►
From YouTube: SIG Cluster Lifecycle - kubeadm office hours 2021-06-09
A
A
A
Phrase,
I
don't
see
any
blockers.
We
have
a
lot
of
time
with
this
extended
release
cycle,
so
it's
actually
good
for
us.
B
Yeah,
thank
you
and,
and
also
I
think
that
this
cycle
we
we
are
really
we.
We
did
a
great,
a
great
job
so
far
and
most
of
what
we
are
scheduling,
we
have
schedule
that
is
already
there
and
yeah.
Thank
you
for
that.
B
A
I
can
see
a
couple
of
changes
happening
before
we
release
v1
beta3,
okay.
I
really
want
to
do
this,
which
is
extract
booster
token,
to
not
be
inside
v1
beta3.
Given
we
have
so
much
time,
it's
a
backward
item,
but
no
it's
not,
but
it's
actually
important
long
term.
B
B
A
A
bit
complicated
for
copy
because
you
have
to
create,
like
a
new
group
for
the
bootstrap
token.
B
B
But
yeah,
let's
see
okay,
this
is
one,
let's
see
how
they
change
the
shape
out,
but
I
yeah
I
don't
expect
piggy,
but
in
copy
good
to
know
and
then.
A
B
B
Are
derived
from
the
same
object,
but
now
they
are
different
and
they
make
you
an
example.
For
instance,
in
an
in
cluster
api
we
are
not
using
automatic
copy
of
certificates,
and
so
we
don't
have
the
certificate
key
things
and
stuff
like
that.
So
basically,
cluster
api
types
will
become
a
subset
of
kubernetes
that
basically
allows
user
to
make
only
the
configuration
that
makes
sense
for
copy.
B
B
B
B
A
Well,
the
discussion
is
that
also
no
conversion,
but
now
you
have
conversion,
because
you
have
okay,
so.
A
A
A
A
B
The
drift
is
intentional,
because
really
some
some
combat
mean
configuration
can
basically
screw
up
the
cluster.
I
make
another
example:
if
the
kuben
mean
if
the
cluster
api
user
configure
a
bootstrap
token
likely
the
cluster
won't,
the
nodes
in
classic
api
won't
join,
and
so
we
want
to
either
tokens
and
stuff
like
that.
So
yeah.
A
But
it's
a
food
gun,
you
give
them
the
power,
but
if
they
do
it
is
their
responsibility
like
this.
If
you
have
this
documented
the
list
of
types,
the
list
of
fields
that
should
not
be
modified.
B
B
A
B
Yeah
and
yeah
I
agree:
wrapping
an
api
is
never
ideal,
but
also
embedding
an
api
as
a
its
problem,
and
now
it
is
not
possible
for
kubernetes.
So
we
believe
that
this
this
is
that
now
we
are
in
a
better
situation
than
before,
because
if
you
remember
before,
we
were
only
supporting
the
one
beta
one,
which
now
could
be
problematics
and
stuff
like
that.
So.
A
Okay,
I'm
going
to
work
on
this.
I
don't
know
when,
but
there
is
enough
time
hopefully
for
it,
I'm
not
sure
about
this.
It
had
some
problems.
I
don't
think
we
should
discuss
it
in
this
call
no
yeah.
I
need
to
get
back
to
it.
It's
not
yet
decided
patches.
I
realized
that
if
I
had
patches
to
v1
beta
3
as
a
purchase
directory,
we
we
didn't
have
this
in
the
cap
for
the
patches.
A
B
I
think
that
yeah-
let's
discuss
these
case
by
case,
but
I
don't
see
big
problem
because
patches
and
they
wrote
map
were
announced
a
long
time
ago.
We
announced
that
that
we
are
changing
the
cap
so
that
we
are
changing
the
config,
so
they
are
just
consequences.
B
A
We
removed
the
experimental
customize
we
can
do
this.
I
think
this
is.
We
should
talk
about
this
as
well.
The
feature
is
not
documented,
but
I
can
document
it.
This
will
potentially.
A
Maybe
people
are
going
to
ask
like
why
are
you
doing
this,
but
I
can
explain
we're
graduating
it's
as
part
of
another
cap
which
is
kind
of
strange
and
it's
it
can
be
added
to
to
the
conflict.
A
So
it
feels
the
time.
Is
this
cycle.
B
Okay,
make
sense
for
me
and
yeah
it.
It
is
a
nice
option
and.
B
A
So
it's
going
to
be
kind
of
strange
init
and
join,
don't
have
the
patches
flag,
but
upgrade
has
must
must
have
it
so.
Instead,
I
think
we
should
just
have
the
flag
everywhere
and
think
about
the
future,
eventually
removing
it
in
the
future,
when
we
have
maybe
config
for
everything.
B
Yeah-
let's,
let's
think
about
this
it
it
seems
that
the
only
let
me
say,
blocker
or
the
the
only
missing
point
to
the
entire
story,
but
everything
else
seems
legit,
and
so,
let's
figure
out
how
to
make
this
work
across
upgrades
and
yeah.
We
have
to
think
about
this.
A
I
I
just
want
to,
I
probably,
are
going
to
add
the
patches
flag
and
other
nodes
that
you
know.
Eventually,
we
might
remove
this
flag
in
favor
of
config,
but
the
flag
is
going
to
overwrite
the
value
in
config.
For
now,.
B
A
Pause
image,
configurable
dropped
extracts.
This
is
something
that
also
I
can
work
on
or
maybe
ask
someone
to
work
on
that.
You
know
we
have
extra
arcs,
it's
a
backward
item.
We
have
extra
arcs,
they
don't
allow
duplicate
values,
for
instance,
some
api
server
flags.
You
can
pass
multiple
times
and
all
of
them
are
usable.
A
I
think
it
was
something
about
authentication.
I
don't
remember
examples:
okay,
okay,
so
yeah
you
can
pass
multiple.
A
Keys,
I
don't
know
what
this
flag
is
doing.
Yes
and
I
okay,
okay,
yes
and
I,
but
you
cannot
do
that
in
cuba,
which
means,
if
you
look
at
the
api,
it's
it's
currently.
The
extra
rx
is
a
map
of
a
string
to
string
yes.
A
A
I
want,
I
think,
it's
fine
to
make
this
change
since
in
v1
beta3,
it's
not
fine
to
make
it
in
within
once
the
version
is
released.
We
have
to
make
it
before
it's
released.
I
think
yeah.
A
B
B
Yeah,
let's
get
the
bootstrap
token
figure
out
for
first
and
and
kubernetes
and
and
patches.
I
see.
A
A
Okay,
do
you
want
to
give
you
the
number?
No,
I
I
took
note
all
right
extra
duplicates.
I
think
that
somebody
already
assigned
themselves
to
this.
I
think
it's
paco
from
not
mistaken,
yeah.
Okay.
A
B
Yeah,
but
do
you
want
to
add
these
in
image
meta
or
do
you
want
so
and
make
this
configurable
component
by
component,
or
do
you
want
to
add
these
at
top
11.
B
Instead
yeah
now
there
is
an
option,
because
otherwise
this
is
this
is
global.
A
A
A
I
had
a
discussion
with
fabio
rapuzzeli
and
tim
centcare
about
it
a
couple
of
years
ago.
A
Basically,
I
don't
think
we
can
use
this
at
least
in
vmware
products.
I
don't
know
if
users
can
do
it,
but
they
probably
can
because
nobody's
going
to
monitor
what
they
do.
I
think
there
were
some
problems
around
this.
So
currently
it's
a
feature
gate,
which
means
that
we
wanted
to
enable
it
by
default
in
cuba,
dm
always
and
the
feature
gate
is
alpha.
A
B
Okay,
so
I'm
not
an
expert
here,
so
I
I
cannot
say
if
this
is
something
that
is
required
is
mandatory.
If
there
are
laws
behind
these,
so
I
would
like
to
get
someone
making
us
to
understand
the
priority
of
this,
also
because
it
is
not
that
we
have
so
much
request
on
this
feature,
so
I
I'm
minus
one
for
working
on
this
and
this
ingredient
with
the
tree.
A
A
Modern
attacks
that
have
basically
powerful
machines
that
are
used
for
them.
So
if
you
use
a
quantum
computer,
I
don't
think
hca
can
help
you,
but
now
nowadays,
there's
so
much
computing
power
that
basically
the
existing
algorithms
that
we
have
is
are
not
that
great
and
lcdsa
is
better
actually,
but.
A
A
Okay,
this
is
so
I
have
against.
Everything
is
the
best
effort,
I'm
probably
going
to
do
patches,
because
I've
seen
requests
something
about
the
story
going
back
to
the
patches.
Let
me
open
this
and
use
this
as
a
text
editor
quickly.
A
My
idea
of
the
api
was,
if
you
have
a
patches
structure
like
so,
my
idea
was
not
to
have
a
patches
directory.
A
Something
like
that
because
if,
if
we
see
too
many
requests
about
embedding
patches,
which,
if
we
discuss
that
it's
not
a
good
idea
in
general,
but
it
allows
us
to
be
backwards,
compatible.
A
Version:
okay,
the
next
topic:
you
have
no,
no
specific
configuration
yeah.
B
This
is
a
a
so
previous
discussion,
so
there
was
last
week
a
meeting
received
node
where,
as
you
know,
there
was
the
aditi
from
vmware
raised
the
the
point
about
the
starter
and
the
future
of
kubernetes
configuration,
and
so
it
seems
that
there
is
a
general
agreement,
including
in
the
insignia,
to
go
away
to
go
to
move
forward
and
and
basically
start
deprecating
and
removing
flex.
B
Okay,
there
is
no
con,
create
a
roadmap
now
but
yeah.
This
seemed
the
direction
so
flaggers
are
going
to
to
go
away
and
cooperate,
configure.
We
will
be
the
the
only
way
to
configure
kubernetes,
so
this
makes
basically
this
is.
This
is
going
to
force
kubernetes
and
all
the
installer
to
start
drifting
away
from
kubernetes
flag.
B
At
least
this
is
my
take,
and
so
I
started
to
think
about
how
we
can
do
this,
especially
because,
as
as
of
today,
we
are
using
flags
as
a
solution
for
allowing
the
user
to
do
node
specific
configuration,
so
that's
mean
that
we
have
to,
and
just
to
make
this
a
little
bit
more
clear
when
we
we
do
cover
the
mean
in
it.
The
user
is
allowed
to
specify
a
kubernetes
configuration.
B
Kubernetes
configuration
will
be
used
for
all
the
nodes,
but
when
doing
kubernetes,
the
user
can
use
node
registration
option,
kubernetes
extra
args
to
override
what
is
written
in
in
the
kubernetes
configuration
okay.
So
we
are
using
this
two
layer,
12
law,
node
specific
configuration,
given
that
the
second
layer
is
is
going
away
in
the
future,
doesn't
mean
that
we
have
to
provide
our
user
a
nice
way
to
do
node
specific
configuration
without
using
flex.
A
Yes,
subject
that
in
the
sig
node
meeting,
I'm
not
sure
I
I
gathered
the
same
response
as
you
did,
because
probiotic
was
the
only
thing
they
agreed
on.
Was
they
don't
want
to
add
more
flax
but
the
removal
of
flax?
I
didn't
hear
a
concrete
explanation
or
a
concrete
agreement
on
saying:
hey.
Yes,
we
are
going
to
remove
all
the
deprecated
flags.
B
B
The
roadmap
is
so
the
timeline
is
not
defined
yet,
but
what
happen
if
they
are
the
only
configuration
flags
and
then
they
don't
add
any
more
flags.
So
they
are,
they
add
a
new
option.
Only
in
the
kubernetes
in
the
kubernetes
configuration,
but
not
in
the
flex
doesn't
mean
that
that
kubernetes
user
won't
be
you
capable
to
use
this
these
new
flags
unless
they
they
have
to
set
the
same
value
for
the
entire
cluster.
A
B
Someone
stated
that
they
are
aligned,
but
I
I
agree
with
you
that
there
are
some
differences
and
yeah
so
tldr
is
that
flags
are,
let
me
say
when
we
continue
to
work
on
the
two
lion
flags.
We
are
kind
of
working
on
x,
and
so
I
would
like
to
start
to
think
an
alternative.
B
Flux
rely
of
flags
if
there
is
okay
and
so
we
we
should
start
to
start
something
an
alternative
and
work
on
it.
So
basically
I
start
in
a
document.
I
will
share
the
document
with
you.
We
will-
and
I
will
add
also
to
the
meeting
meeting
meetings
now
it
is
still
a
brainstorming.
So
it's
not
shareable
it's
not
in
a
good
suite
but
yeah.
B
Let's
make.
Let's
make
an
example
and
try
to
make
this
clear,
so
I
have
to
create
a
cluster
and
I
have
a
bunch
of
node
that
uses
gpus,
okay,
and
so
I
need
a
special
kubernetes
configuration
for
these
nodes,
and
my
idea
is
that:
okay,
let's
give
the
user
the
possibility
to
add
to
the
cluster,
so
they
took
about
meaning
in
it
as
as
of
today,
and
then
we
we
give
the
user
the
possibility
to
add
a
second
and
mean
kubernetes
configuration
and
also
to
specify
a
node
selector.
B
Okay,
after
after
this
new
kubernetes
with
this
node
specific
configuration
is
in
the
cluster.
What
what
happened
when
we
do
join
is
that
join
basically
will
search.
If
there
is
another
specific
configuration
for
the
joining
node,
it
will
use
it.
A
A
And
we
can
do
that
from
init,
but
sometimes
when
you
create
a
question,
you
don't
know
what
additional
requirements
you
have
in
the
future
for
the
the
corporate
instance
specific
configuration,
so
you
might
might
not
be
able
to
create
the
node
selector
in
advance
because
you
don't
know
what
the
cluster
will
become.
A
But
it's
you,
don't
you
don't
know
you,
you
might
have
joining
notes,
but
you
don't
know
like
how
do
you
modify
this
setup
so
that
imagine
that
I
didn't
create
a
node
selector
from
the
start
and
eventually
I
want
to
modify
this
cluster
to
have
multiple
couplet
configurations.
A
Yes,
the
node
selector,
and
this
happens
in
a
very
later
stage
and
then
I
want
to
have
this.
How
do
I,
how
do
I
modify
the.
B
A
Yeah,
I
I
mean
it's
possible.
Definitely
no.
I
was
thinking
about
something
else.
We
can
actually
use
patches
for
that
as
well,
because
if
you
have
seen
the
instant
specific
cap
discussion.
A
They
they
were
back
and
forth
between
different
options
and
eventually
what
they
decided,
which
I
don't
exactly
agree
with,
but
they
decided
that
if
you
have
a
quote-unquote
global
corporate
configuration,
the
way
to
apply
instance,
specific
changes
is
to
use
a
patch
version
of
of
this.
So
you
basically
pass
a
patch.
You
have
another
another
flag
and
you
pass
a
patch
which
overrides
the
global
with
the
settings
that
you
want.
Any
patch
is
persisted
on
disk.
B
B
B
B
Instead,
I
think
that
it
is
a
little
bit
more
safer
if
we
basically
delegate
the
user
the
responsibility
to
decide
what
what
is
instance
configuration
what
is
global
configuration
and,
and
so
on.
B
B
B
Future
proof,
because
it
is
hard
to
upgrade
them,
it
is-
are
the
there
is
no
conversion
mechanism
stuff
like
that.
So
I
I
think
that
the
simple
the
simplest
thing
is
that
okay,
you
want
a
different
configuration.
Give
me
the
configuration,
I
don't
implement
any
sort
of
merger.
I
don't
implement
nothing.
I
just
use
another
configuration.
B
A
Yeah
sure
I
just
I'm
not
exactly
suggesting
that
we
should
follow
what
the
cap
suggests.
It's
just
that
we
already
have
the
mechanism
in
cuba
dm
to
patch
files,
and
if
you
look
at
the
v1
pod
object,
we
don't
have
an
upgrade
story
for
that
either,
which
is
a
static
pot.
If
we
have
a
v2
pot
eventually,
which
is
not
so
unlikely
to
happen,
eventually,
we
don't
really
have
a
way
to
migrate
user
patches
either,
but
we
already
have
a
contract
with
the
users
to
use
patches
for
control,
plane.
A
Yeah,
the
same
could
be
for
the
a
kubrick
patch.
There
is
v1
beta1
or
if
you
want
beta2
is
backwards
compatible.
The
patchway
still
is
going
to
work
no,
depending
on
the
patch
and
the
the
same
way.
We
are
preserving
the
instance
specific
configuration
on
disk
the
same
way.
We
are
preserving
user
patches
on
disk,
so
we
already
have
the
mechanism.
B
B
A
Yeah,
I
just
what
I
don't
like
about.
I
mean
I
appreciate
your
idea
with
the
note
selector.
I
think
this
makes
a
lot
of
sense,
but
we
already
we
already
implemented
a
different
method
of
having
instance
specific
configuration,
and
I
don't
want
us
to
have
multiple
ways
to
do
it.
So
it
seems
like
patches
is
the
way
to
go.
From
my
perspective.
A
Well,
at
the
end
of
the
day,
you
are
just
patching
a
file
that
contains
some
sort
of
a
group
version
kind
of
the
corporate
configuration
or
a
view
on
pot
are
both
something
like
that.
B
Yeah
but
again
pages
are
by
note
and,
and
you
are,
they
are
not
visible.
I
I
can
then
so
I
agree.
We
have
a
mechanism
which
was
an
exception
mechanism,
because
we
are
good.
We
are
getting
to
the
root
of
the
problem.
The
root
of
the
problem
is
that
we
invented
patches,
because
kuberne
has
only
a
cluster
configuration
that
that's
that's
the
point.
B
So
patching
patches
are
a
workaround
because
we
don't
have
know
the
configuration,
and
so
I
I
think
that
we
should
tackle
the
problem
instead
to
add
a
workaround
on
top
of
workarounds,
okay,
but.
A
B
B
So
it
does
not
really
make
sense
and
it
is
a
bad
user
experience
asking
the
user
to
copy
the
same
configuration
or
the
same
patches
across
all
the
nodes.
This
is
why
I
would
like
to
to
create
this
kuber
configuration
having
a
knob
selector,
and
so
basically,
when
you
create
a
node,
the
the
right
configuration
get
joined
to
to
your
to
your
node,
and
if
you
are
ten
nodes,
equal
everything
happens.
B
Let
me
say
everything
is
simple:
you
have
only
the
final
configuration
once
and
once
and
it
gets
reused
many
times
but
yeah
we
we
can
discuss
I.
What
is
important
for
me
is
that
you,
you
agree
that
that
in
the
problem
statement-
and
then
we
can
discuss
on
the
solution-
and
I
will
I.
A
B
I
don't
think
so,
and-
and
this
is
this
is
something
that
that
we
can
discuss,
but
I
don't.
I
think,
that
we
have
three
different
problems
which
are
technically
really
different
and
and
also
in
terms
of
impact,
because
configuring,
having
no
specific
configuration
for
control,
plane
problem
for
control,
plane
object,
is
a
really
different
problem
that
the
kubernetes
configuration,
because.
B
Because
kuber
configuration
apply
apply
to
all
the
nodes
cluster
configuration
only
to
the
control
plane
nodes,
because
technically
one
is
implemented
in
static
parts.
The
other
is
implemented
using
config
map
in
the
cluster.
So
there
is
a
lot
of
technicalities
in
different
and
also
another
possible.
Point
of
configuration
is
cuba
proxy.
A
I
was
asked
today
by
user.
Do
you
want
to
support
patches
for
q
proxy?
I
said
no.
I
q
cubert
was
not
included
in
the
in
the
question,
but
for
me
the
problem
is
the
same
on
the
very
very
high
level,
which
is
instant,
specific
configuration.
We
currently
do
not
support
it
for
the
couplet,
but
we
support
it
via
patches
for
control,
plane,
components,
quasar
api.
If
I
don't
think
you
have
a
such
a
use
case,
but
if
somebody
wants
to
apply
a
custom
bind
address
on
a
particular
control
plane
instance.
A
A
I
guess
there
is
no
such
use
case
because
most
users
just
prepare
the
vm
to
be
appropriately
configured
to
have
the
the
first
interface
to
be
the
one
that
you
want,
but
yeah
it's
a
very
I
just
want.
Don't
want
to
implement
more
solutions
that
it
might
be
the
right
thing
to
do,
but
I
just
want
everything
to
use
the
same
mechanism.
Yeah.
A
B
A
Yeah,
I
really
don't
like
to
maintain
multiple
solutions.
It's
just
in
the
end
of
the
day,
some
of
the
technical
depth
that
we
have
in
cuba.
Dm
is
nowadays
maintained
as
a
best
effort,
and
if
you,
if
you
say
that
patches
are
a
workaround,
I
don't
know
what
we're
going
to
do
with
it.
Are
we
going
to
remove
patches?
Eventually?
I
have
many
questions.
I
will
add
them
to
the
document.
B
A
What
is
a
priority,
but
in
the
end
of
the
day,
cube
adm
users
are
not
talking
about
cluster
api
uses,
cube.
Adm
users
can
stop
using
flags
to
apply
customization
and
they
can
just
apply
a
mechanism
which
is
not
great,
but
they
could
overwrite
the
coblet
configuration
on
disk
and
restart
the
couplet
it
will.
A
B
B
No,
no,
the
point
here
is
that
patches,
where
basically
the
the
the
the
passes
were
defined
to
address
our
problem.
So
the
problem
is
that
in
cuba,
meaning
we
are
exposing
a
limited
number
of
flags
and
we
want
this
to
continue.
Okay,
this
limited
number
of
flags
get
translated
into
static
ports.
Okay,
but
user
needs
user.
In
some
extreme
cases,
they
need
to
configure
everything
of
the
static
ports,
not
only
the
flags,
but
everything
memory
limits
are
the
sidecar
whatever
that
they
they
want
to
configure
everything
in
static
ports.
B
A
A
Okay,
once
you
have
the
talk,
just
give
me
the
link,
I
will
comment
we
have
to
drop
because
we
are
over
time
thanks
so
much
for
joining
and
see
you
again.