►
From YouTube: Community Meeting, November 1, 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Yeah,
hey
everybody
Welcome
to
the
first
November
kcp
office
hours
meeting,
it's
November
1st,
and
if
you
have
anything
that
you
would
like
to
to
discuss
today,
please
add
it
to
the
GitHub
issue
that
I
just
pasted
the
link
in
chat
for
our
community
meeting
and
I'm
going
to
go
ahead
and
yield
over
to
Andy
to
talk
about
Edge.
B
Hi
everybody
thanks
for
having
us
welcome
back
from
kubecon
we've
been
having
some
discussions
in
the
background
about
what
it
would
take
to
support
the
edge
use,
and
we
feel
at
this
point.
We
know
enough
about
what
kcp
represents
in
terms
of
ecosystem
and
the
Partnerships
and
the
community
representation
and,
of
course,
the
components
and
the
elements
that
everybody's
worked
very
hard
on.
B
So
we
think
that
this
provides
us
a
good,
a
good
basis
for
us
to
to
work
in
a
vein
that
would
bring
about
certain
componentry
or
PRS
or
additions
to
technology
that
would
extend
kcp
to
cover
the
edge
multi-cluster,
Works
management,
workspace
and
so
Andy
and
Stefan.
B
We
had
an
initial
discussion
with
them
and
they
were
agreeable
that
we
might
introduce
or
asked
to
introduce
a
special
interest
group
within
kcp
called
kcp
Edge
validatory,
Mike,
Sprites
or
Ezra
Silvera,
and
myself
would
like
to
chair
that
that
Sig
and
ask
for
participation
from
others
within
kcp
and
externally.
Folks
from
the
cncf
that
have
some
vested
interest
in
this
space
would
also
would
it
be
more
than
welcome.
B
So
this
is
where
we
wanted
to
start
off
today,
and
we
thought
we'd
like
to
make
an
announcement
today
that
we're
open
for
business
we'd,
like
some
participation
from
any
of
you,
that
have
some
interest
in
this
space
and
we
have
some
Logistics
that
we've
got
to
hammer
out,
but
for
the
most
part,
we've
had
some
internal
and
external
discussions
starting
phone
and
they
seem
to
be
fairly
positive,
and
this
is
also
you
know.
Acting
on
on
the
the
very
successful
talk
and
discussion
that
Stefan
shared
at
kubecon.
So
it
was
really
I.
A
Does
anybody
have
any
questions,
or
are
there
any
more
introductory
details
that
are
maybe
worth
sharing
around
some
of
the
differences
or
challenges
that
you
face
at
the
edge,
as
opposed
to
some
of
the
things
that
we've
been
experimenting
with,
for
example,.
C
If
there
is
a
document
that
we
shared
with
the
kcp
dev
mailing
list,
I
guess
Andy
shared
it
last
week.
C
We
are
working
on
another
document
with
kind
of
I
think
a
bigger
a
wider
lens
also
to
share.
B
Yep,
so
we've
got
right
now
is
at
the
moment
we're
working
on
an
an
investigation
page
for
kcp.io.
B
So
we've
got
an
internal
discussion
taking
place
over
that
in
this
specific
epic
we
listed
what
are
some
of
our
purposes,
the
purposes
that
we
have
behind
creating
awareness
and,
of
course,
bringing
people
in
to
work
driving
concerns.
The
driving
concerns
document
is
in
large
measure,
is
a
Google
doc,
but
didn't
have
a
way
to
share
it
with
a
community
just
yet
so
we
didn't
do
that.
We
shared
it
within
here.
So
this
is
the
eight
driving
concerns
that
are
listed
below.
B
A
D
A
C
C
A
A
B
We
have
a
placeholder
for
a
meeting
link.
This
Thursday
10
a.m.
Do
it
in
a
bi-weekly
fashion,
so
not
to
be
cumbersome
on
the
other
folks,
some
taxing
on
their
time,
we'd
like
to
be
able,
if
that's
not
agreeable,
we'll
be
happy
to
move
it
to
see.
What's
can
accommodate
either
other
time
zones
or
regions.
B
Accordingly,
we
have
we
don't
yet
have
a
decision
or
we'd
like
to
have
to
open
up
a
discussion
about
where
we
could
have
a
place
to
carve
out
a
GitHub
location,
potentially
a
place
to
have
slack
if
it's
using
the
regular
kcp
Dev
slack.
That's
that's
fine!
It's
it's
entirely
up
to
you
and
then,
of
course,
you
know
a
mailing
distribution
list.
If
we
want
to
continue
to
use
kcp
Dev,
that's
fine,
or
should
we
dedicate
a
group
to
its
of
its
own?
B
A
Yeah
one
thought
that
was
not
something
you
just
brought
up
was:
we
do
have
the
ability
to
invite
the
Google
group
to
the
meeting.
So
if
one
of
you
all
wanted
to,
you
could
create
a
calendar
invitation,
invite
kcpdav
for
this
10
a.m,
and
then
everybody
who's,
a
member
of
the
Google
group,
would
get
the
invitation.
B
Okay,
I
have
it
on
the
red
hat
calendar,
so
I'll
just
add:
kcp
Dev,
as
a
member
now
got
it.
Okay,
you're
all
invited.
A
C
We
did
a
bit
of
an
introduction
earlier,
I.
Think
probably
I'm.
Guessing
sort
of
the
next
step
is
to
be
the
tip
to
take
more
time
than
you
want
in
this
meeting.
So
that's
on
the
Thursday
meeting.
Okay.
A
Let's,
let's
plan
on
doing
it
then
I
think
my
calendar
is
free,
so
that'd
be
cool.
I'll,
see
you
all.
There.
B
Great,
so
in
that
meeting
we
plan
on
doing
an
introduction
and
getting
some
of
the
logistics
out
of
the
way
and,
of
course
detailing
what
the
difference
is
between
the
multi-edge
use
case.
The
edge
multi-cluster
use
case
and
today,
P
provides
support
for
it
and
then
we'll
go
into
some
of
the
sub
items
that
are
below
that
which
are
things
like
you
know:
piggybacking
off
the
TMC
technology.
To
date,
maybe
making
our
own
called
EMC
some
discussion,
perhaps
about
sharding
and
the
like.
B
F
G
Geez
I
guess
so
we're
currently
doing
a
refactor
of
all
of
the
clients,
listeners
and
formers
Everything
to
do
with
contacting
a
kcp
server
and
providing
The
Logical
cluster
of
the
workspace
that
you're
working
with
we
have
rolled
out
the
clients
for
built-in
kubernetes
types
and
API
extensions,
I'm
almost
finished
with
the
ones
that
we
have
for
the
types
the
kcp
itself
produces
so
you'll
see
a
little
bit
of
change
in
the
code,
it'll
be
enforced
by
the
type
system.
G
Now
that,
like
you,
actually
provide
a
logical
cluster
when
you
need
to
there's
no
more
ambiguity
about
who
you're
contacting
for
information
if
anyone's
working
on
or
anyone
has
a
controller
that
runs
against
the
kubernetes
cluster
today
and
they're,
hoping
to
prove
out
running
against
a
kcp
cluster
as
well
getting
contact
the
generators
and
all
the
machinery
and
stuff
around
these
client
interactions.
G
The
goal
is
that
you
should
have
one
code
base
and
whether
or
not
you're
talking
to
kcp
and
operating
against,
like
many
different
workspaces
or
if
you're
talking
against
you
know
one
Cube
cluster.
It
should
work
either
way
and
so
I'd
love
to
partner
with
anyone.
That
is,
has
a
problem
like
that
to
make
sure
that
that's
actually
true.
G
Yeah
one
one
more
refactor
in
in
the
works
for
the
kcp
repo,
otherwise,
feedback
on
the
ergonomics
of
using
this
stuff
would
be
super
helpful.
It
shouldn't
have
any
functional
impact
when
we
change
things
so.
F
G
Yeah,
the
hope
is
yes,
so
that's
they
hope:
okay,
yep
yep
and
the
way
that
we've
written
it
to
if
you're
importing
these
cluster
aware
client,
libraries,
it
just
uses
stock,
Cube
clanko.
So
there's
no
Fork,
there's
no
hacks,
there's
no
Paget
on
top,
so
it
should
be
interoperable
and
not
require
any
gomod
hackery.
G
H
Go
ahead:
Paolo,
yes,
I
have
one
question
so
so
far,
I
saw
example
using
go
client
for
building
this
workspace.
A
web
controller.
So
I
wonder
if
you
have
done
any
work,
also
using
controller
runtime,
Library
Frankie
Builder
is
something
possible
to
to
use.
There
is
some
plan
to
do
that.
G
Yes,
so
we
have
an
example,
controller,
runtime,
client
or
a
controller
runtime
controller
that
an
alversia
put
a
bunch
of
work
into
that
and
then
yep
thanks
for
pulling
this
up.
So
this
example
is
a
good
one
to
look
at.
G
This
is
a
little
bit
less
finished
and
I
think
we
have
some
follow-up
like
considerations
for
this
one,
but
it
should
work
today
and
feedback
on
this.
One
also
appreciate
it:
yeah.
A
A
We
have
had
discussions
with
the
controller
runtime
Community
about
designing
some
more
abstract
interfaces
in
controller
runtime
to
support
the
concept
of
multiple
cluster
supports
where,
if
you
want
to
talk
to
multiple
kubernetes
clusters
that
are
real
clusters,
controller
runtime
could
support
you,
but
it
would
be
sufficiently
layered
and
abstracted
so
that
multiple
workspaces
could
be
seen
as
multiple
clusters.
So
we
have
not
started
that
work.
G
A
couple
years
ago,
I
worked
with
Alvaro
to
land
like
actual
multi-cluster
support
for
controllers
that
talk
to
like
many
physical
clusters
and
I.
It
seems
like
it
would
be
a
fairly
reasonable
next
step
to
abstract
that,
where
each
individual
cluster
could
be
or
kcp
workspace
and
critically,
one
list
watch
stream
contains
events
from
multiple
but
yeah,
so
that
that's
still
in
the
future.
H
The
reason
I
was
asking
about
controller
and
time
was
because
there
are
a
lot
of
operators
in
community
already
using
controller
runtime,
for
example.
Cross
plane
is
one
so
I
wonder
if,
in
this
model
of
API
export
and
API
as
a
service,
so
I
I
was
wondering
how
difficulties
for
existing
operators
or
controllers
using
controller
runtime,
somehow
to
to
be
able
to
be
plugged
into
this
in
this
environment,
to
basically
be
able
to
to
watch
results
across
multiple
workspace
without
having
to
rewrite
a
lot
of
codes.
H
G
Yeah,
of
course,
so
with
this
example,
we
have
a
couple
folks
that
have
used
the
example
to
to
instrument
control
runtime
controllers.
So
right
now
you
know
the
replace
directive,
I
think
there's
like
maybe
two
or
three
lines
of
code.
G
They
need
to
change
in
the
actual
way
that
you
structure
your
reconciliation
request
and
then
there's
a
bit
of
boilerplate
code
at
the
beginning,
for
instance,
if
your
controller
is
going
to
be
going
against
the
an
API
export,
you
know
knowing
how
to
contact
the
particular
endpoint
that
you're
contacting
but
past
that
actually
none
of
the
logic
changes
so
I
think
we're
very
close
to
what
you're
expecting
there.
Okay,
if
you
have
a
chance
to
try
out
the
example.
A
Not
seeing
anybody
so,
let's
move
on
to
the
next
topic
here:
Frederick
around
Discovery
and
selection
of
kcp
shards.
I
Yeah,
okay,
so
a
bit
of
background
on
that
Lucas
has
been
doing
some
work
and
developing
a
cache.
E
I
Where
we
install
things
like
API
export
and
a
API
resource,
schemas
and
cids,
that's
a
piece
of
resources
are
globally
available
or
in
a
shouted
world.
You
are
short
for
the
separate,
like
separate
clusters,
and
with
this
cache
server
makes
this
specific
resources,
API
export
and
a
resource
schemas
globally
available.
I
When
you
want
to
write
a
controller
which
is
a
multi-cluster
multi-shards
aware,
it
will
need
to
discover
the
earlier
for
communicating
with
the
differentials
every
child.
We
will
have
a
a
different,
and
this
information
today
is
stored
in
the
API
export
and
the
status
of
the
API
export,
and
so
it's.
F
I
Challenge
we
have
is
the
selection
process,
so
you
probably
will
have
a
multiple
instances
of
your
controller,
at
least
one
per
region
that
will
communicate
and
into
the
reconciliation
for
resources
in
a
simulation,
so
possibly
in
multiple
shards
for
doing
the
reconciliation
of
multiple
shots.
It
means
that
you
will
start
a
control
per
shot
because
again
shout
out
different
cluster,
so
you
need
to
separate
informal
for
each
shot,
and
so
please
mechanism
is.
I
It
is
pretty
clear,
but
there
is
a
one
point
around
there's
a
selection
process.
We
we
need
some
information
that
we
don't
have
today
for
knowing
that
this
controller
deploys.
Let's
say.
I
Will
only
process
a
Shahs
that
are
located
in
a
separation
so
in
Germany,
France
and
Italy,
but
not
United
States,
for
instance
right.
So
we
have
discussed
last
week
three
approaches
for
getting
this
information,
so
the
first
approach
was
to
add
labels
to
the
API
Expo,
because
the
API
exports
can
already
be
retrieved
globally
and
next,
we'll
see
for
each
chart.
We
could
add
labor
and
this
label
would
originate
from
the
resource
name.
I
That
says,
for
instance,
this
shot
in
is
based
in
U.S
is
one
or
this
Sharp
is
for
production
of
whatever
maybe
relevant,
and
the
idea
with
this
approaches
that
the
controller
kind
of
retrieve
the
information
from
the
API
export
and
decide
okay
I
want
to
so
the
manager
I
will
decide
to
to
start
a
new
controller
new
Informer
for
this
shard
in
the
same
region.
That's
not
for
the
shot
with
the
labels
for
a
different
version.
So
there's
our
issues.
I
And
Steve
razards
we
are
creating
some
some
more
rights
or
copying.
D
I
Yeah
I'd,
okay,
so
if
we're
into
a
bit
of
math.
So
if
we
say
that
we
have
a
thousand
charts,
so
that
was
the
limit.
But
it
was.
I
Mentioned
as
a
goal
for
kcp
to
be
able
to
support
thousand
charts
if
we
say
that
API
exports,
which
may
be
well
possible-
and
we
are
three
labor
per
shot-
that's
already
a
lot
of
labels
that
will
be
copied
everywhere,
because
in
each
API
exports
we
will
have
200
sorry,
we
will
have
three
thousand
labels.
D
But
it's
it's
a
little
ugly,
maybe
so
you
know
Services
services
and
endpoints.
Maybe
it's
a
similar
example
right.
So
maybe
you
should
think
about
that
in
the
Second
Step,
At
least
also
there's
one
question:
your
controllers
will
run
in
different
regions,
so
we
have
to
think
about
how
to
distribute
this
information,
because
API
export
object
is
in
this
one
workspace
right.
I
It
is
accessible,
probably
through
the
cache
server
okay,
but
let's
move
to
the
next
option.
I
So
the
option
two
was
to
to
make
the
cluster
workspace
Shard
resource
globally
available
so
again
to
a
bit
on
the
cache
server
in.
By
doing
that,
we
don't
need
to
replicate
so
it's
a
label
from
the
chart
on
the
API
export
Jose
ASL
also
challenges
with
that.
So
one
for
instance,
we
have
three
different
errors
that
are
recorded
in
cluster
workspace,
chart
one
of
them
being
for
internal
communication,
so
that
may
be
related
to
internet
B
and
platform
administrator
may
not
want
to
have
that
visible
globally
by
third
parties.
I
I
Side,
So,
based
on
the
location
of
or
at
least
the
shot
on
which
the
controller
is
related
to
also
because
that's
been
deployed
in
the
kcp
workspace
or
because
the
cube
config
it
is
using
for
communicating
and
doing
the
discovery
is
bound
to
a
specific
chart.
I
It
is
possible
for
the
API
server
or
the
cache
server
to
do
the
filtering
and
only.
I
Send
an
API
Xbox
fee,
which
has
only
the
that
are
relevant.
So
if
we
set
in
the
API
exports,
she
named
a
region,
for
instance,
and
it's
a
as
a
shout
where
the
control
has
been
deployed
is
in
the
region
Europe,
so
that's
available
on
the
cluster
workspace
Sharp.
It
will
only
get
when
it
doesn't
get
API
export.
I
It
will
only
get
the
error
for
the
shot
in
a
simulation
and
not
for
shot
in
in
United
States.
So
the
advantage
of
this
approaches,
as
there
is
no
need
for
any
copy
of
Labor.
I
So
if
you
question
mark
so
one
of
them
is
that
it
has
a
bit
of
processing.
So
yeah
with
a
calculation
and
filtering
needs
to
happen
with
every
request
and
the
second
one
is
the
way
whether
it
would
be
a
possible
to
to
watch
this
kind
of
a
projected
resource.
So
as
Steve
of
Stephanie
I,
don't
know.
Where
is
the
end?
First?
G
Sure
I
think
the
biggest
question
for
me
is
like
what
do
we
actually
want
this
API
to
look
like
we
talk
about
nodes
and
pods
in
here,
but
like
the
Pod
spec
has
a
node
selector.
I
G
Right
but
you
don't,
the
difference
is
not
that
every
person
that
can
create
a
pod
can
list
all
nodes
and
get
all
labels
and
then
Implement
their
own
filtering
and
selection.
There
is
a
selector
right
and
I
think
the
visibility
of
shards
and
the
topology
in
general
is
a
question
here
right
like
what
what
do
we
actually
want
people
to
care
about
and
look
at,
and
it
strikes
me
that
you
know
if
we're
talking
about
replicating
labels
or
exposing
labels
or
somehow
filtering
them,
and
we're
doing
that.
G
For
a
very
you
know:
small
set
of
labels.
We
are
in
essence
creating
an
explicit
API
that
says
you
can
see
which
regions
A
Shard
is
in,
or
you
can
see
you
know
whatever
whatever
and
it
might
be
advantageous
for
us
to
have
like
an
actual
API
for
that,
rather
than
dumping
a
bunch
of
data
onto
the
client
and
then
letting
them
do
whatever.
G
On
that,
I
think
there's
also
a
question
here
of
like
yeah
like
do.
We
want
users
to
have
their
own
opinions
on
how
they
run
vis-a-vis
some
Global
topology,
or
do
we
want
to
provide
a
clearly
delineated?
C
I
pile
on
a
little
bit
too,
in
kind
of
in
a
broader
sense.
Right,
I
mean
I,
see
a
lot
of
tendency
to
put
in
Cube
objects.
You
know
what
should
be
spec
into
labels
and
annotations
right,
I
mean
in
general.
You
know
it,
it
should
be
spec,
although
since
we
can't
do
label
selectors
on
custom
resources,
you
know
I
understand
why
things
go
to
labels,
but
you
know
I
keep
thinking
you
know
addressing.
That
problem
is
what
we.
D
That
I
I
think
Mike.
This
is
exactly
the
use
of
labels
exactly
what
the
cube
inventors
has
defined,
how
labels
should
be
used
and
I
I
think
Steve
your
your
idea,
I
think
it's
good
like
here's,
an
object
which
gives
you
a
subset
of
virtual
workspace,
urls
and
it
in
the
spec.
It
has
a
selector
as
simple
as
that.
D
That's
basically
the
simple
simplest
thing
we
could
do.
It
gives
everything
we
need.
You
just
get
the
information
you
need
and
again
to
my
remark
before
we
have
to
expose
this
thing,
maybe
in
different
workspaces.
So
maybe
you
will
have
a
workspace
for
each
region
where
a
controller
will
run.
It
will
put
this
object
in
there,
which
gives
us
a
virtual
workspace
URLs
and
will
point
to
the
export.
The
export
comes
implicitly
from
the
cache,
but
basically
your
object
is
local.
D
D
D
Yeah
yeah
there's
one
question:
maybe
we
can
talk
about.
This
is
kind
of
implicit
like
if
we
have
so
you
have
to
document
basically
which
neighbors
exist
and
the
user
has
to
then
select
I
mean
in
the
simplest
case.
There
is
no
selector
like
it's
empty
matches
everything,
but
you
can
read
up
the
documentation
of
kcp
and
see
that
as
our
three
levels
of
topology
and
you
have
to
use
enables
to
get
someone
you
want.
G
Yeah
I
think
we
might
get
a
lot
of
value
from
even
filter
this
down
to
the
virtual
workspace
URL,
that
is
on
my
Shard
filter
this
down
to
the
virtual
workspace
URL
that
is
on
my
region,
yeah.
G
G
Colon
true,
might
be
even
simpler,
because
then
you
don't
need
to
like
what
would
the
client
flow
look
like
if
I'm
deploying
a
an
instance
of
my
controller
per
region,
right
I
would
need
to
somehow
discover
what
region
I'm
in
and
then
pass
that
into
my
label.
Selector
like.
Why
should
I
even
care.
D
I
I
Value
so
like
Cloud
region
and
short,
that's
something
that
will
be
defined
and
and
presets
that
can
be
extended
or
A
Change
by
by
users
and
there's
on
that,
we
would.
D
G
Had
when
we
were
talking
through
this
last
week,
so
I'm
I'm,
some
user
client
deployment
I
found
using
my
local
client
and
my
cash
client
I
found
that
API
export,
for
which
I'm
actually
running
now
I
need
to
know
who
do
I
ask
to
figure
out
which
of
the
URLs
on
that
export
are
within
my
region.
How
do
I
find
that
endpoint.
A
I'll
talk
about
this,
but
the
the
list
of
URLs
is
a
struct
and
they
happen
to
have.
It
happens.
To
have
one
field,
which
is
the
the
URL
itself.
If
we
put
labels
on
there
and
we
copied
the
labels
from
The
Shard
and
like
could
we
do
something
like
that.
I
D
A
So
my
my
recommendation
would
be
coming
back,
Stefan
Steve,
whoever
and
writing
what
the
understanding
is
based
on
this
discussion.
You
know,
maybe
just
add
it
to
the
bottom
of
the
dock
somewhere
and
then
we
can
follow
up
on
it
async
and
if
we
we
need
more
discussion,
we
can
do
an
ad
hoc
or
at
the
next
community
meeting
Ezra
you've
got
your
hand
up
what's
up.
F
Yeah
just
quick
comment
or
question:
there
are
basically
two
use
cases
for
shouting.
One
is
this:
you
know
spread
across
Geographic
and
so
on
and
we
are
discussing
regions
and
so
on,
but
the
other
one
is
actually
just
handled
very
large
scale,
right,
I'm
out
of
resources,
memory,
CPU
and
so
on.
I'm
going
to
use
millions
of
workspaces
and
I
just
want
the
charts
and
I'm
wondering
if,
in
this
discussion,
I
just
want
to
make
sure
we
are
not.
F
D
F
Exactly-
and
this
also
adds
to
I
started
some
discussion.
I
may
also
want
to
be
able
to
let
the
administrator
control
the
even
shouting
policy
right.
What
is
the
criteria?
I'm
shouting
against
not
right.
It's
not
really,
maybe
according
to
region
and
so
on.
I
may
have
my
arbitrary
kind
of
policy
by
which
I
want
to
shout
stuff
and
when.
D
F
G
G
Don't
think
we
see
that
changing
in
the
future,
like
some
of
the
guarantees
that
we
want
to
provide
about
workspaces,
break
down
when
half
of
your
workspace
is
in
a
different
network
region
across
the
world,
so
I
think
we'd
need
to
think
through,
like
what
does
it
mean
for
like
if
I'm
building
a
controller
and
I
know
that
the
scale
of
data
is
really
large
and
I
know
that
even
within
a
region
I'm
going
to
have
multiple
processes,
because
you
know
look
for
horizontal
I'm,
not
under
control
of
where
the
data
lives,
though,
like
the
TCP
system
needs
moving
cards.
C
Around
right,
I
think
what
Ezra
is
saying
is
he's
talking
about
a
multiplicity
of
workspaces
but
they're
all
in
the
same
region,
you're
using
multiple,
because
you
can't
have
one
server
host
them
all.
G
Yes,
yeah
yeah,
so
I
I
I'm
in
accordance
with
that
I'm.
Just
saying
like
the
number
of
workspaces
and
the
like
the
consistent
hashing
between
the
workspace
and
the
chart
that
it
ends
up
on
is
not
under
the
control
of
the
controller
author,
and
so
we
need
to
think
through,
like
what
kind
of
API
we
would
want
for
that.
Yeah.
F
I
just
wanted
to
point
out
this
use
case,
and
the
last
comment
is
because
I'm
looking
at
large
scale-
and
this
is
the
use
case-
I-
want
to
attack
I-
want
to
make
sure
also
that
the
cache
server
is
not
becoming
a
bottleneck.
In
terms
of
you
know,
performance
memory
and
all
of
that
right,
because
the
if
we
wish
ever
seek
to
the
case
server,
then
you
know
I
need
to
solve
that
issue
as
well.
Yeah.
A
So
I'm
gonna
call
time
on
this
for
today.
I
think
this
has
been
a
fantastic
discussion,
but
we
are
out
of
time
for
this
topic
for
this
meeting.
I
would
encourage
Frederick
and
anybody
else.
That's
interested,
please
schedule
a
separate
design
meeting
with
the
folks
who've
been
talking
about
about
this
in
the
meeting
today,
and
anybody
else
who's
interested
and
continue
the
discussion
there.
If
that
works.
For
you.
A
So
Frederick,
do
you
want
to
take
on
trying
to
schedule
that.
A
Awesome,
thank
you
all
right.
We
have
about
20
minutes
left
Nolan,
you've
got
a
narrowly
scoped.
Permissions
claims
permission.
J
J
Yeah,
so
this
design
document
is
about
giving
access
to
a
limited
subset
of
objects
within
a
group
resource
the
example
I'm
using
is
Secrets.
You
may
want
to
get
access
to
a
specific
secret,
that's
relevant
to
your
work,
but
not
see
any
others.
So
we
are
investigating
three
cases
for
doing
this.
First
is
identifying
a
specific
object
by
name
and
namespace,
so
this
is
when
there's
well-known,
name
or
yeah
that
that
one's
pretty
straightforward,
the
other,
is
grabbing
a
collection
of
objects
based
on
some
label
selector.
J
So
so
you
have
multiple
deployments
or
multiple
Secrets
or
load
balancer
information.
J
This
would
be
a
way
to
get
access
to
only
those
objects
labeled
that
way,
and
then
the
final
option,
which
is
perhaps
the
trickiest,
is
what
I'm
referring
to
as
owned
objects.
So
this
would
be
things
like
things
that
you
don't
necessarily
create
with
your
controller,
but
they
are
second
order
objects,
so
volumes
mounted
into
a
pod
config
mounts
mounted
into
a
pod
or
something
of
that
nature.
J
We've
also
got
some
folks
in
in
this
issue.
1937.
folks
have
enumerated
specific
use
cases
more
more
detail
than
the
general
stuff
I'm
giving
here
so
in
terms
of
the
interface
that
we're
proposing.
J
Actually
sergius
has
expanded
the
permission
claim
to
have
a
resource,
selectors
field
that
is
now
in
he's
using
this
for
reverse
permission,
claims
as
well
and
I'm,
currently
working
on
Plumbing
that
into
admission
and
Reconciliation
for
just
named
objects:
I've
not
tackled
label
selectors.
Yet
so
I
mostly
wanted
to
use
this
as
a
heads
up
and
give
people
awareness
and
possibly
field
any
questions
that
people
might
have
or
use
cases.
A
Thank
you,
Nolan.
Anybody
have
anything
top
of
mind
or
need
some
time
to
think
about
it
and
maybe
respond
async.
C
One
small
comment
there
on
the
terminology,
simply
own
I
mean
kubernetes-
does
have
a
concept
of
own.
That.
H
C
Think
is
not
exactly
what
was
meant
right
right,
so
you
might
want
to
use
just
a
different
word
or
expand
on
it.
So
you
know
I
would
say
maybe
linked
or
related
rather
than
owned.
A
J
E
Yeah
I
just
wanted
to
point
out
that
these
changes
are
pretty
relevant
to
the
pr
which
we
merged,
which
has
the
CLI
commands
on
getting
permission,
claims
and
listening.
We
could
probably
add
more
flags
for
whatever
increase
specifics,
which
have
been
added
to
permission
close,
but
yeah
well,
like
I,
can
have
a
discussion
with
noon
and
paper
at
home
can
work
on
it.
D
Yeah
two
questions
or
remarks:
maybe
Inspire
us
people
to
think
about
it.
So
my
first
comment
about
those
things
should
be:
you
should
be
able
to
render
them.
The
user
should
explain
them.
I
think
this
was
one
of
those
properties
we
need.
So
if
we
have
complicated
Json
paths
or
CL
this,
it's
not
too
easy
to
learn
to
understand,
and
the
second
thing
is
the
question
for
everybody.
Who's
interested
in
this
area.
To
think
about
this
is
I
mean
the
old
object.
Thing
has
security
implications
right.
D
He
owns
object,
so
maybe
you
can
change
it,
so
you
can
suddenly
read
our
secrets
because
you
can
change
the
main
object,
so
we
talked
about
maybe
the
spec
of
an
object,
that's
owned
by
a
user
and
not
by
the
service
provider,
those
kind
of
things,
and
if
it's
about
Json
paths
or
CL,
or
something
like
that,
we
want
conversion.
Conversion
also
gives
some
kind
of
control
to
a
service
provider,
so
I
leave
it
here
think
about
it.
Interesting
topic:
if
you
have
ideas,
you
want
to
contribute.
C
C
C
But
you
started
to
talk
about
a
different
sort
of
ownership,
which
is
you
know
about
a
user
rather
than
a
different
object,
which
is
I
would
say.
I
was
kind
of
expecting
that
I
was
interested
to
see
that
it
wasn't
here
right,
one
of
the
things
that
other
people
have
identified.
Is
they
really
wish
as
a
general
feature
of
the
cube
API,
you
could
say
you
know,
list
secrets,
you
know
not
all
of
them,
just
the
ones
that
I'm
authorized
to
read.
D
C
Right
and
then
there's
another
sense
right
which
it
came
from
the
introduction
of
server-side
apply,
which
assigns
field
managers
to
parts
of
objects.
Yes,.
D
That's
what
I
had
in
mind
yeah
anyway,
so
let's
leave
it
here.
Please
get
engaged
talk
to
dog,
come
up
with
ideas.
A
All
right,
one
more
issue
on
here
from
me:
slash
Steve,
asking
if
we
wanted
to
do
this
before
we
cut
the
next
release.
So
this
is
a
proposal
to
eliminate
the
phrase
virtual
workspace
because
it
is
not
accurate
and
confusing
and
replace
it
with
some
other
term.
The
initial
proposal
is
service,
I
realize
that
is
a
very
generic
and
overloaded
term,
but
it
works
so
I.
A
Yeah,
so
if
y'all
have
other
thoughts,
feel
free
to
suggest
I
think
we
should
solidify
a
meaningful
term
before
making
any
changes.
G
Maybe
let's
give
it
a
week
for
lazy
consensus
to
Mike's
point
I,
think
we
don't
actually
ever
use
the
term
virtual
workspace
alone.
As
noted
in
the
first
like
five
rows
of
this,
we
always
prefix
it
with
what
it
is
actually
doing
which
speaks
to
how
lacking
of
information.
Those
words
really
are.
A
G
Yeah
I
think
I
would
strongly
suggest
anyone
that
has
thoughts
here.
Anyone
that's
interacted
with
them.
If
you
have
a
mental
model
that
you
use
to
explain
this
to
yourself
like
explain
that
Cher
I'd
love
to
hear
what
people
think
we
should
put
a
TTL
on
this.
Maybe
the
next
release
is
a
good
timeline
at
a
minimum
service.
Doesn't
mislead
people
the
same
way
that
workspace
does
and
would.
A
A
So
I'll
call
time
on
on
that
one
for
right
now,
please
come
into
2196
and
add
any
comments
if
you
have
them,
given
that
we
have
a
couple
minutes,
left
I
did
want
to
go.
Look
at
I'm
not
going
to
do
issue
triage
today,
because
I
actually
want
to
look
at
the
milestone
for
0.10.
A
Given
we
we've
made
a
comment:
I,
don't
remember
if
this
was
in
slack
or
in
a
meeting
about
potentially
changing
the
date,
so
that
instead
of
trying
to
do
0.10
by
yesterday,
which
clearly
didn't
happen
and
then
0.11
at
the
end
of
November
that
and
then
another
release
like
early
mid-December,
that
we
would
remove
One
release
from
the
train
and
so
between
now
and
the
end
of
2022.
A
But
before
people
go
on
holiday
or
we
could
just
say
nah
we're
only
going
to
have
one
more
release
for
2020
to
whenever
we
feel
it's
ready
like
we
can
sort
of
rescope
things
and
give
folks
more
time
so
open
to
feedback,
but
definitely
we're
not
cutting
0.10
today
and
it's
gonna
be
at
least
a
week
or
two
out
so
maybe
take
some
time,
look
at
the
epics
and
look
at
what's
in
the
Milestone
and
what
you
might
want
to
have
before
the
end
of
the
year
and
and
maybe
next
week
we
can
reconvene.
A
Hopefully
folks
will
have
had
some
time
to
think
about
it.
I'll
send
an
email
out
to
the
dev
mailing
list,
requesting
comments
and
feedback,
and
we
can
Circle
back
next
week.
If
that
sounds
good
to
folks,.
A
I
see
a
couple
plus
ones
in
chat,
so
thanks,
everybody
I'll
get
that
email
out
and
we
will
see
you
next
time
have
a
great
rest
of
your
week.