►
Description
SIG Cluster Lifecycle - Cluster API Azure Office Hours - 20220526
A
All
right
welcome
to
the
kubernetes
sid
cluster
lifecycle,
cluster
api
provider
azure
office
hours-
it
is
thursday,
may
26
2022
the
year
is
almost
halfway
over.
How
did
that
happen?
Don't
know
we
are
abiding
by
the
cncf
code
of
conduct.
Please
use
the
raise
hands
feature
and
this
meeting
will
be
recorded.
A
Let's
see,
we've
got,
I
think.
Perhaps
a
little
bit
of
capsie
release
excitement
match.
You
wanna
tell
us
about
that
or.
B
But
we
had
a
patch
release
last
week
that
fixed
a
couple
significant
things,
essentially
up
until
now,
azure
user
assigned
id
was
not
working
correctly,
but
it
is
now
and
then
the
calico
upgrade
thing
relates
to
upstream
testing.
So
it
won't
actually
affect
most
people,
but
we're
on
the
almost
latest
calico
there's
actually
a
new
patch.
We
might
want
to
pull
in.
A
B
C
Yeah,
I
think
it'd
be
nice.
If
we
try
to
stick
to
like
just
you
know,
try
this
out.
We
said
we
would
try
to
do
a
release,
cadence,
that's
driven
by
date
rather
than
by
teachers.
So
the
idea
is
that
on
july,
6th,
that's
when
we
release,
even
if
this
list
is
not
done,
which
is
very
likely.
This
is
just
the
things
we're
trying
to.
A
C
In
the
past,
what
we've
done
is
just
create
the
new
milestone
at
the
time
of
the
release
and
just
move
everything
that's
left
over,
but
we
can
also
put
things
in
next
now.
If
you
already
know
that
we
don't
want
to
focus
on
them
anymore,
for
this
release,.
A
Right
right,
of
course,
I
am
excited
to
see
that
this
plot
car
support
one
might
be
in
this
release.
It's
been
a
long
time
coming
so
exciting.
B
A
Cool
cool
awesome:
okay,
do
we
have
anything
else
that
we
want
to
talk
about.
A
Yeah
that
particular
thing
in
the
release
is
it
that
was
just
a
bug
fix.
B
B
Was
a
disagreement
over
what
we
were
supposed
to
put
in
that
field
between
us
and
cloud
provider,
and
so
we
fixed
it
from
both
sides.
So
if
you're
using
an
up-to-date
external
cloud
provider,
then
this
is
fixed
regardless
of
whether
or
not
you
got
the
capsc
fix,
but.
B
At
some
point
in
the
far
future
that
to
do
comment
shows
at
some
point
in
the
future
when
we're
sure
that
cloud
provider
everywhere
has
been
patched,
we
can
undo
this
and
if
that
time
ever
arrives,.
B
Just
I
hope
everybody
saw
vince's
email
yesterday.
That
was
pretty
awesome.
He
did
a
really
good
job
of
summarizing
all
the
cluster
api
hype.
That
happened
at
kubecon
and
there
was
quite
a
lot
of
it.
A
Yes,
it's
pretty
exciting
I'll
put
a
note
in
here.
We
should
add
a
link
to
the
notes
because
I
believe
they
they
posted
something
as
well.
So
we
can
link
to
the
happy
report
from
kubecon.
C
I
guess
I
have
one
small
thing,
so
I've
been
playing
with
users,
speaking
of
user,
assigned
identity,
user
assigned
identity,
but
so
there
are
two
identities
in
chemistry:
there's
the
identity
that
we
use
to
actually
create
the
cluster,
and
then
this
the
identities
that
we
put
on
the
vms,
like
the
node
vms
that
are
created
as
part
of
the
workflow
cluster.
C
So
right
now
for
vm
identity,
we
support,
managed
identities
like
user
assign
system
design,
but
for
creating
the
actual
cluster.
We
use
a
d
part
identity
which
supports
three
methods
of
authentication.
First,
one
is
service
principle.
Second,
one
is
service
principle
with
a
certificate
and
then
the
third
one
is
user
assigned
identity.
C
I
was
able
to
add,
like
support
for
user
assigned
identity.
It's
not
too
much
of
a
big
change
like
it
works,
and
it's
it's
not
too
much
change
on
the
capsie
side.
C
The
main
issue,
like
the
reason,
I'm
doubtful
about
actually
opening
the
pr
and
I
wanted
to
get
people's
thoughts
on
it
is
first
one
is
that
it
actually
requires
like
a
azure
vm,
to
be
used
as
the
management
cluster
node,
because
it
you
can
only
have
an
identity
if
you're
running
on
a
natural
resource,
and
so
this
only
works
if
you're,
using
something
like
aks
as
your
management,
cluster
or
another
cab,
z
cluster.
C
C
It
froze
for
a
second,
but
it
must
be
me,
please
so
yeah
I'll.
Just
tell
you
what
I
said
again
so
the
the
second
thing
is
we're
trying
to
move
away
from
a
depod
identity
to
workload,
identity,
because
a
depart
identity
is
deprecated
and
is
being
replaced
by
azure
workload,
identity,
which
is
a
newer
project
which
is
equivalent.
C
So
do
we
want
to
add
the
support
in
knowingly
that
you
know
we
might
completely
move
away
from
it
very
soon
and
then
the
other
thing
is
azure
workflow
that
day
does
not
yet
support
managed
identities.
As
far
as
I'm
aware,
so
it
would
be
adding
support
for
one
thing
that
we
basically
have
to
regress
later
on,
but
we
could
also
add
both
in
parallel
for
now
like
we
don't
have
to
get
rid
of
a
deep
identity
right
away.
C
We
could
also
put
workload
identity
behind
some
sort
of
feature
flag
and
then
have
both
available
for
testing
until
azure
workload.
Id
maybe
supports
managed
identity.
I
don't
know
if
that's
in
the
plans
or
not,
I
my
impression
is
that
it
is
so.
I
guess
my
question
is:
do
we
think
it's
valuable
to
add
user
assigned
identity
support
for
creating
clusters.
B
So
it
requires
an
azure
vm,
with
managed
identity
on
it
or
an
identity
on
it
in
order
to
bootstrap
everything
like
the
the
management
cluster
in
the
first
place,
authentication
from
an
existing
vm
or
it
would
be
enough
to
have,
could
you
have?
Could
we
provision
an
aks
management.
C
C
B
B
E
A
C
This
particular
feature
this
would
be
an
opt-in
like
it's.
It
would
be
a
feature,
an
option
alongside
what
we
have
right
now,
there's
no
defaults!
Really
it's
up
to
you
to
like
pick
it.
So
if
you
don't
choose
it,
if
you
don't
change
your
template,
you
won't
notice
it's
there,
it's
more
further,
like
switching
to
workload,
identity
which
is
way
more
invasive
and
would
like
change
everything
underneath.
That's
where
I
was
thinking
of
doing
the
pictures
like.
A
E
Yeah
one
thing
like
I
want
to
like
make
sure
it's
like:
if,
if
we
are
going
to
move
away
from
aad
pod
identity
to
workload
entity,
I
think
this
feature
might
provide
the
incentive
for,
like
the
users
to
use
a
depo
pod
identity
instead
of
workload,
identity,
which
is
not
what
we
want.
I
think
so
so
yeah.
We
need
like
keep
that
in
mind.
If
we
want
like
move
to
workload
identity
as
quickly
as
possible,.
C
But
on
the
other
hand,
if
some
users
actually
need
this
for,
like
you
know,
because
they
can
use
service
principles
in
their
production
pipelines,
for
example,
then
it
would
be
good
to
give
them
that
option
before
it's
too
late,
and
then
we
can
keep
that
as
a
backup.
You
know
until
workflow
identity
gets
there.
C
My
understanding
is
that
it's
not
just
work
to
be
done.
It's
that
azure,
like
identity,
doesn't
support
what
they
need
in
order
to
support
it
right
now.
So
it's
it's
put
yeah.
I
don't
know
if
it's
like
being
worked
on
or
if
it's
something
that
is
at
all
I
mean
I
can
try
to
find
out
more
and
post
on
the
repo
or
channel
and
see
what
they
say.
B
I
I
guess
the
danger
would
be
that
you
know
it's
not
fully
featured
or
there
may
be
a
lot
of
caveats
to
the
feature,
and
so
we
could
end
up
spending
a
lot
of
time,
reminding
people
that
no,
it
doesn't
support
this,
or
you
have
to
do
this
and
all
that
so
the
trade-off
is.
It
could
end
up
being
a
lot
of
support
time
for
a
sort
of
pathway
implemented
feature,
but
even
so,
I
think
we
should
probably
I
think,
it'd
be
good
to
have
it
supported.
A
Okay,
do
we
have
anything
more
on
this
topic,
or
do
we
have
any
further
topics
that
people
would
like
to
discuss?
I
see
we
had
some
folks
join
us
along
the
way
so
and
if
anybody
who
recently
joined
would
like
to
introduce
himself
since
we
we
missed,
you
introduce
yourself
at
the
top
of
the
hour.
Please
go
ahead.
F
Hey
everyone,
I'm
novas
recently
joined
the
team
and
yeah
happy
to
be
here.
F
A
Awesome
you're
welcome
anytime
and
we're
excited
to
see
what
you
have
to
say.
As
you
learn
more.