►
From YouTube: SIG Cluster Lifecycle - Cluster Addons 20191015
A
C
I
figured
we
would
with
a
touch
some
points,
and
then
people
are
obviously
able
you
know
free
to
review
on
their
own
and
shoot
things
out,
but
yeah.
This
is
definitely
a
first
pass.
It
just
basically
tells
you
hey
word
linking
this
library
proof
of
concept
into
Covidien,
and
we
would
like
to
do
this.
The
kept
this
particular
kept
was
on
the
cube
in
iam
117
planning
cycle
to
get
done
so
we've
started
that
process.
C
We
talked
about
some
of
the
motivations,
so
it's
cool,
there's
an
official
goober
nice
place
for
some
of
why
we're
doing
this
whole
add
ons
thing
now
and
with
regard
to
like
the
actual
cluster
installers.
Most
of
these
motivations
I
think
will
be
similar
enough.
We
want
to
do
like
one
of
these
four
cops
or
something
with
a
similar
format,
but
yeah
you
can
see.
C
Oh
well,
like
upgrade
logic
commonly
gets
baked
into
the
binary
and
then
that's
great
that
it's
like
version
inside
of
the
binary,
but
it
causes
other
problems
with
maintenance
and
then
I
think
the
non
goals
section
over
here.
Obviously,
we
want
to
be
able
to
like
people
to
install
like
hardware,
drivers
and.
D
C
That's
probably
where
we
should
stop
for
this
component.
If
you
need
something
more
complex,
it
should
probably
be
in
an
operator
and
exposed
state
and
some
asynchronous
fashion,
but
I
don't
know
some
people
might
have
different
opinion
on
that.
I
just
think
it
sounds
hard
and
it's
probably
not
the
right
thing
to
do.
As
far
as
how
validation
of
component
configs
work,
I
can
actually
link
a
cap
here,
Ross
just
posted
one,
and
he
so
if
you're
interested
there's
command
line
validation
of
component
configs.
C
The
future
which
regards
to
Ross
is
kept
so
discussions
up
and
for
that,
and
then
also
important,
is
just
that
the
actual
operators
themselves
are
not
part
of
this
keps
deliverable
and
then
this
one
I
kind
of
do
in
here,
and
we
haven't
really
talked
about
this
much,
but
basically
it's
really
difficult
if
you're
an
app
to
figure
out
that
you're
being
removed
from
a
cluster
there's
just
no
hook
inside
of
kubernetes.
That
kind
of
explains
that-
and
we
all
know
that,
like
the
minute
you
install
something,
that's
turn
completed,
install
something
somewhere
else
right.
C
So
like
making
apps
responsible
for
cleanup,
it's
like
a
really
difficult
expectation.
Usually
you
need
to
clean
up
in
like
an
additive
way
like
if
you
wanted
to
do
it
correctly,
like
you'd
need
to
apply
some
cleanup
field
to
a
CR,
D
or
something
right.
A
use
case
for
this
would
be
like
cleaning
up
after
iptables,
because
you're
modifying
the
kernel
under
you
and
just
the
current
state
of
infrastructure.
C
Some
differences
in
the
API,
so
that
we've
seen
so
far
is
in
the
add-on
section
for
the
particular
add-on,
I
decided
to
add
a
name.
Adding
a
name
allows
us
to
more
strongly
correlate
what
is
being
upgraded
and
then
just
put
things
like
user
output
and
also
decide.
Ok.
Well,
if
I
were
to
remove
this
entry,
sorry
I
remove
this
entry.
You
can
tell
that
I
want.
C
This
proposal
talks
about
defaulting
and
what
quba
name
should
do
in
the
case
that
it
is
asked
to
use
the
add-on
installer,
but
the
user
does
not
provide
a
config
which
is
basically
default
to
the
appropriate
add-ons
for
the
cluster
version,
and
then
constraints
is
kind
of
an
interesting
one,
and
basically
the
gist
of
it
is
that
the
library
would
probably
be
much
more
mature
and
have
caveats
if
we
were
vending
customize
and
we
were
using
some
kind
of
formal
API
client
that
could
be
swapped
out
for
a
dry
run.
Client.
C
This
is
a
little
weird,
because
there's
actually
I
discovered
two
kinds
of
dry
run.
There's
a
dry
run
where
you're
not
hooked
up
to
the
API
server
and
there's
no
cluster,
and
that
should
still
provide
some
kind
of
helpful
output
for
the
user
to
realize
that
their
inputs
are
sane
and
then
there's
the
dry
run.
Where
there
is
a
cluster
and
things
like
coups
ETL
can
decide
how
to
tell
you
if
something's
being
changed
and
that
kind
of
thing.
So
supporting
that,
like
dual
mode
of
dry
run,
is
an
interesting
like
gradient
features.
C
C
What
did
I,
what
did
I
write
here?
Oh
yeah
I
talked
about
like
signing
releases
and
about
how
cig
release
and
security
might
be
interested
now
that
we
are
necessitating
that
there
being
new
artifacts.
This
feature
is,
is
at
its
core
like
a
packaging
proposal
right,
and
so
there
are
new
artifacts,
there's
new
transport
them
and
like
there
has
to
be
a
story
here
on
that.
So
ya
know
there's
a
little
graduation
thing
and
with
just
like
some
quick
notes
and
things
I
thought
of
I'm
sure
that
this
could
be
fleshed
out
much
more.
C
C
C
C
A
customized
er
yeah
there's
in
the
current
add-on,
installer
library,
the
initial
implementation
only
supports
a
customizer
and
that
can
come
from
a
git
repo
or
from
a
local
directory,
and
then
we've
talked
about
expanding
the
customized
support
for
OC
I
and
then
I
think.
It
also
would
be
good
to
just
support
a
manifest
list.
C
D
C
C
B
C
Don't
think
that
this
subscribes
to
being
like?
Oh
something
should
or
should
not
be
an
operator.
A
good
example
is
in
the
case
of
coop
proxy
right,
like
we
chatted
our
in
our
last
meeting
about
how
this
has
a
bootstrapping
issue
right
and
there's
also
very
little
customization
that
is
necessary
for
coop
proxy.
Most
users
couldn't
get
away
with
just
installing
a
manifest
list.
Accordion
s
is
different,
though
right,
where
you
need
some
kind
of
smarts
to
be
able
to
inspect
the
clusters.
Networking
things,
and
so
this
could
be
an
operator,
and
this
does.
C
E
I
do
want
to
add
that
I
actually
am
in
the
process
of
writing
a
new
proxy
operator.
So
it
is
a
solvable
bootstrapping
problem
and
it's
you
can
you
can
schedule
around
it,
but
you
do
have
to
detect
the
API
server,
essentially
its
location
and
which,
right
now,
you
know
we
kind
of
accomplished
in
Cube
ATM
that
configures
that
endpoint,
that
we
need
to
figure
that
out
in
a
different
way.
E
So
if
it's
running
part
of
the
control
plane,
I
mean
there's
it
it's
it's
the
thing
that
provides
a
lot
of
those
network
facilities,
but
you
can
do
just
about
anything
otherwise
as
long
as
you're
referencing
the
API
server
directly.
But
you
know
you
can
set
up
a
service
account
that
sort
of
thing
without
any
sort
of
networking
features
by.
E
Or
just
like
localhost
was
also
also
a
bit
and
then
the
phone
around
that
I
mean
you
there's
there's
two
so
that
you
can
say
well,
it's
not
necessary
cube.
Roxy
is
relatively
simple,
there's
not
to
a
configuration.
The
reality
is
like.
If
you
want
to
start
exposing
cue
proxy
is
like
really
inherently
tied
to
the
release
so
being
able
to
sequence
its
upgrade
and
have
sort
of
a
health
and
status
sort
of
along
with
it.
E
C
C
E
E
B
C
C
With
regard
to
coop
card
will
apply
and
delete,
I
think
one
behavior
we
would
want
to
I.
Imagine
it's
already
been
thought
about,
and
it
does
it
in
a
reverse
order,
an
ordered
fashion,
but
this
list
is
specified
to
install
in
order,
which
means
that
you
get
a
blocking
behavior
on
the
API
server
so
like.
If
you
want
to
like
install
some
manifests
that,
from
an
API
standpoint,
depend
on
some
other
custom
resource
definition
being
installed.
C
You
can
do
that
in
order
and
then
expect
that
it'll
be
undone
in
the
same
order
and
which,
for
something
like
this
right,
like
I
I,
guess
it
makes
like
logical
sense
for
other
components
as
well,
but
there's
actually
nothing
that
would
necessitate
that
these
components.
These
particular
examples
would
need
to
be
installed
in
a
particular
order,
because
there's
no
API
dependencies
between
them,
but
it
just
makes
logical
sense
as
well.
The
listed
in
this
order.
C
Finalizar,
what
wait
I
guess
the
operator
could
install
a
finalizar
on
itself
and
then
complete
satisfy.
C
C
Cr,
so
I
guess
that
we
just
have
to
like.
If,
if
you
had
the
CR
come
like
say,
there's
cor
dns
operator
and
then
after
it
there's
the
accordian
SCR,
then
if
you
were
in
to
uninstall
both
of
them
at
the
same
time
the
CR
would
be
ripped
out
first,
then
there
would
be
a
finalizer
and
we're
still
waiting
for
that
to
be
removed.
It's
a
blocking
operation.
B
B
E
B
D
F
D
B
C
F
It
seems
like
him,
it
seems
like
we
could
order
this
if
we
added
some
more
field
here
to
actually
specify
some
things
or
maybe
inside
of
a
given
reference
and
manifests,
we
have
a
defined
structure
that
says
like
this
file
here
means
a
certain
thing
like
at
least
in
my
mind.
Maybe
we
clip
some
more
structure
around
this,
rather
than
just
giving
a
blob
of
stuff
and
then
trying
to
snuff
out
what
we're
supposed
to
do.
Mm-Hmm.
C
I
I
would
also
just
be
like
suspicious
of
of
adding
orchestration
fields
when
there
are
potentially
simpler
rules
like
always
dealing
with
CR
DS,
first
or
last,
depending
on
whether
you're,
applying
or
deleting
and
I.
Just
don't
know
if
those
rules
are
present
in
the
existing
components
currently,
but.
F
Right,
I,
just
I,
guess
I'm,
also
like
a
little
worried
that,
like
maybe
for
a
given
operator,
let's
say
like
be
added
as
an
install
and
you
then
the
user
removes
it,
but
they
didn't
mean
to
we
delete
all
the
data
right
when
you
delete
the
CR
D.
So
maybe
they
want
to
keep
that
around
like.
Maybe
we
want
this
to
be
a
little
bit
safer
and
we
just
delete
the
CR.
F
C
C
I
would
say
that
that
should
be
like
the
default
and
like
canonical
best
practice,
because
you
you
lose
like
granularity
in
the
abstraction,
if
you
like
say,
say:
you're
providing
an
add-on
like
say,
you're,
a
company
and
like
cystic
or
weave
works
or
something
and
you
you
have
a
default
installation
that
people
that
you
want
people
to
install
and
in
your
in
the
very
base
of
your
add-on.
Right
like
it's
always
installing
the
default.
C
E
Think
that
there's
a
kind
of
Shaun
when
you
said
that
I
was
kind
of
thinking.
If
we
had
a
structure
that
was
explicit
about
sort
of
groupings,
so
necessarily
saying
that
a
package
has
these
three
things
has
operator
C
or
D
and
C
are
but
saying
that
we
have
better
groupings
of
of
refs.
That
say
hey
this
is
the
operator
this
or
if
we
have
one-
and
this
is
our
member
on
FS,
this
is
my
CR
and
my
C
or
E,
and
we
can
be
very
explicit
about
how
we
handle
the
ordering
of
those
components.
E
I
think
that
it's
something
it's
something
that
consider
like.
Do
you
how
how
much
orchestration
do
you
want
to
do
with
this?
I
think
that
operators
need
some
level
of
that,
or
else
we
end
up
having
to
write
all
these
big
operator
operators
and
so
having
this
sort
of
a
base
set
a
kind
of
a
simple
set
of
behaviors
around
these
groupings.
I
think
could
be
useful,
like
I,
think
I
think
we
could
buy
some
some
youth
benefits.
C
E
Another
name
just
drops
like
this
I
think
we're
talking
two
step
further,
so
not
just
list
of
reps
but
ref.
You
know
type
or
ref
name
operator,
mm-hmm,
something
a
little
deeper
in
tier
I,
agree
yeah!
If
you
just
have
this
string
sort
of
URL,
then
when
that's
that
replacement
problem-
and
you
swap
it
out
with
your
own
implementation,
yeah.
C
C
F
D
D
It
uses
a
numbering
scheme
and
then
anything
in
the
same
run
level
can
all
be
spit
out
at
the
same
time,
and
if,
for
some
reason,
some
part
of
the
run
level
fails,
it'll
keep
your
train,
so
it
gets
through
that
whole
run
level
and
then
it'll
move
on
to
the
next
one
and
then
I'll
move
on
to
the
next
one,
which
also
gives
you
that
parallelism
that
a
straight
serial
doesn't
give
you.
So
it's
like
a
combination
of
having
serial
levels
with
parallel
creation
inside
the
level
yeah.
C
Kind
of
like
a
like
an
NRC
style
of
execution
right
where,
instead
of
calling
this
a
serial
list
of
applications,
you
would
do
all
of
them
at
the
same
time,
with
a
pipeline,
not
not
necessarily
a
deck
but
like
an
ordered
pipeline
where
you're
like
okay
well,
here
are
all
of
my
zeros
and
then
lets.
You
know,
then
do
all
of
the
ones
and
do
the
twos.
D
F
C
Mean
I
kept
this
as
a
serial
list
because
it
keeps
the
implementation
simple
and
blocking
but
I'm
totally
down
to
implement
something
like
that,
either
with
a
dag
with
like
a
dependency
and
like
a
list
of
names
or
something,
and
so
this
could
be
like
now.
If
there's
any
kind
of
nesting
in
here
I
guess
you'd
have
to
be
like.
You
could
support
that.
C
D
It
uses
alphanumeric
naming
and
the
numbers
prepended
to
the
files,
help
it
determine
its
run
levels
like
it's
about
its
simplest
rate
board
as
a
system
for
how
do
you
know
what
order
to
put
things
into
the
cluster
like
it
can
be
handed
just
a
pile
of
manifests
and
say
what
to
do
with
them.
They
still
that
scheme
the.
E
D
E
D
This
case,
all
when
all
of
these
manifests
are
included
there
in
our
room
level,
70,
which
is
number
seven
basically
so
that
one
for
us
just
means
the
one
where
we
got
to
make.
Yes,
it
was
up,
and
generally
everything
can
be
just
applied
to
the
cluster.
At
this
point,
this
is,
for
the
most
part,
the
point
at
which
a
cluster
starts
like
the
vision,
and
then
we
can
put
a
bunch
of
extra
stuff
into
the
cluster.
C
D
C
D
D
C
I
s
just
my
only
the
only
difference
that
I
would
perceive
would
need
to
occur
here.
Is
that
the
this
level?
If
that's
what
this
is,
is
in
the
manifest
name?
And
then
this
is
inside
of
the
manifest
itself,
and
these
would
probably
need
to
be
defined
at
the
user
level
right
here
like
in
the
configuration
about
the
add-on,
but
that's
I
guess
my
only
sure.
D
C
D
C
E
D
C
D
C
Would
probably
need
to
think
of
like
a
more
concrete
use
case,
because
most
things
like
the
only
dependencies
that
I
can
think
of
that
prevent
you
from
applying
resources
to
the
cluster
are
api
dependencies
right
like
the
api
server,
doesn't
know
what
you're
trying
to
tell
it
to
do
there.
It
doesn't
know
what
you're
trying
to
declare
right.
D
Yeah
I
think
part
of
the
difference
here
is
that
we
are
using
the
same
set
same
system
to
get
the
cluster
itself
up
and
running.
I
also
think
that
we're
using
it
in
a
few
places
where
things
so
the
network
goes
in
an
earlier
run
level,
so
that
our
network
is
up
and
stable
and
working
across
the
nodes
before
we
start
doing
some
of
the
other
components.
D
C
D
Yeah
I'm
trying
to
think
how
most
dependent
operator
is
Wow.
We
are
you
I,
I'm
thinking,
because
intri
lies
on
a
number
of
different
pieces
in
order
to
get
to
the
state
where
it's
configured
correctly
like
it,
there
lies
on
configuration
coming
from
the
API
server
eyes
and
stuff
coming
from
our
OS
server.
There
are
a
few
different
pieces
that
have
to
be
online
and
configure
before
the
console
is
ready
to
be
used
by
actually
a
user
yeah.
C
Cuz
like
if
it
if
it
were
possible
and
could
be
done
with
just
like
a
very
simple
dependency
mechanism
to
install
OpenShift
with
this
api,
like
that
would
be
just
like,
probably
like
the
the
biggest
use
case
that
might
be
available.
Right,
like
that
might
be
the
the
most
complex
example
that
we
could
target.
D
C
D
C
D
F
C
F
C
D
Yeah,
so
the
concerns
with
the
perches
like
that
are
one
of
current
tools:
right,
yeah,
anything
new,
we're
fighting
against
the
already
existing
tooling
and
every
single
Enterprise
environment
out
there
and
getting
an
adoption
for
new
tooling.
You
know
it's
always
a
fertile
so
for
something
that
could
work
today
in
any
of
these
shops
out
there.
What
makes
sense,
like
one
of
the
registries,
already
support
today
right
now
in
all
of
these
environments.
What
are
the
tools
are?
Is
for
today,
right
now,
in
all
these
environments,
a.
C
D
C
So
kind
of
like
this,
this
started
happening
kind
of
aside
or
in
lieu
of
or
after
some
of
the
conversations
that
we
already
had
here
about
having
a
desire
to
distribute
bundles
in
this
way.
So
maybe
this
is
something
that
we
can
adopt,
considering
that
in
the
upstream.
This
could
be
an
example
of
something
we
could
upstream
I.
F
C
C
Because,
definitely,
if
we're
gonna
be
talking
talking
about
like
distributing
a
new
kind
of
artifact-
and
it
requires
like
some
canonical
usage
of
images
but
for
good
reasons,
then
like
just
getting
a
little
bit
of
buy-in
so
that
we
can
actually
get
something
merged
in
an
experimental
like
kind
of
alpha
support
would
be
really
cool.
Yeah.
C
A
C
I
mean
we
have
this
recording
but
like
if,
if
you
have
like
something
particular
that
you
asked
a
question
about
or
like
wanted
to
propose
something
like
different
API
changes
like
Jeff
I
know,
you
were
mentioning
some
things
with
this
grouping.
Just
getting
that
conversation
going
on
the
cap
would
be
really
helpful,
even
just
like
a
stub
and
then
with
you
know
and
yeah,
then
we
can
get
those
things
up:
streams
into
the
library,
merge,
the
library
and
then
and
then
get
it
a
real
implementation
working.