►
Description
PRs for code freeze:
* Remove insecure serving: https://github.com/kubernetes/kubernetes/pull/108953
* Webhook: https://github.com/kubernetes/kubernetes/pull/108838
* leader migration: https://github.com/kubernetes/kubernetes/pull/108016
* Kubelet credential provider
- Node e2e test PR: https://github.com/kubernetes/kubernetes/pull/108651
- Graduation to Beta: https://github.com/kubernetes/kubernetes/pull/108847
B
A
All
right,
hey
folks:
this
is
the
bi-weekly
cloud
provider
extraction
migrations
project.
Reading,
given
code
freeze
is
a
few
days
away.
I
figured
it'd
be
good
to
spend
this
time
reviewing
pr's
talking
about
prs
that
we
want
related
to
the
whole
extraction,
effort
and
whatnot.
I
know
nick
has
a
few
peers.
A
C
So
I
just
came
across
this
when
I
was
working
on
the
web
hook
stuff-
I
I
don't
think
we
set
a
date
for
removing
it,
so
that
would
be
the
kind
of
the
con,
but
it
is
marked
as
deprecated
and
I
believe,
pretty
much.
Every
other
component
has
removed
their
insecure
serving
stuff
configuration.
So
I
thought
I
would
at
least
propose
it
and
we
can
either
remove
it
in
124
or
set
a
date
or
instead
of
set
a
release.
A
Okay,
because
yeah,
if
it's
that
long
and
we
already
know
that
cube
controller
manager
deleted
a
while
ago,
then
I'm
inclined
to
say
yeah,
let's
just
remove
it,
I'm
wondering
though
like
is
it?
Did
you
just
notice
this
deprecated
and
you're
removing
it,
or
was
there
like
a
technical
issue
when
implementing
the
webhooks
pr
around
the
insecure,
serving.
C
No,
there
was
not
well
yeah,
there
was
not.
I
was
originally
like
deciding
whether
or
not
to
add
it
to
insecure
serving
you
know,
because
my
original
implementation
was
essentially
adding
it
to
the
secure
serving
handler.
That's
already
there,
that's
changing,
which
we
can
talk
about
for
the
next
vr
but
yeah.
I
just
noticed
it
and
then
figured
might
as
well
rip
it
out.
A
A
C
But
the
big
thing
is
the
the
sort
of
short
the
alpha
shortcut
that
we
were
talking
about,
where
we
would
add
the
web
hooks
to
the
secure
serving
port,
that's
already
included,
which
has
hell
c.
It
has
config
z
and
it
has
metrics
so
there's
kind
of
an
interesting
problem
with
that
which
is
going
to
force
me
to
create
a
new,
secure,
serving
configuration
and
serve
it
off
of
a
different
port.
C
C
C
So
the
api
server
calls
to
ccm
and
then
ccm
calls
back
out
to
the
api
server,
and
that
only
would
work
if
you
had
the
same
ca
configured
for
client,
cert
auth
and
for
the
api
server
proxy
client,
but
as
it
is
now,
those
are
in
almost
all
setups.
Those
are
different
cas
and
that's
how
you
like
that.
That's
the
secure
way
to
kind
of
configure
stuff.
C
So
what
happens?
Is
the
api
server
treats
itself
as
system
anonymous
and
then
you
would
have
to
create
an
r
back
rule
for
system
anonymous,
calling
on
that
web
hook
path
and
allow
that
which
I
suppose
is
possible,
but
it
is
kind
of
pretty
undesirable.
So
I'm
almost
finished,
adding
the
additional
secure
serving
configuration
and
a
couple
flags
for
that
and
I'll
have
that
updated.
Hopefully
today,
but
that's
kind
of
the
where
it
is
right
now.
A
C
A
C
A
A
A
A
C
B
B
C
B
B
I
think
all
the
people
that
we
know
we
could
convince
to
try
and
use
it
have
done
that
if,
if
there's,
if
there's
somebody,
that's
convinced
that
we're
going
to
be
able
to
get
users
to
do
something
and
there's
something
concrete
that
we
could
use
as
the
goal
post
to
know
that
we've
done
that.
I
would
be
game
for
that.
B
B
C
A
I
mean
I
do
think
that
we're
we're
allowed
to
add
new
features
and
enhance
the
existing
thing
or,
like
add
on
to
it.
I
think
really.
The
concern
is
like
breaking
changes
like
if
we
went
to
this
release
and
then
later
we're
like.
Oh
there's
a
breaking
change,
we
really
want
to
make
we've.
We
wouldn't
be
able
to
do
that,
but,
like
right,
I
don't
know
like
I'm
not
sure
like
yeah,
like
I,
I
can't
think
of.
A
D
I'm
just
not
convinced
we're
not
going
to
find
a
reason
to
want
to
move
from
least
to
get
something
other
especially.
You
know
the
more
generic
version
of
this,
which
is
saying
hey.
I
want
to
be
able
to
move
any
set
of
controllers
as
any
as
examples
I
could
see
where
you
might
want
to
do
something
like
support
a
cr
or
even
an
aggregated
endpoint.
If
you
wanted
a
different
back
end,
so
I'm
just
not
I
the
one
thing
I
will
say
is
I'm
a
li.
D
B
D
D
B
B
A
A
I
mean
yeah
and
I
I
tend
to
agree
that
we
have
this.
I
mean
we
have
this
chicken
and
neck
problem
with,
like
all
the
this
whole
cloud
provider
extraction
thing
like
we're,
not
going
to
have
the
whole
user
base
coming
in
complaining
about
the
fact
that
we
remove
cloud
providers
until
we
actually
do
it.
So,
like
we're
kind
of
at
some
point,
we
have
to
like
kind
of
fight
that
bullet
so.
B
I
think
the
bigger
picture
is
if
we
keep
the
things
that
you
need
to
do
finish,
the
cloud
provider
migration
beta.
I
think
we
are
continuing
to
push
out
like
when
we're
able
to
say
we're
done
further.
I
mean,
if
we're
okay
with
that
in
this
case,
that's
fine.
I
just
want
to.
I
want
to
make
sure
that
we
have,
because
we
kind
of
have
to
have
like
a
go,
no
go
pretty
much
today
on
whether
or
not
we're
going
to
make
that
code
change
and
try
and
put
it
in.
D
A
Yeah,
it's
not
like
meets
where
it
knows
that
you
said
something
that
raises
it
puts
it
down
for
you,
but
yeah,
I'm
yeah.
I
mean,
I
think,
I'm
convinced
right
like
the,
because
we're
not
yeah
like
joe
was
saying
like,
doesn't
require
a
round
trip,
and
it's
just
a
local
config
that
you
convert
to
an
internal
type.
It
seems
like
breaking
changes,
are
unlikely
or
like
there.
I
can't
think
of
a
change
where
we'd
be
back
into
the
corner,
so
I'm
I'm,
I'm
a
plus
one
to
try
to
get
listen.
A
E
Yeah,
like
I
haven't,
heard
anything
from
bridgette
back,
yet
you
know
this.
Basically,
the
problem
was
that
I
was,
I
was
having
difficulty
getting
the
leader
migration
to
work
on
azure,
with
just
like
kind
of
a
so-called
vanilla
kubernetes
right
like
I
thought
I
would
have
problems
getting
to
do
it
on
openshift
using
the
migration
methodology,
and
that
proved
to
be
true.
Just
the
security
requirements
were
to
I
couldn't
get
it
like.
You
know
configured
the
way
I
wanted
to
so
I
might.
E
I
moved
to
just
trying
to
like
just
deploy
like
a
normal
cube
cluster
on
ad
on
azure
and
then
just
trying
to
run
the
instructions
from
the
docs,
but
I
was
running
into
problems
getting
that
to
work
for
me
and
I
started
to
wonder
if
maybe
it
was
like
my
azure
account
credentials
or
something
like
I
like.
I
wasn't
sure
if
it
was
actually
you
know
the
attack
that
was
causing
a
problem
or
my
permissions
on
azure.
E
So
I
reached
out
to
bridget
about
two
weeks
ago,
just
saying
like
hey
like:
if
you've
got
people
there,
who
could
just
deploy
an
azure
cluster
and
like
just
try
this,
you
know
with
the
instructions
from
upstream
like
that
would
be
good.
But
at
this
point
like
I
can't
say
that
I've
done
it
on
azure
and
give
a
thumbs
up
like
I
just
I
don't
feel
confident
about
that.
But
I
don't
think
it's
because
the
patches
are
bad
in
the
migration
thing.
I
think
it's
more
because
I'm
having
difficulty
operating
the
cluster.
A
E
A
So
yeah
we
immersed
pr
to
add
no
dvd
tests
with
the
dc
remote
runner
and
then
there's
a
pr
to
promote
the
all
the
types
in
the
beta
and
promote
the
future
gate.
So
this
should
be
merged
soon,
but
yeah.
If
anyone
wanted
to
make
any
more
changes
to
this
feature
before
beta,
maybe
some
like
a
few
days.
So
let
me
know
walter,
you
have
a
hand
up.
A
Yeah,
that
would
be
that
would
be
really
nice
to
have
like
I,
I
kind
of
took
the
path
to
release
resistance
and
just
bake
everything
in
the
main
repo
and
but
we
do
have
a
proud
job
that
is
running
it
and
passing
so
like
that.
That's
good,
but
I
agree
like
if
we
have
it
externally
running
on
the
other
providers.
Good.
A
D
A
Okay
and
oh
one
more
thing,
I
sent
an
email
up
to
the
sig
about
changing
the
meeting
time
for
this
something
a
bit
earlier.
That's
more
euro
friendly,
I
think
only
michael,
was
only
one
who
kind
of
had
like
a
veteran
for
the
time.
So
I'm
just
gonna
go
work
with
that
one.
I
think
it
was
like
12,
30
or
more.