►
From YouTube: Kubernetes SIG API Machinery 20230918
Description
[benluddy] CBOR Serializer KEP
[cici37] CRD validation rules promoting to GA
[cici37] Clear the GA graduation criteria for ValidatingAdmissionPolicy
[mo] question regarding streaming watch and storage migration (will have KEP open soon)
A
A
B
Hi
everyone
so
I
brought
up
a
few
times
before
a
few
different
discussions
leading
up
to
the
cap
that
I've
now
opened
for
introducing
a
new
data
format
at
seabor
and
today,
I'm
hoping
to
align
on
Alpha
criteria
as
well
as
a
phased
implementation
strategy.
We're
actually
making
this
real
and
implementable.
B
B
So
I've
spoken
with
a
lot
of
folks
with
experience,
introducing
and
changing
Cube
serializers
and
accumulated
a
pretty
large
list
of
scenarios
that
I
think
need
to
be
tested
in
order
to
have
confidence
that
we're
not
repeating
mistakes
of
the
past
I.
Don't
I,
don't
know
if
it's
a
good
use
of
time
to
to
enumerate
those
test
cases
but
they're
in
the
cap
in
the
test
plan,
but
because
this
new
serializer
would
be
used
to
serialize
custom
resources.
B
Right
so,
basically,
right
now
for
elephant
I'm
thinking
the
entire
list
of
unit
tests,
integration
tests
and
fuzz
tests
that
are
you
know,
listed
in
in
the
test
plan
must
be
implemented
before
this
can
even
be
exposed,
and
we
also
need
to
make
updates
to
the
dynamic
client
to
allow
it
to
use
seaboor.
If
explicitly,
enabled
and
I
think.
We
also
want
Clan
generation
to
support
zebor
for
folks
who
are
generating
clients
for
their
CRTs,
but
I'm
interested
to
hear.
D
E
E
B
A
B
Ability
to
for
an
operator
to
disable
this
in
clients
is
useful
to
hedge,
against
the
risk
that
we
discover
some
kind
of
superior
bug
after
clients
are
using.
It
I
think
it
would
be
convenient
for
operators
to
be
able
to
set
a
force
off
environment
variable,
for
example,
to
tell
clients
not
to
use
it
versus
having
to
recompile
with
a
different
client
config.
E
E
Something
we
had
talked
about.
The
last
time
we
met
was
the
library
that
we
use.
We
need
to
understand
sort
of
the
correctness
and
maintenance
stories
on
that.
I
think
the
tests
that
you
outline
probably
cover
the
correctness
aspects,
but
we
need
to
make
sure
we
can
maintain
a
library
or
that
it
is
maintained
before
we
take
dependencies
on
it.
B
B
I
know
one
of
the
implementations
claims
to
fuzz
their
library,
but
they
haven't
shared
their
fuzz
test.
So
we
can't
inspect
that,
and
the
other
does
not
seem
to
fuzz.
So
I
expect
that,
in
order
to
have
confidence
in
how
the
decoder
handles
untrusted
inputs,
we're
going
to
need
to
build
up
a
pretty
decent
plus
coverage.
E
Okay
and
then
the
like
the
maintainability
aspect,
I
know
we
had
issues
with
our
yaml
decoder
in
the
past
kind
of
an
unresponsive
Upstream
which
caused
issues
around
security
reports
and
things
like
that.
So
we,
if
the
Upstream
of
the
library,
we're
not
we're
looking
at,
is
not
active
or
we're
concerned
that
it
there
might
be
a
lag
there.
We
need
to
understand
what
we're
going
to
do.
If
there's
an
issue,
we
need
to
fix
quickly.
D
C
F
I
was
just
going
to
mention
on
the
project
helping
one
of
the
things
that
I
had
mentioned
as
an
idea
that
I,
don't
think
we've
ever
tried
before
is
asking
cncf
to
fund
and
sponsor
whatever
repo
we
decide
to
use
MIB
beyond
the
scope
of
our
Sig.
But
it's
a
it
doesn't
seem
like
a
bad
idea
like
if
we
end
up
maintaining
the
thing
we're
going
to
pay
a
whole
lot
more
for
it
than
whatever
we
would
pay
to
sponsor
it.
So
we
might
as
well
just
do
it.
E
G
Yeah
I
can't
remember
exactly
what
it
was,
but
I
remember.
It
was
a
lot
about
serialization
and
deserialization
and
it
was
like
Jenny
and
Antoine,
maybe
a
year
and
a
half
ago,
and
they
spent
months
and
months
and
months
trying
to
and
it
comes
down
to
the
edge
cases
like
you
can
get
pretty
far
pretty
quickly
and
then
the
edge
cases
it's
like
death
by
a
Thousand
Cuts.
So
it
was
mostly
just
about.
If
we
have
some
framework
for
testing
that
might
be
reusable.
It
might
be
useful.
D
Oh
Ben,
this
one
thing
I
noticed
is
that
we're
talking
a
lot
about
go
so
far,
I
feel,
like
I
mean
we
do
have
other
language,
clients
I'm,
not
sure
exactly.
If
it
should
be
a
graduation
criteria,
but
I
feel
like
before
we
get
to
GA.
We
should
need
some
kind
of
validation
that
we're
interoperating
across
a
reasonable
subset
of
languages.
B
B
E
Okay,
similar
to
what
we
were
saying
about
other
languages.
If,
if
this
is
sort
of
an
additive
spec,
it
would
be
good
to
know
what
support
libraries
have
for
C4
streaming
or
if
it's
the
kind
of
thing
that
you
could
take
those
libraries
and
pass
a
stream
to
it,
chop
up
a
stream
and
use
those
existing
libraries,
even
if
they
don't
have
built-in
support
for
streaming.
I
just
want
to
make
sure
we
don't
choose
sort
of
an
additive
thing
on
top
of
Seaboard.
That
has
inconsistent
support.
B
Yeah
I
think
any
time
that
you
currently
are
using
Json
mechanically.
So
from
a
controller
or
similar.
You
would
want
to
you
see
more
strictly
because
it's
less
expensive
to
encode
and
decode,
and
it's
also
slightly
smaller
I,
the
the
cases
for
Json
and
yaml
that
I,
don't
think
are
superseded
or
anything
where
a
human
is
is
editing
or
maintaining
the
representation.
Look
I,
don't
expect.
This
would
be
appealing
for
someone
to
store.
You
know
in
a
good
Ops
workflow.
E
Or
fortunately,
the
thing
that
is
easiest
to
switch
on
the
client
side
is
to
make
eventually
make
clients
say:
I
will
accept
seabor
or
Json,
and
so
they
will
work
perfectly
well
with
old
API
servers.
They
don't
know
about
C4
and
sort
of
transparently
accept
and
decode
either
the
right
path
is
harder
to
switch,
but
the
read
path
is
actually
the
one
that
benefits
the
API
server
the
most
and
it's
easier
to
switch,
which
is
fortunate.
A
B
Where
effectively,
the
idea
is,
we
would
Implement
a
kill,
switch
inside
Cube
API
server,
where,
if
it
starts
up
and
seabor,
is
present
in
its
supported
content
types,
then
it
will
be,
it
will
Panic
or
be
otherwise
a
fatal
error.
So
you
can't
run
a
qppi
server
supporting
C4
that
that
would
be
the
initial
sort
of
safety.
B
Next,
we
would
proceed
with.
You
know:
completing
the
huge
list
of
tests
and
any
other
due
diligence.
We
need
to
feel
confident
that
the
serializer
is
behaving
the
way
we
want
it
to
and
then
strictly
in
order
to
be
able
to
write
integration
tests,
we
would
make
it
possible,
just
via
code
injection,
in
an
integration
test
to
start
a
cube,
API
server
that
support
seaboard.
B
B
E
Yeah
I'm
not
sure
I,
I'm,
not
sure
I
followed,
but
the
actually
wiring
it
into
the
effective
server
config
and
actually
building
it
into
the
clients,
the
capability
and
clients.
If
those
are
the
last
things
we
do
then,
and-
and
we
only
do
that
once
we
have
the
feature
date
and
the
opt-in
mechanism
and
client
side
that
seems
pretty
reasonable,
I
think
you
could
Define
the
serializer
package.
We
have
a
Json
serializer
package
and
a
product
above
serializer
package
that
are
just
sort
of
Standalone
packages.
B
A
D
A
H
Yeah,
so
I
have
two
agendas
here.
The
first
one
is
the
start
of
Education
juice,
and
this
feature,
as
people
might
already
know,
has
been
staying
in
beta
since
125
and
I'm
here
to
propose
that
we're
promoting
this
feature
to
stable
in
this
current
release,
and
we
actually
was
trying
to
promote
it
to
stable
last
release.
But
we,
since
we
don't,
we
were
adding.
We
were
like
basically
modifying
the
API
and
we
don't
want
to
like
updating
the
API
together
with
promoting
it
to
Stables.
H
H
C
H
Yeah
from
the
Alpha
and
the
beta
phrases,
we
have
added
a
lot
of
tests,
so
I
guess
we're
pretty
confident
about
the
test
coverage.
We
have
a
lot
of
not
only
the
unit
test
integration
test,
e2e
test,
but
also
like
some
tests
to
ensure
the
cell
library's
availability
and
yeah,
but
please
feel
free
to
raise
if
any
cases
we
missed
and
we
will
be
happy
while
they're
happy
to
add
in.
E
E
Those
are
I
would
recommend
doing
a
sweep
of
any
issues
that
have
been
reported
and
making
sure
we've
root
cause
and
like
understand
them,
and
in
some
cases
it
might
have
been
something
that
actually
got
fixed
during
data.
And
so
the
explanation
is,
it's
now
fixed.
We
now
we
understand
this
and
have
tests
and
they're
stable.
The
has
Behavior
difference
between
properties
and
Maps
seems
like
something
we
should
understand
in
Greater
detail
on
the
way
to
GA
but
I'm,
happy
to
see
it.
Wrapping
up.
H
H
Policy
and
as
people
might
already
know
like
we
promoted
the
validated
animation
policy
to
Beta
in
the
last
release,
which
is
kubernetes
1.28
and
just
to
be
clear.
We
don't
plan
to
promote
it
to
GA
in
this
release
of
129,
but
I
do
want
to
clear
the
G
graduation
criteriors
beforehand
so
later,
when
we
are
ready
to
promote
it,
promote
the
feature
to
stable.
Then
we
make
sure
we
checked
everything
and
we
are
fully
ready.
H
D
H
H
D
H
D
H
E
H
Yeah
I
think
that's
that
that
data
that
that
that's
a
problem
like
for
the
major
Cloud
providers
to
use
it,
because
this
beta
is
turned
off
by
default
and
it's
hard
for,
like
the
major
Cloud
providers
too.
I
could
turn
it
on
and
to
try
it,
but
we
do
get
a
feedback
from
like
other
customers
and
they
reach
out
for
like
any
issues
or
use
cases.
They
were
on
playing
with
that
image
policy.
I
I
forgot
the
company
name.
D
We're
not
getting
this
broad
spectrum,
as
I
would
like
to
see
because
it's
off
by
default.
So,
like
you,
know,
Opa
gatekeeper,
it's
you
know
we
have.
We
have
contributors
from
that
project
who
worked
with
us
apps.
We
built
out
the
feature,
and
you
know
we
also
built
a
web
hook.
Implementation
of
this,
so
people
could
try
it
out,
and
so
you
know
we
were
able
to
get
them
to
kind
of
do
like
almost
a
first
party
testing
of
it
and
make
sure
it
works
for
all
their
needs.
E
Wondered
if
we
wanted
to
include
or
be
more
specific
in
our
graduation
criteria
like
that,
we
would
be
able
to
point
to
real
web
hooks
that
were
able
to
be
translated
into
sell
like
whether
we
did
the
translation
or
whether
someone
else
was
doing
the
translation,
and
we
could
reference
it
like
I
know.
Being
able
to
replace
web
hooks
was
a
key
motivation.
E
A
H
F
F
Did
anybody
know
exactly
how
that's
supposed
to
work
like
I'm
I'm
having
a
hard
time
mentally
mapping
I
have
a
pad
a
page
needed
list
with
very
special
continue
token
semantics,
where
I
can
cheat
and
do
all
sorts
of
things
and
I'm
not
exactly
sure
how
I'm
supposed
to
turn
that
into
a
streaming
watch
like
am
I
supposed
to
like?
Do
a
watch
from
resource
version,
zero,
get
all
the
items
and
wait
till
I
get
the
bookmark
and
say
that
that
was
good
enough
and
if
so,
how
does
that
help?
D
F
So
so
the
gist
is
like
in
the
svm
API
like
we
have
like
in
the
spec
of
that
object.
There
is
like
a
field
to
put
the
continue
token
and
like
when
you
do
a
paginated
list.
If
you
end
up
getting
to
a
point
where
a
compaction
has
occurred
and
the
API
server
is
unable
to
give
you
a
consistent
list,
it'll
say
sorry.
This
is
expired,
but
in
the
response
in
the
status
response,
it'll
tell
you
by
the
way,
if
you
want
to
like
not
have
a
consistent
list.
F
Here's
the
continue,
token
go
crazy
and
so
svm
looks
for
that
and
purposefully
does
an
inconsistent
list
and
so
forth,
and
so
on.
I
just
don't
understand
how
to
turn
that
into
like
streaming
semantics
or
if
such
a
semantic
can
even
be
expressed
because,
like
you
know,
just
scanning
the
streaming
watch
kept,
it's
got
like
the
word
consistent
like
at
least
10
different
times,
because
it's
very
much
trying
to
make
sure
you
don't
do
the
wrong
thing.
But
in
this
case
I
just
need
a
list
that
was
sort
of
consistent.