►
From YouTube: SIG Cloud Provider 2023-07-05
Description
Meeting Agenda: https://docs.google.com/document/d/1OZE-ub-v6B8y-GuaWejL-vU_f9jsjBbrim4LtTfxssw/edit#bookmark=id.qkklje7sz781
A
All
right
welcome.
Everyone
today
is
Wednesday
July,
the
5th
2023,
and
this
is
the
kubernetes
Sig
cloud
provider.
Meeting
Sig
cloud
provider
is
a
sub-project
of
kubernetes
sigs
and
as
such,
we
follow
their
meeting
guidance,
which
essentially
says
please
treat
each
other
as
you
would
expect
to
be
treated,
which
is
to
say,
please
be
kind
to
each
other
and
also
please
raise
your
hand
if
you'd
like
to
talk
and
I
will
call
on
you.
A
A
B
A
B
A
C
A
B
B
E
A
A
B
C
A
A
C
E
Yeah
I'm
debating
if
it
would
be
worthwhile
to
just
instead
of
trying
to
get
the
current
kept
in
shape,
just
like
starting
from
scratch
on
the
from
the
template
and
then
back
filling
information
because,
like
I,
haven't
looked
at
the
cap
for
a
while,
but
I,
don't
remember
when
that
kept
was
written.
But
template
changed
like
quite
a
bit
since
then
anyways
yeah,
okay,
we
can.
We
can
chat
about
it
more
later,
but.
B
Andrew,
do
you
want
to
start
with
that
action
item,
or
do
you
want
El,
Nico
and
I
just
start
with
that
or
like
what?
What's
your
thinking
about
I
mean
I'm
I'm,
not
trying
to
be
a
blocker
and
volunteer
for
more
stuff,
but
I
have
written
cups
and
progressed
stuff
in
caps
in
the
last,
like
several
releases,
so
I
know
the
the
process
has
changed
a
little
but
yeah
I'm
just
wondering
if
you
want
to
start
with
that
or
if
you
want
us
to
start
with
that.
E
C
D
A
A
Okay,
so
it
sounds
like
we
need,
like
probably
a
little
more
information
there
and
then
we'll
need
to
redraft
it,
probably
okay,
so
we
talked
about
this
a
little
last
time,
but
Nick's
role
in
the
sing,
I
don't
know
Kirsten.
Maybe
you
have
more
more
insight
on
this
or
what
I'm
not
sure
what
what
we
have
to
say
here.
E
A
A
F
Yeah
so
I
don't
know
how
much
people
know
about
the
leader
election
code
in
in
Cube,
but
there's
this
option
called
release
on
Council.
What
really
some
Council
does
is.
Basically,
when
the
podcast
signals
shut
down,
it
releases
the
lease
typically,
the
default
is
pretty
short.
So
if
you
don't
bother
with
this,
then
you
know
you're
only
waiting,
10
seconds
or
so,
but
we
do
expose
the
the
kind
of
knobs
to
go
and
configure
those
and
make
those
longer
in
openshift.
F
We
have
some
pretty
long
lead
reduction
leases
because
of
some
maths
that
David
East
did
at
some
point,
and
it
means
that
actually,
what
we
were
seeing
is
in
the
worst
case,
during
an
upgrade.
You
can
end
up
with
about
two
minutes
of
downtime
based
on
these.
These
things
now
for
the
CCM.
The
issue
there
is
that
you've
got
nodes
going
in
and
out
of
load
balancers.
F
While
this
is
down,
you
know
we
were
looking
at
upgrades
and
stuff
adding
new
nodes,
so
it
would
be
better
if
we
could
do
the
release
on
cancel.
So
I
wondered
if
anyone
has
done
any
Research
into
it
and
worked
out
whether
it
may
or
may
not
be
safe,
and
if
that
hasn't
been
done,
does
anyone
object
to
us
looking
into
that
in
in
128
to
see
if
that's
something
we
can
enable
safely.
F
Cloud
control
manager
is
working
towards
that.
They
found
some
issues
with
certain
controllers
that
weren't
shutting
down
gracefully,
so
they
haven't
enabled
it
yet.
Basically,
you
have
to
make
sure
that
all
of
your
controllers
basically
pass
through
a
context
and
will
shut
down
correctly
when
that
context
is
canceled
to
enable
it.
F
F
F
F
F
Aws
removes
it
from
the
load
balancer,
with
the
change
that
Alexander
put
in
now
for
the
external
traffic
policy,
local
service
that
note
set
is
only
reconciled
when
the
node
is
added
or
there's
a
special
taint
or
a
special
label.
You
can
use
to
exclude
it
and
I
think
now
something
to
do
it.
Provider
IDs
has
just
gone
in
as
well,
but
that's
by
the
buy.
F
To
like
15
to
20
seconds
reliably
of
disruption
when
we
were
when
we
introduced
the
rebase
onto
the
127
branch,
so
I've
proposed
a
fix
for
AWS
and
basically,
what
that
is
is
let's
move
over
to
using.
If,
if
a
user
has
done
nothing
for
the
health
check,
they
have
specified,
not
the
port,
not
the
protocol,
nor
the
path
move
over
to
the
same
Health
checking
that
gcp
does,
which
is
to
use
the
cube
proxy
endpoint
and
then,
if
they
have
specified
anything,
retain
the
old
Behavior.
F
So
in
theory
this
shouldn't
be
a
breaking
change
with
the
testing
that
I
then
did
on
this.
We
were
getting
zero
seconds
of
disruption
in
our
testing
zero
to
one
seconds
on
the
E20
runs.
We
did
so
I
think
this
actually
improves
on
what
we
had
prior
to
the
changes
that
went
in
and
I
believe.
This
is
related
to
another
kept
that
Alexander's
been
working
on
the
3836,
which
recommends
this
kind
of
path
forward
as
well.
So
this
is
the
pr
for
AWS
which
I
wanted
to
bring
up
KFAN.
F
If
there's
anything,
you
can
do
to
help
move
that
along.
That
would
be
appreciated
and
I
did
also
want
to
ask
Bridget
as
well
about
the
there
is
a
PR
to
do
the
same
thing.
On
Azure
last
I
heard
there
was
some
internal
discussion
about
whether
it
would
be
a
breaking
change
or
not,
and
I
haven't
seen
anything
since
yeah.
B
I
I
did
talk
to
pingfei
last
week
and
I'm
trying
to
get
an
update
surfaced
over
over
on
this
issue.
It
just
isn't
there
yet.
So
that's
I'm
gonna
think
and
make
sure
that
kind
of
is
like
time.
Zones
are
what
they
are,
and
there
was
a
very
inconvenient
U.S
holiday
that
you
may
know
something
about
something
about
us
and
some
colonialism,
and
you
know
that
got
in
the
way
of
this
week
being
at
all
useful
in
terms
of
class
Globe
collaboration.
F
E
So
that's
kind
of
sorry
I
wasn't
fully
following
all
that,
but
but
I'm
trying
to
just
unwrap
my
head
around
the
problem.
So
the
problem
is
basically
we
made
a
change
where
we
don't
consider
the
no
status
when
we,
when,
when
service
controller,
basically
evaluates
the
nodes
for
low
bouncer
and
that
causes
problem
only
for
traffic
policy
cluster,
because
we
don't
actually
like
check
the
health
check.
E
F
There
are,
there
are
a
couple
of
ways
you
can
check
this
for
HP
local
there's,
one
endpoint
and
Alex
do
chime
in
if
I'm
getting
this
wrong.
There's
one
end
point,
but
then,
if
you
are
wanting
to
do
a
cluster,
if,
if
you
have
q
proxy
running
right
and
it
is
running
on
the
Node,
it
can
root
to
any
back-end
pod
within
the
cluster.
So
all
you
need
to
do
is
check
the
modes
ability
to
root
that.
So
what
do
you
need
to
check?
F
F
Now,
what
we've
seen
is
combination
of
that
and
the
graceful
note
shutdown
feature
is
that
when
you
go
to
shut
down
the
node
right,
Cube
proxy
gets
the
signal
shut
down.
You
configure
a
graceful
node
term,
a
graceful
termination
period
on
the
Pod.
It
will
then
start
failing
the
help
C
check,
but
still
is
able
to
route
that
traffic
to
the
back
end
by
failing
the
health
C
check.
F
D
D
F
F
These
are
the
nodes
I
sent
last
time
to
the
cloud
provider
and
if,
according
to
its
set
of
predicates,
that
list
doesn't
change,
it
doesn't
go
and
tell
the
cloud
provider
to
keep
updating
the
list.
So
it
is
the
one
that
is
making
the
decision.
Should
this
node
be
in
the
cluster
load
balancer,
or
should
it
not
the
predicates
for
ETP,
local
and
there's
a
new
feature
gate
which
I
believe
is
on
by
default
now
called
stable,
node
predicates?
F
B
I
actually
was
when
you
mention
it
being
on
by
default.
Do
you
mean
because
any
beta
thing
is
on
by
default,
because
that
changed
and
now
things
aren't
down
by
default,
unless
you
explicitly
make
them
on
anyway,
when
you
said
I'm
by
default,
I
was
like:
oh
I,
don't
know
what
stage
this
is
at,
but
if
it's
beta,
that's
no
longer
the
default
to
be
on
by
default.
Okay,.
D
B
E
B
F
I've
just
checked
the
code
it
is
on
by
default,
fantastic,
okay,
so
it's
on
by
default,
basically,
the
the
CCM
no
longer
checks
for
Readiness,
and
it
will
only
send
when
it
sees
the
nodes
update
so
basically
when
a
node
is
added
or
removed.
Now,
if
you
look
in
the
Azure
code,
unfortunately
Azure
code
is
doing
its
own
checks
again.
Is
this
node
ready?
Is
this
node?
Not
so
it
has
this
cache
of.
F
Should
I
exclude
this
from
the
Nova,
the
load
balancer
for
various
reasons,
one
of
which
is
the
note
Readiness
and
basically,
what
we're
seeing
is
that
when
the
CCM
sees
oh
here's
some
new
nodes,
it
goes,
my
node
set
is
different.
It
pulls
update,
load,
balancer,
azure's
cache
says
these
nodes
aren't
ready,
so
don't
add
them
to
the
load
balancer
and
then
eventually
those
nodes
turn
ready,
but
the
CCM
doesn't
see
that
change
right,
because
it's
not
looking
at
the
Readiness,
so
it
never
says,
go
and
update
the
load.
Balancer
azure's
cache
internally
says
yep.
F
These
are
ready
to
go,
but
it
never
updates.
So
we've
we've
been
reliably
reproducing
this
for,
like
three
days
I've
been
looking
at
this
every
time,
I
create
a
cluster,
I,
add
the
worker
nodes
and
they
just
don't
get
added.
There
are
a
few
ways
you
can
trigger
it.
So
if
you
do
want
to
be
re-added,
you
can
restart
the
KCM.
F
You
can
add
another
node,
because
that
will
trigger
it
to
update
the
balancer
list,
but
the
new
node
won't
get
added
only
the
old
ones
that
are
now
ready
or
you
can
wait
for
the
full
resync,
which
I
think
it
takes
10
hours
so
again,
I've
written
up
an
issue.
This
is
related
to
the
previous
one,
I
think.
If
we
can
get
those
two
PR's
merged
that
fix
the
health
checks,
we
can
get
rid
of
the
node
Readiness
checks
in
in
Azure
I
think
it
needs
a
little
bit
of
some
re-architecture
there.
F
So
I
definitely
want
some
input
from
from
the
maintainers
of
visual
month,
but
I
wanted
to
bring
up
here
today,
one
to
put
some
visibility
in
and
also
in
case
there's
any
other
Cloud
providers
who
happen
to
be
using
the
node
Readiness
as
some
condition
when
adding
their
their
nodes
to
the
logo.
So,
basically
don't
do
that
anymore.
Rely
on
the
hosts
that
the
CCN
gives
you
when
it
calls
update,
load,
balancer
and
just
apply
that
and
everything
is
Jolly
from
that
point.
B
F
Yeah
I
think
I've
written
some
details
on
the
issue.
I've
gone
into
as
much
detail
as
I
can
going
through
the
code
of
where
I
see
with
the
issues
and
the
the
way
that
I
was
reliability,
reproducing
it
is
to
create
a
cluster
and
create
a
single
ETP
local
service,
and
with
that
it
was,
it
was
reproducing
reliably
because
I
say
all
the
issues
are
in
4230,
so
yeah.
E
E
D
There
were
other
bugs
as
well
with
regards
to
that,
where
it
could,
for
example,
so
if
a
node
flaps
when
it
comes
to
the
Readiness
conditions
or
between
not
ready
and
ready
if
the
node
is
flapping,
but
the
application
or
the
Pod
running
on
that
node
is
healthy.
So
essentially,
there
isn't
really
a
problem
with
the
node,
but
for
whatever
reason,
the
node
object
is
flapping
State.
Well,
in
that
case
the
the
node
gets
removed
from
the
load
balancer
and
if
it's
ETP
local,
then
Ingress
for
that
pod
is
essentially
cut
right.
D
F
F
F
You
know
there
are
better
ways
that
we
can
do
this.
That
mean
that
disruption
is,
is
getting
to
zero,
and
you
know
I've
been
testing
on
AWS
and
Azure
recently
and
we've
gone.
You
know,
openshift
does
a
bunch
of
statistical
analysis
on
the
the
low
balance
of
disruption
when
we
do
upgrades
right,
that's
what
we
care
about
our
customers,
don't
want
that
pods
disrupted
and
we've
had
some
serious
spikes
from
you
know,
gcp
with
a
few
bucks
there,
but
AWS
and
Azure
have
consistently
been.
F
You
know
four
to
ten
seconds
of
downtime,
with
the
changes
that
we're
working
on
here
we're
getting
reliably
zero
downtime,
which
is
just
that.
That's
what
we
want
right.
That's
the
perfect
the
goal
so
yeah
I
think
the
work
that
has
been
done
here
is
is
good.
We
just
need
to
get
it
in
and
make
sure
we
don't
break
people
and
I
think
kind
of
get
the
word
out
to
get
people
using
these
new
health
checks
and
the
graceful
node
shutdown
stuff
so
that
we
can
get
people
with
good
disruption.
Metrics.
B
Thank
you
so
much
for
working
on
this
Joel
and
I
kind
of
wonder.
When
you
mentioned,
we
don't
want
to
break
people.
One
of
the
things
that
will
probably
all
the
managed
services
will
need
to
do
is
make
sure
we
have
a
path
for
people
that
is
either
well
documented
or
backwards
compatible.
You
know
what
I
mean
like
nobody
wants
to
surprise
their
customers
with
oops.
Your
clusters
are
broken
well,
so
yeah,
even
if
the
change
is
a
good
change,
we
can't
make
a
surprising
thing
happen.
F
Yeah
I
totally
get
that
and
I
think
so.
There's
a
few
variables
right
in
a
cluster,
so
one
of
them
is,
you
may
not
have
cute
proxy
I.
Think
Q
proxy
is
implemented
for
most
cnis
but
I
know.
For
example,
obn
kubernetes
doesn't
have
q
proxy,
but
they
mimic
the
cube
proxy
health
check
endpoints.
So
you
can
still
do
these
style
of
health
checks.
F
So
as
long
as
people
have
got
that
and
it's
working,
we
can
make
this
work,
but
you're
right.
We
don't
want
to
don't
do
anything
in
a
backwards
in
a
possible
way
and
I.
Think
that's
why
both
the
Azure
and
the
AWS
sprs
that
we
put
up
make
sure
that
if,
if
a
user
has
any
opinion
at
all
about
how
their
health
check
should
look,
we
just
keep
the
behavior
as
it
was
before
it's
only
if
they
have
zero
opinion
that
we
just
swap
it
underneath
them,
and
hopefully
they
just
go.
E
D
And
what
you're
saying
is
something
that
I
and
Tim
Hawkins
have
been
discussing
for
a
while.
Now,
since
we
started
working
on
this,
so
Cygnet
is
the
primary
Sig.
I
would
say
that
has
been
involved
in
all
of
these
discussions
for
about
a
year
and
now,
but
it's
been
mainly
Tim
but
yeah.
It's
it's
known,
so
to
speak,
at
least
from
the
point
of
view
of
Sigma
I'd,
say.
F
Yeah
I
was
gonna
say
that
doesn't
the
message
from
Sydney,
okay,
it
doesn't
seem
to
have
made
it
sick
cloud
provider
in
a
way.
I
think
that's.
Why
we're
seeing
these
bugs
coming
through
right?
The
changes
have
gone
into
the
core
cloud
provider,
library
and
then
we've
had
updates
to
the
the
providers
and
that's
when
we've
then
to
oh.
This
doesn't
work
anymore.
D
We've
been
pinging
people
at
least
pinging
Sig
cloud
provider
and
such
on
the
both
the
caps
and
the
PRS
that
have
gone
in
implementing
them,
but
yeah
there
hasn't
been
a
lot
of
traction
so
to
speak
and
I
guess
maybe
that's
normal
since
we're
not
really
joining
meetings
and
maybe
coordinating
personally
on
things.
So
if
you
just
get
a
ping
on
GitHub,
it's
easy
easily
overlooked.
D
F
It's
also
the
fact
there's
so
many
different
Cloud
providers
right,
like
implementations,
need
to
be
updated
for
this,
but
yeah
I
think
maybe
if
we
bring
bring
more
awareness
into
this
group,
we
can
keep
better
track
of
it
and
then
make
sure
that
different
implementations
are
getting
getting
the
updates.
They
need.
A
D
A
Okay,
so
Joel,
you
feel
you've
had
a
good
discussion
here.
I
think
the
follow-up
is
to
get
some
reviews
on
these
on
these
two
pulls
that
you
had,
but
also
that
sounds
like
this
kind
of
a
bigger
question
as
well
that
we
just
need
to
keep
talking
about
here.
Maybe
like
I'm,
I,
guess
I'm,
not.
Is
there
an
action
item
on
the
on
the
larger
topic
of,
like
the
be
the
general
Behavior.
F
F
A
C
A
D
E
B
B
But
so
I'm
not
at
that
one
as
much
as
I
could
be
either
but
yeah
Alex.
Also,
if
you
want
to
for
right
there,
where
we
have
now
reviewer
on
the
related
Cuts,
would
you
mind
commenting
or
putting
a
link
to
the
exact
specific
ones
that
we're
talking
about
just
so
that
when
we
follow
up,
we
have
the
exact
links.
B
C
B
Yeah,
absolutely
thanks
so
I
know
that
it's
July
and
these
things
seem
like
they're,
a
million
years
away,
but
sadly
they're
not
and
the
deadlines
are
coming
up
to
put
our
maintainer
track.
Topics
in
and
I
did
chat
with
our
colleagues
who
are
going
to
be
at
the
kubecon
in
Shanghai
and
got
a
an
outline
of
what
pink
Fair
would
be
willing
to
give
there.
B
And
then
then?
The
related
question,
of
course,
is
who
plans
on
participating
in
the
maintainer
track
in
Chicago
who
plans
on
being
there.
It
is
it's
you
know
in
the
U.S
or
maybe
travel
is
easier
for
some
folks
Etc.
So
that's
just
kind
of
the
overall
question
it
looks
like
El
Miko
is
putting
in
real
time
that
he
thinks
that's
a
good
idea
again.
I
had
a
nice
talk
with
pengfay.
B
That
was
basically
we
need
to,
and
I
sent
him
the
video
for
Michael
and
Joel
and
I
in
Amsterdam
and
was
like
a
talk
like
this
with
some
technical
depth
with
the
topics
that
are,
you
know
of
interest
to
you
and
it
can't
be
Azure
specific,
though,
of
course
you
can
use
examples,
but
this
is
intended
to
be
instructional
for
people
who
are
watching
videos
or
participating
in
live
and
kubecon
Shanghai,
and
he
took
it,
ran
with
it
and
kind
of
came
up
with
a
few
topics
there.
So
basically
yeah.
B
A
B
E
That's
the
hope,
but
I
don't
know
yet
so
usually
yeah
like
like
travel
policy
right
now,
is
kind
of
influx.
So
what's
kubecon
Europe,
it
was
kind
of
prioritized
for
folks
that
are
actually
like
local
to
Europe.
So
I'm,
more
hopeful
about
this
kubecon
but
I
haven't
heard
any
details.
So
I
don't
know.
B
B
We
want
El,
Miku
and
I
to
put
in
at
least
a
placeholder
for
Chicago
with
people
we
think
will
be
there
and
then
maybe
I
would
love
to
have
people
who
haven't
given
the
maintainer
track,
update,
give
it
if
possible,
or
at
least
not
lately-
and
this
is
not
me
saying-
El
Nico
and
I
can't
be
up
there
constantly.
We
certainly
can,
but
it
would
be
super.
If
say,
Andrew
could
be
up
there.
B
Strict
yeah
yeah,
okay.
Well,
we
can
see
who
is
going
to
be
possible
to
put
on
it,
but
it
would
be
super
if
we
had.
You
know
Andrew
Etc,
all
right.
Basically,
I
want
to
talk
about
that
and
then
I
will
sync
with
El
Miko
separately
and
get
the
proposals
hammered
out
and
turned
in
for
pengfay,
because
I
think
having
us
give
a
sid
cloud
provider.
Update
in
China
would
be
really
superb.
A
B
Is
Walter
the
main
person
we'll
definitely
move
that
topic
about
the
cloud
provider
test
accounts,
but
what
he
wrote
about.
Azure
sticking
out
I
just
was
like
looking
at
that
trying
to
look
for
more
information,
so
I
know
that
there
was
a.
There
was
a
whole
thing
about
the
infrastructure
that
was
donated
and
all
this
stuff,
and
it's
like
that
might
be
details,
but
in
case
Walter
watches
this
or
you
know,
reads
anything
later:
I
want
to
make
sure
we
actually
look
into
that.