►
From YouTube: SIG Cluster Lifecycle - kubeadm office hours 2021-06-09
A
A
A
B
B
A
B
B
B
B
Are
derived
from
the
same
object,
but
now
they
are
different
and
they
make
you
an
example.
For
instance,
in
an
in
cluster
api
we
are
not
using
automatic
copy
of
certificates,
and
so
we
don't
have
the
certificate
key
things
and
stuff
like
that.
So
basically,
cluster
api
types
will
become
a
subset
of
kubernetes
that
basically
allows
user
to
make
only
the
configuration
that
makes
sense
for
copy.
B
B
B
A
A
A
A
A
B
The
drift
is
intentional,
because
really
some
some
combat
mean
configuration
can
basically
screw
up
the
cluster.
I
make
another
example:
if
the
kuben
mean
if
the
cluster
api
user
configure
a
bootstrap
token
likely
the
cluster
won't,
the
nodes
in
classic
api
won't
join,
and
so
we
want
to
either
tokens
and
stuff
like
that.
So
yeah.
A
B
B
A
B
Yeah
and
yeah
I
agree:
wrapping
an
api
is
never
ideal,
but
also
embedding
an
api
as
a
its
problem,
and
now
it
is
not
possible
for
kubernetes.
So
we
believe
that
this
this
is
that
now
we
are
in
a
better
situation
than
before,
because
if
you
remember
before,
we
were
only
supporting
the
one
beta
one,
which
now
could
be
problematics
and
stuff
like
that.
So.
A
Okay,
I'm
going
to
work
on
this.
I
don't
know
when,
but
there
is
enough
time
hopefully
for
it,
I'm
not
sure
about
this.
It
had
some
problems.
I
don't
think
we
should
discuss
it
in
this
call
no
yeah.
I
need
to
get
back
to
it.
It's
not
yet
decided
patches.
I
realized
that
if
I
had
patches
to
v1
beta
3
as
a
purchase
directory,
we
we
didn't
have
this
in
the
cap
for
the
patches.
A
B
B
A
B
A
B
A
B
A
Pause
image,
configurable
dropped
extracts.
This
is
something
that
also
I
can
work
on
or
maybe
ask
someone
to
work
on
that.
You
know
we
have
extra
arcs,
it's
a
backward
item.
We
have
extra
arcs,
they
don't
allow
duplicate
values,
for
instance,
some
api
server
flags.
You
can
pass
multiple
times
and
all
of
them
are
usable.
A
A
A
A
A
B
B
A
A
A
A
A
Basically,
I
don't
think
we
can
use
this
at
least
in
vmware
products.
I
don't
know
if
users
can
do
it,
but
they
probably
can
because
nobody's
going
to
monitor
what
they
do.
I
think
there
were
some
problems
around
this.
So
currently
it's
a
feature
gate,
which
means
that
we
wanted
to
enable
it
by
default
in
cuba,
dm
always
and
the
feature
gate
is
alpha.
A
B
Okay,
so
I'm
not
an
expert
here,
so
I
I
cannot
say
if
this
is
something
that
is
required
is
mandatory.
If
there
are
laws
behind
these,
so
I
would
like
to
get
someone
making
us
to
understand
the
priority
of
this,
also
because
it
is
not
that
we
have
so
much
request
on
this
feature,
so
I
I'm
minus
one
for
working
on
this
and
this
ingredient
with
the
tree.
A
A
Modern
attacks
that
have
basically
powerful
machines
that
are
used
for
them.
So
if
you
use
a
quantum
computer,
I
don't
think
hca
can
help
you,
but
now
nowadays,
there's
so
much
computing
power
that
basically
the
existing
algorithms
that
we
have
is
are
not
that
great
and
lcdsa
is
better
actually,
but.
A
A
B
Okay,
there
is
no
con,
create
a
roadmap
now
but
yeah.
This
seemed
the
direction
so
flaggers
are
going
to
to
go
away
and
cooperate,
configure.
We
will
be
the
the
only
way
to
configure
kubernetes,
so
this
makes
basically
this
is.
This
is
going
to
force
kubernetes
and
all
the
installer
to
start
drifting
away
from
kubernetes
flag.
B
At
least
this
is
my
take,
and
so
I
started
to
think
about
how
we
can
do
this,
especially
because,
as
as
of
today,
we
are
using
flags
as
a
solution
for
allowing
the
user
to
do
node
specific
configuration,
so
that's
mean
that
we
have
to,
and
just
to
make
this
a
little
bit
more
clear
when
we
we
do
cover
the
mean
in
it.
The
user
is
allowed
to
specify
a
kubernetes
configuration.
B
Kubernetes
configuration
will
be
used
for
all
the
nodes,
but
when
doing
kubernetes,
the
user
can
use
node
registration
option,
kubernetes
extra
args
to
override
what
is
written
in
in
the
kubernetes
configuration
okay.
So
we
are
using
this
two
layer,
12
law,
node
specific
configuration,
given
that
the
second
layer
is
is
going
away
in
the
future,
doesn't
mean
that
we
have
to
provide
our
user
a
nice
way
to
do
node
specific
configuration
without
using
flex.
A
Yes,
subject
that
in
the
sig
node
meeting,
I'm
not
sure
I
I
gathered
the
same
response
as
you
did,
because
probiotic
was
the
only
thing
they
agreed
on.
Was
they
don't
want
to
add
more
flax
but
the
removal
of
flax?
I
didn't
hear
a
concrete
explanation
or
a
concrete
agreement
on
saying:
hey.
Yes,
we
are
going
to
remove
all
the
deprecated
flags.
B
B
The
roadmap
is
so
the
timeline
is
not
defined
yet,
but
what
happen
if
they
are
the
only
configuration
flags
and
then
they
don't
add
any
more
flags.
So
they
are,
they
add
a
new
option.
Only
in
the
kubernetes
in
the
kubernetes
configuration,
but
not
in
the
flex
doesn't
mean
that
that
kubernetes
user
won't
be
you
capable
to
use
this
these
new
flags
unless
they
they
have
to
set
the
same
value
for
the
entire
cluster.
A
B
B
Flux
rely
of
flags
if
there
is
okay
and
so
we
we
should
start
to
start
something
an
alternative
and
work
on
it.
So
basically
I
start
in
a
document.
I
will
share
the
document
with
you.
We
will-
and
I
will
add
also
to
the
meeting
meeting
meetings
now
it
is
still
a
brainstorming.
So
it's
not
shareable
it's
not
in
a
good
suite
but
yeah.
B
Let's
make.
Let's
make
an
example
and
try
to
make
this
clear,
so
I
have
to
create
a
cluster
and
I
have
a
bunch
of
node
that
uses
gpus,
okay,
and
so
I
need
a
special
kubernetes
configuration
for
these
nodes,
and
my
idea
is
that:
okay,
let's
give
the
user
the
possibility
to
add
to
the
cluster,
so
they
took
about
meaning
in
it
as
as
of
today,
and
then
we
we
give
the
user
the
possibility
to
add
a
second
and
mean
kubernetes
configuration
and
also
to
specify
a
node
selector.
B
A
A
B
A
A
They
they
were
back
and
forth
between
different
options
and
eventually
what
they
decided,
which
I
don't
exactly
agree
with,
but
they
decided
that
if
you
have
a
quote-unquote
global
corporate
configuration,
the
way
to
apply
instance,
specific
changes
is
to
use
a
patch
version
of
of
this.
So
you
basically
pass
a
patch.
You
have
another
another
flag
and
you
pass
a
patch
which
overrides
the
global
with
the
settings
that
you
want.
Any
patch
is
persisted
on
disk.
B
B
B
B
B
Future
proof,
because
it
is
hard
to
upgrade
them,
it
is-
are
the
there
is
no
conversion
mechanism
stuff
like
that.
So
I
I
think
that
the
simple
the
simplest
thing
is
that
okay,
you
want
a
different
configuration.
Give
me
the
configuration,
I
don't
implement
any
sort
of
merger.
I
don't
implement
nothing.
I
just
use
another
configuration.
B
A
Yeah
sure
I
just
I'm
not
exactly
suggesting
that
we
should
follow
what
the
cap
suggests.
It's
just
that
we
already
have
the
mechanism
in
cuba
dm
to
patch
files,
and
if
you
look
at
the
v1
pod
object,
we
don't
have
an
upgrade
story
for
that
either,
which
is
a
static
pot.
If
we
have
a
v2
pot
eventually,
which
is
not
so
unlikely
to
happen,
eventually,
we
don't
really
have
a
way
to
migrate
user
patches
either,
but
we
already
have
a
contract
with
the
users
to
use
patches
for
control,
plane.
A
Yeah,
the
same
could
be
for
the
a
kubrick
patch.
There
is
v1
beta1
or
if
you
want
beta2
is
backwards
compatible.
The
patchway
still
is
going
to
work
no,
depending
on
the
patch
and
the
the
same
way.
We
are
preserving
the
instance
specific
configuration
on
disk
the
same
way.
We
are
preserving
user
patches
on
disk,
so
we
already
have
the
mechanism.
B
B
A
Yeah,
I
just
what
I
don't
like
about.
I
mean
I
appreciate
your
idea
with
the
note
selector.
I
think
this
makes
a
lot
of
sense,
but
we
already
we
already
implemented
a
different
method
of
having
instance
specific
configuration,
and
I
don't
want
us
to
have
multiple
ways
to
do
it.
So
it
seems
like
patches
is
the
way
to
go.
From
my
perspective.
B
Yeah
but
again
pages
are
by
note
and,
and
you
are,
they
are
not
visible.
I
I
can
then
so
I
agree.
We
have
a
mechanism
which
was
an
exception
mechanism,
because
we
are
good.
We
are
getting
to
the
root
of
the
problem.
The
root
of
the
problem
is
that
we
invented
patches,
because
kuberne
has
only
a
cluster
configuration
that
that's
that's
the
point.
A
B
B
So
it
does
not
really
make
sense
and
it
is
a
bad
user
experience
asking
the
user
to
copy
the
same
configuration
or
the
same
patches
across
all
the
nodes.
This
is
why
I
would
like
to
to
create
this
kuber
configuration
having
a
knob
selector,
and
so
basically,
when
you
create
a
node,
the
the
right
configuration
get
joined
to
to
your
to
your
node,
and
if
you
are
ten
nodes,
equal
everything
happens.
B
A
B
I
don't
think
so,
and-
and
this
is
this
is
something
that
that
we
can
discuss,
but
I
don't.
I
think,
that
we
have
three
different
problems
which
are
technically
really
different
and
and
also
in
terms
of
impact,
because
configuring,
having
no
specific
configuration
for
control,
plane
problem
for
control,
plane
object,
is
a
really
different
problem
that
the
kubernetes
configuration,
because.
B
Because
kuber
configuration
apply
apply
to
all
the
nodes
cluster
configuration
only
to
the
control
plane
nodes,
because
technically
one
is
implemented
in
static
parts.
The
other
is
implemented
using
config
map
in
the
cluster.
So
there
is
a
lot
of
technicalities
in
different
and
also
another
possible.
Point
of
configuration
is
cuba
proxy.
A
I
was
asked
today
by
user.
Do
you
want
to
support
patches
for
q
proxy?
I
said
no.
I
q
cubert
was
not
included
in
the
in
the
question,
but
for
me
the
problem
is
the
same
on
the
very
very
high
level,
which
is
instant,
specific
configuration.
We
currently
do
not
support
it
for
the
couplet,
but
we
support
it
via
patches
for
control,
plane,
components,
quasar
api.
If
I
don't
think
you
have
a
such
a
use
case,
but
if
somebody
wants
to
apply
a
custom
bind
address
on
a
particular
control
plane
instance.
A
A
I
guess
there
is
no
such
use
case
because
most
users
just
prepare
the
vm
to
be
appropriately
configured
to
have
the
the
first
interface
to
be
the
one
that
you
want,
but
yeah
it's
a
very
I
just
want.
Don't
want
to
implement
more
solutions
that
it
might
be
the
right
thing
to
do,
but
I
just
want
everything
to
use
the
same
mechanism.
Yeah.
A
B
A
Yeah,
I
really
don't
like
to
maintain
multiple
solutions.
It's
just
in
the
end
of
the
day,
some
of
the
technical
depth
that
we
have
in
cuba.
Dm
is
nowadays
maintained
as
a
best
effort,
and
if
you,
if
you
say
that
patches
are
a
workaround,
I
don't
know
what
we're
going
to
do
with
it.
Are
we
going
to
remove
patches?
Eventually?
I
have
many
questions.
I
will
add
them
to
the
document.
B
A
What
is
a
priority,
but
in
the
end
of
the
day,
cube
adm
users
are
not
talking
about
cluster
api
uses,
cube.
Adm
users
can
stop
using
flags
to
apply
customization
and
they
can
just
apply
a
mechanism
which
is
not
great,
but
they
could
overwrite
the
coblet
configuration
on
disk
and
restart
the
couplet
it
will.
A
B
B
No,
no,
the
point
here
is
that
patches,
where
basically
the
the
the
the
passes
were
defined
to
address
our
problem.
So
the
problem
is
that
in
cuba,
meaning
we
are
exposing
a
limited
number
of
flags
and
we
want
this
to
continue.
Okay,
this
limited
number
of
flags
get
translated
into
static
ports.
Okay,
but
user
needs
user.
In
some
extreme
cases,
they
need
to
configure
everything
of
the
static
ports,
not
only
the
flags,
but
everything
memory
limits
are
the
sidecar
whatever
that
they
they
want
to
configure
everything
in
static
ports.