►
Description
SIG Cluster Lifecycle Cluster API Provider AWS Office Hours 20210208
A
Hi
this
is
the
cluster
api
provider
aws
meeting
of
february
8
2021
as
part
of
the
kubernetes
cluster
life
cycle,
and
please
be
aware:
we're
fighting
by
the
cncf
code
of
conduct
be
excellent
to
each
other,
very
sparse
attendance.
So,
should
we
kick
this
off
psas
yeah
the
release
notes
plug
in.
B
Yeah,
it's
been
enabled
in
impro
so
and
the
template
updated
in
our
repo
api
template
that
is
so
yeah.
It
does
require
you
to
include
that
block
now
for
any
aprs,
a
little
block
emerging
until
you
explicitly
state.
No,
I
don't
have
release
notes
or
yes,
I
have
already
said
this
is
what
it
is
and
there
is
actually
required
as
well
so
and
actually
relate
to
that.
B
Today,
I've
been
looking
at
the
automation
that
will
sit
behind
that
to
rip
all
those
out
as
part
of
the
release,
and
we
can
just
basically
reuse
the
kubernetes
release.
They've
got
release,
notes,
commands
cli
util
that
give
them
two
to
then
two
tags,
essentially
it'll
get
all
the
pr's
with
the
release,
notes
that
will
create
a
markdown
document
or
json
file
that
we
can
use.
So
it's.
A
All
good-
that's
super
cool,
I
think,
might
even
be
worth
putting
on
the
agenda
for
the
cappy
upstream
meeting.
One
of
us
can
take
that
and
see
we
want
to
do
that
on
the
main
cluster
api
repo.
I
never
make
sick
release
happy
if
you're
all
using
the
same
tooling
so.
B
Yeah
yeah
cool
yeah
I'll,
get
it
working
first,
so
I
had
got
it
working
locally.
Just
on
my
machine,
I
guess
my
replays
but
yeah
I'll
get
one
hour
one.
Hopefully,
tomorrow.
A
That's
super
cool,
it's
really
cool
all
right.
I've
changed
the
agenda,
but
just
put
the
review
action
items
so
we
had
created
a
new
doc
outside
corporate
google
workspace
update
community.
That
is
done
thanks
to
library
and
tim
saw
sorting
it
out.
For
me,
I
did
not
create
an
issue
for
the
mic
id
so
well
over
onto
the
action
items
and
you,
where
are
we
with
the
e2e
test
failures.
B
I've
started
to
look
into
it,
but
I
haven't
made
much
progress.
I've
probably
raised
more
additional
issues
and
not
actually
you
know
fix
that
one.
But
this
thing
I'm
looking
at
currently.
C
Yeah,
fine
cool.
A
Oh
me
and
steph
put
the
same
items.
A
Or
do
you
like
what
or
the
same
so
the
first
of
all
is
made
a
change
to
the
proposal
with
the
multi-tenancy.
Do
you
wanna
talk
us.
D
Yeah
so
previously
we
were
not
limiting
all
the
users
to
access
controller
credentials.
We
had
no
crds
blocking
that,
so
we
added
aws
cluster
controller
principle,
so
that
we
can
only
allow
a
set
of
namespaces
to
access
controller
principles
similar
to
static
principles
and
role
principles.
D
So
by
this
way
we
have
a
namespace
level,
at
least
security.
A
Do
you
want
to
the
bits
that
you
want
to
talk
about
that
sort
of
singleton
thing
and
like
how
we
do
the
deployment
and
how
we
handle
the
case
of
upgrades
just
briefly,.
D
Yeah,
so
as
another
suggested,
we
are
creating
that
new
crd
as
a
single,
because
we
only
need
to
have
one
one
of
that
object,
because
there's
only
one
controller
credentials
since
we
do
not
know,
since
we
are
currently
using
a
default
provider
chain,
we
actually
do
not.
I
mean
we
do
not
know
which
credentials
are
being
used
by
the
controller.
D
Also
for
the
upgrade
not
to
break
existing
clusters.
For
example,
the
existing
aws
clusters
will
not
have
a
principal
draft
so
with
the
defaulting
web
groups,
we
are
gonna
default,
their
principal
ref
to
this
new
singleton
controller
principle,
so
that
existing
clusters
will
continue
to
operate
using
controllers
principle.
D
A
Yeah
and
finally,
we
we
we're
going
for
we
are
now
for
free.
We
will
include
the
blank
credit
blank
singleton
so
which
will
default
to
allowing
all
namespaces
right.
A
D
So
for
yeah,
so
for
being
it
immutable,
what
what
if
I
mean
users
want
to
change
the
namespace
a
lot
of
namespaces?
Later
I
mean
I
wish,
I'm
sure
we
wanna
make
it
immutable.
A
D
D
Yeah
but
yeah
I'm
just
discussing
if
we
can,
if
there's
a
like,
if
it
is
not
needed,
we
can
make
it
mutable
so
that
users
do
not
need
to
like
recreate
it.
A
Yeah,
I
think
what
we
need
to
consider
here
is
so
I
think
this
quite
ties
back
to
our
discussion
earlier
today
that
label
selector
versus
array
of
namespaces
as
per
the
cap
c
design.
So
the
original
kappa,
multi-color
multi
density
design
was
around
there
using
namespace,
selectors,
so
label
selectors
and.
A
D
Yeah
but
since
in
the
infrastructure
yaml
we
will
add
an
empty
alloy
namespaces,
which
will
allow
all
the
name
spaces.
Then
nothing
will
break
so.
A
D
A
D
Okay,
so
yeah:
let's,
let's
do
it
like
it
for
now
and
see
if
there
are
any
any
other
comments
from
maybe
andrew
who
started
the
pr.
A
D
D
We
want
to
catch
the
providers
so
that
we
do
not
make
the
calls
every
time
we
we
wanna
create
a
session,
but
so
the
way
we
are
allowing
chaining
in
the
new
multi-tenancy,
for
example,
we
may
use
a
role
that
is
assumed
by
another
role,
that
is
assumed
by
say
a
synthetic
principle.
So
this
is
a
chain
right,
so
I
mean
it
is
not
very
easy
to
make
the
retrieve
operation
to
know
what
is
the
next
previous
step
in
the
chain
so.
D
D
I'll
I'll
try
yeah
I'll,
try
that,
but
I
mean
there's
yeah
there's
a
tricky
piece
there
about
using
aws
is
automatic
like
retrieve
and
is
expired.
Logic
is
not
very
suitable
for
order.
Chaining.
C
A
A
Maybe
also
you
might
want
to
look
at
like
k-I-a-m
or
I
don't
think
they
do
the
full
chaining,
but
they
do
some
elements
of
this
they
might
have.
There
might
be
some
prior
art
in
some
of
the
other
projects
that
do
similar
things
to
this.
B
A
A
Actually,
you
raised
the
v2
issue.
Do
you
want
to
what
do
you
want
to
just
talk
to
that?
Slightly
more?
What
we
get
from
that.
B
I
guess
just
to
say
it's
amazing
thing:
well,
the
main
thing
is,
you
can
just
obviously
import
the
service
that
you
want.
Only
the
services
you
want
and
then
you
can
get
those
included
in
the
binary.
B
The
big
downside
is,
they
haven't
included
any
interfaces
or
you
know
each
service
has
an
I
face
in
the
v1
sdk,
so
they
have
published
those
in
v2.
So
if
you
want
to
use
interface
based
programming
like
we
do
and
inject,
you
know
for
testing
mocks
and
all
those
type
of
things
you
have
to
create
those
interfaces
yourself
at
the
moment.
E
B
B
B
B
C
A
B
A
All
right
cool
come
today
and
the
virgin
is
there.
I
said
I'm
only
action
item
I
mean
you're
gonna,
which
is
good,
ongoing,
diagnosing
etv
test
failures.
I
will
join
in
once
so.
Let's
freed
up
someone
splits
pieces,
I
still
need
to
create
open
issue,
for
that
am
I
crd,
I'm
actually
starting
to
have
some
conversations
at
and
we're
about
what
like
use
cases
and
stuff
which
will
help
inform
that
yeah.
B
I
said
the
only
thing
I
had
to
catch
up
with
mike
earlier
in
the
week,
so
I
know
he's
going
to
be
working
on
adding
support
for
fargate,
so
there'll
be
a
like
a
aws,
fargate
pool
or
something
so
you
see
you
can
then
spin
up
vks
clusters
with
you
know
the
managed
machine
pools
and
the
gate
as
well
so
sort
of
like
burst.
I
don't
know
compute
or
something
which
would
be
quite
interesting
yeah,
but
it
could
be
quite
cool.
A
Yeah,
I've
not
no
idea
how
kappa
gets
involved
in
any
of
that,
but
that'd
be
intriguing
to
see.
So
it's
going
to
be
a
sort
of
a
variation
of
machine
pool,
yeah,
somehow
yeah,
basically,.
A
A
B
B
Now
your
correct
profile
will
say:
yeah
we're
gonna.
This
is
you
know,
yeah
and
you
attach
it.
So
these
these
are
the
like
the
specs
and
then
it
will
just
run
whatever
is
required.
Yeah.
A
C
Sense
all
right,
that's
all
call
it
a
day,
cool
thanks,
yeah,
that's
all
soon
later,
bye.