►
From YouTube: Kubernetes SIG API Machinery 20210519
Description
SIG API Machinery Meeting, see the related agenda.
A
Hold
on
it's
recording,
thank
you.
Welcome
everybody
to
seek
api
machinery.
Meeting
for
kubernetes
today
is
may
19
2021.
Thank
you
for
everybody
that
has
joined
and
I
hope,
everybody's
safe
and
doing
well
in
this
crazy
times.
We
do
have
a
packed
agenda
today,
which
is
great
and
we
are
going
to
get
to
it
right
away.
So
I
think
the
first
topic
is
from
yusuke.
I
will
give
it
to
you.
Let
me
know
if
you
need
to
share
screen-
or
I
just
you
know,
browse
through
the
links
you
pasted
thanks.
B
Let's
see,
okay,
can
people
hear
me?
Yes,
okay,
cool.
So,
first
of
all
you
know
thanks
for
having
me.
Let
me
give
you
a
super
tiny
intro
about
myself,
because
that's
my
first
time
here
yeah,
so
I'm
yusuke,
I'm
the
I
work
at
google
and
I'm
the
engineering
manager
for
a
third
party
operator
known
as
config
connector,
and
so
you
know,
one
of
the
discussions
that
we
kind
of
have
in
the
design
of
things
is
how
object
references
should
work
a
little
bit
of
background.
B
Maybe
the
easiest
thing
to
see
really
quick
is
the
the
files
and
then
just
going
down
to
kind
of
look
at
the
object,
references
examples,
so
there's
conversation
that
we
can
kind
of
dive
into
but
kind
of
been
incorporating
feedback
and
where
we've
kind
of
landed,
you
can
just
stop
there.
Maybe
right!
B
C
I
guess
I
can
say
something
since
I
think
I've
left
well,
I
don't
know,
maybe
a
plurality,
if
not
a
majority
of
the
comments
on
the
on
the
pr.
I
am
I
I
don't
think
what
you've
suggested
or
I
I
don't
think
it's
a
huge
change,
the
pr
in
fact,
I'm
I'm
a
little
confused
about
how
like
it
seems
like
a
large
discussion
for
for
for
the
change.
I
also
don't
think
anyone's
substantially
arguing.
C
I
I
just
want
to
clarify
one
thing
which
you
said
something
about
api
api
version.
I
I
I
just
for
for
for
anyone
who
hasn't
been
here
for
like
the
five
years
or
whatever
that
we've
been
doing,
this
api
version
is
misnamed.
It
actually
includes
the
group,
it's
actually
group
and
version
in
that
field,
yeah,
so
yeah,
yeah,
so
explicitly.
Switching
to
group-
I
I
guess
I
don't
have
an
issue
with
it's.
We
don't
do
it
anywhere
else,
but
I
don't
necessarily
have
a
problem
with
it.
D
D
C
D
C
If
you're,
if
you're
sl,
I
didn't,
I
didn't
see
that
either
but
yeah.
If
we're,
if
we're
referencing
a
specific
field,
we
have
to
lock
that
down
to
a
specific
schema.
Otherwise
it
might
not
be
a
valid
field:
selector
yeah
and
it's
okay
for
meta
fields.
So,
like
name
namespace,
you
would
control
or
ref
etc,
because
we
can
say
that
those
are
effectively
non-breakable
ever
that's
effective.
E
What
we
said
with
meta
like
v1,
we
will
probably
never
introduce
breaking
change
if
we
did.
That
would
be
a
part
of
the
schema
change
of
the
reference
and
up
to
the
author
to
make
sure
that's
backwards
compatible.
I
can't
think
of
a
use
case,
but,
like
an
example
might
be,
let's
say
we
were
crazy
and
removed
cluster
name,
and
someone
was
actually
using
cluster
name
and
object.
Ref
it's
up
to
them
and
their
object
reference
to
do
the
mapping
themselves
and
to
resolve
ambiguity.
C
Yeah,
this
is
actually
a
good
point
and
I
wonder,
do
we
actually
have
a
use
case
anywhere
for
actually
putting
in
a
field
path?
I
wonder
if
we
could
leave
that
undefined
and
and
have
it
have
a
pr
just
about
adding
a
field
reference
type,
because
because
of
what
clayton
just
said
right,
it
might
make
sense
that
that,
like
you're
referencing,
a
particular
object.
That's
some
resource,
but
your
field
path
is
is
part
of
meta
and
meta
could
like.
C
B
Yeah,
that's
a
good
point
and
just
for
clarity
of
the
conversation
field
path
is
actually
today
sort
of
semi
standard.
So
if
you
look
at
al,
not
the
right
place
to
kind
of
post
links,
but
there's
actually
a
core
sort
of
object,
reference
struct
that
exists,
that's
leveraged
in
the
api
documentation,
that
was
the
previous
convention,
and
that
includes
actually
a
field
path
field.
So
my
intention
was
to
kind
of
clarify
anything
that
was
already
that
clearly
kind
of
had
a
meta
convention.
If
that
kind
of
makes
sense
and.
E
D
In
fact,
I
enumerated
like
the
six
reasons
why
we
don't
want
it,
there's
actually
the
what
happened,
I
think
is
that
this
dock
didn't
match
the
godoc
on
the
field,
which
I
do
not
have
handy,
but
the
godoc
on
object.
Reference
talks
about
shortcomings,
where
it's
things
like
you
can't
provide
documentation
about
what
a
field
is
used
for.
You
can't
provide
information
about.
E
And
that's
very
similar
to
conditions
where
we
basically
eventually
said
you
should
have
typed
conventions
and
we
use
duct
typing
for
conventions
from
a
if
you're,
a
generic
person
and
you're
looking
at
status
conditions,
you're
duct
typing
it
effectively,
but
in
go
code
you
should
have
typed.
You
should
have
condition
types
that
are
specific
to
your
object
and
your
schema.
They
should
follow
the
duct
type
convention,
but
they
are
not
they're
not
required
to
effectively
and
we
didn't
want
people
sharing
conditions.
D
B
C
C
B
There
I
had
one
question
about
follow-up
action
items
of
this
so
because
sort
of
the
recommended
structure
structure
is
kind
of
not
present
in
the
kubernetes
like
core
code
is
it
like?
Is
there
a
desire
to
kind
of
you
know
add
such
a
type
like
in
the
core
types,
or
do
we
just
leave
it
like?
Basically,
this
isn't
implemented.
This
is
a
recommendation.
Without
you
know
some
implementation,
even
in
the
core
kubernetes
code,
so.
D
E
E
E
G
C
Yeah
that
seems
like
a
reasonable
place
to
to
put
it
to
me
is
like
copy
paste.
This,
the
only
actually,
the
only
use
case
I
can
think
of
for,
like
fully
general,
like
arbitrary
object
with
arbitrary
field
reference,
like
the
only
use
case
I
can
think
of,
is
something
that's
like
a
like.
A
find
and
replace
like
like
insert
an
environment
variable
or
something
like
that
like
get
it
from
this
api
random
api
object,
but
that
also
has
to
deal
with
like.
E
C
Okay,
I
mean
yeah
yeah
if,
if
you're
going
to
reference
a
field
yeah,
you
have
to
do
that.
If
you're
not
going
to
reference
a
field,
then
you're,
counting
on
the
the
interpreter
of
the
you,
you
have
the
of
the
reference
to
know
what
kinds
of
objects
might
be
there
and
and
what
to
do
with
them.
Yeah.
D
We
use
fully
generic
references
to
be
able
to
say
if
something
has
gone
wrong
with
this
resource.
Look
at
these
and
other
resources,
which
maybe
cluster
scope,
maybe
name
space
scope,
maybe
in
a
different
name.
Space
are
of
types
that
we
don't
know
and
maybe
a
list
to
help
diagnose
the
problem
and
it
effectively
builds
a
way
to
make
like
a
a
super
described
command
right
where
you
recursively
check.
All
these
things.
B
D
B
Okay,
yep
totally
totally
sounds
good
and
then
one
quick
design
question
on
that.
One
specifically
with
like
the
resources,
there's
a
situation
where
I
think
like
you
might
want
to
annotate,
for
example,
like
a
sub
resource
like
scale
for
a
deployment
with
something
like
deployment
scale,
but
I
know
that
that
doesn't
directly
translate
into
sort
of
a
path
that
you
can
paste
into
the
api,
because
the
the
syntax
is
sort
of
deployment,
slash
name,
slash
scale,
so
this
is
a
mini
edge
case
that
might
lead
to
some
ambiguity.
E
I
we
at
some
point
do
so
there's
a
longer
running
thread
here
of,
like
even
cube,
control
doesn't
deal
with
such
resources
gracefully,
but
I've
talked
a
couple
times
about
going
and
fixing
that
I
have
like
I've
had
three
historical
pr's
trying
to
make
sub
resource
more
general.
I
would
probably
say
just
based
on
historical
lessons.
E
Adding
a
sub-resource
is
just
another
field
on
your
object,
ref
and
someone
would
have
to
define
the
semantics
of
that.
We
definitely
wouldn't.
I
would
say
we
would
not
want
to
collapse
that
in
the
resources
in
the
resource
field,
I
think
historically,
when
we've
merged
underlying
objects
or
underlying
fields
into
a
single
field,
aka
apa
version-
we
ended
up
regretting
it
a
bit
later,
so
we
did
that
for
backwards
compatibility.
G
Yeah,
I
think
that's
the
case.
I
agree
and
I
think
that's
the
case
for
like
in
this
context.
Are
you
expecting
clients
of
this
reference
to
deal
with
sub-resources
and
if
you
are
then
include
a
sub-resource
coordinate
for
them
and
if
you're
not,
then
don't,
but
that's
where,
like
a
generic
reference,
would
get
us
in
trouble.
G
I
think
like
if
there
was
a
sub
resource
field
that
was
there,
but
pretty
much,
no
one
used
it
and
so
like
unless
they
took
steps
to
prevent
data
from
being
in
that
field,
like
people
could
stick
random
data
in
there
and
then
you'd
have
clients
that
were
or
were
not
expecting
it.
I
think
that's
the
point
of
the
specific
use
saying
like
we
expect
you
to
have
some
resources.
So
if
you
have
that
include
a
field
for
it,
yeah.
E
And
concretely
like
an
example,
would
be
hba
pointing
to
a
workload
controller,
it's
up
to
the
implementer
of
the
hpa
api
to
define
what
they
want
there,
but
the
object
reference
implicitly
is
using
scale.
It's
totally
reasonable
for
them
to
have
a
implement.
It
was
totally
reasonable
for
hpa
to
have
an
implementation
that
bypassed
the
scale
sub
resource
on
things
that
didn't
have
scale
sub
resource
and
just
made
a
guess.
E
That's
up
to
the
implementation,
and
when
you
define
your
api
of
what
what
your
object
reference
is,
you
should
clarify
that
for
your
users,
which
is
you
didn't,
need
a
sub
resource
field
on
the
hpa
reference
because
scale
was
implicit
and
then,
when
scale
didn't
exist
for
extension
types,
the
controller
could
do
something
reasonable.
So
you
didn't
need
you
to
specify
subresource
in
your
api.
B
G
B
G
H
B
E
So
in
general,
client-side
load
balancing
complements
and
does
not
completely
replace
server-side
load.
Balancing
clients
have
advantages
that
servers.
Don't
we
made
a
run
at
this
for
a
couple
of
specific
use
cases
historically,
specifically
around
cubelet,
dealing
with
inadequacies
of
the
broad
range
of
load.
Balancers
we
deal
with,
I
think,
as
a
reasonably
generic
core
client
library.
E
Client
go
should
have
the
ability
to
do
a
few
very
specific
use
cases
I
think,
there's
a
spectrum
from
a
simple
fallback
or
a
which
would
be
useful
for
places
where
you're
expecting
a
load
balancer
to
work,
but
there's
a
local
option.
You
could
use
all
the
way
up
to
potentially
a
cautious
approach
to.
If
someone
would
like
to
do
something
a
little
bit
more
intelligent
with
client
side
load
balancing
to
a
set
of
api
servers
that
should
be
possible.
E
I'm
I
would
advocate
for
the
it
should
be
possible
to
do
this
and
we
should
recommend
have
some
guidance
around
when
we
would
think
it's
turned
on
and
what
we
think
our
clients
should
do.
But
I
know
that
and
I'll
I'm,
like
you
know,
stefan
and
I
were
arguing
a
little
bit
about
this.
There's
a
ton
of
complexity
in
this
and
getting
it
wrong
has
a
lot
of
subtle
problems
and
so
just
making
sure
that
we
have
a
a
concrete
path
where
someone
could
reason
about
it.
We
could
test
about
it.
E
E
D
C
C
E
Api
servers,
which
is
if
you're
depending
if
you
have
web
hooks
on
a
cluster,
you
want
to
run
those
web
hooks.
You
should
be
running
two
replicas
and
the
cube
proxy
is
not
perfect
and
from
a
resiliency
perspective,
I
would
say
a
client
on
cube
using
a
well-written
client
go
client
load.
Balancing
plugin
can
do
better
than
cube
proxy
in
many
cases,
especially
for
core
resiliency
operations.
C
C
C
It's
it's
possible
to
get
better
reliability
if
you
have
more
connections,
but
it's
also
possible
to
get
worse
reliability.
If
you
have
more
connections
right
like
you,
have
to
actually
use
the
connection,
that's
good
and
not
the
connections
that
are
broken
so
like,
hopefully
we
wouldn't
add
a
bunch
of
bugs
but
yeah.
Well,
I
think
that's.
D
D
E
Is
separating
q
did
this
originally
and
then
we
switched
to
a
higher
performance
option
for
maximum
kernel
throughput
for
all
of
the
world's
most
demanding
services,
and
we
actually
made
q
proxy
worse
right,
so
cube
proxy
round
robins
you
used
to
get
connection
failover
behavior,
which
was
awesome,
and
then
we
regressed
it.
When
we
moved
to
iep
tables
some
people
moved
to
ibvs
some
networking
plug-ins
implement
this.
Some
don't
so
cute
proxy
is
good,
but
and
like
so
david
and
daniel,
like
I'm,
not
actually
advocating
that
we
should
just
rush
into
this.
E
There
are
advantages,
but
it
comes
with.
The
risk
is
what
you
think
is
that's
my
fundamental
con.
Is
it's
very
hard
to
do
this
correctly?
I've
watched
us
struggle
over
the
last
seven
years
to
get
it
right.
In
all
cases,
we
would
want
a
compelling
use
case
or
the
ability
to
clearly
indicate
to
a
consumer
when
you
should
use
this
before
we
rush
ahead.
So
maybe
that's
like
my
con,
which
I
think
is
agreed
with
your
con.
D
I
mean
I've
got
I've
got
other
things
like
other
use
cases
you
mentioned
where,
like
I
got
a
cubelet
and
works,
I
want
to
go
directly
to
a
cube
api
server.
I
mean
again
the
question
there
is
like:
if
you
can't
get
one
load
balancer
right,
this
load
balancer
is
effectively
fanned
out
to
every
cubelet
and
the
behavior
model.
There
seems
to
be
a
scaling
issue
and
also,
if
one
doesn't
work
right.
Why
are
the
500
in
your
cluster
going
to
work
right.
E
Another
trade-off-
and
this
is
worth
noting-
is
the
cube.
Api
server
has
a
certain
set
of
guarantees
that
are
when
running
in
mode
that
are
intended
to
make
them
easy
to
reason
with,
but
to
preserve
some
of
these
scaling
characteristics
to
not
leverage
that,
like
it's,
certainly
possible,
that
arbitrary
servers
behind
a
load
bouncer,
don't
actually
work
correctly,
and
you
need
to
let
the
load
balancer
handle
that
for
like
things
like
session
affinity
or
locality.
Those
are
really
just
like
workarounds.
E
There
is
an
angle
here
that
we
don't
actually
do
all
that
great
in
our
tests
and
some
of
our
use
cases
and
our
controllers
of
actually
handling
the
behavior
of
getting
people
can
easily
get
tricked
by
the
different
state
of
the
watch
cache.
For
instance,
it
would
be
nice,
although
not
required
to
actually
exercise
that
as
part
of
some
normal
operations,
because
again
it
is
a
behavior
that
should
work
correctly
and
regressions
to
it
are
not
valuable.
E
Being
able
to
do
something
similar
to
what
q
proxy
does
to
look
at
the
api
endpoints
of
the
service,
I
don't
know
that
that's
the
best
case
for
all
deployers,
but
I
would
probably
argue
that
that
would
be
reasonably
effective
at
dealing
with
one
of
our
largest
scale
dimensions,
and
you
know
voytek,
maybe
might
argue
differently,
but
we
certainly
the
ability
of
the
nodes
to
act
as
a
thundering
herd
on
the
api
servers
behind
a
poor
load.
Balancer
is
something
that
I
do
think
falls
within
our
scalability
responsibilities.
D
So
we
are
trying
to
close
some
of
the
gap
for
the
cubelet
thundering
herd
problem.
Some
of
that
is
coming
in
terms
of
well.
The
biggest
change
will
be
related
to
priority
and
fairness.
There
was
a
kept
merge
for
for
122
to
a
described
way
to
handle,
watch
initialization,
and
so
when
cubelets
are
dealing
with
an
outage
and
they
all
storm
at
once
to
relist
or
re-watch
their
secrets
that
will
now
be
handled.
E
So
mike
mike
had
gotten
three
quarters
of
the
way
to
implement
this
before
and
we
stopped
because
we're
getting
concerned
about
the
complexity
of
it,
I'm
not
opposed
to
another
go
at
it.
I
just
think
that
it
needs
to
be
done
in
a
very
responsible
way
and
the
responsible
way
is
clear
use
case,
a
simple
enough
implementation
or
the
use
case.
The
implementation
that
matches
the
use
case
actually
shows
a
benefit
for
a
series
of
scenarios.
E
We
could
argue
and
then
what's
the
test
regimen,
that
makes
it
an
optional,
valuable
thing
that
someone
can
use
alongside
clanco.
Maybe
it
doesn't
start
in
client
go
I
I
could
see
that
path
like
client-side
load
bouncing
is
just
the
dual
of
server-side
load
balancing
they
both
have
trade-offs.
If
the
trade-offs
don't
work
for
all
of
our
use
cases
can
we
argue
that
it
works
for
none
of
our
use
cases,
I'm
a
little
skeptical
about
that
so
and
aggregated.
C
Here's
here's
my
question
with
client
side
load
balancing
if
we're
going
to
push
it
down
to
the
into
the
kubernetes
client,
why
not
push
it
down
into
the
go
http
client
right
like
why
not
give
the
http
2
client
a
list
of
ip
addresses
instead
of
a
single
one
and
let
it
like
it.
It
already
is
maintaining
a
bunch
of
connections
over
or
a
bunch
of
a
bunch
of
channels
over
the
same
connection
like
why
not
just
let
it
maintain
a
bunch
of
a
bunch
of
channels
over
multiple
connections.
E
C
Yeah
yeah
yeah
that
yeah
I
can
live
with
that
with
that
formulation
right
like
like
we're,
not
the
only
people
on
the
planet
to
have
a
need
for
some
client-side
load,
balancing
or
maybe
we
haven't.
Maybe
we
don't
we're,
not
the
only
people
to
think
that
we
have
a
need
for
client-side
load,
balancing
so
yeah
sure.
Is
it
really
that
hard?
I
don't
know
I've
never
tried
it.
G
G
To
have
as
a
capability,
if
it's
expressed
in
a
cube
config,
then
that
seems
to
indicate
that
it
would
be
like
able
to
be
consumed
by
all
of
the
clients
we
produce
that
read,
cube
configs.
So
that's
one
question.
Another
question
is:
do
we
expect
this
to
behave
in
a
sort
of
load,
balancy
health
checky
way
like
route
like
check,
z
or
red,
easy
or
whatever,
and
route
to
the
server
that
we.
C
No,
no,
you
don't
need
any.
You
don't
need
any
red
easy
checking.
I
don't
think
because
the
http
2
already
has
this
ping
frame
and
we're
already
using
it
to
detect
whether
the
existing
connection
went
away
like
this
was
a
major
issue
with
http
2
is
like
connections
would
die
and
it
wouldn't
notice
for
like
15
minutes.
So
so
now
we
do
this
application
level
ping.
So
I
think
if
we
were
going
to
maintain
multiple
connections,
we
would
just
do
the
same
thing.
D
E
G
C
D
G
G
This
was
something
that
we
hid
in
our
scd
client,
where,
like
we
had
static
configuration
of
the
ncd
members
and
like
scd,
has
a
provision
for
dynamically
discovering
members,
but
we
don't
use
it
because
we
need
to
be
able
to
still
function
if
we
restart
and
if
you
use
the
sort
of
membership
changed
functionality,
then
over
time
you
could
drift
and
end
up
talking
to
a
completely
different
set
of
servers.
And
then,
if
you
restarted,
you'd,
go
back
to
your
static
list
and
be
broken,
and
so
like
understanding
how
someone
would
use
this.
G
C
D
I
mean
okay,
fine,
so
snip
that
part,
it
still
faces
the
problem
of
ready
z
fan
out,
because
these
can
go
up
and
down.
It
faces
problems
of
how
you
distribute
end
points
which,
interestingly
enough,
both
things
that
jordan
just
called
out.
I
don't
think
that
not
using
ready
z
is
an
option.
We
tried
that
with
a
local
host
connection
and
experienced
bizarre
failures
as
cube,
api
servers
would
come
up
and
be
in
half
ready
states
and
they
were
inconsistent
with
the
rest
of
the
cluster
yeah
and
effectively.
C
There
is
the
case
where
you're
going
through
a
load
balancer-
and
you
only
have
one
ip
address
and
the
only
way
to
get
multiple
connections
is
to
make
multiple
connections
to
the
same
ip
address
and
hope
that
you
get
different
back
ends.
That's
one
case.
Another
case
is
you're
running
in
in
the
in
the
cluster
and
or
you've
got
like
a
like
a
dns
name
that
you
can
resolve
and
or
you
can
read
the
endpoints
table,
and
in
that
case
you
get
a
list
of
ip
addresses.
C
You
can
make
multiple
connections,
and
the
final
case
is:
are
the
weird
ones
like
cubelet
and
q
proxy,
where,
like
some,
some
turtle
has
to
be
at
the
bottom
of
the
stacking
like
you
can't
read
the
the
endpoints
table
until
you
get
a
connection
so
like
how
do
we?
How
do
we
program
that
today,
I
I
guess
we'd
have
to
evolve
that
or
let
let
those
particular
libraries
worry
about
it
right.
So
I
I
guess,
I'm
saying:
there's
not
a
general
solution
for
that
that
works
for
every
client.
G
C
G
G
C
G
About
the
the
possibility
of
like
two
requests
talking
to
you
in
api
servers
that
already
exist
today,
I'm
much
more
concerned
about
the
complexity
and
like,
like
david,
said,
like
writing.
Load
balancers
is
hard
if
we're
unhappy
with
the
ones
that
we
are
already
talking
to
that,
like
our
purpose
built
for
this,
I'm
skeptical
that
we
can
do
better.
E
E
I
think
that's
kind
of
in
our
lane,
but
I
think
it's
kind
of
a
can.
We
do
this
in
a
way,
that's
responsible
for
the
broad
set
and
doesn't
introduce
additional
failure
modes
to
your
point.
Jordan
is
like
how
do
we?
How
do
we
make
everybody's
kubernetes
work
pretty
well
consistently
and
then
not
get
ahead
of
ourselves
and
make
some
people's
kubernetes
work
worse
because
of
the
aforementioned,
like
they
do
have
a
confident
load,
balancer
set
up
or
the
service
is
handling
properly.
D
E
And
that's
that's
actually
what
many
people
do?
I
guess
the
question
is
like
none
of
our
the
kubernetes
is
not
responsible
for
whether
your
network
is
set
up
properly
and
that's
a
responsibility
I
think
like
distributions
have
to
handle,
but
then
there's
a
flip
side
to
it,
which
is
what
part
of
would
we
say
is
conformance
from
an
expectation
of
like
cubelets
can
talk
to
the
api
server,
and
I
think
this
is
a
as
a
sliding
scale.
E
E
That
being
said,
that's
a
lot
of
duplication
and
so
then
there's
an
argument
too
of.
If
you
can
solve
some
classes
of
problem
that
plague
kubernetes
correctly
and
offer
good
recommendations,
that's
probably
a
net
win
for
most
people,
and
maybe
cluster
api
or
some
other
cluster
lifecycle
would
be
willing
to
engage
in
some
of
those
discussions.
More
than
maybe
sigipa
machinery.
E
D
E
I
have
web
hooks
too.
I
mean
I,
I
it's
a
good
there's
a
good
chance
if
you're
running
your
web
hooks
on
kubernetes
and
you
hit
the
like
operationally.
If
you
touch
a
web
hook
on
kubernetes
and
you're,
using
q,
prox
cip
tables
mode
you're,
going
to
have
the
half,
your
requests
are
getting
rejected
if
one
of
your
proxy
endpoints
goes
down,
so
maybe
there's
maybe
this
is
that
maybe
that
would
be
a
better
place
that
we
start
helping.
People
mitigate
self-inflicted
web
hook,
problems
well.
D
D
E
C
D
C
Have
yeah,
I
think,
it'd
be
an
interesting
experiment
to
try
something
that
that
is
like,
I
don't
know
an
alternative
to
golang's,
http,
2
client
and
see
how
good
a
job
can
be
done
right.
If
you
get
an
awesome
replacement,
then
that
makes
things
a
lot
easier
if
it
turns
out
to
be
really
hard.
I
guess
that
would
be
information.
C
D
C
G
G
G
Client
go
plus
plus
that,
like
does
some
of
these
things
like
in
you
know,
in
an
experimental
location,
by
using
that
transport,
wrapper
or
dialer
seems
like
a
safe
place
to
experiment
yeah.
I
would
like
to
see
these
questions
at
least
answered
some
of
the
some
of
these
questions,
like
people
were
like.
Oh
obviously,
no
and
other
people
were
saying.
Obviously,
yes,
and
so
at
least
maybe
reaching
an
understanding
of
what
is
being
proposed
would
be
a
good
next
step,
combined
with,
like
some
experiment,
concepts
stuff,
maybe.
A
C
J
It
depends
but
because
it's
just
like
I
just
want
to
give
an
intro
on
like
what
we're
trying
to
do
with
that
cd
and
how
we
can
help
like
kubernetes
kind
of
incorporate.
What
we're
trying
to
do
or
see
a
release
of
kubernetes
is
like
really
interested
in
doing
something
like
this.
So
I'll.
Just
brief
it
up
like
this,
I
think
it'll
be
a
two
minute
introduction,
so
kubernetes
is
backed
by
htd.
J
Htt
is
a
key
value
store,
it's
just
a
distributed
version
of
the
key
value
store,
and
the
idea
is
that
you
have
a
specific
amount
of
storage
that
it
uses
now.
Currently,
the
storage
isolation
between
kubernetes
and
other
clients.
Isn't
that
great?
So,
for
example,
like
if
kubernetes
fills
up
all
the
eight
gigs
of
the
database
that
was
assigned
to
lcd,
then
other
clients
are
locked
out.
J
So
the
idea
is
to
provide
storage
isolation
by
saying
like
okay
kubernetes,
you
get
like
six
gigs
of
this
and
then
the
other
two
gigs
are
assigned
to
other
people
that
use
that
cd,
because
it's
just
making
it
multi-tenancy
compliant
so
and
then
we
assign
it
by
the
key.
So
you
can
set
like,
oh
maybe
you
know,
kubernetes
gets
like
six
gigs
or
maybe
five
thousand
keys
that
you
can
store
in
ncd,
while
the
other
clients
get
about
two
thousand
and
then
whatever
the
remaining
spaces.
J
So
something
along
those
lines.
So
essentially
this
you,
we
can
call
it
quota
namespace
management
and
then
each
key
is
like
a
namespace
in
hdd,
so
but
just
kind
of
trying
to
see
how
we
can
help
td,
because
I
mean
how
we
can
have
kubernetes,
because
kubernetes
already
has
something
like
that
within
their
own
ecosystem
for
quotas
and
stuff.
So
we're
just
trying
to
see
if
kubernetes
can
leverage
what
we're.
E
C
C
We're
gonna
fix
that
with
priority
fairness,
I
think
not
at
the
ncd
level.
The
the
issue
is,
the
issue
is
if
we,
if
we,
if
we
do
something
like
this
and
split
up
quota
at
the
ecd
level,
then
you
can
get
weird
weird
priority:
inversions
and
things
like
where,
where
you're,
but
you
need
to
do
a
few
rights
and
only
some
of
them
succeed.
E
Right
right,
but
I
mean
there's,
there's
there's
other
aspects
beyond
priority
affairs.
Maybe
you
were
thinking
about
prior
affairs
to
do
this,
which
is
the
volume
of
rights
that
are
actually
executed
to
ncd
is
a
lot
different.
So
someone
very
reasonably
carrying
out
a
patch
operation
is
sending
a
very
small
amount
of
traffic
through
pnf,
but
has
a
high
right.
Amplification.
E
C
D
C
E
E
This
is
a
different
problem
than
what
pnf
is
trying
to
solve,
and
the
best
option
would
be
that
it's
orthogonal.
I
don't
know
that
it's
as
critical
to
someone
who
is
until
you
close
the
barn
door
and
pnf
there's
still
some
challenges
but
like
the
exhaustion
of
ncd
is
effectively
disk
usage
and
it
is
also
memory
usage
and
it
is
also
cpu
usage.
E
D
C
Yeah,
I
I
I
don't
think
we
can
do
this
justice
in
one
more
minute.
I
I
I
don't
mind
if
people
do
this,
but
I
don't
think
it's
useful
for
kubernetes,
because
I
think
we
should
never
if
we've
gotten
into
the
situation
where
api
server
passed
something
and
it's
failing
some
sort
of
quota
check
at
the
lcd
layer.
That
is
not
going
to
be
good
for
for
api
server.
So
well.
E
Clients
I
was
going
to
actually
suggest
so,
like
a
number
of,
so
another
dimension
here
would
be
like
we.
We
do
want
to
get
folks
in
the
community
kind
of
rallied
around
problems
that
sig
api
machinery
maybe
doesn't
have
to
care
about,
but
draw
investment
right
like
some
of
the
stuff
with
you
know,
minimal
api
server,
which
jason
talked
about
or
like
kcp
or
like
people
who
want
to
use
the
api
server
in
heavily
multi-tenant
environments.
Maybe
there's
an
angle
here
for
the
core
ask
for
api
machinery
will
be
api.
E
Machinery
is
not
interested
today
because
it's
got
a
lot
on
its
plate,
but
maybe
there's
ways
that
we
can
actually
go
after
improvements
that
we
could
be
proven
out
and
tested
orthogonal
to
what
api
machinery.
This
group
is
doing
right
now
and
broaden
the
scope
of
what
some
of
these
protections
could
be.
So
like
the
same
way,
we
said
we're
not
going
to
implement
atd
a
different
storage
engine
and
ncd
and
sig
api
machinery.