►
From YouTube: Community Meeting, March 21, 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Recording
is
started.
Okay,
everyone
welcome
to
the
kcp
community
meeting
on
March
the
21st
and
thanks
for
submitting
the
community
meeting
issue
Andy,
that's
great.
Having
said
that,
since
this
is
a
good
threat,
if
anybody
of
the
community
members
is
interested
in
moderating,
this
community
call,
please
give
us
a
ping
on
slack.
We
are
very
happy
to
you
know
to
be
helped
out
with.
A
Yes,
thanks
Nolan
for
submitting
the
issue
for
helping
us
out
in
moderation,
I
think
MJ
did
it
in
the
past
as
well.
It
was
great
thanks,
a
lot
again
looking
forward
for
community
members
to
help
out
in
moderating
this
community
call.
B
I
was
just
looking
for
an
update
from
the
people
who
are
actually
working
on
it.
A
I
suppose
there's
going
to
be
a
little
bit
of
silence
as
I
see
now
I
just
looked
up
the
thread
and
slack
so
I
think
Andy
was
on
the
hook
who's
on
PTO
this
week,
and
he
mentioned
that
126
rebates
is
much
linging
than
previous
ones
because
of
the
switch
from
the
groups
from
kcb.
They
have
to
kcpio
and
changing
internal
libraries
for
The
Logical
cluster
stuff.
A
There
is
some
cleanup
necessary
before
we
can
start
rebasing
on
top
of
126.
That's
the
latest
update
that
I
have
oh
yeah
thanks
Nolan,
that's
exactly
the
threat
link
that
I
wanted
to
copy.
So
that's
about
the
info
that
I
have
right
right
now
we're
having
it
on
the
radar,
but
I
have
to
do
some
vacuum
cleaning,
I
guess
before
we
can
start
fully.
C
A
You
raised
your
hand.
Sorry
I
didn't
see
this
before,
because
I.
D
B
So
is
there
some
expectation
of
when
it
will
be
done
or
is
there
confidence
that
it
will
be
done
soon
or
at
all
or.
A
For
sure
I
mean
one:
it's
necessary
that
we
continue.
Rebasing
I,
don't
have
an
exact
timeline,
yet
at
least
I
didn't
see
any
from
from
the
threat
and
from
the
discussions
that
I
was
aware
of,
but
stay
tuned
I
will
make
sure
to
Ping
in
the
once
he's
back.
Maybe
we
will
have
some
more
information
about
this,
but
we're
having
it
definitely
on
the
right
areas.
B
All
right,
thank
you
and
I
suppose
in
a
related
vein.
I
also
want
oh,
should
have
written
down
in
the
agenda,
but
an
update
on
the
next
release.
B
A
Nolan
David:
do
you
have
any
updates
on
this?
One
I,
don't
recall
that
we
had
a
concrete
release
time
date
yet
for
zero,
twelve
I
guess
we
want
Mullen.
As
far
as
I
recall,
the
permission
claims
narrowing
PR
definitely
to
land
before
we
cut
the
release,
because
this
is
going
to
be
a
an
important
feature
and
it
will
introduce
admission
into
the
virtual
API
export
apis
view.
I
think
it's
called
nowadays
so
Lola
you're,
not
in
your
head
positively.
So
I
guess!
That's!
Yes!.
D
We
definitely
want
to
get
that
permission
to
claim
PRN
I
think
we
want
to
have
the
rebase
in
and
MJ
linked
the
discussion
where
we're
seeking
Community
feedback
for
any
other
stuff.
That
people
would
like
to
include.
E
Yeah
I
think
one
more
thing
we
should
wanted
to
get
in
is
our
client,
Shenanigans
and
SDK
stuff
So
to
avoid
tagging
unnecessary
packages.
E
E
F
E
G
The
previous
one
is
mainly
a
cleanup
of
something
that
has
been
kept
quite
worried
in
the
workload
sync
way
of
when
you
want
to
import
new
resources
from
the
physical
cluster.
It
has
been
clumsy
quite
since
the
beginning-
and
it's
quite
important
cleanup
here
and
the
other
one
is-
is
about
using
network
policies
to
isolate
workloads
running
on
the
physical
clusters
per
originating
workspace.
G
A
A
B
Yes
and
David
during
the
start
of
this
meeting
was
trying
to
answer
in
slack
I
I
was
reading
what
David
wrote
I'm
still
a
little
I
still
don't
understand.
Can
I
just
ask.
F
B
So
explain
to
me,
like
I,
never
heard
of
namespace
locator
when
do
I
know
how
to
use
it.
What
is
it
where
do?
I
put
it?
What
does
it
look
like,
and
you
don't
have
to
answer
in
the
meeting
if
you
know,
if
you
can
just
add
something
to
the
documentation?
That's
fine.
G
Yeah,
maybe
I
can
just
give
some
background
before
appsyncing
was
introduced,
namespace
locators,
where,
where
mainly
a
sort
of
implementation,
detail
on
the
thinking
on
the
single
side.
In
fact,
when
you,
you
sync
objects
Downstream,
since
we
sync
into
you
know
other
namespaces,
which
have
hashed
names,
so
you
have
to
buy
some
way,
keep
the
originate.
The
origin
of
the
of
the
of
the
synced
object
as
it
is
in
in
the
kcp
workspace.
So
obviously,
you
have
to
mainly
store
on
the
downstream
object.
G
And
so
you
know
initially,
it
was
an
implementation
detail.
Now
you
still
need
to
have
since
it's.
The
only
way
to
you
know,
identify
and
I
mean
to
give
you
the
way
back
to
Upstream
when
you
watch
an
object
Downstream
so
for
app
syncing
as
well,
it
became
a
bit
more.
You
know
visible,
because
you
need
to
have
the
locator
available
in
order
to
be
able
to
absync
a
downstream
object
to
to
Upstream,
because
you
need
to
know
where
to
put
the
the
downstream
object
Upstream.
G
G
Obviously,
when
cluster-wide
resources
were
introduced,
then
you
we
had
the
same
need,
obviously
not
to
find
back
the
namespace,
but
at
least
to
find
back
the
corresponding
kcp
workspace,
which
finally
led
us
putting
also
this
annotation
on
directly
unclustered
wide
resources,
When
We,
sync
them
situation
is
mainly
the
name
should
be
locator
or
adstream
locator
instead
of
namespace
locator,
and
it
should
be
documented
aside.
You
know,
with
in
the
documentation
where
we
described
location,
placement
and
thinking.
Obviously,
okay,.
B
Thank
you
very
much.
The
outline
I
understand
the
outline
now
I
can
live
with
a
legacy
name
of
I
just
need
to
have
it
documented,
so
I
know
how
to
actually
use
it,
because
in
edgemc
we
definitely
do
want
to
upsync
cluster-wide
resources,
as
well
as
some
non-clustered
resources.
I'm.
H
B
Namespaced
ones
and
we
will
be
using
the
we
are
planning
on
using
the
TMC
Sinker
for
a
while.
So
I
do
need
to
know
how
to
use
it.
Sure.
G
B
Very
good,
yes,
do
please
schedule
something
soon
and
invite
me
I
thought
I
had
heard
con
people
saying
that
those
things
were
settled
in
the
way
that
we
need
it.
So
this
is
disturbing
news,
so
do
please,
let's
get
it
settled
soon.
Sure.
A
A
So
if
there
is
any
support
we
can
get
that
would
be
great
as
well,
but
sure
chicken
and
egg
problem
you
have
to
dive
into
a
topic
first
before
you
can,
if
we
recommend
so
it's
also
a
complex
one,
any
more
questions
around
namespace
locator
and
thanks
a
lot
David
for
the
explanation.
Mike
for
the
answer.
B
Yeah
I'm
happy.
Thank
you
cool.
A
The
fan
is
not
on
the
call
I
recall
briefly
what
this
was
about.
A
It
was
based
of
a
pull
request:
Maybe
Lionel
you're,
on
the
call.
Actually.
Can
you
give
us
a
little
bit
on
background
on
your
PR
because
they
recall.
F
A
Precisely
as
far
as
I
recall,
the
whole
idea
around
this
pull
request
of
the
API
lifecycle.
Custom
resource
definition
is
that
whenever.
F
A
A
Right
so,
and
in
that
case
we
have
a
separate
party
which
was
called
here-
the
API
lifecycle,
API
provider
and
currently,
if
you
have
a
service
account
that
runs
here
on
this
site
in
this
service,
that
makes
calls
towards
the
API
export
virtual
workspace
to
execute.
You
know
a
creation
of
those
resources.
A
There
is
an
investigation
going
on
how
to
impersonate
that
service
account
within
the
requests
that
is
happening
here,
because
today
the
biggest
problem
is
that
service
accounts
cannot
cross
workspace
boundaries
right.
So
a
service
account
is
always
bound
to
a
concrete
workspace
and
as
part
of
the
authorization
it's
like,
it
will
be
essentially
denied
access
to
any
other
workspace.
Because
of
tenancy
and
like
for
this
special
case,
we
want
to
have
a
little
bit
more
yeah
aware,
brainstorming
ideas:
how
to
overcome
this.
A
A
It
will
also
be
available
next
week
if,
if
that's
possible,
to
continue
the
discussion,
maybe
then
we
Stefan
yeah
sure
thank
you,
discuss
kcp,
Edge
environment.
That's
a
that's
a
complex
name
brolio!
Yes,
sir
you're
welcome
yeah.
We
talked
about
monitoring.
I
recall.
Yes,.
H
H
H
You
see
mine,
oh
okay,
okay,
great
so
for
for
the
SBS.
So
we
are
now.
A
Let
me
try,
you
know
what
I
will
do
a
recursive
thing.
I
will
share
brother.
Can
you
reshare
your
screen?
Yeah.
I
H
Maybe
you
can
say
your
Skin's
decisions.
H
Okay,
so
4K
4K
SP,
so
we
are
building
a
Dev
test
in
environment
so
for
our
next
POC
to
deploy
kcp
and
then
the
components
headquarter,
Focus,
pH,
and-
and
for
for
that,
so
we
we
are
the
we
are
experimenting
with
the
with
the
k-speed
playground
so
developed
by
fabrication,
so
to
deploy
to
help
us
deploy
the
components
that
are
acquired
for
for
kcp
and
also
see
what
are
the
gaps
to
see
which
components
we
will
have.
H
We
can
deploy
conversion
components
of
kcps,
so
we
can
deploy
you
using
the
the
play
playground.
So
we
are,
we
are
not
doing
some
Explorations
and
then
we
have
a.
We
have
identified
some
something
some
features
that
that
are
missing
for
for
the
basic
background:
for
example,
the
ability
of
creating
sync
targets
without
requirements
to
attach
to
a
peak
cluster
and
also
the
ability
to
create
a
KSP
objects
to
already
and
exist,
namespace
and
also
I,
think
I've
had
the
file.
H
H
This
thing,
the
sinkers
to
to
the
to
the
Case
Case
PHP
Clauses
per
se,
yeah,
and
so
the
so
those
those
are
what
we
have
found
so
far,
and
we
we
also
looking
closely
to
the
kcp
playground
PR
on
kcp
so
and-
and
we
are,
we
are
looking
forward
to
yeah
to
see
yeah
to
yeah
to
look
forward
to
see
it
matched
it
emerged
to
to
the
main
branch.
It's
gonna
also
help
us.
We
would
have
further
explorations.
A
That's
very
cool.
Thank
you,
since
we
chatted
about
monitoring
in
the
past.
Is
this
related
to
this
playground
as
well
the
monitoring
bit.
So,
is
this
a
completely
different
initiative.
H
So,
for
for
the
monitor
that
we
discussed
before
it
was
about,
we
are
beside
building
that
that
test
environment
we
also
building
a
large-scale
deployment,
electrical
infrastructure
and-
and
the
discussion
that
we
had
initially
was
to
deploy
the
monitoring
for
for
that
large-scale
infrastructure
deployment
per
se,
but
as
well.
We
will
as
well
this
something
else
that
we
want
to
do
for
this
death
test.
So
the
deploying
yeah,
the
monetary
tools.
A
Okay,
cool
another
question
for
deploying
the
kcp
loans
itself:
the
topology
are
you
using
the
existing
contracts
that
we
have
in
place,
or
you
have
your
own
automation
for
this.
A
Do
have
in
kcp
we
have
Helm
charts
available,
at
least
in
you
know,
initial
State
and
I'm
wondering
if
you
are
leveraging
in
any
sort
of
form
those
to
deploy
the
kcp
playground.
Or
is
this
completely
separate.
H
That
you
can
configure
yeah
the
KSP
environment,
so
we
wish
we,
which
name
space,
to
create
and
and
also
create
some
resources,
so
I'm
using
the
the
yaml
files
yeah.
That
is
specific
for
the
kcp
playground.
A
I
A
quick
one
is
I,
think
I
saw
Fabrizio
on
here.
Is
that
correct
am
I,
correct,
yeah
I
did
yes
here.
H
I
Fabrizio,
hey
I,
wanted
to
say
deep
thanks
from
our
team
to
you
for
for
giving
us
the
playground
to
work
with,
and
if
we
can
help
you
in
any
way
in
testing
and
getting
your
PR
pushed
ahead.
We'd
love
to
do
so.
Thank
you.
C
Thank
you
very
happy
to
see
this
being
useful.
I
followed
up
on
last
week,
comments
and
so
yeah
I'm
I'm
I'm,
trying
to
get
you
this
message
as
soon
as
possible.
I
think
that
there
is
a
maybe
I
I
have
a
question
so
last
week,
Stefan
asked
to
find
a
way
to
make
sure
that
what
is
in
the
playground
is
tested
and
and
the
point-
and
it
is
not
difficult,
because
the
playground
is
built
on
top
of
the
test
framework,
so
it
is
just
a
matter
to
write
a
unique
test.
C
The
problem
is
that
most
of
the
playground
in
the
playground.
Currently
we
have,
for
example,
and
three
of
them
are
testing
the
deployment
being
absented,
and
in
order
to
do
so,
we
cannot
use
the
fake
cluster
because,
as
far
as
my
research
went,
the
fake
cluster
does
not
work
with
for
up
upsync
in
deployments
due
to
a
limitation
on
the
DNS
part,
so
the
DNS
endpoint
are
not
generated.
C
This
means
that
if
you
want
to
have
this
unit
test
running,
we
need
to
create
actual
kind
clusters
and
I
don't
know
if
the
kcp
current
test
infrastructure
is
okay.
With
this,
or
not
so,
I
I
did
the
work
and
I've
added
a
comment
about
this,
which
is
more
a
logistic
problem
than
a
technical
problem
but
and
yeah.
If
someone
can
can
help
me
drag
this
I
I'm
I'm
also
open
to
look
into
fake
clusters
and
see
if
there
is
a
way
to
make
fake
clusters
to
work
with.
C
G
Maybe
for
the
detail,
we
could
sync
it
offline,
because
I'm
not
sure
I
have
all
the
the
details,
but
I
just
wanted
to
mention
that
in
the
entering
test,
I
mean
I.
If
I
understand
correctly,
you
are
speaking
of
end-to-end
tests
and
in
the
entrances
you
have
a
way.
You
know
in
the
various
from
work
utilities
and
Associated
helpers.
You
have
ways
to
know
if
you
are
in
the
case
where
you
are
using
a
kind
physical
cluster
or
you
are
using
a
fake
cluster.
G
So
there's
some
TNC
tests
which
use
that,
in
order
to
you,
know,
buy
and
skip
parts
of
the
tests,
possibly
or
just
keep
a
complete
test
in
case
it
needs
a
kind.
So
that
might
also
be
a
way
to
you
know,
have
everything
tested
apart,
you
know
most
part
of
all
your
tests
would
work
also
with
fake
clusters
and
some
specific
tests
that
would
require
kind.
You
could
just
gather
in
and
condition
to
to
this,
to
the
presence
of
of
an
external
kind.
Cluster
I
mean
there
are
helpers
for
this.
B
I
Free
okay,
Fabricio.
B
I
C
So
I
I
think
that
no
that
they
are
all
good
in
the
sense
that
if
they
have
needed,
why
not?
The
trickiest
one,
in
my
opinion,
he's
the
one
about
Edge
service
provider
workspace,
because
I
think
that
the
biggest
problem
would
be
that
now
the
kcp
playground
is
the
in
the
main,
repo
and
I'm.
Pretty
sure
that
you
cannot
import
the
the
other
stuff
because
of
circular
dependency.
C
So
I
I
think
that's
the
the
more
challenging
so
I
was
chatting
with
I.
Don't
remember
about
this.
Probably
the
next
step
is
to
figure
it
out
a
plugable
model
for
playground
feature,
but
I
really
would
like
to
have
this
first
version
merged,
so
we
can
build
on
top
of
something
instead
of
having
a
moving
Target
for
everyone.
I
I
You
know
one
and
if
you've
decided
to
to
take
these
to
take
these
matters
into
your
own
code
base.
But
thank
you
very
much
for
contribution.
A
This
is
also
thanks.
A
lot
from
my
side,
I
also
reference
the
pull
request
from
you
to
reach
you
and
in
the
company
called
Community
call
meeting
notes,
so
we
get
a
little
bit
more
ice
on
the
original
PR
as
well.
Let
me
also
add
this.
A
Oh,
thank
you
very
much
for
the
great
heads
up.
There
are
no
more
comments
around
this
topic.
Going
once
twice.
A
J
Oh
sorry,
myself,
so
yeah
I
was
going
to
demo
this
few
a
few
weeks
ago
and
I
forgot
to
put
myself
on
the
agenda
and
then
I've
been
busy.
So
we're
gonna
show
you
today,
so
I've
been
just
a
little
backstory
I've
been
playing
with
kcp
as
part
of
like
a
CI
project.
I've
been
working
on.
Let
me
turn
my
camera
on
here
as
a
basically
an
isolated
environment.
We
can
test
our
ansible
operators
and
do
CI
work
in
and
how's
it
going.
J
So
as
part
of
that
I
came
up
with
like
just
a
little
installer
tool,
I
make
playbooks
to
to
have
shortcuts
for
things
and
showed
it
to
David,
and
he
thought
it
might
be
useful
to
share
because
it
might
be
use
good
for
Dev
work.
Let
me
share
my
screen
here.
F
J
So
this
all
publicly
available,
can
you
see
my
screen
so
I
shared
the
link
in
the
issue
too?
If
you
want
to
look
it
up,
the
only
requirement
is.
J
B
J
Okay,
okay,
so
the
only
requirement
is
ansible,
and
this
is
really
designed
obviously
to
be
used
on
Linux.
You
need
sudo
to
use
it
or
you
can
just
run
as
root,
but
you
don't
have
to
be
root.
You
don't
have
to
use
the
pseudo
command
to
use
it,
but
your
user
has
to
have
sudo.
The
Playbook
requires
sudo,
so
yeah,
so
otherwise,
I
have
a
machine
here.
It's
a
pretty
standard.
J
Vm
I,
just
built
up
and
I've
got
kubernetes
cluster
running
locally
on
six
four,
four
three
so
I'm,
just
gonna
clone.
J
So
if
you
just
want
to
do
a
standard
install
you
would,
if
you
don't,
have
something
else
running
on
six
four,
four:
three,
you
could
just
do:
Playbook
install
kcp
and
it'll,
basically
just
install
it
on
six.
Four.
Four:
three
start:
the
assistant
D
service.
J
The
faults,
if
you
want
to
take
a
look
at
them,
are
basically
in
this
kcp
file
at
the
top,
so
you
can
set
secure
Port.
You
can
pass
extra
args
version
root.
There
I've
just
been
putting
stuff
into
Etsy
kcp
as
a
default.
Otherwise
I
mean
it'll
install
wherever
whatever
user
you're
running
as
I
think
into
like
the
dot
something.
J
So
you
can
override
these
here.
If
you
want
to
just
you
know,
manually
change
it
here
or
you
could
do
something
like
that.
So
I
would
do
something
like.
J
I've
already
got
actually
there's
no
there's
no
requirements,
I
think
if
you're
just
doing
a
straight
install
for
the
build
which
I'll
get
to
in
a
minute
it
pre-installs
stuff,
I
already
had
11
on
here.
Running
I
was
testing
this
earlier,
but
it
gives
you
some
commands
at
the
end.
J
Here,
I
was
setting
the
mode
on
the
kubeconfig
file
in
the
installer,
but
it
was
messing
with
how
I
handle
the
handlers
for
restarting
the
service,
so
that
would
be
a
nice
feature
to
add
to
be
able
to
actually
set
as
an
extra
R
to
the
coupe
config
mode.
The
admin
Cube
content
file
to
make
it
readable
by
users
other
than
group.
Otherwise
you
would
export
it
so
I
just
basically
put
it
in
here
as
a
command
you
can
copy,
and
this
will
copy
it
to
your
local
user.
J
B
J
J
Okay,
now
we
are
in
the
PCP
cluster.
J
So
that's
basically
it
minus
I'll
fix
that
in
the
in
the
comments
there.
But
if
you
install
that
root,
you
wouldn't
have
to
worry
about
that.
You
would
already
have
your
thing
and
if
you
want
to
unset
it,
basically
how
I
do
it
is
I'll.
Just
unset
group
config
like
that
and
now
I'm
back
in
my
my
standard
physical
cluster
again.
So
it's
a
good
way
to
get
it
look
I'm
using
k3s
here,
locally
I,
usually
use
k3s
or
3D
question.
A
Just
a
very
quick
one
out
of
curiosity
Adam,
do
you
plan
to
go
like
a
little
bit
beyond
because
I
believe,
like
especially
with
ansible?
It
would
be
nice
to
have
like
a
topology
deployed
with
kcpe,
where
we
have
things
like
sharding
and
or
front
proxy
being
set
up?
Is
there
as
I
understand
it's
like
a
single
binary
single
process,
installation
of
kcp
right
now
right
on
a
yeah
and
do
you
do
you
have
any
plans
or
ideas
already
I'm?
Sorry,
if
I'm
asking
too
much
of
like
a
topological
deployment,
yeah
PCB.
J
What
I
was
doing
before
was
just
starting
it
in
a
terminal
or
running
it
in
the
background,
echoing
out
to
a
file,
so
I
wanted
to
get
it
into
a
systemd
file
and
I
just
kind
of
do
ansible
for
everything
to
reuse
it
later
and
then
David
actually
suggested
the
option
to
build
as
well
so
right
now,
I'm
kind
of
designed
this
for
for
Dev
for
testing,
but
I'm
open
to
suggestions,
I,
don't
know
what
a
production
deployment
of
kcp
would
look
like
if
there
is
such
a
thing
yet,
but
yeah,
any
suggestions
feel
free
to
I
already
had
one
somebody
from
my
own
team
who's
also
interested
in
Dimitri.
J
He
contributed
to
this
a
little
bit
and
I'm
open
to
suggestions.
A
Yes,
precisely
yeah
I
think
that's
a
good
shout
out.
Andy
I
think
there
is
a
parallel
work
with
on
your
site.
Going
on.
Please
go
ahead.
I
Yeah
so
Adam
great
contribution.
Thank
you.
So
we
have
an
ansible
based
deployment
already
for
a
couple
of
proofer
Concepts
that
we
did
before.
We've
got
a
larger
proof
of
concept
coming
up
where
we're
actually
doing
a
cloud
environment
where
we'll
be
deploying
like
permit
Prometheus,
grafana,
et
cetera,
et
cetera,
the
details
of
which
are
in
the
link
that
I
sent
a
little
bit
further
up
there.
The
1126
comment
that
I
made
there's
a
dock
on
it.
J
Yeah
I'm
always
looking
to
help
with
other
open
source
projects,
especially
ones.
You
know
we
we
might
be
using
this
down
the
road.
So
absolutely
one
more
thing:
I
just
wanted
to
show
you
so
I
don't
eat
up
too
much
time,
so
you
can
also
you
can
pass
extra
ARG
so
here
I
show
an
example
of
how
I
was
passing
this
Sinker
feature,
which
I
don't
I,
think
it's
still
a
feature
gate,
and
then
this
is
for
building.
J
If
you
want
to
build
from
a
source
and
I
give
you
a
couple
examples
on
how
to
run
this
so
and
you
can
rerun
over
this
it'll
replace
your
your
binaries
and
everything
so
that
one,
if
you
scroll
back
up
this
one,
just
basically
downloads
and
extracts
them
from
the
official
release,
what
I'm
going
to
do
now
is
I'm
going
to
run
that
same.
J
And
I'm
going
to
add
the
option
to
build
and
I'm
going
to
build
it
from
my
Fork,
which
is
just
a
fork
of
for
0.11.
So
you
just
add
another
Dashie,
so
Source
repo
and
it's
your
GitHub
repo
Branch.
Basically
you
can
you
can
Source
the
Branch
separately,
so
you
don't
have
to.
J
You
have
to
set
the
branch
I
haven't
played
with
in
English,
but
if
you're
playing
with
changes
locally
and
you
want
to
deploy,
then
you
would
do
something
like
that
gets
golang
and
make,
if
you
don't
have
it
and
then
it
clones
it
and
builds
it
and
it'll
do
the
same
thing.
It'll,
basically
install
that
now
and
update
your
systemd
file
and
everything
and
you'll
have
your
local.
Whatever
you
just
built
running
now,
this
will
take
a
little
bit
to
build.
J
A
All
right
awesome,
thank
you.
Any
more
questions
or
comments.
That's
fantastic
work
thanks
a
lot
for
the
demo.
J
Well,
there
it
goes
now,
it's
built
in
yeah,
all.
J
Zero
zero
because
I
built
it
quick.
J
If
you
want
to
just
check
your
status
of
your
process,
see
if
you
want
to
log
right,
you
can
leverage
Journal
tkl
so
like
that.
That's
all
I
put
this
all
in
there,
so
you
could
see
recent
logs
or
if
you
want
to
pale
them
and
just
FL
you
can
see
live
logs
of
what's
going
on
on
there.
If
you
care,
I
s,
I
haven't
done
much
else
with
logging.
J
I
was
thinking
about
adding
like
something
in
varlog
kcp,
but
then
you
got
a
log
rotate
and
clean
it
up
and
I
just
haven't
had
time
to
do.
B
E
J
A
lot
I
left
it
logging
to
a
file
for
a
few
days.
It
was
like
500
Megs,
so
there's
quite
a
quite
a
lot
of
stuff
coming
out
of
here
with
Journal
CTL.
It's
not
I
think
it
caps
it,
but
I
haven't
I'll
test
that
as
well.
It's
in
testing
phases
here
so
anyway,
that's
it.
J
Yeah,
nobody
ever
thinks
a
logging.
Oh.
A
I
think
we
had
some
good
initiatives
recently
around
introducing
a
structured
logging
that
was
led
by
by
Steve,
so
I
think
we
had
at
least
not
on
a
bad
path.
Currently
thanks
a
lot
again
Adam.
If
there
are
no
more
questions,
let
me
reshare
my
screen
again.
A
Mike
I
see
you
have
another
Point
regarding
0-12.
This
is.
A
Thank
you
and
then
the
next
one.
Last
one
Andy
announcement,
new
blog
posts.
I
Yeah
yeah,
so
we
did
some
really
cool
work
last
year
on
scaling
to
a
million
plus
Edge
devices.
This
is
work
we
did
in
combination
with
red
hat
CTO
office
at
the
time
Frank
zadarski,
and
so
we
were
able
to
build
out
this
big
proof
of
concept
that
you
know.
I
How
would
we
measure
what
the
bottlenecks
are
when
we
got
to
the
scale
of
a
million
plus
Edge
devices,
So
Adam-
and
this
is
right
up
your
your
alley
here
as
you're
looking
through
this
article,
if
you're
reading
it
do
just
understand
that
all
of
this
was
enabled
via
ansible,
and
so
we
have
playbooks
and
so
forth
that
we
worked
on
and
we're
looking
to
now.
Take
this
to
the
next
level
is
to
when
this
was
prior
to
kcp
and
kcp
Edge.
I
The
next
evolution
of
this
is
to
bring
this
to
kcp
kcp
Edge,
and
so
we
can
start
to
test
for
bottlenecks
there
and
and
so
on
and
so
forth.
So
bralio
gets
all
the
props
for
creating
that
cool
little
graphic
there
I
would
have
chosen
cats,
but
herding
dogs
is
is
is
just
as
difficult.
I
can
vouch
for
that
so
yeah
yeah,
so
I
wanted
to
say
in
front
of
all
of
us
at
the
community
here.
Thank
you,
bralio
for
posting.
This
and
I
hope
everybody
gets
a
good
read
out
of
it.
A
You
awesome,
that's
extremely
nice
thing
to
see
thanks
a
lot
for
the
great
read
any
more
comments
or
questions
regarding
this
topic.
A
Okay,
thanks
again,
that's
great
in
that
case,
I
see
Stefan
Pinkney
and
he's
now
on
the
call
cross
workspace,
impersonation
problem
Stefan,
maybe
can
you
yeah
I
already
started
talking
a
little
bit
about
this,
but
maybe
you
can
put
it
in
your
own
words
summary
again.
You.
K
Know
it's
it's
a
heads
up,
not
necessarily
to
be
decided.
Also
here
I
mean
it's
much
bigger,
probably,
but
we
we
had
this
topic
some
weeks
ago.
If
we
go
down
to
this
workspace
creation
challenge
like
you
create
use
a
service
account
to
create
another
workspace
for
a
user
and
workspaces
have
owners
and
initialization
happens
as
the
Creator
basically
offset
workspace
objects
object
and
the
service
account
is
living
in
a
different
workspace.
K
So
it
cannot
do
anything
outside
of
its
workspace,
so
in
particular,
I
cannot
initialize
a
sub
workspace
somewhere
else,
and
this
already
hinted
at
a
more
generic
problem
that
you
want
some
kind
of
cross
workspace
functionality
which
looks
like
impersonation.
So
in
this
case
a
service
account
which
can
create
workspaces
should
do
it
under
the
name
of
somebody
else
like
the
owner
of
the
the
parent
workspace.
K
In
this
case-
and
you
know
it
came
up-
so
if
you
move
up
score
up,
you
know
came
up
with
the
topic
of
API
lifecycle,
where
yeah,
basically,
next
to
an
API
export,
you
can
Define
life
cycle
properties
like
web
hook
where
manifests
come
from
and
then
there's
a
controller
which
life
cycles
a
binding
workspace.
So
you
have
a
user
on
the
right
side.
It
binds
to
the
to
the
green
API
and
the
green
API
has
a
life
cycle
object
in
parallel
and
the
blue,
the
blue
controller.
K
That's
basically,
the
provider
of
this
lifecycle
functionality
should
be
able
to
operate
in
this
user
workspace,
so
workspace,
which
only
binds
the
green
objects
like
human,
green,
API
and
again.
This
is
something
like
some
delegation
of
impersonation,
basically
of
a
user,
so
the
workspace
in
the
middle
could
provide
a
service
account
for
the
blue
workspace
to
do
this
job
right,
so
the
blue
service
account
has
to
use
the
identity
of
the
green
service
account
to
create
something
for
the
user.
K
So
there
we
have
something
again
with
a
slight
impersonation,
and
this
is
a
very
early
sketch
just
to
show
the
topology
of
the
the
pattern
here.
The
how
this
problem
looks
like-
and
this
looks
very
similar
to
the
problem-
I
thought
at
the
beginning
about
workspaces.
K
So
we
briefly
talked
about
that.
I
I
link
this
document,
if
you're
interested
in
those
thought
processes
get
involved,
there's
one
challenge.
Obviously,
in
the
very
beginning
we
said,
kubernetes
service
accounts
are
per
workspace,
so
they
cannot
go
beyond
the
workspace.
K
We
never
excluded
that
there
might
be
another
service
account
concept
which
is
cross
workspace,
but
outside
of
he
has
a
service
account
concept
from
Cube,
so
and
I
think
this
could
even
be
done
today,
so
you
could
have
basically
user
accounts
like
with
the
single
sign-on
oledc
system,
for
example,
which
are
meant
to
be
service
accounts.
K
Maybe
it's
a
background
so
Lionel
he
can
proceed
with
this
idea,
but
what
he
cannot
do
without
solving
that
is
basically
offering
such
a
life
cycle
service
in
an
unprivileged
way.
So
basically
the
API
lifecycle
topic.
There
are
basically
three
implementations
you
can
do.
You
can
build
that
deep
into
kcp
like
very
privileged
in
the
core-
that's
obviously
possible,
but
it
makes
a
core
bigger.
So
we're
not
sure
you
want
that.
K
What
one
point
further!
We
could
build
that
like
here
as
a
service.
That's
also
fine.
If
we,
if
we
solve
the
problem
and
the
third
one
would
be-
and
he
could
continue
his
work
on
that
path,
he
could
tell
the
green
user
here
to
run
basically
a
controller
in
this
workspace
in
the
middle.
Then
it's
not
privileged
because
you
can
just
use
the
service
account
as
a
screen.
K
Yes,
as
a
service
account
of
that
API
combiner,
but
then
of
course
it's
not
very
generic
right,
so
it's
very
you
get
to
do
work
to
to
run
this
thing
and
we
were
thinking
the
second
solution
like
having
this
service
provider
for
lifecycle.
If
you
can
make
this
work,
it's
much
much
more
generic,
much
more
powerful,
all
right,
so
much
more
as
a
pitch.
A
Yes,
thanks
a
lot
any
comments
or
questions.
A
Yeah
I've
been
also,
as
you
can
see,
from
the
comments
been
thinking
about
this
and
yeah
the
biggest
problem,
at
least
with
the
stock
capabilities
and
I
agree
with
you
Stefan
we
just
need
to
extend
kcp,
for
this
is
because,
like
the
service
account
on
the
left
hand,
side
would
need
like
impersonate
verb,
literally
permissions
to
do
something
else,
as
another
user,
which
is
a
chicken
and
egg
problem,
so
I
think
we
need
something
else
in
court
right,
yeah,.
K
Yeah
I
mean
the
impersonated
verb
is
one
idea.
So
just
look
at
true
power,
Cube
authorizes
impersonation.
Whether
this
is
useful
here
we
have
to
look
much
deeper
right
but
yeah,
something
like
impersonation
report
greet.
A
Okay,
great
thanks
a
lot
for
the
heads
up
so
again,
if
you're
interested
in
in
this
area-
please
let
us
know-
or
if
you
have
any
comments
regarding
this
okay,
we
have
five
more
minutes
left,
so
I
will
not
iterate
over
all
incoming
issues.
I
would
rather
ask
anybody
who
thinks
there
is
an
incoming
issue
that
you
submitted
and
you
would
love
to
talk
about
in
a
prioritized
way.
A
You
need
an
answer.
Asap,
please
shout
now.
A
I
do
hear
silence
in
that
case,
I
would
suggest
if
everybody
is
fine
with
that,
that
we
simply
defer
iterating
over
the
Box
or
the
incoming
issues
until
next
Community
call.
B
A
Okay,
twice
in
that
case,
thank
you.
Everybody
wish
you
a
wonderful
week
and
again
the
heads
up.
If
you're
interested
in
moderating
the
community
call,
please
give
us
a
Ping
On
slack.
We
would
love
to
see
also
new
faces,
moderating
this
session.
Thank
you
very
much
have
a
great
day.