about
which
direction
we
want
to
go,
maybe
put
down
all
the
things
we
can
think
about
brainstorm
like
Pros
cons
for
each
approach
and.
D
Yeah,
because
I
don't
really
have
a
preference
for
any
of
those
people,
but
like
I,
can
only
see
two
ways
either
is
either
we
have
one
in
one
image
for
each
thing
or
we
have
one
image
for
everything
or
potentially,
as
they
were
suggesting
like
the
API
being
its
own
thing,
because
it's
basically
just
a
shame
and
then
the
control
is
being
a
big
image
with
some
controllers
being.
You
know,.
D
I
D
D
I
E
E
So,
no
because
we
saw
that
in
Irene,
when
somebody
did
a
load
test
on
CF
or
Kate's
forget
who
I
was,
but
we
got
a
whole
load
of
emails,
saying
Irene
was
crashing
because
it
was
using
too
much
memory
and
I
think
we
looked
into
it
then,
and
we
just
saw
this
cache
was
populated
with
a
whole
lot
of
stuff.
We
didn't
expect
in
the
and.
I
D
I
B
E
Okay
yeah,
so
it's
the
other
day
when
we're
doing
the
Helm
file
stuff
we
found
we
need
to
do
some
tweaks
to
what
control
the
Gen
was
generating.
So
we
can
reproduce.
What
customized
was
doing
so
we're
using
said,
and
then
we
found
out
that
said
on
Mac
is
the
BSD
version
by
default
and
it
has
slightly
different
syntax.
E
So
anyway,
we
went
back
to
some
solution
where
everyone
had
to
install
G
said
if
they're
using
a
Mac
and
we've
had
our
first
real
user
go
and
raise
a
bug
about
it.
So
we
considered
thinking
about
yq
again
so
I
mean
I,
I,
think
I
suggested
at
the
time
we
should
just
install
the
version
of
yq
for
the
make
file
to
use
inside
the
make
file
like
we
do
with
everything
else.
E
If
Matt
was
unhappy
because
he
thought
that
that
would
you
know,
break
the
rest
of
the
system,
but
to
say
today
we
installed
it
in
like
API
bin
controller
bin,
the
way
the
place
where
controller
gen
gets
installed.
It's
not
going
to
be
any
path,
it's
not
going
to
interfere
with
anything,
and
that
means
we
can
use
yq
to
do
the
yaml
manipulation
now
and
it's
loads
better
than
using
said
it's
very
clear.
E
What
it's
doing
it
goes
lacks
on
the
tree,
rather
than
just
looking
for
text
and
putting
stuff
in
at
the
right
indentation.
So
yeah
just
heads
up
about
that.
It's
gone
into
main.
Don't
expect
any
problems
with
people
running
stuff
on
a
Mac,
we've
verified
that
it
does
generate
the
right
stuff,
still
so
yeah.
It's
there
just
be
aware,
but
I
think
it's
fine.