►
From YouTube: SIG Node Sidecar WG 2022-11-22
Description
Meeting notes and agenda: https://docs.google.com/document/d/1E1guvFJ5KBQIGcjCrQqFywU9_cBQHRtHvjuqcVbCXvU/edit#heading=h.m8xoiv5t6qma
GMT20221122 170443 Recording 1920x1008
A
Thank
you,
hello.
It's
short
week
in
the
U.S
on
November
22nd
2022..
It's
a
signal.
Sidecar
work
group
welcome
everybody.
A
So
last
time
we
discussed.
Let
me
share
my
screen
first,
so
it
will
be
on
the
recorded
as
well.
A
Okay,
dude
see
my
screen
now
yeah,
so
last
time,
perfect.
Last
time
we
discussed
What
design
will
not
be.
We
decided
to
discussed
that
this
is
not
as
a
graph.
This
is
not
a
per
container
single
property
and
it's
not
a
regular
container
beside
car
flag
because
it
needs
to
cover
in
it
containers
as
well.
So
we
want
to
cover
in
its
stage,
show
inside
cars.
A
Somehow,
and
we
came
up
with
this
set
of
requirements,
we
discussed
that
it
needs
to
have
some
property
to
block
both
termination
do
not
block
termination,
so
it
will
be
deleted
when
app
content
is
deleted,
it
should
be
able
to
start
before
you
need
containers
you've
been
discussing
that
there
is
a
requirement
for
some
to
initialize
something
before
sidecars,
but
this
installation,
theoretically,
can
be
moved
into
into
a
container
itself,
so
container
itself
will
do
initialization,
which
more
burden
on
developer
but
easier
to
implement
for
us,
then
restart
Behavior
needs
to
be
taken
into
consideration.
A
Probably
it
is
very
started,
even
though
whole
pause
is
not
really
started
and
then
semantically
different
Scopes.
In
future,
we
consider
more
features
or
more
properties
to
be
added
to
this
kind
of
containers,
including
security
reservation.
Some
resource
resolution
put
the
Readiness
at
the
right
when
ports
affects
whether,
when
sidecar
affects
differently,
whether
Port
is
already
or
not
ready
and
then
Wireless
can
be
also
affected
in
a
different
way
as
well
as
Behavior,
and
then
we
need.
A
We
need
to
establish
patterns
that
we
can
reliably
inject
this
sidecar
into
port
and
then
determination
was
a
Hot
Topic.
Last
time
we've
been
discussing
germination
order
and
it
was
important
that
sidecars
will
somehow
be
notified
when
main
containers
start
being
deleted.
It's
not
like
hard
requirement,
but
it's
very
nice
to
have
to
implement
many
scenarios.
A
Yeah
I
think
seven
is
repetition
of
five.
Oh
yeah.
A
Okay,
so
this
was
the
requirement
and
we
started
this
mental
exercise.
We
said
that
out
of
the
slide
Deck
with
all
the
stages,
let's
discuss
single
stage
like
pretty
neat
containers
like
let's
say
we
have
pretty
neat
containers
and
then
we've
been
discussing.
What
does
it
mean
and
whether
it
covers
all
the
requirements?
A
So
we
went
through
some
requirements
around
termination
and
we
went
through
some
requirements
around
initialization
and
finally,
we
are
stumbled
on
CPU
managers
that
may
be
tricky
to
implement
because
CPU
manager
needs
to
account
for
like
today
it
allocates
some
CPUs
for
any
containers
and
then
any
stage
finishes
and
allocates
proper
CPUs
for
up
stages
like
for
main
stage
now
it
will
need
to
pre-allocate
some
init
containers
and
then
they
need
to
play
very
nicely
with
app
containers.
A
One
day,
you'll
come
up
and
that
may
be
not
trivial
task
to
accomplish,
but
other
than
that
we
didn't
find
any
problems.
So
this
time
we
wanted
to
continue
the
discussion.
We
want
to
take
this
picture
and
continue
discussion.
A
What
requirements
will
not
be
satisfied
and
then
Matthias
and
Ramya
worked
offline
on
trying
to
come
up
with
like
different
options,
how
it
can
be
represented
in
Podium,
and
if
you
get
to
that,
you
can
discuss
it.
If
we're
not
ready,
we
can
do
it
next
time,
because
not
that
many
people
today
on
the
call,
let
me
copy
requirements
again.
A
So
yeah
again,
let's
reiterate
requirements,
I
think
what
we
can
say
is
it's
will
not
block
termination
yeah.
This
can
be
accomplished
like,
as
we
discussed
three
containers.
We
have
this
characteristics
that
they
start
in
order
before
any
containers,
and
then
they
will
be
terminated
when
app
containers
are
completed.
So
this
will
be
completed.
It's
easy
to
accomplish
foreign.
B
I
have
a
question:
sorry
I
wasn't
here
last
time.
Last
week
you
mentioned
real
briefly
in
the
in
the
intro
pre
init
pre-pre
in
it
I
as
an
idea
like
we
added
in
it
containers
to
make
a
strong
guarantee
that
this
always
happens
before
that
right.
B
Do
we
feel,
like
that's
going
to
happen
here?
Will
we
need
pre-pre
in
it.
A
Yeah,
this
is
second
requirement
cancer.
Before
any
containers,
we
we
recognize
that
there
is
a
requirement
that
they
should
be
able
to
start
before
a
new
containers.
There
are
scenarios
when
we
want
to
reliably
in
inject
containers
such
a
way
that
they
will
cover
in
each
stage
as
well
and
the
question
was
people
want
to
initialize
some
certificates
for
service
mesh,
or
something
like
that.
So
today
it's
accomplished
through
init
containers
and
in
the
future.
What
we've
been
discussing
is.
A
We
can
either
have
two
stages:
try
to
come
up
with
two
stages
like
one
three,
three
like
one
three
unit
containers,
another
post,
init
containers
or
we
can
make
developers
code
more,
so
developers
will
need
to
take
the
logic
of
init
containers
and
move
them
into
pretty
mid
stage,
so
they
will
either
move
it
into
existing
container
that
will
initialize
itself
or
they
will
move
it
to
separate
containers
that
will
consume
resources
through
throughout
the
whole
Port
execution,
but
the
same,
but
it
may
be
very
little
resources
so
does.
B
B
If
we,
if
we're
saying
that,
there's
a
pre
init
phase
that
things
can
inject
themselves
into
like
what
are
the
guarantees
we're
making
there
are
there
any
or
can
somebody
come
along
and
and
basically
will,
will
people
end
up
arm
wrestling
between
two
different
pre-init
containers
as
to
which
one
goes?
First,.
B
B
A
Yeah
we
didn't
get
into
that
discussion.
We
just
the
only
thing
we
discussed
is
that
this
logic
can
be
moved
into
pre-made
stage,
and
it
should
be
it
can
be
accomplished.
Second,
question
is
whether
we
will
have
different
side
cars
so
fighting
for
the
for
the
first
place
like
to
be
first,
we
didn't
discuss
that
far
and
we
didn't
discuss
it
as
a
scenario
that
have
to
be
accomplished.
B
The
reason
I
ask
is
I
think
if
we
figure
that
out
it
will
inform
the
rest
of
the
design
a
little
bit
as
to
whether
we
need
a
single
stage
here
or
whether
we
actually
need
like
a
series
of
stages
with
different
guarantees
or
whether
we
simply
say
we're
just
not
going
to
handle
that,
and
you
can
arm
wrestle
in
whoever
wins.
Good
luck
to
them.
A
C
A
End
up
this
expression,
almost
a
graph
inside
the
podium
so
like,
even
though
it's
both
phases,
we
still
ending
up
with
some
sort
of
a
graph,
because
we
have
so
many
Port
phases
to
accomplish
every
single
scenario,
and
the
discussion
was
how
much
you
want
to
accomplish.
Declaratively
saying
this
is
scenario
support
as
opposed
to
how
much
we
want
to
accomplish
through
some
prescriptions
like
this
is
how
it's
supposed
to
be
working.
A
Please
be
nice
or
record
a
little
bit
and
then
it
will
be
easier
for
you,
like
you,
need
to
code
more,
but
you
still
can
accomplish
this
scenario.
So
yeah
I
agree
that
we
need
to
understand.
Is
it
hard
requirement
or
if
it's
not,
then
we
can,
it
can
be
easier
for
us
to
implement.
If
it
is,
then
it
will
informs
the
design
for
sure.
A
B
We
were
talking
about
the
arm
wrestling.
The
jockeying
for
First
Position
requirement.
The
idea
that,
like
traffic
capture
installation
has
to
has
to
has
to
happen
first.
D
Yeah
I
mean
It's
tricky,
because
even
if
you
say
that,
like
maybe
you
have
a
I,
don't
know
a
vault
in
it
container
that
sets
up
this
certificates
for
the
surface
mesh.
So
maybe
we
don't
even
always
want
to
be
the
first
verse.
We
want
to
be
the
slightly
less
first
I
I
feel
like
you've
run
into
this.
With
anything
that's
like
in
CSS,
you
have
like
the
weight
or
priority
or
whatever
right,
and
then
you
have
people
putting
999
and
then
9999
and
it's
kind
of
a
mess.
E
E
So
perhaps
perhaps
it's
a
kind
of
a
free-for-all,
but
if
we
give
them
some
kind
of
best
practice,
then
at
least
for
for
most
purposes
because
I
mean,
if
you
have.
If
you
at
that
point,
need
that
many
different
orderings,
then
it's
kind
of
you're
kind
of
a
unique
situation,
almost
Beyond
like
three
or
four
orderings
I,
would
I
would
think
yeah.
A
In
kubernetes
is
typically
accomplished
through
ordering
of
containers
and
yaml
file,
so
we
respect
the
order
and
they
will
be
started
in
this
order.
So
it's
kind
of
indexes
without
declaring
the
index.
B
John
D:
do
you
have?
Is
the
the
case
that
she's
decided
the
Vault
needed
before
mesh
setup?
Is
that
a
real
thing
that
you've
encountered,
or
did
you
just
make
that
up.
D
F
F
Wow
yeah
because
it
basically
it
captures
traffic
on
the
like
local
IP,
that
the
cloud
providers
expose
their
metadata
servers
on
and
there's
Magic
on
this.
B
D
Cool
I
feel
like
the
ideal
flow
would
be
like
in
at
least
in
Easter.
Today,
like
we
would
block
Readiness
until
we
have
certificates.
I
feel
like
in
this
specific
case.
The
ideal
thing
would
be
the
sidecar.
The
network
proxy
actually
runs
first,
but
it
doesn't
block
until
certificates,
but
it
I
I.
It's
a
bit.
Fuzzy
I
feel.
D
D
B
Don't
think
they
are
codependent
I.
Think
we're
just
not
expressing
it
clearly
like
it
sounds,
like
sorry
was
that
Felix
speaking
before,
yes,
okay,
I,
think
what
you're
expressing
was
you
get?
The
the
first
part
needs
to
go
to
the
local
metadata
server
right.
So
it's
like
not
real
Network
traffic.
It's
like
link
local
traffic,
correct!
Yes,
so
maybe
that's
the
carve
out
or
something
like
that.
F
Yeah
yeah
I
mean
to
be
clear:
I
we
don't
do
traffic
interception
for
the
mesh
itself,
so
we
have
a
weird
setup
compared
to
like
Easter
or
Lincoln,
but
I'm
just
saying
that
there
are
other
cases
of
I
need
this
container
to
stop
before
this
other
container
will
start
before
X,
then
just
setting
up
their
table
rules
to
do
traffic
interception.
F
F
A
Containers
and
this
first
A
and
B,
like
volt
installation,
will
probably
consume
resources
forever
for
entire
duration
of
port.
That
is
it
fine.
Is
it
What
will
break
anything
or
it's
fine.
F
B
Okay,
so
that's
an
interesting
question
and
I
don't
know
if
this
was
discussed
last
week,
but
we
have
this
property
today,
where
the
Pod
has
a
restart
policy
and
all
of
the
app
containers
for
lack
of
a
better
word
follow
that
restart
policy
and
all
of
the
init
containers
are
specifically
defined
to
have
a
restart
on
failure
policy
right
and
you
can't
configure
that
you
can't
change.
B
It
is
the
thinking
here
that
pre
in
it
would
have
a
configurable
per
container
policy,
or
does
it
always
do
all
pre
and
it
containers
follow
the
restart
on
failure.
Run
Forever
policy.
A
B
I
think
this
is
really
one
of
the
most
interesting
discussions,
because
it
it
has.
The
at
least
seems
to
me
from
who's
not
super
familiar
with
the
cubelets
Pod
lifecycle
code
anymore.
It
seems
to
me
like
this,
could
have
the
biggest
impact
on
the
the
qual,
the
the
ability
to
do
this
reliably.
A
Yep
last
time
we
discussed
it,
all
three
containers
should
be
running
like
it
started
always
so
they
never
terminated
and
we
didn't
come
up
with
a
scenario
when
we
don't
need
this.
Behavior
we've
been
discussing
like
I
mean
we
didn't
discuss
explicitly.
Was
it
initialization
that
you
do
in
pre-made
containers
and
you
don't
need
this
any
longer?
You
want
to
shut
it
down.
We
didn't
discuss
that
in
details,
but
nobody
seems
to
be
very
worried
about
one.
B
I,
don't
have
a
concrete
use
case
for
it,
but
I
do
worry
that
we're
defining
it
sort
of
recursively
like
if
we
do
this,
then
I
suspect
we'll
end
up
with
pre-pre
in
it
which
follows
the
Run
once
semantic.
G
I'm
I'm
wondering
if
we
should
not
allow
the
network
provider
to
to
provide
us
a
set
of
init
containers
himself,
and
then
we
incorporate
it
into
the
Pod
spec,
like
you
know,
delegating
to
someone
who
knows
more
than
just
us
like
in
the
case
of
istio,
if
you
say
yeah,
we
we
need
this
certificate.
We
need
this
key.
We
need
this
information
before
and
and
and
if
you
just
provides
all
those
pre-pre-init
containers
for
us,
I,
don't
know.
G
G
So
so
I
I
I,
think
I,
don't
know,
maybe
an
idea
if,
if
we
would
allow
Easter
to
to
provide
a
list
of
containers
to
run
before
their
own
container,
like
like
a
better
mechanism
than
just
doing
the
the
Pod
mutation
at
admission,
that
adds
one
unit
container
something
more
powerful
than
this
I.
Don't
know
how
it
would
look
like,
but.
A
G
Okay
cool
so
like
saying
so,
I
I
need
to
insert
this
container
before
the
main
application.
So
that's
istio,
but
in
order
to
run
I
need
a
container
that
handles
the
certificates
or
I
need
a
container
that
handles
this.
And
then
this
can
be
gathered
in
the
Pod
specs.
Somehow,
like
a
composition,
I
I
don't
exactly
see
how
it
would
work,
but
it's
interesting
maybe
to
to
think
about
inversing.
The
the
configuration
saying
like
I
need
the
component,
and
this
component
knows
what
it
needs
and
an
upfront.
G
The
guy
using
the
pod
doesn't
know
it.
So
like
a
dedication
of
dependencies.
A
Do
you
think
container
will
know
in
its
code
that
something
is
completed
so,
if
I
think
in
implementing
that
I
will
just
start
playing
it
container
and
watch
for
some
things
to
appear
and
then,
when
it
appears,
I
can
start
running
or
we
need
to
have
explicit
delegation
on
like
our
orchestration
of
the
things
and
have
a
notification
to
bring
containers.
G
Yeah,
maybe
it's
getting
too
complicated,
I
think
for
the
the
one
percent.
We
should
not
bloat
the
implementation.
B
Yeah
I
mean
that's
a
good
point
right
at
the
end
of
this
there's
going
to
be
Corner
cases,
no
matter
what
we
do
where
we're
going
to
have
to
provide.
You
know
the
escape
hatch.
That
is
you've
done.
Something
really
weird
or
your
environment
is
really
strange,
and
you
have
to
configure
things
yourself
that
way.
A
Because
we've
been
discussing
the
three
unit,
containers
want
to
have
notification
when
app
content
is
completed,
so
they
will
like
received
a
termination
callback.
So
putting
contents
will
also
receive
the
same
callback
or
like
similar
callback.
So
maybe
we
need
to
have
notification
when
you
need
stages
stage
has
completed
so
maybe
another
option.
A
Specific
scenario
in
mind,
so
I
don't
want
to
put
this
requirement
if
somebody
has,
if
it
resonates
with
anybody.
Please
pick
up.
B
F
C
Yeah
I
think
I
think
I'd,
like
what
Tim
was
saying
he.
If
we're
not
going
to
do
a
dependency
graph,
then
we
at
least
need
a
dependency
to
you
know
line
so
that
we
can.
We
can
have
some
way
to
define
you
know
and
sets
of
dependencies
right
and
as
soon
as
you
have
one
you're
going
to
have
an
hour,
it
just
happens
that
way
and
then
we
need
on
the
destruction
to
be
able
to
walk
it
back.
The
other
direction.
C
Use
case
example,
you
know
we
went
from
containers
to
pods
and
that
introduced
the
dependency
on
pod
initialization
volume
management,
other
group
managers
inside
of
the
pods,
and
that
that's
all
being
held
in
Violet
today,
but
it
would
be
nice
if
you
could
extract
that
into
more
of
a
common
container
model.
If
we
could
so
these
you
know,
pods
could
become
more
interesting.
A
Okay,
I
think
I'm
going
to
put
X
here
and
I
think
we
can
accomplish
this.
We
we
still
have
open
question.
Is
anybody
like
really
need
this
network
setup
stage
to
be
before
everything
else,
but
I
I
heard
that
this
on
this
call?
Nobody
have
strong
requirement
like
that
like
if
some,
if
customer
has
a
requirement
to
customer
and
then
I
suggest,
we
can
discuss
this
kind
of
enhancement
like
featuring
hazards
when
we
have
a
Podium
example.
A
So
when
we
have
a
Podium,
then
we
can
discuss
whether
this
kind
of
properties
will
just
fit
into
expanding
this
definition
of
sidecar
or
like
green
it
or
like
ambient
whatever
container
or
we
will
need
to
have,
or
it
will
just
go
to
a
boat
and
you'll
need
to
declare
them
right
now
will
be
to
discuss
whether
this
kind
of
requirements
will
be
applied
specifically
to
print
it
or
it
will
be
applied
to
any
container.
Because
if
it's
applied
to
any
containers,
then
we
don't
need
to
take
care
of
it
right
now.
A
We
can
discuss
it
later.
If
it's
only
specific
for
pre-knit
uniquely,
then
that
may
be
a
new
requirement.
A
A
My
opinion
that
this
requirement
is
not
super
unique
to
pre-init
Containers,
it's
more
like
everything
that
is
injected
should
be
able
to
run
in
security,
isolation.
A
B
Yeah
is
that
really
the
same
pod
like
that
feels
like
a
different
proposal
here
to
have
Potter
pod
assistance,
but
they're
not
really
in
the
same
pot
like
running
something
in
a
g.
Visor
puts
you
in
a
different
network
space
right
where
you
can't
really
coordinate
ports,
and
things
like
that
or
or
you
know,
if
you
run
it
in
Kata,
you've
got
more
of
a
vmish
thing
in
between
you
right
is.
Is
that
the
same
POD
at
that
point
or
is
it
a
different
concept.
A
Yeah,
that's
that
became
complicated
once
you
have
this
I
heard
it
even
people
dreaming
about
side
cars
running
on
different
machine,
but
somehow
have
still
has
access
to
Port.
So
it's
like.
B
Yeah,
that's
a
that's
a
different
thing:
I'm
I'm,
not
even
against
the
thing
that
that
is,
but
I.
Don't
think
that
that's
a
sidecar.
A
Okay,
yeah
and
I-
don't
think
it's
specific
to
sidecar,
so
I
think
that
maybe
applicable
to
any
container.
A
One
question,
though,
is
whether
the
security,
whether
it
is
any
different,
like
I,
think
resources
evaluation,
maybe
something
that
we
may
want
to
apply
specifically
for
sidecars.
A
H
B
H
H
D
D
I
see
yeah
I
mean
I
would
think
that
we
would
need
all
the
fields
that
are
in
container
today,
or
at
least
the
vast
majority.
Maybe
if
you
don't
make
sense,
which
would
include
you
know,
resource
and
security
context.
C
I
think
it's
I
think
it's
fair
to
say
that
the
runtime
handlers
and
the
things
that
can
be
configured
with
respect
to
resources
need
to
be
expanded.
Today,
there's
a
little
bit
of
limitation
around
the
image
resource.
You
know:
access
polls,
storage,
that
sort
of
thing
that
needs
to
be
murderous
as
well
as
snapshotters
needs
to
be
merged
into
the
Run
handle
or
context,
and
that
needs
to
be
expanded
and
expanded
and
accuplet,
but
I'm
not
sure
if
it's
in
it
containers.
C
You
know
sidecar
container
specific,
it's
more
of
a
the
concept
that
you
know
these
runtime
handlers
need
to
be
expanded
across
the
entire
node,
so
so
that
we
can
have
confidential
pods
so
right
and
in
the
kublet.
You
know
the
node
manager
needs
to
be
able
to
handle
that
as
well
as
the
container
runtime.
A
Caesar
that
are
very
specific
to
pretty
neat
containers.
What
about
resource
resolution?
Is
there
any
I
know
we
have
an
issue
suggestions
that
we
want
to
do.
Cpu
throws
container,
does
it
make?
A
B
Two:
do
we
not
set
up
CPU
limits
per
container.
A
A
A
Yes,
so
what's
the
issue
then,
but
I
think
the
topic
about
CPU
quota.
D
I
don't
know,
I
haven't
I,
haven't
seen
issues,
since
every
container
can
Define
their
own
limits
and
requests,
and
if
you
don't
Define
like
well,
an
issue
could
be
that
users,
don't
typically
Define
guaranteed
whatever
quality
of
service
I.
Think
for
sidecars,
so
like
they
can't
dig
into
the
quota
of
the
other
container
I
believe
that's
how
it
works,
but
that's
not
something.
That's
that
that's
a
user
config
that
they've
chosen
to
do
that
because
they
want
you
know
bursting
or
whatever
I.
Don't
know
that
we
need
to
solve
that.
D
F
F
G
B
I
was
just
say:
I
agree
that
we
don't
do
a
great
job
overall,
of
defining
the
exact
semantics
of
resources
per
container
per
pod
and
how
the
Overflow
of
those
things
Works
in
kubernetes
and
in
fact
it
may
not
even
be
kubernetes
job
to
Define,
that
it
may
actually
be
the
container
run
times
job
to
Define.
What
those
mean.
A
Yeah
I
posted
the
link
to
this
issue
here.
So
it's
about
CPU,
throttling
and
yeah
suggestion
was
to
do
it
to
improve
it.
Somehow.
F
B
Wants
to
bite
off
another
chunk
of
meat
that
kept
was
was
fairly
well
thought
out,
and
then
the
contributor
disappeared
and
okay,
it's
just
waiting
for
somebody
to
take
it
over.
If
somebody
wants
to
yeah
and
I
thought,
I
thought
it
was
a
good
cap.
I
was
hopeful
that
somebody
would
pick
it
up.
A
Yeah
started
for
misrepresentings
that
my
question
was:
do
you
want
to
have
special
throating
special
treatment
for
premium
containers
with
regards
to
CPU
floating?
Let's
say
we
always
have
CPU
more
CPU
for
main
contents,
app
containers
and
for
pre-unit
containers,
because
here
the
issue
is
described
that
and
why
is
still
accepting
traffic
when
app
containers
are
just
do
nothing,
because
it
is
important.
B
B
There's
a
semantic
question
here,
I
guess
is,
is
what
I'm
getting
to
with
respect
to
the
per
pod
resources
here,
I'll,
throw
out
some
crazy
idea
that
I
don't
think
we
should
do
but
I
feel
like
I
should
say
it
out
loud
now,
we've
gotta
we've
already
got
an
actual
hierarchy.
B
When
we
look
at
something
like
c
groups
right,
we've
got
a
pod,
C
group
and
then
per
container
c
groups
like
perhaps
it's
worthwhile
to
actually
interject
another
level
in
between
which
is
like
phased
group
like
these
are
all
the
pre
in
it
things,
and
these
are
all
the
app
things
and
that
allows
us
to
with
the
semantics
that
c
groups
offers
allows
us
to
sort
of
slush
resources
around
between
containers,
but
only
within
a
set
right.
So
all
the
pre
and
containers
could
have.
B
B
C
So
I
think
it
was
a
great
idea
and
we've
got
this
class
resources
cup.
You
know
work
going
on
I,
think
that
would
be
related
to
this
possibly
provide
a
solution.
B
I
think
maybe
the
better
answer
is.
We
should
just
Define
what
we
do
with
c
groups
better
and
actually
use
them
better.
Like
there's
a
lot
of
capabilities
that
c
groups
offer
that
we
don't
take
advantage
of
and
there's
a
lot
of
things
that
we
would
love
to
do
in
terms
of
isolation,
that
c
groups
doesn't
offer
and-
and
maybe
we
should
go
back
and
just
like
focus
on
that
and
then
and
then
worry
about
this
later.
The
the
the
subgrouping
of
resources
later,
okay,
because.
B
This
like
how
many
people
are
confused,
how
many
blog
posts
a
week.
Do
you
see
that
argues
about
whether
or
not
to
set
CPU
limits
right,
as
the
answer
is
larger
than
one
and
people
don't
understand?
The
semantics
of
the
c
groups
that
we
already
have
so
maybe
making
it
more
complicated
is
a
bad
idea.
A
Okay,
I
just
needed
to
talk
about
it,
just
to
offer
complete
mistake
and
I
think
this
is
one
of
the
requirements
that
can
be
applied
for
only
containers
and
maybe
a
requirement
in
the
future,
but
yeah
we
can
discuss
it
when
we
have
Podium
like
how
the
main
Charities
can
be
implemented
later
rights
I
think
this
is
applicable
for
any
containers
like
we
don't
not
necessarily
will
single
out
specific
stage
like
not
all
pretty
neat
containers.
A
It
will
have
the
same
weight
of
like
attracts
in
Port
Readiness,
so
it's
likely
it
will
be
per
container
in
future.
A
That's
why
I
think
this
may
be
a
good
requirements,
but
it's
unlikely
will
be
sometimes
we
put
as
a
like
force
like
it's,
not
an
opinionated
layout
layers
that
all
pre-init
containers
Express
this
kind
of
behavior.
All
printing
containers
like
loudness
is
affection.
All
other
containers,
violence
and
stuff,
like
that,
okay,.
A
Proposal
is
to
not
do
that.
I'm
I
heard
this
requirement
that
and
boy
Readiness
will
affect
Potter
and
his
differences
and
any
other
container,
but
I
think
if
you
start
playing
with
that,
we
will
need
to
do
it
per
container
not
per
stage.
So
it's
not
like
all
three
unit
containers
who
have
same
effect
on
portraisiness
as
it's
likely
to
be
single,
like
specific
container,
will
have
different
effects
on
powderedness
I,
see.
B
D
B
There's
more
than
just
Readiness
probes
right
like
you
could
be
restarting
or
something
which
could
affect
your
your
Pod
radio,
okay,
fair
enough
yeah
right
like
if
you're,
a
very
crashy,
little
helper,
app
or
or
you're,
particularly
subject
to
I,
don't
know
out
of
memory
or
disc
full
or
something
it
just.
You
know
it's
software,
it's
written
by
people
that
we're
all
stupid,
so
yeah.
B
A
Okay,
so
those
are
not
pretty
new
stage
specific,
it
will
be
there
and
own
behavior.
That
is
different
for
preheat
I.
Think
it's
the
same
category
we
probably
is:
maybe
is
it
in
category
of
resources,
relations
that
we
will
apply
a
little
bit
different
behavior
for
all
contents,
but
likely
to
be
per
container
rather
than
their
stage.
A
Especially
secret
video
yeah
okay,
so
we
found
one
that
maybe
we'll
need
to
discuss
when
we'll
get
into
podiamo.
Everything
else
is
see
what
it
sounds
to
be
covered
and
can
be
accomplished
as
pretty
unique.
Containers.
A
Savage
is
a
pattern
okay,
so
this
one
is
talking
about.
If
you
will
Implement
just
that,
if
you
implement
just
bringing
containers
when
new
requirements
will
come,
do
you
know
any
requirements
that
will
come
that
will
not
fit
into
this
model
and
that
we
will
need
to
introduce
a
new
stage
of
containers
and
if
you
will
need
to
implement
new
stage
of
containers
and
whether
the
pattern
that
we
will
establish
will
be
repeatable.
So
we
can
do
similar
things.
B
We
need
to
find
a
better
name
than
pre
in
it,
but
whether
we're
doing
this
one
time
or
whether
we
actually
believe
that
there'll
be
another
one
and
maybe
another
one
over
time
like
if
there's
going
to
be
pre
in
it
and
then
pre-pre
in
it
and
then
Network
pre
in
it
like
that,
will
change
how
we
think
about
the
API.
A
Yeah
I
think
so
far
we've
been
discussing
that
everything
Beyond
standard
requirements
can
be
accomplished
by
ordering
containers
and
quoting
something
inside
this
containers,
so
I
think
we
should
be
covered.
B
When
I
wrote
this
doc
a
couple
years
ago
about
phases,
I
wrote
it
the
way.
I
wrote
it
because
I
was
trying
to
think
through
the
future.
Like
the
directionality
right,
two
points
indicate
a
line
and
if,
if
the
direction
is
that
we
keep
getting
more
reasons
for
different
different
stages
that
we
should
I
was
trying
to
Pivot
the
conversation
from
what
to
why,
instead
of
saying
well,
we
have
pre
and
it
containers.
That's
the
what
it's
more
like.
Why?
B
What
are
people
doing
with
these
things
and
I
tried
to
define
the
stages
in
a
way
that
said,
okay,
look,
here's
the
assumptions
you
can
make
during
this
stage
and
here's
the
assumptions
you
can
make
during
the
next
stage.
Like
the
first
stage
assumes
you
can't
do
Network
traffic.
So
if
you
have
to
do
something
and
it's
okay
not
to
use
Network
traffic,
then
you
can
go
there.
But
if
you
need
Network,
you
have
to
go
in
the
next
stage
and
that
level
of
thinking
broke
down
into
you
know
four
or
five
potential
stages.
A
Yeah
and
we
can
come
up
with
use
cases
in
different
during
those
meetings-
wider
email
asking
for
those-
and
if
there
is
none,
then
you
can
just
call
this
conversation
for
a
few
years,
at
least.
A
Okay,
I
reliably
injected
I
think
this
is
covered
with
most
of
thinking
like
most
of
most
of
proposals.
How
to
implement
this
premium
stage,
Works
nicely
with
injecting
containers
and
then.
G
I
just
have
a
question
regarding
the
the
ordering
the
does
yaml
guarantee
the
ordering
of
in
lists.
Yes,
yes
and.
B
Fine
I,
still
I
find
lists.
I
I
think
in
the
API
are
good.
If
you
have
a
single
author
and
they're
cumbersome,
when
you
have
multiple
authors,
anything
that
is
simpler
than
either
prepend
or
append
becomes
complicated.
If
you
want
to
try
to
insert
something
into
the
middle-
and
this
goes
back
to
the
arm
wrestling
for
like
who
gets
to
be
first
right.
A
And
probably
from
Jasmine
about
indexing
I,
don't
think
we
I
would
be
against
in
the
intelligent
indexing
just
for
premium
containers.
It
seems
to
be
a
big
change
that
may
not
be
Justified
with
scenarios
yet.
E
Basically,
like
it
was
really
just
like
weighted
orderings
and
then
the
problem
was
proposed
of
people
just
do
99999
to
get
priority.
A
E
Least,
priority
and
I
just
had
mentioned
that
there
are
ways
it's
kind
of
like
a
song,
because
this
is
already
kind
of
you're
you're,
going
out
of
the
way
to
to
do
something
funky
with
with
many
many
pre-ordered
containers,
but
to
just
kind
of
educate
them
in
the
documentation
of
like
an
example
of
you
could
bucket
it,
and
if
you,
if
you
kind
of
put
put
out
in
maybe
brackets,
is
a
better
word
for
your
indexes
and
you
dedicate
those
it's
basically
just
recreating
your
stages
like
stage
one
would
be
with,
like
you
know,
zero
through
ten
stage,
two
would
be
whatever,
and
the
idea
is
just.
E
You
typically
would
pick
like
in
the
middle
and
if
you
do
need
to
budge,
because
somebody
else
is
at
that
stage,
but
you
need
to
be
just
before
them.
You
just
tick
up
by
one
or
take
down
by
one,
and
then
you
just
don't
risk
entering
into
the
other
phase.
But
you
still
have
a
little
bit
of
jiggle
room
and
that's
how
you
pick
the
size
of
the
bracket
is
how
big
you
want
your
your
room
but
yeah
to
his
point,
just
just
especially
just
for
in
it
containers.
E
C
A
Okay,
thanks
and
lastly,
termination
ordering
I
think
we
discussed
it,
it
should
be
sidecars
last
and
we
will.
We
can
Implement
containers
this
way.
So
that
should
be
fine.
So.
B
I
think
sorry,
question
on
termination.
It's
I
think
it's
a
requirement
that
sidecars
get
some
reasonable
termination
grace
period
above
and
beyond
the
applications
termination
grace
period.
So
here's
here's
the
thing
I'm
concerned
about.
If
I
have
a
logging,
squirter
sidecar,
that's
going
to
send
logs
somewhere
else
and
my
application
says:
I
need
60
seconds
of
termination
grace
period.
B
B
Wait
and
then,
of
course,
the
question
comes
in
in
chaining
these
things
right
like
if
my
log
sender
captures
the
logs
from
some
other
container
and
that
other
container
runs
for
its
the
app
runs
for
its
60
seconds,
and
this
other
thing
runs
for
its
60
seconds.
Does
the
logger
need
60
more
seconds
like
I?
Don't
know
how
to
sequence
that
yet
I
haven't
thought
about
it.
F
E
A
We
have
three
minutes
left
and
I'm
really
glad
that
we
went
through
all
the
requirements
this
time,
so
we
I
think
we
covered
them
all
and
we
pretty
confident
that
pre-made
containers
concept
may
work
for
foreseeable
future
as
an
implementation.
Now
I
think
we
have
two
directions.
First
is
all
right:
those
requirements
and
discussion
a
little
bit
more
formal
and
maybe
presented
on
Signal
meeting.
A
So
if
there
are
any
more
requirements
that
people
can
think
of
that
doesn't
fit
in
this
model,
then
we
can
discuss
those
requirements
and
if
not,
then
we
can
close
this
conversation
and
like
move
into
discussion
of
yaml
like
how
yamo
may
look
like,
and
whether
all
these
requirements
is
just
one
property
or
like
one
list
that
we
have,
or
this
can
be
service
requirements,
can
be
split
into
property
of
any
container
and
apply
to
any
container
here,
yeah.
So
much
as
you
I
think
you
started
discussing
this
Ramya
right.
G
Rather,
we
discussed
the
the
use
case
for
the
the
lift
patch
and
and
made
sure
that
the
brain
it
kept
would
would
tick
all
the
boxes
that
they
need
as
their
use
case
and
then
I
wanted
to
check
with
the
other
patch
the
other
Forks
of
communities,
maybe
the
caverno
one
and
I
don't
know
if
there
are
other
ones
to
to
see
if
our
proposal
would
would
fit
the
needs
as
well
before
going
to
the
yaml,
because
I
know
this
one
will
be
super
controversial.
A
Okay,
what
how
about
that
like?
We
will
start
with
next
time
with
Podium
that
will
simply
have
a
different
set
of
containers,
and
then
maybe
you
can
go
to
requirements
and
understand
if
any
of
these
requirements
should
be
built-in
feature
of
the
containers,
and
this
is
how
we
describe
what
these
containers
are.
All
these
features
and
properties
can
be
described
as
a
separate
yaml
field
that
can
be
turned
on
and
off
for
the
premium
containers
and
that
can
be
applied
potentially
for
other
containers.
B
F
A
We
can
at
least
all
the
options.
A
Okay,
thank
you.
Thank
you.
Everybody
talk
to
you
next
week
and
maybe
earlier
sorry
yeah
and
if
you're
in
the
U.S
Happy
Thanksgiving
thanks.
Sorry.
B
A
B
A
Yeah
and
I
put
all
the
participants
from
last
week
from
Zoom
just
grab
the
zoom
airport.
So
if
you
want
to
put
your
name
and
Company,
please
put
it
here.
Otherwise,
I'll
just
put
the
other
participant
just
Consumer
Reports.