►
From YouTube: Kubernetes SIG API Machinery 20230918
Description
[benluddy] CBOR Serializer KEP
[cici37] CRD validation rules promoting to GA
[cici37] Clear the GA graduation criteria for ValidatingAdmissionPolicy
[mo] question regarding streaming watch and storage migration (will have KEP open soon)
A
A
2023,
almost
changing
seasons
around
the
world,
and
we
have
a
nice
agenda
today
and
why
don't
we
just
get
to
it?
When
you
have
the
first
topic,
I
will
give
the
spotlight
to
you.
B
Hi
everyone
so
I
brought
up
a
few
times
before
a
few
different
discussions
leading
up
to
the
cap
that
I've
now
opened
for
introducing
a
new
data
format
at
seabor
and
today,
I'm
hoping
to
align
on
Alpha
criteria
as
well
as
a
phased
implementation
strategy.
We're
actually
making
this
real
and
implementable.
B
So
essentially,
The
Proposal
is
to
support
a
new
serializer
in
Cube
for
CR
storage
and
serving
of
both
CRS
and
Native
types,
and
because
the
blast
radius
is
so
large
for
introducing
a
new
data
format.
It's
important
that
we
we're
very
careful
right
in
the
implementation
plan.
B
So
I've
spoken
with
a
lot
of
folks
with
experience,
introducing
and
changing
Cube
serializers
and
accumulated
a
pretty
large
list
of
scenarios
that
I
think
need
to
be
tested
in
order
to
have
confidence
that
we're
not
repeating
mistakes
of
the
past
I.
Don't
I,
don't
know
if
it's
a
good
use
of
time
to
to
enumerate
those
test
cases
but
they're
in
the
cap
in
the
test
plan,
but
because
this
new
serializer
would
be
used
to
serialize
custom
resources.
B
B
Right
so,
basically,
right
now
for
elephant
I'm
thinking
the
entire
list
of
unit
tests,
integration
tests
and
fuzz
tests
that
are
you
know,
listed
in
in
the
test
plan
must
be
implemented
before
this
can
even
be
exposed,
and
we
also
need
to
make
updates
to
the
dynamic
client
to
allow
it
to
use
seaboor.
If
explicitly,
enabled
and
I
think.
We
also
want
Clan
generation
to
support
zebor
for
folks
who
are
generating
clients
for
their
CRTs,
but
I'm
interested
to
hear.
D
B
Sure
so
we
we
don't
want
to
I
changed
the
default
behavior
of
the
clients,
so
we
either
need
clients
to
be
compiled
with
to
be
explicitly
configured
the
compile
time
to
use
seabor
for
rights
or,
as
a
preferred,
read
or
David,
had
also
suggested,
potentially
an
environment
variable
that
folks
can
set
to
explicitly
force
it
on,
even
though
it's
disabled
by
default,
so
I'm
interested
to
hear
opinions
on
on
one
way
or
the
other
or
Third
Way.
E
But
in
some
cases
we
already
have
a
place
in
the
config
to
indicate
that
we
want
Seaboard
I
agree.
We
wouldn't
default
that
to
seabor
I
think
it
defaults
to
Json
right
now,
probably
so,
if
we
wanted
to
have
an
environment
driven
way
to
make
that
default
to
seabor
and
Json,
that
could
be
plausible.
E
B
A
B
Ability
to
for
an
operator
to
disable
this
in
clients
is
useful
to
hedge,
against
the
risk
that
we
discover
some
kind
of
superior
bug
after
clients
are
using.
It
I
think
it
would
be
convenient
for
operators
to
be
able
to
set
a
force
off
environment
variable,
for
example,
to
tell
clients
not
to
use
it
versus
having
to
recompile
with
a
different
client
config.
E
E
Something
we
had
talked
about.
The
last
time
we
met
was
the
library
that
we
use.
We
need
to
understand
sort
of
the
correctness
and
maintenance
stories
on
that.
I
think
the
tests
that
you
outline
probably
cover
the
correctness
aspects,
but
we
need
to
make
sure
we
can
maintain
a
library
or
that
it
is
maintained
before
we
take
dependencies
on
it.
B
So
I
included
in
the
the
test
plan
section
that
we
would
actually
either
adopt
an
existing
conformance
test
or,
if
necessary,
start
building
our
own
conformance
tests
to
run
against
this
for
performance
with
the
seabor
spec
as
well
as
fuzzing,
the
serializer
itself.
B
Some
behaviors
that
we
want
to
check
I,
think
in
fuzz
testing,
including
things
like
malicious
input,
doesn't
cause.
You
know
ridiculous
Heat
allocations
or
crashes,
but
you
know
there
may
be
other
other
behaviors
that
we
should
check
under
fuzzing.
B
I
know
one
of
the
implementations
claims
to
fuzz
their
library,
but
they
haven't
shared
their
fuzz
test.
So
we
can't
inspect
that,
and
the
other
does
not
seem
to
fuzz.
So
I
expect
that,
in
order
to
have
confidence
in
how
the
decoder
handles
untrusted
inputs,
we're
going
to
need
to
build
up
a
pretty
decent
plus
coverage.
E
Okay
and
then
the
like
the
maintainability
aspect,
I
know
we
had
issues
with
our
yaml
decoder
in
the
past
kind
of
an
unresponsive
Upstream
which
caused
issues
around
security
reports
and
things
like
that.
So
we,
if
the
Upstream
of
the
library,
we're
not
we're
looking
at,
is
not
active
or
we're
concerned
that
it
there
might
be
a
lag
there.
We
need
to
understand
what
we're
going
to
do.
If
there's
an
issue,
we
need
to
fix
quickly.
D
C
F
I
was
just
going
to
mention
on
the
project
helping
one
of
the
things
that
I
had
mentioned
as
an
idea
that
I,
don't
think
we've
ever
tried
before
is
asking
cncf
to
fund
and
sponsor
whatever
repo
we
decide
to
use
MIB
beyond
the
scope
of
our
Sig.
But
it's
a
it
doesn't
seem
like
a
bad
idea
like
if
we
end
up
maintaining
the
thing
we're
going
to
pay
a
whole
lot
more
for
it
than
whatever
we
would
pay
to
sponsor
it.
So
we
might
as
well
just
do
it.
E
Case
would
be
we
sponsored
and
we
still
don't
get
the
level
of
responsiveness
that
we
want.
At
least
we
tried
yeah
Jacob
had
a
comment
about
Antoine,
finding
educations
around
open,
API
and
service,
how
to
play
I.
G
Yeah
I
can't
remember
exactly
what
it
was,
but
I
remember.
It
was
a
lot
about
serialization
and
deserialization
and
it
was
like
Jenny
and
Antoine,
maybe
a
year
and
a
half
ago,
and
they
spent
months
and
months
and
months
trying
to
and
it
comes
down
to
the
edge
cases
like
you
can
get
pretty
far
pretty
quickly
and
then
the
edge
cases
it's
like
death
by
a
Thousand
Cuts.
So
it
was
mostly
just
about.
If
we
have
some
framework
for
testing
that
might
be
reusable.
It
might
be
useful.
D
Oh
Ben,
this
one
thing
I
noticed
is
that
we're
talking
a
lot
about
go
so
far,
I
feel,
like
I
mean
we
do
have
other
language,
clients
I'm,
not
sure
exactly.
If
it
should
be
a
graduation
criteria,
but
I
feel
like
before
we
get
to
GA.
We
should
need
some
kind
of
validation
that
we're
interoperating
across
a
reasonable
subset
of
languages.
B
D
B
Okay
I
know,
there's
also
potentially
substantial
differences
in
you
know
what
native
language
representation
each
implementation
will
do
based
on
what's
idiomatic
for
for
that
language,
yeah.
B
I've
suggested
that
we
use
there's
actually
an
RFC
that
builds
on
Seaboard
called
seaboor
sequences.
B
B
Sieber
also
has
that
property.
It
also
has
Provisions
for
length
prefixed
framing
in
the
same
spec.
Okay,
I
think
it
would
be
nice
to
build
on
on
that
since
there's
several
years
of
work
in
that
space.
E
Okay,
similar
to
what
we
were
saying
about
other
languages.
If,
if
this
is
sort
of
an
additive
spec,
it
would
be
good
to
know
what
support
libraries
have
for
C4
streaming
or
if
it's
the
kind
of
thing
that
you
could
take
those
libraries
and
pass
a
stream
to
it,
chop
up
a
stream
and
use
those
existing
libraries,
even
if
they
don't
have
built-in
support
for
streaming.
I
just
want
to
make
sure
we
don't
choose
sort
of
an
additive
thing
on
top
of
Seaboard.
That
has
inconsistent
support.
C
When
you
talked
about
the
default
line
between
Json
and
civil,
are
you
going
to
say
like
why
why
we
are
giving
why
it
can
be
better
for
users
to
use
civil
like
the
size
we've
increased
or
some
of
them
performance
improvements?
C
B
Yeah
I
think
any
time
that
you
currently
are
using
Json
mechanically.
So
from
a
controller
or
similar.
You
would
want
to
you
see
more
strictly
because
it's
less
expensive
to
encode
and
decode,
and
it's
also
slightly
smaller
I,
the
the
cases
for
Json
and
yaml
that
I,
don't
think
are
superseded
or
anything
where
a
human
is
is
editing
or
maintaining
the
representation.
Look
I,
don't
expect.
This
would
be
appealing
for
someone
to
store.
You
know
in
a
good
Ops
workflow.
B
D
E
Or
fortunately,
the
thing
that
is
easiest
to
switch
on
the
client
side
is
to
make
eventually
make
clients
say:
I
will
accept
seabor
or
Json,
and
so
they
will
work
perfectly
well
with
old
API
servers.
They
don't
know
about
C4
and
sort
of
transparently
accept
and
decode
either
the
right
path
is
harder
to
switch,
but
the
read
path
is
actually
the
one
that
benefits
the
API
server
the
most
and
it's
easier
to
switch,
which
is
fortunate.
B
Yes,
that
that's
already
supportable
via
regular
content,
type
negotiation.
B
A
B
Where
effectively,
the
idea
is,
we
would
Implement
a
kill,
switch
inside
Cube
API
server,
where,
if
it
starts
up
and
seabor,
is
present
in
its
supported
content
types,
then
it
will
be,
it
will
Panic
or
be
otherwise
a
fatal
error.
So
you
can't
run
a
qppi
server
supporting
C4
that
that
would
be
the
initial
sort
of
safety.
B
Next,
we
would
proceed
with.
You
know:
completing
the
huge
list
of
tests
and
any
other
due
diligence.
We
need
to
feel
confident
that
the
serializer
is
behaving
the
way
we
want
it
to
and
then
strictly
in
order
to
be
able
to
write
integration
tests,
we
would
make
it
possible,
just
via
code
injection,
in
an
integration
test
to
start
a
cube,
API
server
that
support
seaboard.
B
Obviously
next
would
be
all
integration
tests
implemented
and
the
rest
of
the
alpha
criteria
could
be
implemented
at
that
point
before
even
introducing
the
feature
gate
that
would
allow
users
to
turn
it
on
so
sort
of
the
one
of
the
final
steps
would
actually
be
making
it
possible
to
build
gas
and
flip
a
switch
to
turn
on
C4.
B
B
Or
just
anything
else,
we
might
want
to
do
to
increase
their
confidence
that
no
one's
going
to
be
able
to
to
start
persisting.
Crs's
C4
by
accident.
E
Yeah
I'm
not
sure
I,
I'm,
not
sure
I
followed,
but
the
actually
wiring
it
into
the
effective
server
config
and
actually
building
it
into
the
clients,
the
capability
and
clients.
If
those
are
the
last
things
we
do
then,
and-
and
we
only
do
that
once
we
have
the
feature
date
and
the
opt-in
mechanism
and
client
side
that
seems
pretty
reasonable,
I
think
you
could
Define
the
serializer
package.
We
have
a
Json
serializer
package
and
a
product
above
serializer
package
that
are
just
sort
of
Standalone
packages.
E
You
can
define
those
and
do
a
lot
of
the
unit
tests
without
ever
wiring
it
up
to
anything
and
then,
if
the
server
wiring
initially
only
happens
in
integration
tests
and
isn't
even
connected
for
normal
servers
that
lets
you
do
a
lot
of
the
round
tripping
server
stuff
in
integration
tests
only
and
it's
still
impossible
to
enable
when
you're
running
a
real
built
binary.
B
A
B
Expect
90
of
the
work
occurs
before
any
any
serializer
is
wired
to
the
the
Codex
Factory.
D
D
B
Great
thanks
and
I
guess
just
one
last
thing:
I
know:
Joe
has
volunteered
to
your
reviewer
just
like
folks
who
are
interested
in
officially
being
reviewers
or
even
approvers
on
the
cup
just
reach
out
to
me,
or
let
me
know.
A
Everyone
thank
you,
Ben
I
was
presenting,
so
I
didn't
want
to
switch
and
take
notes,
but
look
like
somebody
or
yourself
was
able
to
capture
what
you
need
otherwise
he's
recorded.
Thank
you.
Okay,
let's
move
to
the
next
one
cc
I
see
you
there.
How
are
you
hi.
H
Yeah,
so
I
have
two
agendas
here.
The
first
one
is
the
start
of
Education
juice,
and
this
feature,
as
people
might
already
know,
has
been
staying
in
beta
since
125
and
I'm
here
to
propose
that
we're
promoting
this
feature
to
stable
in
this
current
release,
and
we
actually
was
trying
to
promote
it
to
stable
last
release.
But
we,
since
we
don't,
we
were
adding.
We
were
like
basically
modifying
the
API
and
we
don't
want
to
like
updating
the
API
together
with
promoting
it
to
Stables.
H
So
we
hold
it
for
one
more
release
and
we
have
cleared
all
the
I
hope
that
the
criteriors
from
the
previous
releases,
so
yeah
I'm
here
just
to
to
see.
If
anyone
has
objections
on
that.
H
C
H
Yeah
from
the
Alpha
and
the
beta
phrases,
we
have
added
a
lot
of
tests,
so
I
guess
we're
pretty
confident
about
the
test
coverage.
We
have
a
lot
of
not
only
the
unit
test
integration
test,
e2e
test,
but
also
like
some
tests
to
ensure
the
cell
library's
availability
and
yeah,
but
please
feel
free
to
raise
if
any
cases
we
missed
and
we
will
be
happy
while
they're
happy
to
add
in.
E
There
were
a
couple
discussions
that
I
remember.
In
the
last
few
weeks,
one
was
around
like
the
behavior
of
the
has
functionality,
comparing
like
specific
properties
to
maps
and
additional
properties,
and
then
one
recently
talking
about
a
cost
sizing
change
between
127
and
128..
E
Those
are
I
would
recommend
doing
a
sweep
of
any
issues
that
have
been
reported
and
making
sure
we've
root
cause
and
like
understand
them,
and
in
some
cases
it
might
have
been
something
that
actually
got
fixed
during
data.
And
so
the
explanation
is,
it's
now
fixed.
We
now
we
understand
this
and
have
tests
and
they're
stable.
The
has
Behavior
difference
between
properties
and
Maps
seems
like
something
we
should
understand
in
Greater
detail
on
the
way
to
GA
but
I'm,
happy
to
see
it.
Wrapping
up.
H
Thank
you
so
much
yeah
I
will
have
like
all
the
issues.
Maybe
I'll
later
add
all
the
issues
retracted
it
there
as
well
so
yeah
and
we're
definitely
like
still
all
the
upcoming
issues
before
we
promote
handy
to
stable
foreign.
H
Policy
and
as
people
might
already
know
like
we
promoted
the
validated
animation
policy
to
Beta
in
the
last
release,
which
is
kubernetes
1.28
and
just
to
be
clear.
We
don't
plan
to
promote
it
to
GA
in
this
release
of
129,
but
I
do
want
to
clear
the
G
graduation
criteriors
beforehand
so
later,
when
we
are
ready
to
promote
it,
promote
the
feature
to
stable.
Then
we
make
sure
we
checked
everything
and
we
are
fully
ready.
H
So
that's
a
list
which
I
currently
think
about
so
please,
let
me
know
if
I
missed
anything
I'm,
not
sure
if
yeah
I
think
not
not
this
one,
oh
yeah.
H
So
there
is
some
like
yeah
issues
coming
from
the
previous
better
promotion,
and
there
are
some
things
related
with
adoption
and
scalability.
So
yeah
yep.
Let's
go
ahead.
Joe.
D
Yes,
so
Jordan,
you
might
have
a
thought
on
this
when
we,
when
we
promoted
validity
and
mutating
web
books
I
think
we
did
them
together.
D
Should
we
should
we
have
an
expectation
of
a
minimum
stability
level
for
mutating
the
mission
policy
before
we
take
validating
the
mission
policy,
the
ga.
E
D
H
I
think
the
early
Alpha
mutating
should
be
like,
like
should,
should
be
not
like,
at
least
after,
like
this
validating
going
to
J
so
like
it
should
be.
We
should
have
time
basically,
if
we
really
caught
something
like
the
API,
should
change
or
something
yeah.
H
Cool
like
if
people
do
have
like
opinions
on
that,
please
feel
free
to
comment
on
the
pr
yeah
I
have
the
pr
link
there
yep.
We.
D
Do
have
the
adoption
there
is
moving
along.
Opa
gatekeeper
has
done
a
significant
level
of
integration
with
adoption.
D
Level
they're
not
using
this
exact
feature
yet,
but
there
are
people.
H
Yeah
I
wanna
mentioned,
like
they
already
have
like
the
valid
information
policy
embedded
with
their
on
report
API
so
and
the
report
iPad
they
plan
to
promote
it
to
the
kubernetes
six
level.
So
yeah,
that's
that's
an
option
for
me.
D
H
E
H
Yeah
I
think
that's
that
that
data
that
that
that's
a
problem
like
for
the
major
Cloud
providers
to
use
it,
because
this
beta
is
turned
off
by
default
and
it's
hard
for,
like
the
major
Cloud
providers
too.
I
could
turn
it
on
and
to
try
it,
but
we
do
get
a
feedback
from
like
other
customers
and
they
reach
out
for
like
any
issues
or
use
cases.
They
were
on
playing
with
that
image
policy.
I
I
forgot
the
company
name.
D
We're
not
getting
this
broad
spectrum,
as
I
would
like
to
see
because
it's
off
by
default.
So,
like
you,
know,
Opa
gatekeeper,
it's
you
know
we
have.
We
have
contributors
from
that
project
who
worked
with
us
apps.
We
built
out
the
feature,
and
you
know
we
also
built
a
web
hook.
Implementation
of
this,
so
people
could
try
it
out,
and
so
you
know
we
were
able
to
get
them
to
kind
of
do
like
almost
a
first
party
testing
of
it
and
make
sure
it
works
for
all
their
needs.
D
E
Wondered
if
we
wanted
to
include
or
be
more
specific
in
our
graduation
criteria
like
that,
we
would
be
able
to
point
to
real
web
hooks
that
were
able
to
be
translated
into
sell
like
whether
we
did
the
translation
or
whether
someone
else
was
doing
the
translation,
and
we
could
reference
it
like
I
know.
Being
able
to
replace
web
hooks
was
a
key
motivation.
E
H
Sure
I'll
note
that
down.
A
H
H
F
F
Did
anybody
know
exactly
how
that's
supposed
to
work
like
I'm
I'm
having
a
hard
time
mentally
mapping
I
have
a
pad
a
page
needed
list
with
very
special
continue
token
semantics,
where
I
can
cheat
and
do
all
sorts
of
things
and
I'm
not
exactly
sure
how
I'm
supposed
to
turn
that
into
a
streaming
watch
like
am
I
supposed
to
like?
Do
a
watch
from
resource
version,
zero,
get
all
the
items
and
wait
till
I
get
the
bookmark
and
say
that
that
was
good
enough
and
if
so,
how
does
that
help?
D
I
actually
know
more
about
the
streaming
watching
than
the
than
the
tricks
that
the
storage
migrator
uses
in
the
paginated
approach.
So
I
think
I've
got
a
knowledge
Gap.
There.
F
So
so
the
gist
is
like
in
the
svm
API
like
we
have
like
in
the
spec
of
that
object.
There
is
like
a
field
to
put
the
continue
token
and
like
when
you
do
a
paginated
list.
If
you
end
up
getting
to
a
point
where
a
compaction
has
occurred
and
the
API
server
is
unable
to
give
you
a
consistent
list,
it'll
say
sorry.
This
is
expired,
but
in
the
response
in
the
status
response,
it'll
tell
you
by
the
way,
if
you
want
to
like
not
have
a
consistent
list.
F
Here's
the
continue,
token
go
crazy
and
so
svm
looks
for
that
and
purposefully
does
an
inconsistent
list
and
so
forth,
and
so
on.
I
just
don't
understand
how
to
turn
that
into
like
streaming
semantics
or
if
such
a
semantic
can
even
be
expressed
because,
like
you
know,
just
scanning
the
streaming
watch
kept,
it's
got
like
the
word
consistent
like
at
least
10
different
times,
because
it's
very
much
trying
to
make
sure
you
don't
do
the
wrong
thing.
But
in
this
case
I
just
need
a
list
that
was
sort
of
consistent.
E
I
I
would
probably
direct
you
to
like
boytec
or
the
other
folks
who,
like
the
authors
of
that
or
people
who
implemented
the
streaming
stuff.
D
A
Okay,
if
you
don't
find
the
answers-
or
nobody
has
the
time
I
can
try
to
reach
out
to
some
of
the
previous
authors
of
this
part,
but
I,
don't
know
how
successful
I
will
be.
F
A
If
you,
if
you
struggle
being
me
on
slack
and
I,
will.
F
A
Thank
you
very
good,
okay
and
I.
Think
with
that
we
covered
all
the
topics
for
today.
Thank
you
for
coming
and
participating,
and
hopefully
we'll
see
you
in
two
weeks
have
a
great
Wednesday
and
enjoy
the
last
day
of
the
Season,
wherever
you
are
done.
Bye
thanks.