►
From YouTube: Community Meeting, June 28, 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hey
everybody
today
is
june
28th,
and
this
is
the
kcp
community
meeting.
I've
got
the
agenda
up
on
the
screen.
I
am
pasting
a
link
to
issue
1385,
which
is
this
one.
If
you
would
like
to
add
anything
to
the
agenda,
please
do
so
with
a
comment
and
we
always
go
through
incoming
issues
and
milestone
epics
at
the
end.
So
stefan
I
will
turn
it
over
to
you
for
your
first
comment
here.
B
Yeah,
if
you
can
click
on
the
first
thing,
so
that's
two
big
pr's
and
I
just
want
to
mention
some
changes,
because
if
you
notice
issues
in
new
tests
or
in
old
tests,
this
is
skeleton.
So
the
first
one
there
is
a
new
end-to-end
test
called
end-to-end
dash.
Sharded
charting
is
a
big
word
here.
It's
one
chart
at
the
moment.
B
We
will
get
more,
of
course,
eventually,
but
at
the
moment
the
main
changes
as
if
one
proxy,
our
foreign
proxy
in
front.
This
is
consequences
on
what
you
can
do,
the
front
proxy.
It
roots
requests
to
to
work
space,
so
it
knows
on
which
charts
there's
only
one
at
the
moment,
but
it
knows
on
which
chart
the
workspace
lives
and
roots
normal
traffic
to
the
shot.
That's
the
first
thing
you
will
not
notice
any
any
difference.
So
this
is
not
relevant
white
card
requests,
though
don't
exist.
They
just
don't
exist
on
the
front
boxes.
B
B
So
next
time
a
wildcard
request
fails.
I
think
you
have
to
wait
until
it
has
loaded
and
it's
quite
clear:
okay
got
it
there.
It
is
so
I
added
those
three
lines
in
a
couple
of
places.
Basically,
the
normal
kcp
or
cube
cluster
client
is
against
the
front
proxy.
B
If
you
want
to
do
wildcard
requests
or
anything
which
is
not
possible
through
the
front
proxy,
you
have
to
to
change
your
config
like
this
is
a
wood
config.
So
that's
a
helper
chart
config,
so
you
give
it
a
kcp
client,
so
it
can
get
the
sharp
object
you
tell
which
chart
you
want.
So
it's
root
in
this
case
and
you
give
it
a
rest
conflict
and
you
get
back
a
configuration
which
works
for
clients
against
the
chart
directly
and
I
usually
call
them
wood
short
kcp
clients,
something
like
that
so
sv4.
B
What
was
this
whole
prefix
and
this
you
can
just
use
and
do
whatever
you
like
as
before.
Starting
from
us,
while
cutting
formulas
for
example,
or
whatever
you
like,
that's
the
first
big
change.
Otherwise
I
think
nothing
should
change.
B
Something
more
is
coming.
Sergius
is
working
on
removing
system
master
from
the
normal
admin
user.
So
if
you
get
an
admin,
cube
config
from
proxy
from
the
front
proxy,
it
will
be
cluster
admin,
but
it
won't
be
system,
master
hasn't
merged
yet,
but
it
will
and
the
difference
is
system
masters,
skips
authorization
which
means
from
that
point
on.
When
we
change
it
all
requests,
including
the
admin
ones,
will
go
through
authorization
and
some
admission
as
well.
We
have
some
exceptions
in
admission
where
we
check
for
system
master.
B
This
is
I
mean
you
have
to
see
what
you
want
like
virtual
workspaces,
for
example,
they
connect
directly
to
shards.
They
can
still
have
and
will
have
system
master,
but
the
end-to-end
tests
won't
same
thing.
If
you
want
system
master,
you
have
to
do
some
magic
to
get
it
all
right.
That's
the
first
big
change
that
can
go
back.
B
And
this
is
something
we
wanted
to
do
for
a
long
time.
We
have
systems
here
these
at
the
moment,
so
they
they
live
in
some
system.
Cd,
workspace,
a
shadow
workspace
and
I
just
virtually
mapped
into
workspaces
at
the
current
state
when
this
merges
everything,
but
the
api,
export,
binding
and
schema
will
be
also
api
bindings.
B
B
So
it's
cool
to
get
that
again.
It
has
consequences
api
bindings,
api
exports.
They
have
identity.
Usually
this
is
not
very
visible,
but
here
you
have
to
know
so.
Identity
is
a
secret
next
to
the
export
and
we
reflect
the
secret
content.
This
I
mean
it's
a
random
string.
What's
up
random
is
an
ass,
a
key,
I
think
andy.
You
know
better.
B
We
do
a
hash
out
of
that
and
stores
a
hash
in
the
api
export
and
also
in
the
api
binding
if
you
access
a
workspace
with
those
objects.
So
you
don't
have
to
know
that,
like
you,
you
go
to
the
api
endpoint
for
cluster
workspaces,
for
example,
you
just
get
the
cluster
workspaces,
but
again
the
white
cards
are
special
when
you
want
to
do
a
wildcard
request
on
an
api
binding
on
a
resource
formula.
If
you
have
api
binding,
you
have
to
pass
the
identity,
hash
string.
B
B
A
A
B
B
B
Well,
I
think
it's
a
wrong
link.
One
second:
can
you
go
to
on
the
left
side
in
the
in
the
tree
to
bootstrap,
which
one
helper.
A
B
B
And
the
function,
the
big
one,
that
is
new
contract,
something
that
one
exactly
so.
This
is
called
basically
at
the
root
of
virtual
workspaces
and
also
at
the
root
of
our
server.
B
B
It
wants
to
read
the
api
export
which
are
derived
from
those
from
those
mappings
here,
and
it
will
return
an
identity
conflict,
so
a
conflict,
less
config
which
has
injected
its
identity
strings
via
a
round
trip
grabber.
So
it
calls
config.rep
and
there's
a
hound
tripper,
you
can
add
to
it,
you
can
modify
the
round
tripper
and
it
injects
those
identity
strings.
So
you
don't
have
to
care
about
that.
So
everything
which
you
see
here,
it's
implementation.
B
B
B
It's
called
you
give
some
default
mappings,
which
are
the
mappings
for
our
wood
workspace
api
export.
So
there
are
new
api
exports
for
all
our
apis
and
it
will
return
a
config
which
has
this
weapon
magic
inside
and
it
gives
users
resolve
identities,
it's
a
function
which
basically
must
be
called
infinitely
until
it
succeeds,
so
that
you
see
this
poll
immediately
in
turn
into
this
context.
It
just
calls
the
source
identities
until
error
is
net
from
that
on
the
conflict
is
valid
and
you
can
use
the
conflict
to
instantiate
and
start
informers.
B
You
might
ask
why
it's
done
like
that.
The
soil
function
is
external
here
and
the
config
is
returned
early.
You
get
the
conflict,
you
can
create
clients,
you
can
create
informers,
but
don't
start
informers
and
don't
try
to
use
the
resources
in
the
conflict
or
in
the
client
which
need
an
identity.
It
will
just
not
work.
So
it's
a
country
you
can
use,
but
it's
not
functional
yet
for
those
identity
resources.
B
A
Okay,
any
questions
comments
on
any
of
that.
No,
it's
a
lot,
but
it's
it's
very
cool
to
see
it
coming.
A
All
right
steve
over
to
you,
11
49.,.
D
Cool
yeah,
so
this
another
thing
that
hopefully
doesn't
irritate
anybody
by
changing
things
from
out
under
the
hood.
So
in
the
last
week
we've
had
a
flurry
of
activity
here.
D
If
you
have
opinions
on
what
that
looks
like
how
it
feels.
Please
put
your
comments
in
there.
The
second
one
is
an
example
initializer
as
a
service
which
there's
this
the
bootstrapping
for
that
in
the
test
there
kind
of
show
off
what
it
would
look
like
for
a
user
to.
D
A
It's
an
accept
file,
yes,
which
one
of
these
the
bottom
one
might
wanna
clean
that
up.
D
They're,
all
you
know,
yeah
there's
context.
Sorry
it
was
the
top
one.
D
Oh
jeez,
okay,
yeah!
So,
like
you
know
here
we're
I
have
you
know,
I'm
I'm
some
sort
of
author.
I've
got
a
go
definition
for
my
types:
I've
generated
a
crd
from
it.
I
have
clients
for
it,
etc.
So
here
I'm
taking
that
custom
resource
definition,
I'm
creating
a
resource
schema,
I'm
creating
a
an
export
from
that.
I'm
waiting
for
the
export
to
be
you
know,
synced
and
have
a
virtual
workspace
available
for
me.
D
Yeah
so
here
the
api
export
virtual
workspace
urls
are
ready,
then,
because
this
is
like
a
little
bit
self-referential
here,
I'm
also
creating
a
binding
I'm
waiting
for
it
to
be
bound,
I'm
using
the
virtual
workspace
to
access
the
thing
and
create
objects
in
there.
So
this
is
kind
of
you
know
very
much
what
I
think.
A
lot
of
system
providers
are
going
to
be
doing
on
our
system,
so.
A
D
D
Adding
any
new
concepts
here,
I'm
just
like
using
them
together.
Right
like
this,
is
the
whole
process
of
like
create
a
type
export.
It
use
the
virtual
workspace
to
do
something
run
a
controller
off
of
it.
D
D
D
So
yeah-
and
this
is
a
good
question
right-
like
I'm-
not
really
sure
what
we're
expecting
everyone
to
be
doing,
but
I
wrote
an
api
in
go.
I
ran
whatever
generator
to
create
a
crd
yaml
which
sits
in
this
folder
and
then
here.
The
first
thing
I
do
is
convert
it
into
a
resource
schema
and
then
create
api
export
from
it.
Perhaps
our
generators
could
help
with
that.
A
Okay,
any
nothing
new
in
here,
oh
robin,
go
for
it.
E
Sorry,
are
we
implying
here
that
if
you
are
supplying
an
api
that
you
would
have
one
of
these
cluster
workspace
types,
I
think
I
missed
kind
of
the
intro
to
what
the
type
is
for.
D
Out
yeah,
so
I
think
it
totally
depends
right,
like
if
you're
providing
a
type
you're
gonna
have
that
export
or
sorry
if
you're,
providing
an
api
you'll
have
that
export.
If
you'd
like
to
also
provide
some
sort
of
default
cluster
workspace
environment
that
uses
it,
that
would
be
where
you
have
an
initializer
that'll,
you
know
bind
to
it,
maybe
create
a
default
version
of
it
or
something.
D
And
I
next
week
or
like
whenever
this
is
finished,
there
will
be
a
much
more
polished
demo.
A
A
A
Okay,
let's
move
on
to
issues
so
we'll
take
a
look
at
the
14
here
that
don't
have
a
milestone
set
and
what
we're
trying
to
do
is
not
go
deep
into
anything.
That's
in
here,
but
just
make
sure
we
understand
what
it
is.
A
What
the
priority
generally
looks
like
and
whether
it's
at
this
point,
whether
it's
so
critical,
we're
going
to
put
it
in
0.7,
which
will
be
our
next
milestone
after
we
close
out
0.6
or
we'll
put
it
in
tbd
indicating
it's
important,
and
we
want
to
prioritize
it
later
when
we
do
milestone
planning
for
0.7
and
beyond,
or
we
could
leave
the
milestone
blank
if
we
need
additional
feedback
or
commentary
this
one
I'd
seen
before
it
seemed
to
be
a
question
having
some
issues
and
I've
seen
a
few
coming
from
bianca
to
dash
be
without
much
reply.
A
So
I
am
happy
to
put
this
in
tbd
and
just
say.
A
All
right
next
up,
one
that
I
filed
about
doing
some
proud
work
for
post
submits.
This
is,
can
be
done
asynchronously
whenever
folks
have
time.
A
I
would
do
it
except
I'm
having
container
engine
issues
so
if
anybody's
interested
in
helping
out
with
getting
additional
ci
setup
and
would
like
some
pointers
happy
to
send
you
that
way
or
send
them.
Your
way
would
love
to
see
folks
help
out
here,
if
possible,
here's
an
issue
about
a
placement
label
not
being
removed
when
an
api
binding
is
deleted,
stefan
or
joe
keem
or
david
any
thoughts
on
the
should
we
just
do
this
tbd
and
revisit
when
we
use.
B
B
A
This
is
oh,
this
was
the
the
api
export
empty,
empty
api
export
with
the
permission
claim
right
stuff
on,
or
was
this
I
don't
know
this
is
multiple
compute
workspaces.
A
This
was
the
one
that
was
the
empty
api
export
with
claims
and
then
documentation
so
also
tbd
or
future
api
export
work.
A
B
I'm
also
going
to
put
this
in
tv.
I
I
tried
that
there's
a
workaround,
you
have
to
pre-create
a
secret
or
something
yeah.
B
Get
it
to
work,
but
it's
help
wanted.
So
if
somebody
likes
deployments
and
knows
about
secrets
in
125,
24.
A
I
mean
I
I've.
I
have
created
a
secret
with
the
annotation
and
gotten
the
token
generated
okay,
so
I
know
that
works,
so
I
think
for
joakim
and
sergius,
if
and
anybody
else,
who's
interested.
Let's
just
continue
to
have
the
discussion
on
the
issue
and
then
come
up
with
a
plan
that
we
all
agree
with
all
right
this
one.
I
suggest
we
close
this
so
david.
Maybe
we
have
a
discussion
here.
C
Yeah
that
that's
something
that
we
met
during
when
discussing
with
stefan
and
also
you
know,
based
on
on
questions
from
from
matters
about.
A
Okay,
it's
correct
even
more
fleshed
out.
Example
would
be
helpful
where
we
have
two
different
api
providers
indicate
who
the
user
is
or
users
what
controller
service
accounts
are
in
play,
so,
let's
either
david
or
staphon.
If
y'all
can
flesh
this
out
so
that
it's
more
thorough,
then
I
think
that'll
be
helpful.
C
D
A
D
Oh
yeah,
I
think
basically
it
was
like.
A
D
B
I
think
not,
and
I
mean
the
goal
is
to
have
something
smaller
than
then,
but
I
think
this
is
an
epic
we
have
to
talk
about
for
next
sprint.
A
Oh
yeah,
I
think
I
I
know
robin
had
stumbled
across
this
thanks
for
filing.
I
think
I
ran
into
it
at
some
point,
but
wasn't
sure
if
it
was
just
something
I
was
doing
wrong.
So
I'm
going
to
this
is
authorization.
B
A
A
This
is
me
working
on
dynamic
discovery.
I'm
gonna
put
this
in
seven.
A
B
A
I,
I
guess,
if
you
try
to
delete
a
workspace,
but
you
haven't
deleted
anything
else.
The
deleter
will
get
rid
of
the
workload
cluster
and
then
your
pr
will
kick
in
and
get
rid
of.
The
finalizers.
Is
that
right?
Yes,
okay,
all
right!
Well,
so
I'm
gonna
just
assign
this
to
you.
B
A
A
A
A
Yep,
okay,
some
authorizer
not
implemented.
C
Yeah,
if
we
are
mainly
speaking
of
the
virtual
workspace
of
the
workspaces
virtual
workspace,
it's
mostly
I
mean,
after
the
cleaning
that
I've
been
doing
in
in
the
context
of
the
homework
spaces,
to
fix
the
number
of
obsolete
behavior.
That
should
make
it
much
more.
You
know
easy
to
to
pull
up
the
various
subject,
success
reviews
which
are
done
inside
the
virtual
workspace
code
up
to
to
the
the
the
authorizer,
because
it's
you
know
much
more
consistent
with
the
rest
of
the
of
the
kcp
authorizers.
Now.
E
C
Yes
exactly,
but
but
there
are
still
light
steps
to
to
do
mainly
completely
get
rid
of.
You
know
the
being
a
member
of
the
top-level
orcs,
which
still
relates
to
the
previous
way
of
doing
things
where
we
were
creating
workspaces
in
top
of
the
orgs.
So
we
have
to
completely
get
rid
of
this
option
and
then
we
would
be
really
compatible
with
the
rest
of
how
arabic
is
managed
and.
A
C
A
Tvd,
okay,
that's
all
the
incoming!
These
are
the
new
set
of
issues.
These
are
the
milestone,
blockers,
four
zero
six.
So
I'm
going
to
start
at
the
bottom.
This
this
one
is
placement
essentially
right.
Where
is
this
location?
Workspaces
too?
Oh,
it's
placement!
Okay,
so
I
know
we
have
a
pr
for
it.
I
have
not
had
time
to
review
it.
If
folks
are
looking
for
helping
out
with
reviews,
there
is
a
basement.
A
Multi-Workspace
controller
development
so
we're
we're
close.
We
have
a
way
to
wrap
the
rest
config
for
existing
generated
clients,
so
that
you
don't
have
to
regenerate
anything,
and
it
will
largely
just
work
with
minimal
issues.
We
have
listers
that
are
a
lister
generator
and
we're
wrapping
up
an
informer,
generator
and
controller
runtime.
A
A
A
I
think
we're
probably
going
to
tweak
that
a
little
bit,
but
it's
definitely
better
than
having
to
maintain
two
different
code
bases.
So
that's
that
one.
I
don't
know
that
we
necessarily
will
hold
0.6
for
this
stuff
to
finish.
If
it
comes
shortly
after,
I
think
that's
fine
next
up
is
quota,
so
I
have
it
mostly
working
per
workspace
for
namespace
scoped
things,
there's
no
aggregation,
which
we
talked
or
roll
up.
Well,
we'll
do
that
later
and
there's
no
support
for
cluster-scoped
resources.
A
Yet
the
there
have
been
some
weird
issues
where,
if
I
run
a
test
say
seven
times
in
a
row,
it
works
the
first
six
but
fails
consistently
on
the
seventh
and
it
seems
to
have
it
has
something
to
do
with
a
shared
informer
and
watch
events
and
not
seeing
them
all
for
some
reason.
So
I'm
continuing
to
look
into
that.
A
I
don't
have
an
eta
for
when
I
feel
comfortable
that
the
tests
don't
have
flakes
in
them
or
that
the
there
are
not
bugs.
So
I'm
just
continuing
to
do
that
david
over
to
you
for
use
your
homework
spaces.
How
are
things
going
there.
C
Things
are,
we
are
well
going
quite
well
spent.
You
know,
you
know
quite
some
time
last
week
in
thinking
about
how
we
manage
permissions
and
the
right
to
automatically
create
the
homework
space,
and
especially
the
various
interactions
with
possibly
external
services
that
would
need
to
create
workspaces
inside
this
homework
space
yeah
it's
since
we
we
we
arrived
to
something
that
that
is,
you
know,
consistent
and
and
fits
with
all
the
the
use
case.
C
As
far
as
I
can
say
now,
I'm
mainly
cleaning
the
peers
there
was
in
in
the
in
the
course
of
the
whole.
You
know
proof
of
concept
of
of
the
homework
spaces.
C
There
was
a
number
of
things
to
to
change
and
clean
up
in
the
virtual
workspace
workspaces
virtual
workspace,
which
was
quite
obsolete
in
terms
of
permissions,
typically
using
the
the
member
role,
which
is
you
know,
just
something
which
is
top
level
and
should
disappear
in
the
future,
related
to
the
fact
that
we
created
workspaces
in
top
level
orgs,
and
this
was
mainly
used
at
all
levels.
C
So
I
mean
permissions
were
just
use
not
not
up
to
date
anymore,
so
I
had
to
fix
to
fix
this
as
well,
and
so
I'm
I'm
also
you
know,
taking
some
time
to
clean
up
all
these
fix
and
and
create
distinct
peers
for
every
every
change.
In
fact
which
takes
quite
quite
some
time,
but
you
know
the
the
main
you
know
I
mean
it
works
mainly,
but
but
then
these
cleanups
took
a
bit
longer
than
than
expected.
A
Okay,
what
if
you
had
to
just
give
a
rough
guess
like
when
do
you
think
this
is
gonna,
be
ready
for
final
review.
A
Thanks
so
I'm
gonna
skip
over
the
next
one
because
we
talked
about
it
already
sean,
I
think
you're
here.
How
are
things
going
with
the
permission
claims,
assuming
that
we
are
not
removing
the
dynamic
discovery?
We're
not
I
I
was.
I
had
a
brain
for
it
yesterday,
okay,.
F
I
was
like,
oh,
we
had
so
many
discussions
about
this.
It's
all
good!
Okay!
So
if
that's
the
case,
then
I
think
I
have
all
the
fixes
for
stefan's
latest
round
of
reviews
in
my
local
branch
just
to
push
them
up.
I
think
I
fixed
the
tests,
but
one
just
failed,
but
it's
like
completely
irrelevant
to
my
stuff.
I
think
so
gotta
take
into
that
and
then
I'm
working
on
steve's
around
reviews
now
so
hopefully
we
can
get
this
in
soon,
but
yeah.
A
Okay,
can
you,
when
you
have
a
second
just
slack
me
the
test
failure?
I
just
want
to
look
at
it.
Yep
thanks,
staphon,
any
any
additional
updates
on
sharding
beyond
what
you
talked
about
yeah,
I
just
said
so
inform
our
work
will
slip.
B
A
Okay-
and
I
know
mike's
not
here
so
I
think
I
haven't
seen
any-
I
haven't
seen
anything
related
to
this,
so
I
have
a
feeling.
This
is
probably
not
in
scope
for
0.6.
A
Okay,
any
final
topics
before
we
call
it
a
meeting.