►
From YouTube: Kubernetes SIG CLI 20210929 - kustomize bug scrub
Description
sig-cli meeting agenda and notes: https://docs.google.com/document/d/1r0YElcXt6G5mOWxwZiXgGu_X6he3F--wKwg-9UBc29I
B
Great
so
with
that
started,
let
me
see,
I
think
everyone
on
the
call
today
has
been
around
for
a
while.
So
let's
just
dive
into
the
triage
actually
did
anyone
have
an
issue
today
that
they
really
wanted
to
bring
up
for
discussion
before
we
get
started
using
the
board,
which
is
linked
in
the
chat.
B
Okay,
great
so
starting
from
the
top
here,
the
converted
strings,
I'm
pretty
sure
we
actually
saw
this
one
last
time,
so
I'm
not
sure
why
it's
coming
up
again.
It
is
assigned
to
me
I
haven't.
I
see
it's
because
we
have
the
new
comment
that
it's
the
quotes
being
lost
inside
the
sigs
yammer
library,
which
is
not
surprising,
but
this
is
actually
a
fairly
big
issue
that
I
haven't
had
time
to
get
back
to.
B
It
could
affect
anything,
that's
supposed
to
be
a
string
field,
regardless
the
source
like
we're,
actually
losing
the
fact
that
these
are
explicitly
got
it
as
a
string
inside
their
customization,
but
so
we
can't
solve
it
at
that
layer
anyway,
that
is
triage.
It
is
assigned
to
me.
I
will
get
back
to
it.
Katrina.
A
B
So
here,
okay
native
serving
interesting,
I
haven't
seen
this
one.
B
The
amarillo
anchor
fix.
Yes,
we
were
very
excited
we
on.
On
monday,
we
released
customize
with
the
yaml
anchor
fix
that
we've
talked
about
at
several
previous
bug.
Scrubs.
It
was
one
of
the
most
requested
feature
fixes
for
the
past
months,
so
that
was
that
was
the
fun
release
that
we
did
on
monday.
So
it
sounds
like
this
user
tried
it
out.
B
It's
just
dumping
the
object
there.
Okay,
yeah
unsupported.
This
is
the
same
error.
It
happens
in
a
couple
circumstances.
I
know
we
have
other
issues
that
mention
this
particular
error,
which
is
very
unhelpful,
so
this
could
be
duplicate.
One
of
those,
that's
something
you
might
want
to
look
into.
B
That
would
be
my
guess
that
it's
this
here,
because
we
have
a
problem
with
support
for
integer
keys
that
aren't
quoted.
B
B
B
C
B
B
B
B
B
B
So
my
thoughts
on
this
one
are
that
this
is.
This
is
about
the
old
style,
exec
generator,
as
opposed
to
the
krm
style.
One.
That's
newer
and
the
kep
that
we
have
open
right
now
proposes
deprecating
this
style
plug-in
in
general.
So
I
really
don't
think
it's
going
to
be
worth
the
investment
to
make
it
work
on
windows
if
it,
if
it
hasn't,
given
that
we're
proposing
removing
it
entirely.
B
Especially
with
the
windows
issue,
it's
very
difficult
for
us
to
dig
into
as
a
team,
because
we
don't
have
anyone
who
has
a
windows
based
development
environment
on
the
team,
which
we
would
really
love
to
have
to
help
us
maintain
the
windows.
B
Sounds
good
yeah
if
anyone,
incidentally,
has
a
windows
setup
and
would
be
able
to
help
us
out
with
windows
stuff
in
general.
That
would
be
amazing.
We're
really
looking
for
a
contributor
in
that
area.
B
B
And
they'll
need
to
to
do
that.
They'll
need
to
provide
the
schema
for
the
pipeline
that
they're
using
since
that's
well.
It
sounds
like
it
must
be
a
crd,
so
the
container
elements
will
not
be
merged
correctly
unless
they
provide
the
schema,
but
I
think
that
would
be
the
recommended
solution.
B
Run
type
see,
let's
see.
B
Oh,
let's
see.
C
B
I
think
we
have
a
canonical
issue
for
this
somewhere
saying
that
we
are
not
going
to
mess
with
the
existing
orders.
There
is
an
open
pr
that
introduces
a
field
that
allows
you
to
customize
that
that
pr
has
been
open
for
a
fairly
long
time.
B
B
We
will
not
be
changing
the
legacy
order.
B
Legacy
but
there
is
an
open
pr
proposing
customizable
all
right.
B
D
B
That's
good.
I
was
trying
to
remember
there.
There
was
a
point
where
we
were
experimenting
with
making
another
patch
to
go
yaml
and
we
were
seeing
something
around
multi-line
strings
changing.
But
I
I
can't
remember
the
details.
C
I
think
that
was
different,
that
was
for
single
quoted
strings.
The
the
new
lines
in
single
quoted
strings
weren't
being
preserved,
which
we
discovered
is
fine.
According
to
the
yaml
spec.
I
think
this
one
is
different.
This
one
seems
like
an
actual
issue.
C
We
did
find
an
issue
sort
of
like
this
when
we
originally
made
the
fork.
Let
me
try
to
find
it.
B
B
Yeah,
this
is
another
one
where
I
think
I'll
just
assign
myself
to
respond.
We're
proposing
deprecating,
star
alert,
support,
direct
starter
support
as
well.
So
it's
another
thing
that
we
wouldn't
end
up
specifically
enabled
that
said,
the
exec
functionality
like
so
this
is
this:
is
the
care
and
flavor
of
of
plugins.
So
it's
in
the
right
family,
but
specifically
starlark,
is
proposed
for
deprecation.
Exec
works
super
similarly
and
has
many
of
the
same
classes
of
problems
so
I'll.
B
Take
a
look
at
the
code
to
see
if
the
reported
issue
would
also
affect
exec,
I
think
exactly
like
they
can,
just
if
they
know
the
problem
is
probably
knowing,
where
they're
being
invoked
from.
It's
invoked
relative
to
the
parent
customization.
So
knowing
what
the
file
ref
means,
if
they're
using
a
relative
path
inside
the
function,
config
itself
anyway,
I'll
assign
myself.
B
A
Maybe
it
would
be
reasonable
to
set
up
some
kind
of
a
policy
that
which
would
be
basically
similar
to
what
we
did
with
cube
kind
of
plugins
start
as
a
plugin.
A
B
Yeah,
that's
a
good
point
right
now.
It's
pretty
difficult
to
use
that
strategy
in
practice
because
of
the
way
that
customized
plugins
are
well
they're
all
in
alpha,
there's
so
many
different
ways
of
doing
them
and
there's
no
recommendation
even
for
a
distribution.
B
B
B
B
Because
it's
coming
from
the
y
note,
that
is
definitely
going
to
be
a
go
yaml
thing.
B
The
only
idea
that
comes
to
mind
is
that,
like
we
do
inject
additional
metadata
behind
the
scenes,
but
that's
under
annotations,
like
the
build
annotations,
for
example,
we're
actually
kind
of
messing
with
the
object
in
an
intermediate
stage
and
stripping
them
back
out.
But
that
shouldn't
interfere
with
the
line
of
the
metadata
itself.
And
in
fact
I
wouldn't
expect
it
to
affect
the
line
at
all,
because
it's
not
actually
emitting
it
emitted.
As
a
document
in
the
middle.
B
B
I
was
wondering
what
to
do
with
that.
Like
I
don't
it's
just
a
question
and
they're
not
asking
us
for
a
particular
feature,
but
it's
definitely
about
go
yaml.
I
think
if
we
sent
them
over
to
that
repo,
they
wouldn't
get
an
answer
there
either.
So.
C
If
you
want
you
can
assign
it
to
me,
I
can
try
to
investigate
and
respond
to
them.
That
would
be
great.
Thank
you.
D
B
D
C
C
Well,
they
basically
want
to
change
the
entire
name
of
the
base
resource
and
like
they
want.
They
don't
want
to
have
to
reference
it.
So
I
asked
them
if
they
wanted
to
do
a
patch,
but
then
they
didn't
want
to
have
to
reference
the
resource
in
the
patch
target,
so
they
just
want
a
way
to
change
the
base
resource
name
without
having
to
to
reference
it
at
all,
which
I
didn't
really
understand.
The
use
case
for
when
we
have
prefixes
and
suffixes.
B
Yeah,
the
the
name
is
the
core
part
of
the
identifier,
so
I
also
don't
understand
how
that
would
work.
B
In
the
earlier
comment,
they
mentioned
that
it
changes
the
name,
so
my
guess
would
be
that
this
is
not
novel
configuration
like
it's
config.
That's
already
deployed
a
ton
of
places
and
they're
trying
to
change
the
way
it's
generated,
so
they
can't
at
this
point
they
don't
have
the
option
of
changing
the
names
on
all
the
objects
they
need
to
generate.
What's
already
there.
C
C
B
Right
because
they
decided
they
didn't
actually
want
the
name
prefix
yeah.
It
sounds
like
they
have
a
bunch
of
different
environments
that
don't
have
name
conflicts
because
actually
deployed
to
different
place,
different
api
servers
and
they
previously
managed
them
independently
at
different
endpoints
and
now
they're,
creating
a
diamond
shape
with
that
and
somehow
wanted
to
not
have
name
conflicts.
B
B
Yeah,
I
guess
we
need
to
confirm
with
them
that
that
is
what
they're
trying
to
do.
They're
trying
to
get
no
name
prefixes
they're,
going
to
have
the
output
of
customized
build,
will
actually
create,
contain
multiple
copies
of
the
same
resources
with
the
same
name,
and
if
so,
how
that's
going
to
work?
B
Do
you
want
to
reply
to
them
since
you've
already
been
talking
to
them?
This
whole
time.
C
B
It
sounds
like
yeah
it's
because
of
the
way
we
do
it
internally.
That
name,
prefix
and
name
suffix
are
are
surfaced
as
separate
fields,
so
they
look
like
separate
transformers
to
the
end
user,
but
then
there's
a
single
prefix
suffix
transformer
that
gets
used
to
deliver
both
features,
and
it
sounds
like
they're
saying
yeah,
it's
the
configuration
for
it.
If
you
override
the
paths
that
the
transformer
uses
we
merge
them,
instead
of
keeping
separate.
B
That
might
be
a
little
tough
to
disentangle,
but
that
sounds
like
a
legitimate
bug.
We
have
to
create
two
instances
of
the
transformer.
I
suppose
I'm
not
sure
how
possible
that
is.
I
would
really
need
to
dig
in
it's
pretty
in
the
weeds.
C
That
code
is
very,
I
don't
it's
very
complicated.
Another
option
would
be
to
separate
them
into
two
transformers,
but
I
think
that
would
be
equally
difficult.
B
I
agree
yeah,
let's
accept
it,
and
this
would
be
a
really
interesting
one
to
dig
into,
but
it
might
take
some
time
to
fix
if
anyone's
interested
in
really
getting
to
know
the
internals
of
how
customize
works.
This
could
be
a
really
interesting
one
to
pick
up
and
I
would
be
happy
to
support
somebody
pursuing
this.
B
B
I
know
but
args
from
file
this,
it's
related
to
the
other
exact
one
in
the
sense
that
it's
having
a
problem
with
the
legacy
style
plug-in,
not
the
newer
style.
B
I
know
says
to
myself
for
that
queue
of
explaining
the
plans
for
plug-ins
on
a
variety
of
issues,
basically
asking
them
in
this
case
to
try
the
newer
style
of
exec,
which
has
the
fix
applied
already.
B
B
I
think
we
wouldn't
do
that
honestly,
because
one
of
the
core
principles
of
how
we're
designing
customize
is
for
that
encapsulation
of
the
customization
directory.
So
I
would
just
suggest
that
they
use
some
like
if
they
want
that
behavior
personally.
A
Yeah,
I
have
a
ton
of
questions
with
regards
to
security,
how
you
should
be
treating
the
directories,
whether
you
should
be
treating
them
locally
or
the
base
path
from
where
you
actually
invoke
this
and
in
each
direction.
The
question
still
maintains
how
this
looks
security
wise.
Do
you
want
to
allow
escaping
the
the
context
yeah?
B
Both
security
and
encapsulation
reasons,
customize
expects
all.
B
Six
minutes
left.
We
only
have
time
for
maybe
one
or
two
more
just
pasted
this
one
in
the
chat,
competing
back
or
secret
generators
doesn't
work
when
specified
namespace.
We
specify
a
namespace
in
metadata.
C
B
B
Right
so
in
this
case,
they're
not
generating
it
from
scratch,
they're
trying
to
use
the
config
map
generator
to
patch
something
that's
incoming,
so
they're
getting
an
error,
whereas
I
guess
the
original
report
that
is
causing
folks
to
want
this
issue
to
remain
open,
doesn't
necessarily
have
anything
to
do
with
an
incoming
resource.
B
It
sounds
like
they're
reporting
that,
if
they,
if
they
have
a
net
new
config
map
generator,
then
somehow
it's
not
getting
the
namespace
from
the
namespace
transformer,
which
is
surprising
did
do
you
have
a
different
understanding
or
does
that
sound
right.
B
I
can
take
a
look
at
this
one.
I
guess
just
to
try
to
reproduce
the
original
problem,
as
opposed
to
the
other
one
that
a
workaround
has
provided
where
they're
actually
dealing
with
the
conflict
instead
of
net
new
generation,
which
I
think
I
agree
is
unintuitive.
If
it's
actually
happening.
B
But
with
that,
we
are
out
of
time.
Thank
you,
everyone
for
coming
hope.
You
all
got
what
you're
looking
for,
and
I
think
we
got
through
a
lot
of
great
triage
for
customize.
So
thank
you
very
much.