►
From YouTube: 2021-07-15 Crossplane Community Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
the
recording
has
started-
and
this
is
the
cross
plane
community
meeting
for
july,
15th
2021.
A
A
So
we
are
early
in
the
1.4
release
cycle.
I
think
the
last
community
meeting
we
had
just
released
1.3
like
the
day
before
so
we're
still
fairly
early
in
the
1.4
cycle,
and
things
are,
you
know
starting
to
get
picked
up
and
move
along
there.
I
think
you
know
there's,
I
think
some
there's
some
things
that
are
already
in
in
progress,
but
I
think
there's
still
some
definite
time,
because
the
release
isn't
until
the
end
of
august
there's
definite
time
for
features
to
get
picked
up.
A
You
know
priority
to
get
set
as
well
too
for
things
that
are
in
high
demand.
So
let's
talk
about,
let's
bring
up
the
board
and
let's,
let's
talk
about
what
is
in
the
in
the
board.
Right
now
and
I'm
going
to
go
ahead
and
move
this
link
up
to
the
top,
so
it's
easier
to
find
next
time.
A
Okay,
so
muafik
is
he's
out
for
an
entire
month,
but
I
think
he
comes
back,
maybe
not
next
week
but
the
week
after
so
all
the
stuff
that
had
in
progress
like
the
cross
resource
reference
design
document.
That's
all
been
in
a
bit
of
a
holding
pattern
for
him
to
return
and
rejoin
the
community.
A
So
dan,
do
you
kind
of
want
to
chime
in
about
some
of
the
things
you've
been
focusing
on
and
some
of
the
work
that
you're
you
know
progressing
on
and
think
that
you'll
be
pulling
in
for
1.4.
B
Yeah,
so
there's
a
couple
issues
in
the
proposed
that
I
think
all
of
them
are
important,
but
they
have
kind
of
different
levels
of
urgency.
B
I
think
that
the
ones
around
providing
like
alternative
credentials
and
as
well
as
custom
certificate
authorities
for
pulling
packages
and
stuff
like
that
are,
would
be
good
to
have,
but
they're
not
super
important,
but
I'd
like
to
get
some
folks
who
are
doing
this
to
weigh
in
on
those.
So
so,
if
you
know,
if
that's
applicable
to
anyone
on
this
call
or
anyone
watching
this
later.
B
Please
comment
on
that
issue
and
outside
of
that
I
did
put
the
provider
config
partitioning
one
a
little
later
down
in
the
agenda,
but
I
can
go
ahead
and
talk
about
that.
If
we
want
now
or
defer
that.
A
Yeah
that
sounds
good
dan
as
we're
talking
about
1.4
potential
items.
Yeah,
let's
go
ahead
and
put
that
on
the
table.
Now.
B
Okay
cool,
so
this
is
mostly
motivated
out
of
folks
hitting
issues
with
you
know
wanting
to
provide
credentials
via
something
like
irsa
or
workload
identity.
But
you
know
you
only
have
a
single
pod
for
your
provider
and
then
the
other
motivation
is
sharding
around.
You
know:
performance
related
things,
so
how
often
you're
hitting
the
api
or
how
often
you
are
detecting
drift
and
that
sort
of
thing.
B
So
the
proposal
here
is,
since
we
control
the
installation
of
all
providers
right
they
go
through
the
cross,
plane
package
manager.
We
can
kind
of
add
in
bits,
as
we
want
to
allow
you
to.
You
know,
have
that
provider
config
respond
in
various
manners
or
have
that
provider.
Sorry
respond
to
different
manners,
something
that
every
managed
resource
has
in
common
is
a
reference
or
a
defaulted
reference
to
a
provider
config
and
provider.
Configs
are
also
the
way
that
you
special
specify.
B
Excuse
me
how
you
want
to
acquire
credentials
to
authenticate
to
the
external
api
as
well
as
any
other
configuration
it's
kind
of
like
an
arbitrary.
You
know
set
of
configuration,
that's
applicable
to
that
provider.
B
So
that
being
said,
that
it
makes
a
lot
of
sense
to
divide
on
those
right,
both
from
a
perspective
of
you
can
specify
which
manage
resource
is
going
to
be
reconciled
or
which,
if
you
were
to
split
them,
how
a
managed
resource
would
be
reconciled
by
the
provider,
configure
references
and
also
you
know
how
your
credentials
are
going
to
be
specified.
B
So
in
this
proposal,
basically
saying
that,
if
you
opt
into
this
functionality,
the
provider
config
for
a
provider,
the
provider
config
type
it
supplies
would
be
a
unit
of
partitioning
which
would
essentially
mean
that
when
you
install
a
provider,
we
start
up
a
separate
controller
in
core
crossplane
that
watches
for
provider
configs
of
that
type
and
creates
a
separate
deployment
for
each
of
the
provider
configs
that
exist,
which
means
that
you
know
and-
and
we
could
add
some
things
around
there.
If
you
said
like
these
two
provider,
configs
should
be
paired
together.
B
You
know
we
could
do
labels
or
something
like
that.
But
what
that
essentially
gives
you
the
ability
to
do
is
you
know,
specify
using
workload,
identity
or
irsa,
or
even
just
normal
credentials
for
different
pods
for
each
provider
config,
and
it
also
means
that
you
could
have
you
know
a
set
of
a
set
of
resources
that
got
checked
for
drift
every
day
and
a
set
that
got
checked
every
minute
right.
B
You
could
configure
each
of
those
sets
of
controllers
based
on
the
provider
config
that
was
in
usage,
which
is
useful
for
like
separating
environments
and
separating
different
kind
of
types
of
critical
infrastructure.
B
So
this
proposal
is,
is,
I
think
it
has
enough
for
it
to
actually
communicate
what
the
idea
is
here,
as
well
as
like
the
technical
aspects
of
it.
But
it
would
be
really
great
for
folks
to
weigh
in
here
and
say,
hey.
I
really
need
this
kind
of
support,
so
basically
giving
use
cases.
B
So
we
can
make
sure
that
all
of
those
would
be
addressed
by
what's
proposed
here,
just
as
kind
of
like
a
reference
to
what
could
be
an
alternative,
something
like
having
different
controllers
for
each
resource
type
or
different
deployments
for
each
resource
type
and,
having
you
know,
a
separate
pod
for
every
type
of
controller
could
be
something
different
that
wouldn't
be
addressed
here
from
what
I've
heard.
A
Yeah,
that's
great
dan,
and
I
think
I
think
from
my
my
instincts
here
as
well
too,
is
that
I
think
you
have
a
pretty
good
like
idea
of
how
this
might
be
used,
especially
from
your
interactions
with
folks
in
the
community
as
well
too,
and
hearing
some
of
the
the
concerns.
Or
you
know,
issues
they've
run
into
maybe
like
rate
limiting
as
well
too.
So
I
think.
A
C
A
B
No,
I
think
the
the
rest
of
them
are
pretty
straightforward,
like
using
back
off.
We've
talked
about
that
before
and-
and
so
if,
if
once
again,
if
folks
have
desire
for
those
to
be
brought
in
definitely
show
support
on
the
issues.
A
Awesome
nick,
I
think,
nick
no
he's
not
here,
but
so
nick
started
this
week.
I
think
I
think,
there's
a
design
for
it
now
as
well
too
for
composition
revisions,
which
is,
I
think,
quite
an
important
feature
for
the
ongoing
usage
of
compositions
and
iterating
on
them,
and
you
know
adding
new
versions
and
updating
them,
etc.
A
In
way
further
down,
oh
the
dock,
the.
B
A
Yeah
so
so
nick
did
open
up
the
one-pager
design
dock
for
composition
revisions.
I
think
this
is
a
fairly
important
feature
here
and
you
know
having
this
lands
in
1.4.
I
think
that
would
be
quite
interesting.
I
think
there
is
a
number
of
concerns
that
nick's
bringing
up
here
around
how
to
do
this
in
a
backwards
compatible
way
and
not
you
know,
change
functionality
or
introduce
you
know
a
alpha
level
implementation
to
something.
A
That's
a
v1
api
right
now,
so
I
think
there's
some
things
to
kind
of
dance
around
there
or
to
figure
out,
but
yes,
nick
just
opened
this
yesterday,
and
I
think
this
is
this-
is
a
pretty
big
investment,
a
pretty
interesting
feature
for
1.4,
along
with
the
like
other
things
that
dan's
doing
and
then
cross
rate
resource
references
as
well
that
we
often
started
yeah.
So
that's
there
for
folks
to
weigh
in
on
as
well
too
diego.
A
I
know
that
you
put
in
a
vote
for
plugable
secret
stores,
which
is
issue
2366,
and
that
is
on
the
on
the
1.4
board.
Where
did
that
go?
I
think
that
was
in
the
proposed
column.
A
Oh
there,
it
is
okay,
awesome
and
diego.
Is
there
anything
about
your
use
case
or
need
for
this?
That
is,
you
know,
diverges
or
is
different
from
kind
of
the
the
way
that
this
issue
has
been
describing
the
problem
so
far,
anything
different
for
you.
C
No,
no,
I
think
that
the
suggestion
is
pretty
much
good
and
the
use
case
is
a
common
between
our
usage
of
cosplaying,
because,
if
we
could
put
these
secrets
in
a
proper,
simple
manager
would
be
great
because,
as
you
know,
you
can
base
64
secrets.
You
can
easily
access
these
secrets,
you
know
so
if
you
can
put
them
in
a
separate
and
proper
secret
manager,
it
would
be
great.
A
Yup,
definitely
definitely
that's
great
diego
thanks
for
adding
a
vote
for
this
as
well
too,
and
if
there's
anything
that
comes
up
in
terms
of
your
use
case,
or
you
know
ways
that
you
would
like
to
see.
This
go
definitely
feel
free
to
make
a
comment
on
here
and
kind
of
weigh
in
on
it
there
as
well
too.
C
A
Yeah
we
have
it
so
we
have
it
in
the
in
the
1.4
post
column
right
now.
I
I
don't
know
like
in
terms
of
resources,
or
you
know
who
might
be
able
to
pick
this
up.
You
know
any
like
like
soon
in
the
next
few
weeks.
Let's
say
I
don't
know
about
that
right
now,
but
it's
you
know.
We
put
it
in
the
proposed
column
here
and
it's
near
the
top
of
the
list
there.
A
If,
if
anybody
is
interested
in
working
on
that,
I
don't
think
there's
an
assigned
owner
for
it
right
now.
I
think
there's
just
some
design
chat
in
the
in
the
issue
there,
but
I
don't
think
there's
been
any
design
dock
or
pr
open
for
this
already.
So
that
is
open
for
somebody
from
the
community
wants
to
take
this
on
and
contribute
this
feature.
Then
that's
certainly
something
that's
available.
A
I
think
that
was
the
areas
here
that
folks
had
mentioned
for
things
that
are
being
worked
on
1.4
and
desired
features
beyond
you
know
everything
else
that
was
in
the
bose
column
that
has
had
some
demands
from
the
community.
Is
anybody
anything
else?
People
want
to
bring
up
for
1.4
or
make
a
case
for
a
an
issue,
that's
important
to
you
or
anything
like.
A
That
all
right
cool,
then
I
think
we
can
leave
1.4
and
move
on
to
the
community
topics
section.
A
So
the
first
topic
in
here
I
was-
I
was
going
through
some
of
the
recent
live
streams
and
you
know
videos
and
you
know
tutorials,
etc
around
cosplain,
and
so
I
was
pretty
pretty
amazed
at
how
many
there
are
in
the
last
two
weeks.
So
all
these
links
here
are
new
links.
This
is
all
content.
That's
been
created,
you
know
in
the
since
the
last
community
meeting
you
know:
victor
farsik
joined
the
the
team
here
to
do
developer
advocacy
for
crossband.
A
So
we
now
have
someone
focusing
that
role
and
you
know
creating
you
know,
generating
content
explaining
things
making
awesome
videos.
So
I
think
a
lot
of
these
links
are
quite
high
quality
as
well.
Now
too,
there's
some
new
ones
around,
like
you
know,
shifting
left
infrastructure
management
using
crossplane
and
how
to
combine
the
crossplane
with
argo,
cd-
and
you
know,
cubella
our
collaboration
and
on
the
open,
open
application
model
home
with
alibaba,
microsoft
and
others.
There's
also
a
couple
other
ones.
A
We
bassam,
you
know,
one
of
the
creators
of
their
crosstalk
project,
went
on
the
cncf,
spotlights
and
and
talked
about
the
craftsman
project
and
stuff
there,
so
that
is
available
on
the
cncf's
twitch
stream
right
now,
if
you,
if
you
wanted
to
catch
up
on
that
one
as
well
too,
a
quick
question
to
the
community
here
is
that
I've
noticed
that
twitch
has,
I
think,
maybe
it's
like
a
60-day
retention
policy
and
then
videos
seem
to
be
poof
gone.
A
B
A
Cool
you
know,
so
I'm
not
super
familiar
with
twitch
twitch.
So
I
was,
I
didn't
know
if
there's
like
just
something
obvious
to
be
like
hey,
you
know,
click
this
here
and
it
it
pins.
If
it
saves
the
video
or
you
know,
doesn't
garbage,
collect
it
but
seems
like
that's
kind
of
just
part
of
the
platform
to
just
delete
things
that
are,
you
know
more
than
two
months
old
but
yeah.
That
would
be
a
good
one
not
to
lose,
though,
because
I
think
it
was.
A
It
was
really
interesting
interview
with
with
pop
and
bassam,
so
I
would
love
to
have
that
be
persistent,
so
we
can
keep
that
as
a
resource.
A
I
think
this
this
one's
a
particularly
interesting
one
as
well
too
so
victor
did
an
for
his
onboarding
and
you
know
getting
introduced
deeper
to
the
crossband
project
met
with
dan
and
did
like
you
know.
They
live
streamed,
basically
his
first
day
on
the
project
and
getting
onboarded.
So
that's
especially
people
that
are
kind
of
new
to
crossplane.
That
was
really
interesting
kind
of
a
cool
concept
to
live
stream,
the
you
know
onboarding
and
education
getting
into
the
projects.
A
I
think
that
one
was
super
interesting
as
well
too,
and
then
nick
nick
wrote
a
provider
terraform
recently
we've
got
provider,
helm
provider,
sql
provider,
github
git
lab
this
provider.
Terraform
is
well
too
now
and
nick
did
a
live
stream
with
victor
on
that
topic
as
well
too
delorean
that
might
be
of
interest
to
you
as
well,
too.
Considering
your
great
talk
that
you
did
with
nick
at
the
community
day
on
on
terraform
and
crossbane.
So
that
may
be
something
of
interest
to
you
as
well
too.
A
Awesome
yeah
cool,
so
there's
tons
of
interesting,
interesting
content
and
videos
and
stuff
that
are
being
watched
are
being
produced
here.
So
I've
got
links
to
them
all
in
the
agenda
documents
and
we
tend
to
produce
like
tweet
about
them
is
all
as
well
too
so
on,
like
the
cross
plain
underscore,
io
twitter
account
you'll.
You
can
see
links
to
all
this
stuff
as
well
too,
so
keep
up
the
great
work
there,
dan
and
victor
and
nick
and
everybody.
That's
really.
A
All
that
all
that
awesome
content
awesome
and
so
a
a
positive
update
on
seeing
the
incubation
proposal
with
the
cncf,
so
we,
the
toc
the
technical
oversight
committee,
said
they
wanted
to
open
up
the
public
comment
period
like
I've
been
talking
about
for
a
few
meetings
here.
The
something
that
we
found
out
was
missing,
though,
which
was
it
was
it
just
kind
of
glossed
over?
I
suppose
was
the
technical
advisory
group
so
the
for
app
delivery.
A
They
had
not
added
the
recommendation
for
the
project
to
to
be
approved
for
incubation,
so
they
did
that
yesterday
and
so
they've
added
their
formal
recommendation
of
so
app
delivery
has
formally
endorsed
or
states
that
the
crossbring
project
fulfills
the
criteria
to
be
an
incubation
project.
So
this
is
brand
new.
A
I
think
in
the
last
like
eight
hours,
12
hours
or
so-
and
this
is
the
you
know
the
thing
that
the
tlc
was
requesting
for
to
have
in
place
before
they
could
then
go
ahead
and
open
up
the
public
comment
period.
So
I
would
imagine,
then,
that
today
I
lost
my
place.
A
I
would
imagine
that
today
our
sponsors,
harry
and
ricardo
on
the
technical
oversight
committee
can
then
now
go
and
open
up
the
public
comment
period
and
move
to
a
vote
in
the
next
after
the
public
comment
period
of
two
weeks
is
over.
So
that's
a.
A
Have-
and
I
think
that
things
are
in
place
now-
no
big
updates
on
the
conformance
program.
I
think
you
know
there's
a
number
of
of
results
for
conformance
that
have
been
opens
from
basically
all
the
major
providers-
that's
not
new
news,
but
we
once
we
are
approved
for
incubation,
then
we
think
that
we
can
kind
of
move
forward
with
getting
the
performance
and
certification
program
approved
and
finalized
as
well
too
so
that's
kind
of
on
the
back
burner
or
on
hold
a
little
bit
until
the
incubation
is
done.
A
So
this
is
a
new
section
for
the
community
agenda
that
I've
added
this
week.
You
know,
I
know
that
in
slack
and
github
issues,
there's
a
lot
of
interesting
conversations
that
happen
that
maybe
they're
troubleshooting
an
issue.
Maybe
it's
a
feature
request,
but
there's
a
lot
of
activity-
and
you
know
the
community
is
really
engaged-
and
you
know
a
lot
of
discussions
and
things
like
that.
A
So
I
added
this
new
section
here
this
week
and
I
think
we'll
keep
it
on
the
agenda
going
forward
as
well,
too,
of
just
interesting
conversations
or
things
that
may
be
relevant,
or
you
know
kind
of
interesting
for
other
folks
to
kind
of
tune
in
on
I'm
gonna
start
with
the
the
second
two
first
to
kind
of
address
those
so
aaron
who
is
here
awesome,
hi,
aaron
aaron
addressed
a
problem
with
our
gke
provider
or
sorry,
our
gcp
provider.
A
It
has
been
kind
of
looming
and
becoming
a
much
much
bigger
issue
for
us
recently.
It's
like
in,
I
think
it
was
1.19
of
gke
gcp,
basically
removed
basic
off.
So
when
you
create
a
cluster
and
you
get
the
user
for
it,
it
gets
a
username
and
password,
and
then
we
use
that
to
like
with
provider
helm,
let's
say
to
deploy
resources
to
it.
That's
not
supported
anymore
in
1.19
and
above
and
then
gk's
minimum
supported
version,
I
think,
is
now
like
118.
A
So
it's
basically
we're
coming
up
on
the
version
where
gke
would
no
longer
support
the
authorization
or
sorry
authentication
methods
that
we
they
crossplan
enables,
by
default,
to
be
able
to
access
the
cluster.
So
this
is
quite
a
looming
problem
and
aaron
just
hopped
in
this
week
to
as
part
of
a
hack
week
to
solve
that
problem.
Erin.
Is
there
any
anything
kind
of
interesting
or
that
you
want
to
share
about
this?
This
implementation,
or
you
know
things
that
it
solves
that
I
that
I
missed
there.
D
Basically,
what
we're
doing
is
we're
implementing
our
own
auth
provider
inside
of
provider
helm
and
which
I've
learned
we
can
do,
and
it's
something
that
I
think
is
actually
in
our
best
interest,
because
there
is
also
a
note
in
the
gcp
auth
provider
that
they're
going
to
start
deprecating
their
that
current
flow
as
well
starting
in
1.22
and
by
1.25
they're,
expecting
to
have
it
completely
retired
and
they're,
basically
saying
fall
back
to
oidc
as
a
provider,
and
they
don't
really
want
to
have
these
custom
ones
so
starting
to
implement
our
own
custom.
D
D
We've
just
removed
a
lot
of
that
logic
and
allowed
the
ability
to
pass
in
credentials
to
the
provider
directly
so
that
it
can
do
the
complete
token
challenge
and
response
and
get
you
authenticated
to
the
cluster.
And
it's
handled
by
the
by
provider
helm
at
this
point,
although
we
could
probably
introduce
something
in
provider
gcp
if
we
decide
this
is
where
we're
going
where
it
can
continuously
refresh
the
tokens
in
the
cubeconfig
and
helm,
can
just
rely
on
the
cubeconfig
natively.
A
Yeah
that
that
sounds
like
a
potentially
good
direction
for
to
take
this
further
aaron,
but
either
way.
I
think
this
is
really
nice
to
like
this
is
something
that's
kind
of
the
back
of
my
mind
like
oh
man.
This
is
gonna.
A
People
are
gonna,
be
kind
of
bitten
by
this
in
the
somewhat
near
future,
and
it's
gotten
closer
and
closer
to
when
that's
going
to
happen,
so
super
grateful
that
you
kind
of
hopped
on
that
and
identified
that
that
was
that
was
an
issue
for
the
community
and
you
stepped
in
to
provide
a
fixed
man.
That's
really
really
cool
cool.
A
Off
for
gke
is
it
was
surprising
to
be
fun.
I
thought
that
would
just
be
like
everybody
wants
to
do
that
all
day,
long,
all
right
now,
the
other
another
kind
of
thing
to
call
out
here.
That's
also
a
product
of
a
hack
week
that
we've
been
running
this
week
is
a
new
provider
for
provider
kubernetes.
A
There
we
go
yeah,
let's
just
view
this
file,
real,
quick,
so
hassan,
who
is
not
here,
he's
on
he's
out
of
town
now
on
and
on
vacation
for
the
next
week,
or
so
hassan
wrote
a
new
provider
as
part
of
a
hack
week.
A
Here
that
is,
you
can
kind
of
think
of
it
as
similar
to
provider
helm
where
you
know
you
can
create
crossplane
objects
in
the
provider
home
that
represent
helm,
charts
and
provider
home
will
reconcile
those
and
deploy
those
helm,
charts
so
you're
kind
of
standardizing
still
on
everything
being
you
know
a
kubernetes
resource,
a
cross-plain
resource
that
follows
the
the
cross-plain
resource
model
and
can
be
included
in
compositions,
and
things
like
that
as
well
too,
but
doing
that
for
just
vanilla,
standard
kubernetes
objects
as
well
too.
A
So
this
kind
of
takes
the
idea
that
we've
seen
provider
helm
and
then
makes
it
more
general
to
all
kubernetes
objects.
I
think
there
is,
I
think
I
probably
lost
the
link
for
it,
but
there
is
an
example
here
that
hassan
provided
as
well
too,
where
you
know
you
can
make
a
composition.
Let's
say
that
deploys
the
argo.
Argo
cd
objects
as
well
too,
like
an
argo
application,
so
you
know
any
kubernetes
object.
A
Now
you
could
through
this
you
could
deploy
those
and
provision
manage
those
et
cetera
and
include
them
in
compositions
using
provider
kubernetes
now.
So
I
think
it's
probably
opens
up
a
lot
of
really
interesting
use
cases.
This
is
in
the
crosslink
contrib
organization.
So
you
know
it's
an
experimental
kind
of
you
know
early
very
early
days
provider.
Here
you
know
it's!
It's
not
mature.
It's
just
getting
just
getting
bootstrapped
and
started
here,
but
I
think
it's
pretty
interesting
kind
of
my
idea
and
opens
up
some.
A
You
know
more
interesting
avenues
of
doing.
You
know
arbitrary
objects.
Let's
say
it
kind
of
speaks
to
the
interesting
part
of
you
know.
If
it
has
an
api,
you
can
write
a
provider
for
it
right,
so
there's
all
sorts
of
of
things
that
you've
got
to
bring
into
management
of
the
control
plane
and
integrate
with
as
well
too.
So
this
is
really
cool,
really
cool.
To
see
this.
A
A
Here
I
don't
think
they're
on
the
call,
but
some
of
the
community
here
was
kind
of
talking
about
a
scenario
where
you
know
they're,
creating
vpcs
using
crossplane
they're,
creating
vpcs,
subnets
route
tables,
all
sorts
of
network
related
objects
using
the
provider
aws,
and
then
it's
not
quite
clear,
but
there
seems
to
be
maybe
some
circumstances
where
those
objects
are
created,
but
there's
not
really
any
references
to
them,
so
they
kind
of
potentially
could
leak
or
get
lost
there.
A
A
So
I
was
wondering
if
anybody
else
had
looked
at
this
or
was
thinking
about
it
a
little
bit
more
too,
of
of
objects
getting
created
and
you
know
not
losing
a
reference
to
them
or
you
know
not
be
not
them
not
showing
up
under
crossbane's
set
of
resources
and
managed
resources
that
it
is
aware
of,
but
still
having
been
created
in
aws.
I
was
kind
of
curious
about
what
next
steps
on
this
might
be
or
any
other
thoughts
dan.
I
know
you
were
looking
at
it
too.
B
Yeah
my
it's
very
hard
to
to
tell
exactly
what's
going
on
here,
but
my
guess
is
the
cleanup
process
is
resulting
in
this.
I
I
don't
want
to
say
it's
not
a
bug
in
cross
plane
because
it
certainly
could
be.
However,
the
kind
of
like
iterative
delete
of
all
types
of
resources
is
not
really
how
cleanup
is
supposed
to
work.
So
what
I'm
guessing
is
happening
here
is
that
managed
resources
are
getting
deleted
and
composition
is
recreating
those
managed
resources
and
then
those
and
then
the
composition
is
getting
cleaned
up.
B
So
that's
how
there's
getting
like
duplicate
you
know
of
resources,
and
that
sort
of
thing,
because
deleting
managed
resources
that
are
managed
under
composition
is
not
going
to
be
a
fun
time
right,
because
it's
going
to
say:
oh
it's
missing
now
I
need
to
recreate
it.
So
that's
what
I'm
guessing
is
happening
here.
That
being
said,
I
think
that
to
really
get
a
full
picture,
we'd
have
to
walk
through
exactly
you
know,
maybe
with
this
person
to
figure
out.
What's
what's
going
on.
A
Yeah
yeah,
I
was
kind
of
I
was
the
thing
I
was
interested
about
as
well
too,
and
it
wasn't
quite
clear
to
me
either.
Is
you
know
if,
if
these
objects
before
deletions
even
start
happening,
you
know
like
the
cluster
is
created,
the
resources
start
getting
created
in
aws
for
networking
objects
like
abcs
and
route
tables,
etc,
and
if
at
that
point
where
no,
the
cleanup
operations
have
happened,
so
we
haven't
tried
to
delete
any
managed
resources
claims
composite
resources
any
of
that
stuff
at
all.
A
If
there
is
at
that
point,
objects
that
exist
in
aws,
but
cross-plane
that
crossband
doesn't
know
about
like.
I
would
be
really
interested
in
that
case
if
objects
are
somehow
getting
created
and
you
know
losing
bookkeeping
in
cross
plain,
but
I
it's
not
clear
to
me
from
that's
what's
trying
to
get
out
here,
but
it's
not
clear
for
me
to
me.
If
that's
the
case
or
not
here,.
D
B
Yeah
yeah,
that's
one
of
the
things
with
like
the.
I
know
that
I
think
nameless
route
tables
were
mentioned
here
and
I
was
guessing
that
those
were
probably
the
result
of
the
vpc
creation.
That
being
said
there,
there
was
an
assertion
like
well.
It
looks
like
we're
forgetting
to
say,
delete
dependence.
Well,
that's
not
really
the
case
right
because
we
don't
want
to
delete
the
dependence
here.
We
we
generally
just
across
the
entire
crossplan
ecosystem.
B
We
will
never
delete
anything,
that's
not
under
cross
planes
management,
even
if
it
was
created
as
a
side
effect,
and
so
in
those
cases
where
side
effects
are
created.
Sometimes
we
have
to
do
some
like
creative
things
like,
for
instance.
A
good
example
is
a
gke
cluster
which
creates
a
default
node
pool
to
start
off,
and
we
immediately
delete
that
default.
Node
pool
and
then
say
like
give
us
the
node
pull
to
attach
to
it,
so
that
everything
is
under
cross
planes,
management.
A
B
B
A
For
sure
of
like,
if
we
don't,
if
we're
not
managing
it,
like
don't
go
deleting
things,
that's
you
know
who
knows
where
they
came
from
and
it
probably
is
going
to
have
very
significant,
drastic
negative
consequences
if
we
delete
something
over
because
we're
not
and
we're
not
sure
where
it
came
from.
That's
a
very
that's
a
recipe
for
disaster,
so.
D
I
was
just
gonna
say
it
is.
It
is
also
possible
to
to
construct
like
an
arrangement
of
objects
and
and
get
yourself
stuck
I've
done
it
using
other
config
management
tools.
You
know
such
that
you
create
the
vpc.
It
comes
along
with
the
default
security
group.
D
You
launch
an
ec2
instance
and,
and
while
the
vpc
and
the
ec2
instance
are
managed
by
cross
plane,
you
you
don't
control
any
added
rule
to
the
security
group,
which
could
then
block
deletion
of
everything
when
you
try
to
tear
it
down
and
since
crossplane
doesn't
know
that
one
thing
is
dependent
on
the
other.
D
You
wind
up
in
a
in
a
situation
where
it's
like
the
resources,
don't
get
deleted,
because
crossplane
has
no
idea.
They
exist
and
I've
seen
that
with
other
infrastructure
management
tools
as
well.
A
Yeah,
you
know
something
I
had
been
thinking
is
that,
because
I
had
seen
this
with
eks,
I
think
before
is
that
maybe
you
know
a
while
ago,
but
you
know
you
can
create
one
object
in
it
address
and
other
things
get
created
and,
as
you
know,
automatically
on
the
aws
side.
In
response
to
that,
I
did
not
know
like
you're
mentioning
aaron
and
dan.
A
I
think
as
well
too,
that
that
could
happen
for
vpcs
like
bit
of
vpc
and
other
networking
objects
get
created
automatically
on
aws
side
in
response
to
that,
so
that's
actually,
that
could
be
an
interesting
or
a
potential
case
of
what
we
think
going
on
here.
Is
that
hey,
yes,.
C
A
Created
something
but
then
there's
other
dependents
or
you
know,
resultant
objects
that
get
created
there.
That
would
not
be
managed
in
cross
plane
at
all,
and
we
wouldn't
know
about
it,
so
that
that's
definitely
something
that
is
interesting
and
like
you've
seen
that
before
with
networking
objects,
specifically.
D
Yeah,
you
know,
for
example,
if
you're
using
terraform,
if
you,
if
you
change
security
group
rules
and
like
terraform,
was,
was
decent
as
long
as
everything
was
under
its
control
of
knowing
what
order
to
delete
things
in,
but
you
can
create
an
arrangement
of
objects
where
it's
just
it.
It
doesn't
know
what
order
it
is
because
there's
a
dependency
that
wasn't
generated
by
the
config
management
tool.
So
you
know
just
the
order
of
deletes
get
out
of
sync
and
you
have
no
choice
but
to
go
and
clean
things
up
manually
at
that.
D
At
that
point
I
I
kind
of
want
to
read
through
this
and
figure
out
exactly
what
they're
creating
and
what
they're
seeing
get
left
behind.
But
it
might
just
be
a
case
where
you
you,
you
need
to
ensure
that
you're
not
just
assuming
default
when
you
create
any
resources,
but
that,
if
you
have
you
know
security
groups
that
your
instances
are
going
to
rely
on
or
anything
else,
you
and
you
create
your
own
in
cross
plane,
and
you
ignore
any
of
the
defaults
that
are
that
are
created
when
you
just
create
a
vpc
yeah.
A
A
Make
sense,
I
definitely
appreciate
the
extra
context
here
that
of
the
possibility
of
objects
being
created
like
that
by
the
provider
by
the
cloud
provider.
That's
you
know,
crosstalk
never
even
knows
about
which
could
have
interesting
application
implications
on
other,
depending.
A
Happens
in
so
it's
definitely
something
that's
challenging.
A
Awesome
cool
yeah,
thanks
for
thanks
for
the
time
that
you
had
looked
into
that
as
well
too
dan.
I
appreciate
it.
Don't
appreciate
that
okay
cool!
So
those
are
you
know.
Some
of
the
just
interesting
things
happening
in
the
community
are
interesting
scenarios
and
things
we're
looking
at
what
are
there
any
other
topics
or
things
that
folks
would
like
to
bring
up.
A
Okay,
all
right,
then,
if
there
are
no
more
items
on
the
agenda
that
folks
want
to
discuss,
then
we
can
go
ahead
and
adjourn.