►
From YouTube: Kubernetes SIG API Machinery 20180509
Description
For more information on this public meeting see this page: https://github.com/kubernetes/community/tree/master/sig-api-machinery
A
B
C
Kick
us
off
yes,
so
yeah
I
put
everything
there
as
a
PR
is
for
deletion
by
adding
a
spec
field
to
enable
that
and
the
question
is,
do
you
want
that
to
minus-10
incredible
tradition
is
predecessor
of
finalizes
kind
of
so
one
could
simulate
that
by
setting
the
time
or
field
or
we
go
forward
yesterday,
just
a
toilet
for
opinions.
I.
E
So
I'll
chime
in
with
just
an
experience
we
had
recently
no
I
know
there
was
a
bug
in
kubernetes
that
Jordan
fixed,
but
one
thing
that
you
find
if
you're
doing,
finalized
errs,
for
example,
with
custom
resources.
Is
that?
Because
you
have
to
have
your
own
controller,
that
presumably
is
running
in
a
pod?
E
If
you
delete
that
controller,
then
obviously
there's
nothing
left
to
finalize
errs
versus
what
you
have
in
with
the
built-in
components
where
you
can
use
a
finalizer
on
a
pot
or
whatever,
and
as
long
as
that's
one
of
the
like
core
cluster
components,
you
can
reasonably
assume
it's
not
going
to
get
deleted.
So
just
a
slight
difference
between
core
versus
non
core,
but
I
think
it's
worth
mentioning,
because
we
definitely
had
an
issue
where
people
couldn't
delete
some
of
our
stuff
because
they
accidentally
deleted
the
controller
that
was
dealing
with
the
finalized
errs.
E
B
B
D
D
B
B
F
D
B
You
can
do
it
yeah,
you
can
do
it
as
part
of
the
TPP
analyzer.
You
could
do
it
as
a
label
or
as
annotation,
not
that
I,
particularly
like
those
or
you
could
like
if
it's
part
of
the
resource
like
it
makes
sense
for
pods
to
have
a
time
limit,
and
that
could
just
be
a
that
could
be
a
field
in
the
pods
back
instead
of
an
metadata
right,
Oh
kind
of
finalized.
No,
no!
No!
What
you,
because
the
finalizar
wouldn't
be
written
specifically
that
object.
It's
not
a
general-purpose
finalize
yeah.
B
B
G
Know
so
that
there
are
two
two
things
there:
one
is
that
normal
users,
probably
shouldn't,
be
able
to
remove
finalized
errs
like
we're
starting
to
use
finalized
errs
for
things
like
persistent
storage,
cleanup
and
making
sure
like
if
we
want
to
actually
be
able
to
rely
on
those
like
random
user
Joe
shouldn't
be
able
to
delete
a
finalizar.
The
system
has
added
in
this
counting
line.
D
D
B
D
B
G
C
I
I
want
I
want
to
stress
one
point
which
we
just
discussed
more
or
less
so
finalizes
are
something
a
user,
not
change,
so
you
should
not
be
able
to
override
by
force
or
anything
like
that.
Graceful
deletion
is
something
waiting
for
a
process
to
terminate
in
a
pot
which
one
should
be
or
able
to
override
as
a
user,
because
it's
not
bad
that'll
clean
up
it's
about
enforcing
something
which
takes
time
and
make
it
faster
by
hot
killing.
It's
it's
a
different
thing.
Yeah.
D
G
I
I
could
see
connecting
the
plumbing
so
that
we
record
like
if
a
graceful
deletion
time
period
comes
in
with
a
delete
request.
Recording
that,
like
I,
it
doesn't
bother
me
to
record
that,
but
I
would
expect
to
the
enforcement
and
and
ultimate
cleanup
to
be
done
via
finalizer,
so
that's
more
just
than
plumbing
plumbing
the
information
from
the
user,
so
that,
if
you
have
a
finalizer
that
wants
to
make
use
of
that
information,
it
can
so
I
have
one.
B
C
C
G
Maybe
I
have
to
look
at
how
the
storage
is
structured,
but
I
I
kind
of
like
preserving
the
information
from
the
user,
and
if
a
finalizar
wants
to
use
it,
it
can
wait.
I
thought
we
already
had
a
Galician
in
the
field
deletion
timestamp,
but
that
just
records
when
it
was
deleted.
The
grace
period
doesn't
get
preserved
unless
the
storage
says
yep
I'm,
a
storage
that
knows
how
to
deal
with
grace.
F
F
G
G
G
G
It'd
be
a
good
idea,
so
if
we
recorded
the
information
from
the
user,
then
someone
like
key
burg,
you
wanted
to
use
it.
The
first
step
would
be
when
you
spin
up
a
VM
and
you're
managing
it
for
the
user.
Before
you
start
doing
stuff.
With
that
VM
add
your
finalizer
and
then
you
will
get
a
chance
to
participate
and
teardown,
and
you
will
have
a
hint
from
the
user
whether
they
want
a
graceful,
teardown
or
immediate
teardown,
based
on
whether
they
recorded
that
graceful
deletion.
G
B
All
right,
let's
used
a
quarter
of
our
time
on
our
quarter
of
our
item.
So
what's
going
on
use
cases
for
initializers
yeah.
D
So
click
the
start
of
the
thread
last
week
asking
whether
people
had
used
cases
for
initializers,
as
distinct
from
mutating
weapon
admission,
and
the
only
example
that
you
know
I
came
up
with
that
really
asked
for
something
like
initializers
was
namespace
initialization
namespaces
in
particular,
since
they
are
our
scoping
object
and
they're,
already
special
in
the
sense
of
their
teardown
and
their
phases,
and
maybe
there's
an
additional
phase
for
I'm
initializing.
This
namespace,
but
as
a
generic
concept,
we
were
struggling
to
come
up
with
additional
use
cases.
So.
B
D
A
B
I'm,
not
necessarily
arguing
for
keeping
both
I
think
we
probably
shouldn't
keep
both
and
and
web
hooks
are
clearly
the
winners.
If
we
don't
keep
both-
and
we
is
true-
we
don't
have
today,
people
scrambling
to
run
things
in
parallel
yeah.
It's
perfect
reason
about
I.
Think
the
trajectory
of
webhooks
is
such
that
people
will
in
the
next
I,
don't
know
six
months
or
a
year
have
many
web
books
on
their
cluster,
and
we
will
have
to
think
about
the
latency
working.
B
D
D
B
D
It
makes
it
possible
to
enforce
in
an
easy
and
generic
way.
So
today
we
have
a
namespace
lifecycle,
admission
plugin
and
if
you
introduce
the
concept
of
namespace
initialization
you'll
be
able
to
have
that
admission
plug-in,
run
the
checks
for
you
and
that
admission
plug-in
is
in
the
generic
API.
Sir
I'd,
like.
D
Kind
of,
but
not
not
exactly
right,
so
with
an
AR
back
rule,
you
have
something
like
this
controller
has
permission
to
create
pods
and
all
namespaces,
and
it
has
that
permission
at
the
cluster
scope.
So
a
new
namespace
appears
and
it's
an
initialization
phase.
You
could
not
use
our
back
to
restrict
a
controller
that
has
these
global
permissions
or
anyone
that
has
that
sort
of
a
global
permission.
You
can
only
use
it
to
restrict
people
who
do
not
have
global
permissions.
D
B
B
Yeah
I
think
I
think
main
spaces
are
really
a
property
of
like
the
API
Machinery
and
not
necessarily
the
clustered
machinery,
if
that
make
sense
partitioning
the
API
yeah
cluster.
That's
a
neat
guy
concept,
not
a
I
mean
we
use
it
to
also
be
a
physical
concept
in
clusters,
but
it's
primarily
I
know.
Chow
and
Eric
put
a
lot
of
thought
into
the
initializers
versus
webhooks
back
in
like
yeah
member,
and
the
upshot
of
that
was
that
we
switched
to
web
books
right.
A
B
G
Think
namespaces
are
kind
of
the
one
that
it
clearly
doesn't,
because
before
a
namespace
can
be
ready,
you
might
want
to
create
other
things
like
quota
and
restrictions
and
things
inside
that
namespace.
But
you
cannot
do
that
as
part
of
a
web
hook,
because
the
names
Jace
must
exist
before
the
initializer
can
go
create
stuff
inside
it.
B
B
Have
a
big
audit
trail
if
you're
investigating
process,
you
see
a
series
of
rights,
whereas
if
you're
trying
to
debug
a
web
hook
and
there's
like
I,
don't
know
you're
up
to
like
30
web
hooks,
like
all
those
web
hooks
get
called
from
API
server
and
nothing
gets
committed
to
disk
until
they
all
succeed
or
all
fail.
So
there's
less
there's
less
visibility
into.
What's
going
on,
it's
not
just
less
visibility,
the
initializers!
If
it's
long
enough
or
going
to
be
more
resilient
right,
you
can
have
the
API
server
crash
between
every
analyzers
step.
B
Yeah,
sorry,
I
know
you
will
still
succeed,
whereas
in
a
web
hook
you
will
never
succeed.
Yeah,
that's
the
other
thing
I
was
I
was
going
to
say
in
that
email
thread.
Is
that
if
you
stack
together,
30
initializers
there's
no
risk
of
like
an
API
server
dying
halfway
through
and
losing
all
that
context?
But
if
you
stack
together,
30
web
hooks
and
API
server
crashes
on
the
29th
one
you're
out
of
luck.
D
G
Complexity
to
anyone,
who's
observing
the
API.
So
what
we
observe
what
we
saw
when
we
started
doing
initializers
was
that
most
of
the
controllers
kind
of
lost
their
minds
that
we're
trying
to
act
on
objects
and
had
to
have
quite
a
bit
of
logic,
around
I'm
watching
objects,
but
not
uninitialized
ones,
and
if
I
try
to
create
an
object,
I
might
get
back
and
already
exists
error.
And
then,
when
I
go
look
for
it,
it
won't
actually
be
there,
because
it's
not
initialized
yet
and
I'm
filtering
out
on
the
initialized
things
and
so
I
think.
G
B
D
E
Other
thing,
I
would
add,
is
and
not
that
I'm
saying
we
need
to
necessarily
keep
initializers
is
that
if
all
you're
trying
to
do
is
mutate
something
on
initialization
and
you
don't
want
to
deal
with
certificates,
initializers
are
a
lot
easier
to
do
so.
I
think
we
need
to
figure
out
the
certs
problem
which
we've
been
talking
about
for
a
while
yeah
a.
B
D
B
D
Wouldn't
mind
seeing
you
go
to
architecture,
I
also
think
that
if
you
and
I
and
Clayton
and
Jordan
and
Andy
and
well,
if
all
the
people
who
were
responsible
for
the
initial
implementation
and
compared
and
contrasted
both
approaches,
have
come
to
the
conclusion
that
it
is
a
level
of
complexity
that
doesn't
serve
us
in
the
long
run.
I
think
it
would
be
hard
for
group
to
say
no.
You
have
to
keep
this
complexity,
that
you
can't
manage.
Yeah
I
agree.
B
So
I
think
the
I
think
probably
the
thing
I
would
like
to
see
is
a
document
or
or
something
sketching
out,
how
we,
how
we
implement
a
real
namespace,
initialization
phase,
okay,
I
think
that
would
be.
That
would
be
good
like
if
we,
if
we
solve
that
and
I,
think
that
this
question
will
become
very
clear.
B
D
This
came
up
it's
booked
with
Chow
about
it
yesterday
over
the
past
week
or
two
I
introduced
a
dynamic
client
that
isn't
based
on
a
client
pool
and
doesn't
have
some
of
the
weird
arguments
like
a
rest,
mapper
and
a
half
function.
Something
and
is
focused
on
an
experience
like
our
existing
generated
clients.
So
you
create
a
new
dynamic
client.
Then
you
tell
it
up
on
my
work
with
this
kind
of
a
resource.
Then
you
give
it
a
name
space
if
you
need
to,
and
then
you
issue
a
list
or
get
or
whatever
other
verb.
D
Yeah,
the
the
release
note
already
mentioned
it
and
I
can
add
something
about
the
QPS
bit
that
you
mentioned.
The
thing
isgetting
mentioned
there
is
that
the
old
client
will
approach
meant
that
when
you
set
a
QPS
on
your
client
config
that
QPS
actually
applied
with
a
fresh
QPS
every
time
you
pulled
a
new
api
resource.
So
if
you
had
30
api
resources
and
your
gps
was
set
to
5,
you
had
a
QPS
150,
not
5
the
new
client,
if
you
set
it
to
5,
no
matter
how
many
resources
you
access,
you
get
5.
So.
B
D
D
I,
don't
know
how
many
people
knew,
but
whenever
you
try
to
write
a
new
API
and
then
register
it
with
our
scheme
and
pieces
like
that,
you
had
a
large
block
in
which
you
construct
it,
which
I
get
this
right.
You
constructed
a
group,
Mehta
factory
ARBs,
then
get
fluffed
up
to
create
an
immediate
object
that
you
would
then
call
with
a
set
of
functions
to
add
to
a
scheme
which
you
would
then
call
to
create
a
group
meta
information
which
you
would
then
call
to
add
to
a
registry.
D
All
those
layers
are
now
gone
and
the
registration
for
your
api's
looks
like
a
series
of
add
to
scheme
calls
and
then
setting
a
version
priority
on
the
scheme.
So
it's
a
default
version
priority
where
you
can
later
look
and
say
what,
if
I,
if
I,
have
no
specific
intent,
what
should
I
use
to
serialize
and
it
gives
you
back
in
word.
This
is.