►
From YouTube: SIG Node Sidecar WG 2022-11-22
Description
Meeting notes and agenda: https://docs.google.com/document/d/1E1guvFJ5KBQIGcjCrQqFywU9_cBQHRtHvjuqcVbCXvU/edit#heading=h.m8xoiv5t6qma
GMT20221122 170443 Recording 1920x1008
A
A
Okay,
dude
see
my
screen
now
yeah,
so
last
time,
perfect.
Last
time
we
discussed
What
design
will
not
be.
We
decided
to
discussed
that
this
is
not
as
a
graph.
This
is
not
a
per
container
single
property
and
it's
not
a
regular
container
beside
car
flag
because
it
needs
to
cover
in
it
containers
as
well.
So
we
want
to
cover
in
its
stage,
show
inside
cars.
A
Probably
it
is
very
started,
even
though
whole
pause
is
not
really
started
and
then
semantically
different
Scopes.
In
future,
we
consider
more
features
or
more
properties
to
be
added
to
this
kind
of
containers,
including
security
reservation.
Some
resource
resolution
put
the
Readiness
at
the
right
when
ports
affects
whether,
when
sidecar
affects
differently,
whether
Port
is
already
or
not
ready
and
then
Wireless
can
be
also
affected
in
a
different
way
as
well
as
Behavior,
and
then
we
need.
A
We
need
to
establish
patterns
that
we
can
reliably
inject
this
sidecar
into
port
and
then
determination
was
a
Hot
Topic.
Last
time
we've
been
discussing
germination
order
and
it
was
important
that
sidecars
will
somehow
be
notified
when
main
containers
start
being
deleted.
It's
not
like
hard
requirement,
but
it's
very
nice
to
have
to
implement
many
scenarios.
A
Okay,
so
this
was
the
requirement
and
we
started
this
mental
exercise.
We
said
that
out
of
the
slide
Deck
with
all
the
stages,
let's
discuss
single
stage
like
pretty
neat
containers
like
let's
say
we
have
pretty
neat
containers
and
then
we've
been
discussing.
What
does
it
mean
and
whether
it
covers
all
the
requirements?
A
A
What
requirements
will
not
be
satisfied
and
then
Matthias
and
Ramya
worked
offline
on
trying
to
come
up
with
like
different
options,
how
it
can
be
represented
in
Podium,
and
if
you
get
to
that,
you
can
discuss
it.
If
we're
not
ready,
we
can
do
it
next
time,
because
not
that
many
people
today
on
the
call,
let
me
copy
requirements
again.
A
So
yeah
again,
let's
reiterate
requirements,
I
think
what
we
can
say
is
it's
will
not
block
termination
yeah.
This
can
be
accomplished
like,
as
we
discussed
three
containers.
We
have
this
characteristics
that
they
start
in
order
before
any
containers,
and
then
they
will
be
terminated
when
app
containers
are
completed.
So
this
will
be
completed.
It's
easy
to
accomplish
foreign.
B
A
Yeah,
this
is
second
requirement
cancer.
Before
any
containers,
we
we
recognize
that
there
is
a
requirement
that
they
should
be
able
to
start
before
a
new
containers.
There
are
scenarios
when
we
want
to
reliably
in
inject
containers
such
a
way
that
they
will
cover
in
each
stage
as
well
and
the
question
was
people
want
to
initialize
some
certificates
for
service
mesh,
or
something
like
that.
So
today
it's
accomplished
through
init
containers
and
in
the
future.
What
we've
been
discussing
is.
B
B
If
we,
if
we're
saying
that,
there's
a
pre
init
phase
that
things
can
inject
themselves
into
like
what
are
the
guarantees
we're
making
there
are
there
any
or
can
somebody
come
along
and
and
basically
will,
will
people
end
up
arm
wrestling
between
two
different
pre-init
containers
as
to
which
one
goes?
First,.
B
B
A
Yeah
we
didn't
get
into
that
discussion.
We
just
the
only
thing
we
discussed
is
that
this
logic
can
be
moved
into
pre-made
stage,
and
it
should
be
it
can
be
accomplished.
Second,
question
is
whether
we
will
have
different
side
cars
so
fighting
for
the
for
the
first
place
like
to
be
first,
we
didn't
discuss
that
far
and
we
didn't
discuss
it
as
a
scenario
that
have
to
be
accomplished.
B
The
reason
I
ask
is
I
think
if
we
figure
that
out
it
will
inform
the
rest
of
the
design
a
little
bit
as
to
whether
we
need
a
single
stage
here
or
whether
we
actually
need
like
a
series
of
stages
with
different
guarantees
or
whether
we
simply
say
we're
just
not
going
to
handle
that,
and
you
can
arm
wrestle
in
whoever
wins.
Good
luck
to
them.
A
C
A
End
up
this
expression,
almost
a
graph
inside
the
podium
so
like,
even
though
it's
both
phases,
we
still
ending
up
with
some
sort
of
a
graph,
because
we
have
so
many
Port
phases
to
accomplish
every
single
scenario,
and
the
discussion
was
how
much
you
want
to
accomplish.
Declaratively
saying
this
is
scenario
support
as
opposed
to
how
much
we
want
to
accomplish
through
some
prescriptions
like
this
is
how
it's
supposed
to
be
working.
A
Please
be
nice
or
record
a
little
bit
and
then
it
will
be
easier
for
you,
like
you,
need
to
code
more,
but
you
still
can
accomplish
this
scenario.
So
yeah
I
agree
that
we
need
to
understand.
Is
it
hard
requirement
or
if
it's
not,
then
we
can,
it
can
be
easier
for
us
to
implement.
If
it
is,
then
it
will
informs
the
design
for
sure.
A
B
D
Yeah
I
mean
It's
tricky,
because
even
if
you
say
that,
like
maybe
you
have
a
I,
don't
know
a
vault
in
it
container
that
sets
up
this
certificates
for
the
surface
mesh.
So
maybe
we
don't
even
always
want
to
be
the
first
verse.
We
want
to
be
the
slightly
less
first
I
I
feel
like
you've
run
into
this.
With
anything
that's
like
in
CSS,
you
have
like
the
weight
or
priority
or
whatever
right,
and
then
you
have
people
putting
999
and
then
9999
and
it's
kind
of
a
mess.
E
So
perhaps
perhaps
it's
a
kind
of
a
free-for-all,
but
if
we
give
them
some
kind
of
best
practice,
then
at
least
for
for
most
purposes
because
I
mean,
if
you
have.
If
you
at
that
point,
need
that
many
different
orderings,
then
it's
kind
of
you're
kind
of
a
unique
situation,
almost
Beyond
like
three
or
four
orderings
I,
would
I
would
think
yeah.
A
B
F
B
D
Cool
I
feel
like
the
ideal
flow
would
be
like
in
at
least
in
Easter.
Today,
like
we
would
block
Readiness
until
we
have
certificates.
I
feel
like
in
this
specific
case.
The
ideal
thing
would
be
the
sidecar.
The
network
proxy
actually
runs
first,
but
it
doesn't
block
until
certificates,
but
it
I
I.
It's
a
bit.
Fuzzy
I
feel.
D
D
B
Don't
think
they
are
codependent
I.
Think
we're
just
not
expressing
it
clearly
like
it
sounds,
like
sorry
was
that
Felix
speaking
before,
yes,
okay,
I,
think
what
you're
expressing
was
you
get?
The
the
first
part
needs
to
go
to
the
local
metadata
server
right.
So
it's
like
not
real
Network
traffic.
It's
like
link
local
traffic,
correct!
Yes,
so
maybe
that's
the
carve
out
or
something
like
that.
F
F
A
F
B
A
B
A
Yep
last
time
we
discussed
it,
all
three
containers
should
be
running
like
it
started
always
so
they
never
terminated
and
we
didn't
come
up
with
a
scenario
when
we
don't
need
this.
Behavior
we've
been
discussing
like
I
mean
we
didn't
discuss
explicitly.
Was
it
initialization
that
you
do
in
pre-made
containers
and
you
don't
need
this
any
longer?
You
want
to
shut
it
down.
We
didn't
discuss
that
in
details,
but
nobody
seems
to
be
very
worried
about
one.
G
I'm
I'm
wondering
if
we
should
not
allow
the
network
provider
to
to
provide
us
a
set
of
init
containers
himself,
and
then
we
incorporate
it
into
the
Pod
spec,
like
you
know,
delegating
to
someone
who
knows
more
than
just
us
like
in
the
case
of
istio,
if
you
say
yeah,
we
we
need
this
certificate.
We
need
this
key.
We
need
this
information
before
and
and
and
if
you
just
provides
all
those
pre-pre-init
containers
for
us,
I,
don't
know.
G
G
So
so
I
I
I,
think
I,
don't
know,
maybe
an
idea
if,
if
we
would
allow
Easter
to
to
provide
a
list
of
containers
to
run
before
their
own
container,
like
like
a
better
mechanism
than
just
doing
the
the
Pod
mutation
at
admission,
that
adds
one
unit
container
something
more
powerful
than
this
I.
Don't
know
how
it
would
look
like,
but.
A
G
Okay
cool
so
like
saying
so,
I
I
need
to
insert
this
container
before
the
main
application.
So
that's
istio,
but
in
order
to
run
I
need
a
container
that
handles
the
certificates
or
I
need
a
container
that
handles
this.
And
then
this
can
be
gathered
in
the
Pod
specs.
Somehow,
like
a
composition,
I
I
don't
exactly
see
how
it
would
work,
but
it's
interesting
maybe
to
to
think
about
inversing.
The
the
configuration
saying
like
I
need
the
component,
and
this
component
knows
what
it
needs
and
an
upfront.
G
B
Yeah
I
mean
that's
a
good
point
right
at
the
end
of
this
there's
going
to
be
Corner
cases,
no
matter
what
we
do
where
we're
going
to
have
to
provide.
You
know
the
escape
hatch.
That
is
you've
done.
Something
really
weird
or
your
environment
is
really
strange,
and
you
have
to
configure
things
yourself
that
way.
A
Because
we've
been
discussing
the
three
unit,
containers
want
to
have
notification
when
app
content
is
completed,
so
they
will
like
received
a
termination
callback.
So
putting
contents
will
also
receive
the
same
callback
or
like
similar
callback.
So
maybe
we
need
to
have
notification
when
you
need
stages
stage
has
completed
so
maybe
another
option.
A
B
F
C
Yeah
I
think
I
think
I'd,
like
what
Tim
was
saying
he.
If
we're
not
going
to
do
a
dependency
graph,
then
we
at
least
need
a
dependency
to
you
know
line
so
that
we
can.
We
can
have
some
way
to
define
you
know
and
sets
of
dependencies
right
and
as
soon
as
you
have
one
you're
going
to
have
an
hour,
it
just
happens
that
way
and
then
we
need
on
the
destruction
to
be
able
to
walk
it
back.
The
other
direction.
C
Use
case
example,
you
know
we
went
from
containers
to
pods
and
that
introduced
the
dependency
on
pod
initialization
volume
management,
other
group
managers
inside
of
the
pods,
and
that
that's
all
being
held
in
Violet
today,
but
it
would
be
nice
if
you
could
extract
that
into
more
of
a
common
container
model.
If
we
could
so
these
you
know,
pods
could
become
more
interesting.
A
Okay,
I
think
I'm
going
to
put
X
here
and
I
think
we
can
accomplish
this.
We
we
still
have
open
question.
Is
anybody
like
really
need
this
network
setup
stage
to
be
before
everything
else,
but
I
I
heard
that
this
on
this
call?
Nobody
have
strong
requirement
like
that
like
if
some,
if
customer
has
a
requirement
to
customer
and
then
I
suggest,
we
can
discuss
this
kind
of
enhancement
like
featuring
hazards
when
we
have
a
Podium
example.
A
So
when
we
have
a
Podium,
then
we
can
discuss
whether
this
kind
of
properties
will
just
fit
into
expanding
this
definition
of
sidecar
or
like
green
it
or
like
ambient
whatever
container
or
we
will
need
to
have,
or
it
will
just
go
to
a
boat
and
you'll
need
to
declare
them
right
now
will
be
to
discuss
whether
this
kind
of
requirements
will
be
applied
specifically
to
print
it
or
it
will
be
applied
to
any
container.
Because
if
it's
applied
to
any
containers,
then
we
don't
need
to
take
care
of
it
right
now.
A
A
B
Yeah
is
that
really
the
same
pod
like
that
feels
like
a
different
proposal
here
to
have
Potter
pod
assistance,
but
they're
not
really
in
the
same
pot
like
running
something
in
a
g.
Visor
puts
you
in
a
different
network
space
right
where
you
can't
really
coordinate
ports,
and
things
like
that
or
or
you
know,
if
you
run
it
in
Kata,
you've
got
more
of
a
vmish
thing
in
between
you
right
is.
Is
that
the
same
POD
at
that
point
or
is
it
a
different
concept.
A
B
H
B
H
H
D
D
C
I
think
it's
I
think
it's
fair
to
say
that
the
runtime
handlers
and
the
things
that
can
be
configured
with
respect
to
resources
need
to
be
expanded.
Today,
there's
a
little
bit
of
limitation
around
the
image
resource.
You
know:
access
polls,
storage,
that
sort
of
thing
that
needs
to
be
murderous
as
well
as
snapshotters
needs
to
be
merged
into
the
Run
handle
or
context,
and
that
needs
to
be
expanded
and
expanded
and
accuplet,
but
I'm
not
sure
if
it's
in
it
containers.
C
You
know
sidecar
container
specific,
it's
more
of
a
the
concept
that
you
know
these
runtime
handlers
need
to
be
expanded
across
the
entire
node,
so
so
that
we
can
have
confidential
pods
so
right
and
in
the
kublet.
You
know
the
node
manager
needs
to
be
able
to
handle
that
as
well
as
the
container
runtime.
A
A
A
A
D
I
don't
know,
I
haven't
I,
haven't
seen
issues,
since
every
container
can
Define
their
own
limits
and
requests,
and
if
you
don't
Define
like
well,
an
issue
could
be
that
users,
don't
typically
Define
guaranteed
whatever
quality
of
service
I.
Think
for
sidecars,
so
like
they
can't
dig
into
the
quota
of
the
other
container
I
believe
that's
how
it
works,
but
that's
not
something.
That's
that
that's
a
user
config
that
they've
chosen
to
do
that
because
they
want
you
know
bursting
or
whatever
I.
Don't
know
that
we
need
to
solve
that.
D
F
F
G
B
I
was
just
say:
I
agree
that
we
don't
do
a
great
job
overall,
of
defining
the
exact
semantics
of
resources
per
container
per
pod
and
how
the
Overflow
of
those
things
Works
in
kubernetes
and
in
fact
it
may
not
even
be
kubernetes
job
to
Define,
that
it
may
actually
be
the
container
run
times
job
to
Define.
What
those
mean.
A
B
A
Yeah
started
for
misrepresentings
that
my
question
was:
do
you
want
to
have
special
throating
special
treatment
for
premium
containers
with
regards
to
CPU
floating?
Let's
say
we
always
have
CPU
more
CPU
for
main
contents,
app
containers
and
for
pre-unit
containers,
because
here
the
issue
is
described
that
and
why
is
still
accepting
traffic
when
app
containers
are
just
do
nothing,
because
it
is
important.
B
B
When
we
look
at
something
like
c
groups
right,
we've
got
a
pod,
C
group
and
then
per
container
c
groups
like
perhaps
it's
worthwhile
to
actually
interject
another
level
in
between
which
is
like
phased
group
like
these
are
all
the
pre
in
it
things,
and
these
are
all
the
app
things
and
that
allows
us
to
with
the
semantics
that
c
groups
offers
allows
us
to
sort
of
slush
resources
around
between
containers,
but
only
within
a
set
right.
So
all
the
pre
and
containers
could
have.
B
C
B
I
think
maybe
the
better
answer
is.
We
should
just
Define
what
we
do
with
c
groups
better
and
actually
use
them
better.
Like
there's
a
lot
of
capabilities
that
c
groups
offer
that
we
don't
take
advantage
of
and
there's
a
lot
of
things
that
we
would
love
to
do
in
terms
of
isolation,
that
c
groups
doesn't
offer
and-
and
maybe
we
should
go
back
and
just
like
focus
on
that
and
then
and
then
worry
about
this
later.
The
the
the
subgrouping
of
resources
later,
okay,
because.
B
This
like
how
many
people
are
confused,
how
many
blog
posts
a
week.
Do
you
see
that
argues
about
whether
or
not
to
set
CPU
limits
right,
as
the
answer
is
larger
than
one
and
people
don't
understand?
The
semantics
of
the
c
groups
that
we
already
have
so
maybe
making
it
more
complicated
is
a
bad
idea.
A
That's
why
I
think
this
may
be
a
good
requirements,
but
it's
unlikely
will
be
sometimes
we
put
as
a
like
force
like
it's,
not
an
opinionated
layout
layers
that
all
pre-init
containers
Express
this
kind
of
behavior.
All
printing
containers
like
loudness
is
affection.
All
other
containers,
violence
and
stuff,
like
that,
okay,.
A
Proposal
is
to
not
do
that.
I'm
I
heard
this
requirement
that
and
boy
Readiness
will
affect
Potter
and
his
differences
and
any
other
container,
but
I
think
if
you
start
playing
with
that,
we
will
need
to
do
it
per
container
not
per
stage.
So
it's
not
like
all
three
unit
containers
who
have
same
effect
on
portraisiness
as
it's
likely
to
be
single,
like
specific
container,
will
have
different
effects
on
powderedness
I,
see.
B
D
B
There's
more
than
just
Readiness
probes
right
like
you
could
be
restarting
or
something
which
could
affect
your
your
Pod
radio,
okay,
fair
enough
yeah
right
like
if
you're,
a
very
crashy,
little
helper,
app
or
or
you're,
particularly
subject
to
I,
don't
know
out
of
memory
or
disc
full
or
something
it
just.
You
know
it's
software,
it's
written
by
people
that
we're
all
stupid,
so
yeah.
B
A
Okay,
so
those
are
not
pretty
new
stage
specific,
it
will
be
there
and
own
behavior.
That
is
different
for
preheat
I.
Think
it's
the
same
category
we
probably
is:
maybe
is
it
in
category
of
resources,
relations
that
we
will
apply
a
little
bit
different
behavior
for
all
contents,
but
likely
to
be
per
container
rather
than
their
stage.
A
A
Savage
is
a
pattern
okay,
so
this
one
is
talking
about.
If
you
will
Implement
just
that,
if
you
implement
just
bringing
containers
when
new
requirements
will
come,
do
you
know
any
requirements
that
will
come
that
will
not
fit
into
this
model
and
that
we
will
need
to
introduce
a
new
stage
of
containers
and
if
you
will
need
to
implement
new
stage
of
containers
and
whether
the
pattern
that
we
will
establish
will
be
repeatable.
So
we
can
do
similar
things.
B
When
I
wrote
this
doc
a
couple
years
ago
about
phases,
I
wrote
it
the
way.
I
wrote
it
because
I
was
trying
to
think
through
the
future.
Like
the
directionality
right,
two
points
indicate
a
line
and
if,
if
the
direction
is
that
we
keep
getting
more
reasons
for
different
different
stages
that
we
should
I
was
trying
to
Pivot
the
conversation
from
what
to
why,
instead
of
saying
well,
we
have
pre
and
it
containers.
That's
the
what
it's
more
like.
Why?
B
What
are
people
doing
with
these
things
and
I
tried
to
define
the
stages
in
a
way
that
said,
okay,
look,
here's
the
assumptions
you
can
make
during
this
stage
and
here's
the
assumptions
you
can
make
during
the
next
stage.
Like
the
first
stage
assumes
you
can't
do
Network
traffic.
So
if
you
have
to
do
something
and
it's
okay
not
to
use
Network
traffic,
then
you
can
go
there.
But
if
you
need
Network,
you
have
to
go
in
the
next
stage
and
that
level
of
thinking
broke
down
into
you
know
four
or
five
potential
stages.
A
G
B
Fine
I,
still
I
find
lists.
I
I
think
in
the
API
are
good.
If
you
have
a
single
author
and
they're
cumbersome,
when
you
have
multiple
authors,
anything
that
is
simpler
than
either
prepend
or
append
becomes
complicated.
If
you
want
to
try
to
insert
something
into
the
middle-
and
this
goes
back
to
the
arm
wrestling
for
like
who
gets
to
be
first
right.
A
A
E
You
typically
would
pick
like
in
the
middle
and
if
you
do
need
to
budge,
because
somebody
else
is
at
that
stage,
but
you
need
to
be
just
before
them.
You
just
tick
up
by
one
or
take
down
by
one,
and
then
you
just
don't
risk
entering
into
the
other
phase.
But
you
still
have
a
little
bit
of
jiggle
room
and
that's
how
you
pick
the
size
of
the
bracket
is
how
big
you
want
your
your
room
but
yeah
to
his
point,
just
just
especially
just
for
in
it
containers.
E
C
A
B
I
think
sorry,
question
on
termination.
It's
I
think
it's
a
requirement
that
sidecars
get
some
reasonable
termination
grace
period
above
and
beyond
the
applications
termination
grace
period.
So
here's
here's
the
thing
I'm
concerned
about.
If
I
have
a
logging,
squirter
sidecar,
that's
going
to
send
logs
somewhere
else
and
my
application
says:
I
need
60
seconds
of
termination
grace
period.
B
B
Wait
and
then,
of
course,
the
question
comes
in
in
chaining
these
things
right
like
if
my
log
sender
captures
the
logs
from
some
other
container
and
that
other
container
runs
for
its
the
app
runs
for
its
60
seconds,
and
this
other
thing
runs
for
its
60
seconds.
Does
the
logger
need
60
more
seconds
like
I?
Don't
know
how
to
sequence
that
yet
I
haven't
thought
about
it.
F
E
A
We
have
three
minutes
left
and
I'm
really
glad
that
we
went
through
all
the
requirements
this
time,
so
we
I
think
we
covered
them
all
and
we
pretty
confident
that
pre-made
containers
concept
may
work
for
foreseeable
future
as
an
implementation.
Now
I
think
we
have
two
directions.
First
is
all
right:
those
requirements
and
discussion
a
little
bit
more
formal
and
maybe
presented
on
Signal
meeting.
A
So
if
there
are
any
more
requirements
that
people
can
think
of
that
doesn't
fit
in
this
model,
then
we
can
discuss
those
requirements
and
if
not,
then
we
can
close
this
conversation
and
like
move
into
discussion
of
yaml
like
how
yamo
may
look
like,
and
whether
all
these
requirements
is
just
one
property
or
like
one
list
that
we
have,
or
this
can
be
service
requirements,
can
be
split
into
property
of
any
container
and
apply
to
any
container
here,
yeah.
So
much
as
you
I
think
you
started
discussing
this
Ramya
right.
A
Okay,
what
how
about
that
like?
We
will
start
with
next
time
with
Podium
that
will
simply
have
a
different
set
of
containers,
and
then
maybe
you
can
go
to
requirements
and
understand
if
any
of
these
requirements
should
be
built-in
feature
of
the
containers,
and
this
is
how
we
describe
what
these
containers
are.
All
these
features
and
properties
can
be
described
as
a
separate
yaml
field
that
can
be
turned
on
and
off
for
the
premium
containers
and
that
can
be
applied
potentially
for
other
containers.