►
From YouTube: Kubernetes SIG Node 20230815
Description
SIG Node weekly meeting. Agenda and notes: https://docs.google.com/document/d/1Ne57gvidMEWXR70OxxnRkYquAoMpt56o75oZtg-OeBg/edit#heading=h.adoto8roitwq
GMT20230815-170507_Recording_1920x936.mp4
A
Hello,
it's
a
weekly
signal
meeting,
it's
August
15th
2023.
We
just
entered
second
half
of
August,
so
participation
is
not
set
huge,
we're
doing
mostly
retrospective.
Today
we
have
a
couple
more
topics,
but
I
think
with
respective
for
128
will
be
the
biggest
topic
for
today.
So
let's
get
going
Raven
take
it
over.
B
Yeah
thanks,
okay,
so
as
before
I
put
together
all
of
the
Caps
that
we
tracked
for
128
and
I
marked
them
as
a
merged
or
not
merged.
So
we
have
an
overview
of
how
many
caps
we
emerge
and
how
we're
doing-
and
we
have
some
history
data
so
first
it
will
go
through
all
the
caps
and
then
we
will
do
some
retro
on
what
we
did
well
and
What
didn't
go
too
well.
So,
let's
start
with
caps.
B
Here
is
a
list
of
all
of
the
Caps.
Let's
just
quickly
go
through
them.
We
have
a
31
caps
tracked
for
128
and
out
of
them
we
have
16
merge
I,
have
to
say
that
some
of
the
Caps
are
marked
as
tracked
on
their
cap
issue,
but
I
just
take
them
to
the
comments
a
little
bit
to
see
if
they
really
merge
or
not.
So,
if
I
misunderstand
the
status
of
any
cap,
just
let
me
know,
look
through
them.
Yeah
the
first
one
support
username
spaces.
B
C
D
Sorry,
so
we
won't
be
able
to
move
ahead
with
the
beta,
because
we
found
an
issue
in
how
we
were
understanding
the
usage
of
memory,
dot
High
it
it.
If
we
use
memory
dot
High,
it
will
actually
block
the
processes
forever
and
hence
we
don't
want
to
use
it.
I'll
also
go
ahead
and
summarize
it
in
the
cap
and
as
a
bug
comment.
B
E
B
B
B
A
D
A
B
And
then
fine-grained
supplemental
groups,
control,
yeah
attempt
attempting
Alpha
again
not
merged
next
one
retrievable
non-retrieval
pod
failures
for
jobs
is
some
changes
but
still
staying
in
beta
and
it
is
merged
and
then
in
place.
Update
for
pod
resources
is
sustained
Alpha
for
128
and
I,
don't
think
there's
any
change
emerged
for
it.
I
might
be
wrong
on
the
status
of
this
one.
G
B
Okay,
next
one
CDI
devices
to
device
plugin,
API
Alpha
and
it
is
merged
and
then
split
standard
out
and
the
standard
error
log
stream.
This
is
not
merged.
I,
don't
think
the
author
made
too
many
comments
or
too
many
updates
on
the
issue,
but
yeah
it
looks
like
there
is
just
a
not
too
much
raisin
update
and
next
one
is
so
Insurance
equal,
put
images,
yeah,
Target
and
Alpha,
and
it
is
not
merged.
B
F
I
B
I
B
All
right
cool
thanks,
yeah
and
the
next
one
dra
Dynamic
resource
allocation,
Alpha
and
I-
think
the
changes
are
merged
yeah
and
the
next
one
is
to
support
third-party
device
monitoring
plugins.
This
is
also
a
long-standing
feature
being
promoted
to
Sable
and
it
is
merged
next,
one
incubator
resource
metrics
endpoint
of
promoting
to
stable,
and
this
one
is
not
merged
and
the
next
one
is
sub.
B
Second,
more
granular
probes,
new
feature,
Alpha,
not
merged,
and
the
last
one
is
Kos
class
resources
also
Alpha
new
feature,
and
it's
not
merged
so
yeah.
These
are
all
the
31
caps.
We
tracked
for
128,
and
so
we
have
actually
17
of
the
merge,
okay
and
yeah
to
compare
these
are
some
of
the
history
data.
We
had
way
more
caps,
attracting
128
compared
to
previous
Cycles.
B
B
So
this
is
what
we
found
out
in
the
127
red
shows
think
that
went
well.
We
did
in
place
pod
vertical
scaling.
We
had
some
good
progress
on
graduations
cap,
graduations
and
yeah
in
127
we
had
more
caps
track
emerge,
and
now
we
have
even
more
abstract,
better
overall
planning.
Everything
goes
on.
Time
did
a
good
job,
applying
milestones
and
yeah.
We
had
more
chairs
and
yeah.
We
decided
to
not
take
sidecar
for
127.
B
B
Things
could
have
gone
better
in
127
from
merged
in
place
late
due
to
the
review
Samsung
bugs
and
not
too
much
going
on
for
fixing
the
In-Place
bugs
right
and
we
broke
a
standalone
cool
word
yeah
and
also
we
did
most
of
the
reviews
right
before
the
phrase
yeah.
Okay.
So
that's
what
we
found
out
in
127.
So
let's
talk
about
128,
then.
A
A
B
J
C
F
C
F
D
H
I
H
At
a
faster
Cadence
or
what
I
I
know
personally
I
struggle
with
that
I,
don't
know
if
I'm,
the
only
one
so
I
and
I
know,
there's
a
few
others
that
we
read
some
caps
and
we're
thinking
what
to
do
on
this
and
there's
probably
some
guilt
on
on
trying
to
figure
out
how
to
how
to
close
some
questions,
and
sometimes
the
Caps
present
things
as
Alpha
and
then
defer
the
resolution.
The
big
problems
until
beta
and
I.
C
Deadline
also
acts
as
a
motivating
factor
that,
if
you
don't
review
it,
we
have
only
a
week
left.
So
that's
when
everyone
gets
lit
up
too
go
and
review
and
try
to
get
things
much
I,
don't
know
like
what
other
motivation
I
think
we
need
to
come
up
with
other
motivating
factors
to
kind
of
spread.
That
reviews
out
across
caps.
C
I
Yeah
it
almost
feels
like
for
some
of
the
Caps.
We
need
a
different
track,
an
architecture
track
where
we're
deciding
what
the
total
contents
should
be,
the
end
game.
You
know
you
know,
and
then
the
parts
that
we
can
make
progress
moving
forward
right,
I
think
sometimes
we're
too
concerned
about
putting
something
in
that
we
have
to
support
forever.
But
it's
even
if
it's
just
an
alpha.
C
H
D
D
H
D
I'm
not
I
did
not
check
whether
there
was
memory
pressure
before
memory
dot
high.
But
yes,
there
was
memory
pressure
after
it
reached
memory,
dot
high
and
there
were
kernel
reclaims
beyond
that
point,
but
it
never
reached
the
memory.max
level
that
would
have
resulted
in
kills.
It
always
stayed
below
memory.max.
That's
why
it
was
just
stuck.
H
I
appreciate
you
sharing
all
that
details.
I
know,
there's
other
issues
that
at
least
here
with
my
my
red
hat
hat
on
where
I
I
would
foresee
us
as
we
try
to
start
using
more
Secrets
V2
features
like
the
cube
Community
finding,
maybe
the
unexpected,
with
the
behavior
in
the
in
the
course
c
groups,
or
vice
versa.
I
know,
there's
an
issue
right
now
around
maybe
some
CPU
sub
behaviors
that
we're
trying
to
think
through
ourselves.
C
Yeah
I
think
we'll
need
something
like
umdi
integration
here.
For
this
to
be
more
useful
and
I
think
I
mix
it
up
on
it
all
right.
The
clarification
in
the
corner
documentation
only
happened
like
month
or
two
when
people
started
asking
more
questions
about
the
behavior,
so
even
within
the
carnival
Community,
it
seems
like
not.
Everyone
was
on
the
same
page
on
how
this
behaved.
C
B
D
A
J
I
also
find
myself
wondering
like
what
is
the
definition
of
success
here
with,
like
you
know,
try
to
the
object
of
trying
to
reject
caps
unless
they
have
career.
Approvers
implies
that,
like
our
success,
metrics
are
planning
the
amount
that
we
feel
like
we
can
take
on,
but
also
I
would
consider.
Like
you
know,
17
caps
in
a
cycle
is
like
or
other
than
that,
whatever
the
number
is
that's
lost.
J
G
G
H
C
C
G
I
Well,
the
thing
to
to
the
point
here:
Commander
was
making
I
think
we've
got
two
things
going
on
right,
there's
two
goals:
one
one
goal
is
to
have
a
long-term
support,
very
stable
release
and
another
goal
is
to
have
all
these.
You
know
great
new
features
and
that
we
think
are
important
for
future
releases
and
because
we're
only
you
know
really
having
one
release.
One
main
release
we're
not
doing
any,
you
know
out
front
experimental
releases
and
we
don't
have
a
LTS
release
per
se.
I
I
A
A
I
think
another
point
I
arguing
with
myself
like
it
will
start
rejecting
more
caps
and
considerate
on
fewer
caps.
We
may
end
up
in
our
own
consensus
here,
but
we
accepted
cap
and
we
try
to
force
ourselves
to
merge
it,
no
matter
what,
because
we
already
made
a
big
commitment
and
even
if
you
see
a
big
problem
with
that,
we
still
trying
to
merge
it,
because
there
is
nothing
else
in
the
pipeline
because
we
rejected
everything
else.
I
think
incentive
may
be
a
little
bit
off
if
you
start
doing
that.
F
A
J
Yeah,
that's
another
reason.
I
kind
of
feel
like
the
definition
of
successing
is
important
to
Define
is
like
you
know
you
mentioned.
We
have
our
features
that
are,
you
know,
have
been
stuck
since,
like
110
or
112
or
whatever
like.
If
we
reduce
the
set
of
things
that
we
aim
to
work
on
like
the
life
cycle
of
the
Caps,
that
we've
already
kind
of
committed
to
will
extend,
because
we
have.
You
know
this
set
of
caps
that
we've
already
agreed
to
work
on.
J
But
if
we,
if
we
cut
down
the
number,
then
like
those
could
maybe
not
make
progress
in
a
way
that,
like
over
time,
will
kind
of
lead
us
to
having
Perma
betas
and,
having
you
know,
things
kind
of
languishing
in
Alpha.
So
I
I,
wonder
if,
like
really
what
we
should
be
aiming
for
is
you
know,
emerged
caps,
like
you
know,
emerged
like
little
pieces
of
work
that
incrementally
move
on
kind
of
like
what
Mike
was
talking
about.
E
Excuse
me,
this
is
Kevin
I.
Think
one
thing
that
was
confusing
for
me
was:
if
there's
no
owner
on
the
issue
or
they're
hard
to
get
a
hold
of.
It
was
not
clear
to
me
like
what
the
progress
is
for
that
and
I
noticed
as
I
was
working
on
the
cab.
Having
your
kept
issue
up
to
date
really
helps
the
release.
Team
actually
know.
What's
going
on
so
towards
the
end
of
this
release.
E
I
just
ended
up
basically
copying
the
issue
and
not
getting
it
up
to
date
and
that
made
honestly
stuff
a
lot
clearer.
But
I
guess,
like
an
action
item,
is
making
sure
that
the
the
cap
posting
owner
is
available
because
one
of
the
issues
I
found
is
if
the
the
person
that
creates
the
issue
is
only
able
to
edit
it,
and
that
was
kind
of
a
little
bit
of
annoying
one.
E
A
E
Yeah
I
didn't
even
know.
I
asked
on
the
the
signal
Channel
and
then
I
was
I
was
told
that
the
the
real
wrong
way
to
do
that
is
to
create
a
new
issue.
I
didn't
know
if
who
had
access
to
those
issues
but
yeah,
it's
probably
it's
probably
better
to
have
make
sure
the
issue
owner
is
actually
creating
it,
because
it
is
crucial
to
the
release
team
of
knowing
what
steps
are
there
and
yeah.
There
are
a
few
items
there
that
I
think
are
important
to
keep
up
to
date.
I
A
couple
of
items,
I
thought
went
really
well
won
the
refactoring
of
infra
on
the
cnci
post,
I
thought
that
went
surprisingly
well,
the
the
other
that
I
thought
was
went
really
well.
This
release
more
so
than
prior
releases,
was
all
of
us
help.
The
signo
team
has
been
doing
to
push
down
dependency
requirements
to
The
Container
run
times
and
runtime
engines
a
little
bit
of
a
shout
out.
You
guys
did
a
great
job.
You
know
helping
push
us
to
get
the
feet,
the
changes
we
need
in
the
runtimes
and
engines.
I
I
B
J
You
know
it's
kind
of
been
a
long-standing
idea
that
people
had
to
like
have
different
schemes,
there's
two
kind
of
priorities
that
like
putting
my
red
hat
hat
on,
there's
two
kind
of
priorities
that
we
kind
of
have
in
related
to
the
cubic
GC
and
I
wanted
to
see
if
other
people
had
other
sort
of
perspectives.
So
like
one
of
the
things
that
we
want
to
push
for,
is
alternate
schemes
for
like
garbage
collection
right
now.
Part
of
it
is
just
dispersantage
space
and
I
think
we.
J
The
images
are
mounted
to
create
the
containers
to
separate
the
Image
store,
which
we're
like
also
calling
the
read-only
layer
from
the
like
writable
layer,
separate
disks,
so
that
we
can
have
a
separately
mounted
image
disk
so
and
I
I
met
with
Derek
and
some
folks
in
Red
Hat
internally
yesterday,
and
it
sounds
like
that.
Second
Use
case
might
actually
be
possible,
but
there
might
be
a
couple
of
things
that
the
keyboard
is
assuming
about
the
way
that
the
containers
are
mounted.
J
That
will
not
actually
be
the
case,
so
those
are
like
we're
gonna
investigate
that
second
case,
that's
kind
of
like
a
separate.
There
are
two
kind
of
separate
but
related
things
and
I
think
they'll
end
up,
ultimately
being
two
different
caps,
but
I
wanted
to
surface
them
both
because
they're,
both
kind
of
related
to
each
other
beginning
for
the
first
question
like
for
the
image
garbage
collection
schemes
like,
are
there
other
use
cases
that
people
have
thought
of,
but
people
are
looking
for
with?
B
J
I
And
Derek
brings
up
a
good
point
in
the
chat,
the
some
of
these
policies.
Things
need
to
be
multi-tenant
based
or
you
know,
isolate
that
one
user
is
only
allowed
to
access
this
private
pulled
image.
We
can't
and
that's
part
of
that
insurance
secret,
full
image
stuff
we're
working
on,
but
without
the
policy
it's
sort
of
hard
to.
C
I
Know
to
match
that
to
the
runtime
handlers
and
in
the
Pod
specs
we're
sort
of
guessing
a
little
bit
too
much.
If
we
had
the
right
policy
definitions
for
security
and
for
caching,
you
know
performance
purposes,
then
then
we
could
do
that.
We
also
have
a
use
case
in
that
specific.
So
far,
just
a
container
today
because
of
our
snapshotters,
we
can
set
them
on
a
Handler
basis.
E
H
Think,
through
is,
if
you
had
heard
any
for
those
who
are
using
kubernetes
and,
like
maybe
highly
regulated
environments
or
like
different
compliance
environments.
If
anyone
has
had
a
requirement
that
says
this
pod,
that's
using
this
secret
pooled
image,
the
secret
pool
image
must
be
garbage
collected
or
shared
the
same
fate
as
the
pod,
like
does
the
life
cycle
of
the
application
image
need
to
match
the
life
cycle
of
the
the
run
time
itself.
So,
yes,
the.
I
H
F
I
So
you're
on
it
there
when,
if,
if
we
have
the
right
policy
set
as
per
Peter,
was
talking
about,
then
we
could
also
cover
multi-tenancy
issues
with
respect
to
the
security
right
in
that
policy.
For
the
you
know
for
caching
policy,
and
then
you
could
pass
that
down
to
the
runtime
and
we
could
go
ahead
and
clean
it
up
right
right
now.
The
garbage
collection
is
done
by
Google
it.
Maybe
that's
the
right
place,
but
I'm,
not
I'm,
not
sure
yet.
I'm,
not
convinced
I.
I
Think
for
two
reasons:
one
the
security
information
needs
to
be
kept
in
violent
right.
We
shouldn't
be
passing
Secrets
down
the
credits
over
the
apis
I,
don't
think
we
should
probably
come
up
with
the
cash
policy
that
says
use.
You
know,
resolver
level
key
rings
only
and
then
Google.
It
would
know.
Okay,
I'm
not
going
to
try
to
use
the
old
model
of
using
image,
pool
Secrets
right.
I
So
it's
that's!
That's
one
part
of
the
security
thing
when
you
clean
up
the
other
part
is
the
yes.
If,
if
you
pulled
it
from
one
person,
you
have
to
pull
always
if
you're
in
a
multi-tense
scenario.
Today-
and
we
can
fix
that,
but
yeah
it's
going
to
require
some
more
work
on
that
and
sure
pull
Secrets
I'm.
Sorry
yeah.
A
Thanks
yeah
well
for
the
same
way.
No
discussions
I
for
one
of
the
things
we
discussed
internally.
I
I
wanted
to
entertain
an
idea
if
we
can
put
a
mirrors
config
into
kublet.
Like
do,
we
have
to
have
mirrors
config
in
runtime,
so
one
of
the
reason
for
mirrors
config,
like
the
problem
with
mirrors
config
in
the
runtime.
I
More
registry
murder,
routing
information
in
pod
spec,
as
opposed
to
Less
in
passing
the
policy
for
pulling
the
image
down
to
the
runtime.
You
go
both
ways,
but
then
the
are
you
really
wanting
kiblet
to
do
the
resolve
in
the
poll
and
then
push
it
into
yeah,
a
location
for
the
container
runtime
to
use.
That's.
I
J
Well,
I,
wonder,
like
you
know,
kind
of
a
pattern
that
we've
been
leaning
into,
but
not
necessarily
like
committing
to
is
like
the
opposite
direction,
where
we're
moving
more
housekeeping
knowledge
into
the
runtime
instead
of
the
other
way
around
and
the
motive
they
should
be.
The
runtime
is
the
one
that's
ultimately
responsible
for
those
operations
so
or
so
it's
like
you
know
closest
to
it
knows
about.
J
J
Is
you
basically
lie
to
the
Cuba
and
say
like,
like
you
asked
me
to
pull
this
image,
but
I'm
just
gonna
ignore
you
and
do
something
different
so
like
reconciling
that
sort
of
like
weird,
like
sleight
of
hand,
would
be
good
but
I'm,
not
sure
I.
Think
talking
through
the
details
of
like
who's
ultimately
responsible
for
that
I
think
would
be
I
think
we
might
need
to
do
some
more
discussion
on
that.
F
Well,
user
interface
of
fetching
with
secret
and
passing
it
down
to
runtime
or,
like
mirror,
configuration
and
passing
it
down
to
runtime,
it's
it.
It's
probably
solvable
it's
not
a
big
deal
but
like
moving
to
couplet
logic
of
how
images
should
be
fetched
or
like
when
teaching
like
different
runtime
handlers.
What
is
the
specifics
to
Google
it?
It's
not
really
a
good
one.
In
my
opinion,.
I
And
tell
them
why
this
is
important.
This
is
only
going
to
get
more
complicated
and
more
urgent,
as
we
start
doing,
artifact
support
for
scan
results,
or
you
know,
signatures
s-bombs
requirements
that
you're
going
to
need
to
have
in
the
pot
in
the
Pod,
spec
I
think
going
forward
right
that
it
required
you
know
all
images
have
been
signed.
I
I
J
Yeah
and
I
think
it's
especially
complicated
because
we
have
the
split
brain
mode
where,
like
currently
qubit,
is
where
half
of
the
things
and
telling
the
CRI
yeah
so
I
think
it
knows,
and
the
CRI
is
either
listening
or
not
depending
on
like
how
obscure
the
configuration
is
and
that
I
think
I
think
we're
really
good
like
with
these
kinds
of
more
obscure
use
cases
we're
going
to
just
keep
hitting
these
walls
of
like
who
is
actually
responsible
like.
Why,
like
who?
J
Who
is
the
entity
that
should
actually
know
about
this
and
who
should
just
follow
along
we're
coming
up
against
time?
I
am
wondering
I,
like
part
of
my
wanting
to
bring
this
up
was
just
to
see
like
who's
thinking
about
this.
Does
anyone
want
to
be
involved
in
the
conversation?
It
sounds
like
yes,
the
second
question
would
be
like
what
is
the
appropriate
Forum
to
continue
this
conversation?
J
Should
we
have
a
working
group
that
is
talking
about
it,
or
should
we
like
just
continue
in
the
you
know
this
meeting
for
a
little
bit
until
it
seems
appropriate?
This
is
something
that
we
want
to
like.
We
as,
but
you
know,
like
my
team
at
Red
Hat,
wants
to
like
pursue
the
garbage
collection
piece,
at
least
in
129,
but
I
want
to
make
sure
all
the
other
voices
are
heard.
J
Right,
okay,
well,
I
can
investigate
sort
of
starting
at
least
like
it,
a
working
group
in
the
intermediary
intermediate
time
between
like
now
and
when
we
have
to
start
thinking
about
cap
process
so
that
we
can
get
the
we
can
have
larger
discussions
like
this
and
kind
of
fine
tune.
Our
all
of
our
thoughts
before
bringing
it
to
the
larger
forum.
A
Thank
you
cool.
Thank
you.
There's
a
last
item.
I
wanted
to
remind
you
that
sidecar
working
group
is
happening.
We
will
we
post
meetings
but
we'll
restart
them
starting
next
week
it's
9
A.M
just
hour
before
this
meeting.
If
you're
interested
in
sidecars
Evolution,
please
join
that
meeting
and
with
that
we
reached
the
end
of
agenda.
Is
there
any
last
minute
notes?