Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kubernetes / SIG Cluster Lifecycle / 5 Jan 2022
Kubernetes / SIG Cluster Lifecycle / 5 Jan 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: SIG Cluster Lifecycle - kubeadm office hours 2022-01-05

Description

https://docs.google.com/document/d/1ONcoy8bOw8SWPUwXxnKeRZST3lnUxYpUv4Y6466h9Ek/edit#heading=h.c1w1los1oset

A

Hello, everybody happy new year. This is the first comedian meeting of 2022. Today is january 1st. We just wanted to give a quick update, what's happening in cuba, for this release of 124..

A

um So I'm going to open the issue, tracker, okay, dnc and see what we have in the milestone.

A

38 open tickets. uh So what I wanted to do is have this here.

A

And changes and do some highlights so the first highlight is this one: we deprecated the v1 beta2 api. I think it's the pr already merged for that.

A

uh Is going to be removed after one year, so this means by the end of 2020 2022.

A

We're going to remove this api.

A

I mean if, uh of course, repair has objections. We can delay potentially, but it's no.

B

Cluster api after uh last year, changes basically now uh generates the kubernetes config for the target. Kubernetes version does mean that it generates. We want beta 3, for we want 30, 23 and so on. So should not be a problem. Removing all the api for cluster.

A

uh Api yeah, but if you still try to use some very old api with uh a new kubernetes version that doesn't have it it's not going to work. Obviously.

C

Yeah, but this should.

B

Not happen so that the pr was meant to basically make kubota make a cluster api to use, always the latest version of supported by uh kubernetes yeah. That's great! That's great!.

A

For 134, I don't think we have any more changes for this. Just uh we marked the documentation of the api as deprecated.

A

I think this is known, for this part at least just click on this okay, so this one I have to start working on it, possibly very soon.

A

It's uh it started four releases ago and we started renaming the master label indeed, and I have to look at the cap actually, but I think it's 124 is the the next cycle. We have to take actions on.

A

Let me quickly check the kit, because I wanted to see what will happen in this release.

A

Okay, the cap is here.

A

Stages, I'm happy that multiple people reviewed this and it wasn't. A single man show.

A

Second stage.

A

Okay,.

A

In this, in this release, we're going to add a new taint which means whoever, whoever is scheduling pots on the master nodes. The control plane nodes will have to also tolerate the things, but.

A

We in the first stage in the release node, we already told users to do it like hey we're, going to add the taint in the future, so you have to tolerate it in advance.

B

Yeah uh we, we did all the possible things to make the user aware that this is coming, but let's send a reminder in kubernetes there that is going to happen. So if someone did not take care in the previous cycle, this is the moment.

B

But yeah this is, let me say you usual communication etiquette.

A

Yep this is standard procedure. I will once I have the pr ready I'm going to set the notification to. Let people know what we have after that. So the next stage is the 135 release, we're going to remove the old taint.

A

Which means that users again have to adapt, I think oh no, they don't have to no.

A

Because when you, you can tolerate multiple things, even if a particular node does not have the things, so you might want to clean it up later.

A

We are going to do this, the similar cleanup in the fourth stage, which is to remove the coordinates toleration, uh but this is not a breaking change to my understanding.

A

This is a breaking change in this release because, like I said, if you don't have the toleration for this state, uh you're no longer going to be able to schedule workloads on the control planes.

B

Yeah, this is the let me say, and it comes nicely because the these uh this kubernetes release is already introducing a lot of big changes like docker, shim and stuff, like that.

A

Yeah yeah, uh uh uh honestly, I worry a bit because there's so much going on in this release and uh I'm hoping that we don't make the users angry, because uh sometimes it's better to spread the the breaking changes across releases.

A

But.

B

Yeah, let's see if uh if there are feedback to the email and let's give the visibility, I don't know if we should consider. Also, I don't know doing a post in the kubernetes blog.

B

Maybe let's talk with uh uh diems or someone about how to give proper visibility of this. uh This uh action.

A

um Yes, I'm going to open the discussion of the bailling list. First, if I think that it's not sufficient, we can try using, I mean I'm possibly also going to ping swag anyway, like kubernetes, like you know, I can also give it to some of the sub projects. Like mini q, mentioned people, yes kinds, and so on.

A

Rock control plane has no roots. This is in this. We started a bit of a discussion uh before new year, so the future is called the alpha. The plan was to graduate in 123. We delayed with one release because we weren't sure if we want to get this feature so early to beat them without feedback. We haven't gotten any feedback and I think we have a couple of users, at least so.

A

This is telling me that the feature works. Okay,.

A

But I still have some concerns around linux distributions being non-standard, the feature feed videos with system files takes advantage of the cubadiem road privileges.

A

And I I saw something I saw something that is actually conflating to this feature in the kubernetes enhancements repository. Let me try to find it quickly to show it to the recording, basically.

A

My point is that we made we may actually want to use another feature and potentially remove this alpha feature from kubernetes, but I have to discuss it with a contributor.

A

The linux supports user namespaces and I knew this for a long time. But uh for some reason I was never asking the question why kubernetes do not support username species. So when you run a container uh what you get inside the container as a root user potentially is the root user of the host. It's the same id, the same privilege and the same user, but username spaces. Allow you to sandbox the root user inside the container to be a completely different root user. So in the host you can have the container running as id 1000.

A

I don't know, but inside the container it could still be the zero zero user group.

A

So it's like a completely decoupling of the mapping of users and groups and that's what the this feature in the kernel uh has and if you think about kubernetes spots, the question here was like: why don't kubernetes spots uh give you a toggle to do this, like I want to enable this mapping or this mapping, uh apparently just a missing feature: kubernetes doesn't have it uh the details in the cap. I have read it already and I I know the vinayak, the author of the cuba dm rootless feature knows about this cable.

A

We just have to discuss it further because you know if the system gives you the option to have this built-in mapping, you don't have to fiddle with the system files on the disk.

B

Right yeah, this will be a much cleaner solution. If I got it right, uh my let me say apart from this, which is a rightful uh consideration. So, let's, let's stay in sync with uh the project direction.

B

uh I think that before graduating, I would like to have a cluster api job testing, the the rootless mode, and currently there is not no one.

B

So I will try to put this in in a let me say in the to-do list and see if we can get this manager to provide a feedback before green lighting. The graduation.

A

So you're saying that you want to have an end-to-end test before we graduated to peter.

B

Yes, I so, first of all, I agree with you. We have to think up and see if it makes sense to graduate to beta in the future in the current form or to wait for the cap to merge and for the nuke for the uh and go for the cleanest solution.

B

Okay, but if we decide to go to beta we, uh uh I would like to have a signal in cluster api before uh that the feature actually works.

A

Okay, would it be difficult to add a deep question api as a test.

B

Yeah, it should not be difficult. I have only to to yeah to set up the job. Basically.

A

But, but also if we, if we enable it as beta and cube adm, potentially you all the test, jobs that do not explicitly set the future gate to false will exercise the the feature, because it's enabled.

B

By default in beta yeah, that's the point before uh enabling it uh I would like to test it in with copy.

A

I see yes, yes, uh well, you can also someone could also test it locally. I guess uh instead of setting up a job and if it works vocally, we can yeah. I assumed to see your point here. Yeah the the.

B

The problem is that okay, we enabled it by default by default, it will go on uh all the cluster api and customer api. We have we use image which are built by image builder and if everything does not fit in place, basically, we as a sig, we don't do, um we we don't make a. Let me say uh it will not good as a sig. So let's try to anticipate the problem that that's only my my only concern sure.

A

I see what you mean, uh so video told me that this feature from what I gathered. I think he also wants this feature to land uh problem with it is that it's going to take a while to graduate and to get it properly done, because from understanding there's some sort of problem with host mounts because horse puff mounts.

A

We have this in the static pots for cubanium and to buy the selling these are going to land later, potentially in a beta, or I don't know how much time it's going to take from the potential username spaces alpha to the beta graduation.

A

um So from other settings, vinayak is going to potentially try to push for to get the cube idea. Future graduated to bitter in this window of time. But my concern there is going to be that if we switch this feature on by default in cube adm, uh we have to maintain it for longer periods of time. Obviously, potentially one year after we switch it and also it means that we might actually opt in users that don't want to be opt-in and potentially break on some operating systems that have weird system. First,.

B

Yeah, that's my main concern that currently we are putting all the the management of the differences between an operating system on top of kubernetes, and this is really error prone, not due to command mean, but due to the variety of system that there is out there.

B

Yeah, so if we can, let me say, rely on kubernetes. It would be much better.

A

Yeah and linux kernel system calls because that's how the complete is going to implement it instead of.

C

The user space.

A

Fiddling with files uh yeah the user space files, at least there's some some standardization there, but it's not guaranteed.

D

Yeah, let's.

B

See with the with the the person that contributed this feature, and uh and also we can ask, also in the an opinion to the user in in the uh we, uh with an email or or something or in the channel, we have this option. Graduate is one, but then it will be.

B

We know that we will work it or just wait until uh if the, if waiting is reasonable, if we are talking to wait one or two cycle, I think that is reasonable if we are talking about waiting two years. No, so let's try to put the piece of the puzzle together and enrich to a decision, but given that there is a better alternative, let me say being discussed: let's wait at least to to see if this cap emerges and the implementation plan.

A

Yeah, I agree.

A

Okay, I'm watching all the related discussions to this. It's very interesting.

A

Okay, uh not swap I'm just going to copy here that we might enable node swap in kubernetes by default in this release and also remove pre-flight checks. There's some this some clean appears this. uh I think we have an action item in this release to remove the output v1 alpha one I'm going to do that.

A

It's part of the plan. uh I don't think this is what let me add it as a message: okay,.

A

Once it's anymore.

A

Improvement, sweet cd11 pro lightness probes. I know that indeed, where we had this problem, people saw it in the company within this internal testing problem here is that, as discussion pointed out, we have the fix in a new lcd release, but we cannot backport it. They I to buy the staining hcd will not backport it to other hd releases, which means that the fix will land in the future, potentially in a new hcd miner release, but, like I said here, it might take one year for the new hd release to land.

A

So that's the state of this.

A

I think that the nadir and number one uh I think they are already aware of this problem, but if the ncd team agrees, like I said, if somebody wants to ask the city people, we can potentially backport the changes to kubernetes, but there's not much else. We can do here.

A

Machine readable outputs: this is uh it's pretty much help wanted at this point, but I'm not adding the label. If somebody wants to continue work on the cap, it's welcome. We only have a few commands that support it. This is also help wanted the kubernetes I'm trying to get them in turn to work on this.

A

But, as you may understand, it's it's a bit difficult for new contributors to get on board on this, and actually I was feeling a fiddling uh recently with functions in the upgrade code and it just uh it's just a mess uh between front end and back end. So I I'm hoping.

C

That someone will.

A

Try to work on this eventually, I can help.

B

Them for sure yeah the code is needs uh some engineering there.

B

This one is a nice one, but it requires an api new api.

B

Yes,.

A

It's an api change potentially for the next api release. It's a breaking change.

B

Yeah, and also just for your information upstream, there is.

B

Kind of discussion about the bootstrap part of the of cluster api.

B

The discussion was triggered by the ignition pr that is kind of that is conflicting. uh Basically, a lot of kubernetes booster concern and uh machine booster of concern, because now we have ignition and cloud in it inside the same provider, which is hard to maintain. So maybe that uh also in cluster api, we're going to change something in in the bootstrap or how we've wrapped could mean, but uh not sure, because we we still have to close our roadmap for 2022..

B

I I will keep. Let me see this team is aligned with what is decided on the other.

A

One um so you're going to have feature requests for kubernetes or I'm not understanding.

B

No, I I I don't know if we have feature request, but given that we are changing our api surface, maybe that we can.

B

Prepare, let me say, anticipating cluster api, how these things going to be changed.

A

So it's going to be more easy for you to handle uh similar breaking changes like the extra axle.

B

uh If change, if we can find a conversion, so the the the the point is that okay, we can work on this idea and, for instance, figure it out how we can do conversions or how we can make this not breaking um or how we can make these uh nice for the for the user stuff like that. So that that's the point but.

C

Yeah.

A

I see uh okay, I think I'm following a couple of issues with coaster: api related to the ignition stuff, but yeah.

C

If I have comments, I'm going.

A

To add them there, I guess thank you.

A

This is an old one uh object, factory, trial logic. I don't think we can work on this in this cycle to make too many changes at once. If somebody wants to take it again,.

A

I don't think this is doable, I'm just not going to comment about it, but it's complicated.

A

This is a potential discussion required here to discuss corporate config, not specific component config for the next api, eventually.

A

Kind of base images at some point I might have to start pushing uh a new kinder base image because our uh our container version inside the base, which is very outdated at this point, the the distro in the image itself is also quite old. It's a tick! It's 180, uh one! Sorry 18, not something of ubuntu.

C

Sorry, no, please continue.

A

Yeah I'm just uh I mean I may want to start using the the image promotion process that kate simply have to push potentially a new directory for cuba, game images or something like that.

A

The way I'm going to handle it is probably just you know, build a new image from scratch or something I don't know, but we have to do it eventually.

A

Docker docker, shim testing is also a topic here, but.

A

The I'm following the discussions about the cri dash docker d provider. Sorry, it's a service cri docker, this service, uh which is the replacement for dockership, and I can discuss it later in the we have an issue about dockership. Basically, what is happening there that we, they started pushing releases and uh we might want to bring docker testing back to cuba dm eventually.

A

But it's going to be probably a single job. I don't want to invest too much like resources.

B

Yeah, the the point here is that so currently in kinder. Basically, we have two code parts, one for docker and then the other for container t uh the the one for docker over time.

B

uh Is is become uh really complex and and huge in kinder, because we had to build our own uh images and stuff like that, and so the point is that okay, are we going to support this long time or are we going to drop support for docker in kinder.

A

Yeah, I think this is a question we can answer when we start to see how the post docker shim removal mutates. The ecosystem, because currently what's happening, is that we have this new service that people have to start using the cri drd, but nobody is using it.

A

Yet if we start getting users, uh I'm going to watch, of course all the channels, but if we start getting users that use cri docker d- and we don't have signal for it- and if we have special paths in cuba dm that we want to actually test, then this is going to be worth adding a new uh go, adding back the docker signal to the kinder jobs, which means we have to continue maintaining the a docker base image like it's a sequence of events. That's going to happen. Yeah.

B

But agreed, let's postpone these two on the next icon at the end yeah. So if you want to improve something, but let's postpone the decision about dropping uh docker testing uh to the next cycle.

A

Yeah, I have a there's a docker ship issue somewhere below, so I'm going to comment on it quickly related to the cri drd.

A

Yeah we should move faster, this half time already.

A

Okay, retry logic.

A

Learner mode, this is complicated, it needs a cap. Someone has to write the kip. Do you want beta3?

A

I don't know what we don't have any penny change. The api is already out, so I think we can just close this. I'm going to do triage later.

A

This is uh a question for c golf. uh It's not clear if you're going to make require require any changes incubation.

A

This is a clean up. Nice discussion.

A

This also.

C

Needs discussion.

A

It's a clean up.

A

Someone needs to find the time to work on it.

A

I don't have time for this, but I'm not sure where this this is going at this point, the roster dropped the work and uh I think it's in the it was in the middle of the process.

A

I need to read the cap.

A

Rossi started working on changing how we manage component config incubation.

A

We started for uh watching for sharp changes, checksums things like that tolerate new configurations. There were to be done here, but I don't remember the details.

B

Yeah, it was an entire work, getting ready for uh the components, kubernetes and stuff like that, to change their component config release without providing a conversion tool.

B

So let me say: yeah until we we have uh noticed that they want to bump their component config. This is not required.

A

Yes, yes, I agree once we start seeing new corporate config versions, we might want to go back to this if they especially, I would be especially interested if they add conversion tooling, on the cli, which means that we may actually try to help the user from upgrade.

A

Yes, uh okay, graduate patch support, ga.

A

I think this is no for 173, but.

A

But the question here now is: should I invest time to just mark this as ga at this point, or should we keep it better to much the the graduation level of the api, because now it's part of the api? Let's keep it better.

C

I.

A

Don't see.

A

I agree agree it's better like that.

A

This is cleanup I'm going to trash later.

A

Corporate service backward- this is a big change. It's also breaking change to some user assumptions. uh Sig release need to help us with some package decoupling. We have issues in the way we push packages to the distribution repositories.

A

It's a: we basically need to sit in a room with sick testing and seek religion discuss how to solve the problem.

A

uh I think it is still a bit more discussion about this and I do not convince this change that it's doable. I mean it's doable, but.

D

I.

A

Just the 80 versus the 22, I don't think we should apply to the 80 just too much flexibility.

A

uh This someone has to, I need to add help wanted to this. Someone needs to help me to test this.

A

I know that the coaster api azure provided had a problem with this.

B

Sorry, but this should be almost completely done, I don't remember it, there should be only one thing that is not pointing to the local behind the point.

A

Yeah the rebellion thing that I tried uh it was.

A

Okay, we can make the kubernetes control plane nodes to point to the local api server instead of the lb right.

B

Okay,.

A

And I tried it and I tried it multiple times and it doesn't work because of leader election to my understanding, because in the lb, when you connect to the lb you're going to get an active api server, that is the one that you want the leader in the aha. Yes and it you can bootstrap to this api server. But if you get the local api server, it's not elected as a leader, so it cannot fiddle with the csr logic at all.

A

It just does nothing, so you never get a a csr that is signed, so this kubrick cannot cannot put strap at all.

B

Okay, that's it so we if we can document this limitation- and this is the only things that remain in my opinion, we can close. It.

B

So the point is that kubernetes should not talk to the local api server. That's it.

A

Yeah we had a discussion with dandy that it might be doable in theory. Maybe I should still talk to some of the core owning six api machinery see golf, maybe the maybe openshift is doing that. I don't know. Maybe it's supported. Maybe we are not doing something correctly.

A

uh That's that's why I'm keeping this open. uh I want have called a long time ago, but.

A

I'm going to do three isolators, it's.

A

Dynamic defaults.

B

Yeah, this is a refactory cleanup.

A

This has been changed here, wanted.

A

This is a problem with how we do upgrades.

A

It's in this cycle, because a paco from our one of our chinese contributors was looking at this. I.

D

Think.

A

He had a design proposal, uh basically.

B

This is making uh our cooper proxy deployment uh version aware.

A

Yeah, basically, the problem is the upgrade skew. We are not following the recommended upgrade policy for qproj.

B

Because yeah, I agree because we have only one version of kuberproxy and the policy tells that kuber proxy should be of the version of kubalet right.

A

Yes, I mean something like that: yeah, I don't remember the exact skew, but the problem is that I actually have an argument that q proxy is much easier to deploy as a as a demon demonstrate instead, instead of managing it as a service on all the hosts.

B

Yeah and one option- and I know I know people doing this- is to have a demon set for each version and labels on on the node.

C

So.

A

From from discussions with jason and andy, I recall there was a missing feature in kubernetes that prevented us to gracefully swap these demon sets on the fly, uh but I have, I may have forgotten all the details. There.

B

Okay, this is far in place upgrade. I guess.

A

Yeah I mean if we eventually in the future start seeing break this. Breaking people is going I'm going to escalate the priority.

A

We can try to see how to resolve it. Okay, for now it's a low priority in my book, even if it's long term, because there is maybe because this this is something that I want to do in the future- potentially add a couple of.

A

Admin users, one is the super user super admin, the other one is the the regular kubernetes admin are back. uh Potentially kuberia will generate a couple of different admin. Dot com files in the future.

B

Make sense and and we make kubernetes to work with the smallest.

B

Let's say we with a limited.

B

User make sense.

A

The the next one is something that I'm making a change for 124.

A

So, basically, if the cra socket path does not have unix or named pipe on windows, we are now going to show a warning to the users and also our upgrade code is going to try to automatically prefix the url scheme schemes everywhere, where we store uh the socket paths. So this is okay. This is a change we are doing.

A

It started by paco, but I took over to add the upgrade logic.

A

This is an api change somewhat someone started working on it, but it needs. Discussion is designed.

A

This is a cleanup housekeeping. This is this is uh there's an action item for this 124.

A

Let me see what what it was.

A

So we deprecated the old naming, which is the couplet config map, with the version.

B

Inside the name yeah, we we have to start looking at this in cluster api. I took a note.

A

But but I think you you're going to get it for free. I think it's not.

B

Not sure not sure, because we are doing some.

B

We have some logic that that uh update the kubrick config map.

B

I have to check, uh I remember for sure we updated kubernetes config map, for instance, for the system, the defaulting stuff, like that, I have to check.

A

I mean I ideally shouldn't uh touch the complete configmap at all.

B

Yeah, that's true, but, for instance, when kubernetes shifted the default from.

B

From c group to container to system d in order to keep up with kubernetes default changes, we we, we basically are updating the the conflict map also also we are creating it before every upgrade is something that we can drop or stop doing.

A

Okay, so there is our back which so what do I click? How is cost repair managing there, but the version are back today, which is we have.

C

Creating.

A

uh You're created the video right.

B

Yeah before, basically before every upgrade, uh we create the new kubernetes.

B

Okay, so at least we have to do a cleanup.

A

Yeah, I see.

A

So you took note uh I'm going to execute on this bitter stage in this 124 so, which is flip it to beta enabled by default. Users can opt out by disabling the feature.

D

Gate I think this. This is the actual item for 124. yeah. I will open an.

B

Issue in cluster api and tag you on that, one.

A

Okay, let's measure this in here.

A

Thank you.

A

So do you have to backpart these changes to previous releases as well.

B

uh That that's a good question. I have to figure it out today. We still have. Let me say that the fallback option is to disable the feature gate explicitly.

A

Yeah, similarly to the rootless control, plane discussion, you can, if you don't, have explicit signal for this, you can just preemptively disable the feature gate. Even before the 124 release happens.

A

Are you testing cube idea, but master currently or only stable releases.

B

I I think that when we tested master, we build everything from kubernetes, so that means also kubernetes master. So.

A

uh Potentially, when I flip the gate is going to break you right away.

B

Yeah, probably yes, yeah, probably yes, I I'm not I'm not really sure, because, let me say for sure we are testing kubernetes at master for upgrades.

B

I don't remember for the for the other test, but yeah. It will keep this into the radar.

A

I think there was no lot of upgrade tests, uh but that was a long time ago for, for buster, at least for kubernetes master.

B

You know we we we have them, we are not. Now we have a couple of them, one for each branch and stuff like that, uh but I don't remember if and but we have them from the kubernetes upgrade. So we upgrade from current to.

B

To master or to or to main, uh but we run only the kubernetes upgrade plus conformance. We don't run all the the next upgrade or stuff like that.

A

Well, I'm going to ping you when I work on the the flip so yeah. Thank you. So uh this one is uh the last one is the small cleanup, and this is the dockery shim.

A

The location change, so the tldr for the docker removal is that cubedam will take actually 1284 to adapt and I'm going to give a quick summary here.

A

So the first big thing is that if the docker shim socket is no longer special case, we're basically completely changing the the detect the socket detection on the host. We now treat all sockets and sql sierra implementations.

A

So if, if there is a cri dash, docker d project that maintains their own socket is now we consider this like a separate sierra implementation, uh and if there are multiple cris on the host, we will throw an error. The the user has to be explicit if they have multiple ones. Okay, you have docker. We have uh sorry, you have the cri docker d. You have uh cryo, you have container d, uh you have to be explicit, which one you want to use agreed.

A

uh The docker, uh the docker plus container, the combination in order is no longer special case. uh You know, containers the bucket of docker. uh We we now basically considerable as a separate uh implementations.

B

Yeah we, which is nice, kubernetes, to be an agnostic, so it makes sense.

A

uh And what else, actually it should probably look at the.

A

Some some complete facts have been removed which were specific to docker regime, and now cuba dm basically has a little bit of a branch inside the the flag management code. So if you have a 124 couplet, it adds different flags.

A

If you have 123 completed, adds the old flags where basically, the the the docker ship is still present inside the kubrick, but there's a cavite without that you now have to be still explicit. What socket you want.

A

So if you pass the though the legacy docker shield socket inside the kubernetes joint or in it configuration you can actually use this, uh you can continue using the old couplet, the 123 kubrick. Am I actually adding this because it's very difficult for people to migrate, some big clusters to 124 couplets and I'm adding this uh option if they want to stay within the support skew of the couplet, which is you know, kubernetes supports one couplet behind 123., okay, so this is the.

A

This is basically the pretty much the summary for this release for 125, which, which is when 123 is going to be our support. I'm going to do some cleanup uh by the way. This pr is still open if somebody has comments on the changes related to the docker ship removal and how cuba game is adapting to it.

A

uh Please comment but yeah there's an action requirement. There's like a big release. Note here.

B

Who could you see me in this pr because I kind of slip it through and I don't.

A

Do do you want to review it.

B

Yes,.

A

Thank you for that, because we're not getting enough reviews recently.

A

I mean our our contributors from china are helping. Definitely, but you know more reviews always appreciate it, and I see I already have some comments here that they need to look at.

A

Another change, another change that is happening is that I tested what happens if you use crypto with the docker shim socket, and uh it actually works so uh the abstraction layer that rusty added at some point where we use the docker cli to pull images and perform some actions.

A

Incubation was actually not needed from my understanding because we could have used krakatoa on the uh docker regime socket, so this change is also including uh in one of the commits we are also including I'm also, including uh switching everything to krykato, because now we are going to have this external socket uh and.

B

That's it.

A

Let's reason.

B

About this, because you are assuming that everyone changes at the same time.

B

Yes, so also what what? If we have a user that is in kubernetes, 1 uh 24, spin up a cluster 123 and using docker.

A

Krakatoa will still work because krakato they have to be explicit when this is a requirement now yeah, but.

D

They use.

A

They all the docker.

A

It's still going to work crack it as.

B

My point is that the docker shim socket does not exist in all the installation but yeah. I will comment on the apr.

A

Sure I think it works because I tested it.

B

Okay, that's fine! So in the older cluster cattle cry cattle version, this was not working. There was not even comments for pulling stuff to slowly that yeah, but probably fixed okay.

B

I have to jump to the cluster meeting, but uh thank you for running this uh triage session. Sure.

A

No problem, thanks all for joining bye-bye see you bye.