►
From YouTube: SIG Cluster Lifecycle - Cluster Addons 20190820
B
B
They
want
plugins
and
so
I
am
building
it
as
a
plugin
and
trying
not
to
rewrite
everything,
but
hopefully
that
will
I
think
the
tests
are
green,
so
and
I
think
we
have
basic
like
this
looks
okay
from
sully,
so
I
am
optimistic
that
by
our
next
meeting
we
may
have
it.
It
will
be
feature
flagged
in
some
way
or
in
some
way
hidden
in
queue
builder,
but
it
will
be.
It
should
be
in
the
main
binary
and
will
later
move
to
a
plug-in
type
of
model.
B
C
I,
just
kind
of
mildly
related
to
those
things
is
I
chatted
with
Sully
as
well
about
generating
component
config
and
yeah.
How
that
would
look
and
could
builder
and
whether
that's
a
use
case,
we
would
want
to
support
there,
the
actual
scaffolding
of
the
API
types
and
not
just
not
just
all
the
auto
gen
stuff
and
then,
as
far
as
like,
actually
what
we
can
do
once
we
have
an
example
operator,
I
again
looking
at
the
node
local
DNS
add-on
and
the
kinds
of
requirements
that
they
have.
C
B
C
C
C
C
B
I
mean
I.
Think,
though
we
have
not
done
it.
Our
usage
of
daemon
sets
to
date
is
a
little
happy-go-lucky
like
the
way
we
have
to
queue
proxy,
for
example,
like
queue
proxy
can
no
longer
be
a
single
day
said.
If
you
imagine
that
different
ku
proxy
versions
will
exist,
that's
one
of
the
things
that
I
want
to
work
on
as
part
of
an
operator,
because
it's
her
thing
which
this
like
is
impractical
to
implement.
B
B
C
Progress
no
I
am
I
was
just
messing
with
the
customized
base
for
that,
so
the
first
part
is
like
getting
all
of
the
like
hard-coded
strings
that
you're
supposed
to
said
to
actually
be
like
something
else.
Another
thing
that
I
found
out
in
that
research
by
the
way,
that's
just
coordinates
in
general,
these
core
files
actually
support
interpolating
from
environment
variables.
C
So
we
should
use
that
they're
they're
config
sin
taxes
from
the
Cadi
server
project
so
and
yeah.
If
you
read
the
Cadi
server
ducts,
there's
quite
a
lot
available
in
there.
So
instead
of
yeah
templating
the
core
file,
we
should
make
the
core
file
an
environment,
variable
template
and
then
just
provide
differences.
C
C
B
C
C
That's
the
POC
Lib
was
pulled
25
on
the
add-on
operators,
repo
yeah,
no
I,
don't
worry,
but
I
know
you're
working
on
much
other
stuff,
but
I'm
just
trying
to
get
a
litmus
because
Fabricio
and
Lumiere
and
the
rest
of
the
Canadian
team
have
been
working
really
hard
on
like
trying
to
figure
out.
Where
should
we
go
with
this
and
I
just
want
to
make
sure
that
any
concerns
that
you
might
have
are
also
being
heard?
Well,.
A
B
B
C
B
C
B
C
Some
other
behavior
that
you
wouldn't
want,
like
from
an
actual
library,
that's
just
kind
of
not
available
in
coop
cuddle
as
well
like
when
you
do
an
apply,
and
it
tells
you
like
that
this
is
being
changed.
But
it's
a
dry
run
like
those
are
two
pieces
of
really
juicy
information
that
are
not
available
when
you
ask
for
it
to
be
printed
out
in,
like
JSON.
B
Yes
related
we're
tangent
thing,
but
related
I
split
up
the
drain
functionality
out
of
out
of
coop
cuddle,
so
it
could
be
used
as
a
library.
And
yes,
there
are
still
bits
where
you
like
information,
that
is
important,
is
printed
to
a
stream
and
you
can
redirect
a
stream,
but
it
would
be
better
to
have
some
form
of
structured
output
and
we
have
to
figure
it
out,
but
I
think
the
first
step
could
be
to
as
long
as
you
don't
actually
need
need
that
information.
B
C
Yeah
I
mean
it's
basically,
so
we
had
the
conversation
in
the
POC
and
one
of
her
brief
SEOs
main
questions
was
okay.
Well,
like
what's
controlling
the
output
and
how
can
coup
idiom
influence
the
UX
and
I
was
like
well
like
you.
Can
you
can
pass
in
your
IO
writer,
you
know
into
the
runtime
and
then
like
from
there
could
cuddle
the
process,
that's
running,
that
is
going
to
be
doing
whatever
it
wants,
and
but
here's
what
the
UX
would
look
like
if
you're,
just
letting
coop
cut
alone.
C
That
write
with
all
of
these
other
kind
of
options
from
the
library
and
like
does
this
feel
acceptable
for
at
least
an
alpha
feature,
and
my
thought
is
yes
right,
but
maybe
not
it's
certainly
hard
to
build
anything
specific
or
like
very
tailored
around
add-on
packages
that
could
contain
just
about
anything
right
like
it
could
be
our
back
in
there
or
CR
DS
or
any
number
of
interesting
objects.
You're
not
going
to
be
able
to
write
a
lot
of
tool.
Specific
logic
around
that
so.
C
There's
some
interesting
comments
in
the
doc.
Maybe
this
is
a
good
time
for
three,
so
to
start
chatting
a
little
more,
maybe
about
the
pre-flight
checks
or
the
also
some
feedback
that
we've
had
from
some
we've
works.
People
is
like
update,
install
and
uninstall
hooks,
so,
like
writing
like
some
place
to
run
arbitrary
code
and
then
get
results
back
in
an
agnostic
way.
C
You
so
one
pre-flight
check
that
I
can
think
of
that's
kind
of
we've,
been
talking
about
component
config
and
about
how
the
components
that
actually
are
doing
the
owning
the
config
api's
that
they
should
have
a
standard,
command-line
interface
that
you
can
exec.
It
returns
a
structured
response
about
whether
or
not
the
config
is
validated
what
errors
are
contained
within
and
then
also
be
able
to
do
things
like
conversions
and
defaulting,
and
so,
like.
C
That's,
that's
an
exec
to
another
tool,
that's
owning
its
specific
version
of
the
API
and
to
prevent
the
impossible
matrix
of
imports.
You
would
need
to
support
in
order
to
do
component
a
and
then
normally
the
tool
that
you're
working
with
like
it
might
have
a
specific
number
of
add-ons
that
it's
focused
on
right.
So
kuba
diem
is
concerned
that
the
coop
proxy
component
config
and
the
Kubla
component
config,
and
so
then
having
these
binaries
in
the
past
right.
D
C
Yeah,
and
so
the
only
thing
I
can
think
of
right
is
to
have
like
a
sandbox
execution
environment
like
you
could
use
the
CRI
either
on
machine
itself,
which
has
security,
implementation
implications
or
you
could
do
something
more
distributed,
which
has
failure
mounts
right
where
you're
like
okay
well
I
have
a
kubernetes
api
I,
probably
have
a
job
controller,
so
let's
put
a
job
into
the
cluster
and
then
inspect
the
output
or
something
but
yeah.
It's
just
getting
one.
B
B
I
mean
it
certainly
not
it's
not
arbitrary
code
executing
code
execution
at
this
time,
yeah
we,
it
sounds
reasonable,
I'm,
just
trying
to
understand
yeah
we
I
I,
don't
know
what
yeah
we'd
somehow
have
to
fetch.
Yes,
as
some
part
of
the
resolved
process,
we
would
have
to
yes
get
an
open,
API
schema,
and
then
we
could
validate
against
that
and.
B
B
C
B
But
I
do
like
iTunes
I
realize
it
is
in
Bracknell,
so
I,
really
like
the
like
you're
finding
about
the
environment
variables
in
the
core
file.
That
is
a
big
I'm,
definitely
going
to
use
that,
regardless
of
my
long-term
opinions
about
like
like
okay,
that's
really
good!
You
don't
want
to
said
any
more
in
just
you.
C
C
C
Given
a
kid
be
nineties
version
get
the
corresponding
recommended
version
of
a
specific
add-on.
This
is
kind
of
just
like
a
ecosystem
question.
It's
just
like
what.
What
do
we
think
is
better
to
support
because,
like
we
could
have
a
shared
map
of
this
right,
but
I
think
it's
kind
of
more
to
the
installers
like
what
opinion
of
what
add-on
version
you
should
be
installing.
B
I
I
certainly
respect
the
right
of
any
on
tool
to
build
whatever
versions
they
want.
I
do
think
we
should,
as
incriminates
project,
have
a
these
other
versions
that
we
have
tested
and
if
someone
said
she
was
something
different,
that's
great,
but
they
they.
We
should
have
the
thing
done.
I
know
there
is
a
there's.
A
Google
open
source
project
called
the
cluster
bundle
which
could
be
used.
D
I
agree
that
if
we
can
put
in
some
place
and
share
a
common
origin,
then
people
can
leverage
on
it
if
they
want,
and
also
I
can
try
to
generalize
the
critical
day
and
the
problem,
because,
basically,
what
we
find
out
is
that
we
need
some
sort
of
metadata
around
that
ones.
One
is
the
version
the
virtual
matrix,
so
don't
bear
shown
to
kubernetes
passion
and
the
second
one
that
that
can
be
interesting.
B
So
the
I
did
the
e.
The
value
of
a
structured
format
like
the
cluster
bundle
is
that
we
could
sort
of
have
in
the
cluster
bundle
like
both
the
like.
This
is
the
C
RDS
and
they're
versions,
and
the
expansion
of
the
CRD
by
the
atom
operator
will
do
the
manifests
that
it
will
use,
and
so
you
can,
with
fairly
simple
tooling,
just
like
walk
that
set
of
objects
extract
the
objects,
look
at
the
objects
that
we
find
the
images
and
sort
of
it's.
It's
very,
like
it's
straight
forth,
rather
to
be
straightforward
to
do.
B
It's
helped
a
lot
by
the
fact
that,
like
criminals
can
images
are
only
in
like
one
of
two
places
right
there
in
like
I,
don't
member
but
they're
in
like
it's,
it's
one
of
two
places
and
they're
on
in
like
pretty
arbitrary
locations,
so
that
that
seems
to
work
pretty
well
and
I
seem
to
live
the
experience.
I
don't
have
I
like
that
approach.
B
B
The
latter
way
feels
pretty
straightforward
if
we're
willing
to
accept
that
sort
of
dependency
or
that
a
restriction
that,
like
cluster
add-ons,
are
declarative,
which
you
know
sort
of
a
space
we're
exploring
now.
But
if
you're
willing
to
take
that
restriction,
then
it
is
fairly
easy
to
sort
of
look
at
the
underlying
manifest
if
it's
in
the
same
structured
format.
C
Yeah
so
and
I
think
there's
a
lot
of
interesting
things
that
you
could
do
with
cluster
bundle
being
like
a
customized
base,
I'm
just
thinking
from
like
an
extensibility
like
perspectives,
is
people
are
going
to
want
to
modify
their
add-on?
Declarations
to
you
know
be
conforming
with
their
pod
security
policy,
or
you
know
like
how
annotations
or
whatever
and
they
named
differently.
C
D
Yeah
I
don't
have
nothing
against
some
eyes.
I
am
only
a
concern
that
consumer
that
that
customized
is
a
design
or
implementation
choice
of
that.
Don't
turn
that
and
that
I
think
that
somehow
the
consumer
of
that
Donn's
should
be
is
related
from
this
decision.
So
when
Cooperman
asked
to
the
Tonys
nada,
please
give
me
the
list
of
the
images
or
the
version
supported
by
an
unadorned
company
should
not
be,
let
me
say
in
force
to
get
into
the
detail
of
customized
or
the
manifest
or
whatever.
D
C
D
C
Supportive
is
something
we
need
to
probably
have
more
discussion
about,
because
customize
doesn't
really
have
opinions
here,
unlike
an
annotation
section
like
for
the
actual
base,
it's
not
really
meant
to
be
used
like
as
a
package
I'm
I.
Imagine
that's
not
true
with
things
like
helm,
3,
considering
that
they're
using
an
OC,
I
image,
there's
like
mime
types
and
like
resource
sections
inside
of
an
OC
I
image
that
allow
you
to
say
like
a-
and
this
like.
B
Listening
to
what
you
were
saying
it
like,
although
I
was
described
as
imagining,
the
qadian
would
itself
expands
the
atom
like
and
then
walk
the
tree.
There's
no
reason
for
it
to
do
that
right.
We
could
easily
just
like
have
a
tool
that
at
some
sort
of
creation,
like
does
that
expansion
and
and
writes
the
images
and
then
everyone
would
get
it
right
there
and
if
you
wanted
to
use
a
different
method,
if
you
want
to
use
cogeneration,
then
that's
fine
as
well.
Sorry
object
generation
in
code,
that's
fine
as
well!
You
can.
B
You
just
have
to
like
say
which
image
you're
going
to
generate
I
do
think
we
should
try
to
have
a
world
where
sort
of
the
image
is
not
like
changing
based
on
fields
right
or
like.
You
know
that
it's
sort
of
that
is
that
is
part
of
the
version
of
the
of
the
add-on
itself
or
then
I.
Think
that
makes
for
a
more
sensible
world.
B
It
is
interesting
to
look
at
like
the
overlaps
between
customized
and
the
patches,
and
all
these
things
and
I
do
I
do
hope
that
there
is
a
world
where
we
all
like
extract
out
the
common
functionality
like.
Oh,
we
all
want
patches
and
we
there's
not
really
a
distinction
between
my
customizes,
like
a
delivery
mechanism
for
the
idea
of
not
using
said
I.
Can
you
think
I'm
like
patches
and
things
like
that?
Instead.
C
Or
overlays
yeah,
that's
what
I've
been
hoping
for.
That's
my
deepest
deepest
yearning
desire.
It's
some
kind
of
sensible,
structured
indirection
exposed
to
users
in
a
simple
way
where
they
just
put
in
their
the
things
they
care
about,
and
then
out
comes
all
the
complexity
but
yeah
and
also
just
to
clarify,
like
the
add-on.
Installer
stuff
is
just
about
like
cluster
administration
tools
getting
add-ons
into
the
cluster
and
whether
those
add-ons
are
fully
declarative
or
whether
or
not
they
have
a
custom
API
with
operator.
C
Runtime
is
the
add-ons
decision
and
should
be
based
off
of
the
add-ons
needs,
which
I
think
a
lot
of
add-ons
really
do
need
that
stuff
at
the
cluster
infrastructure
level
I.
We
can
certainly
think
of
things
we
would
need
for
for
we've,
net
migrations
and
stuff
like
that
so
like,
and
it
is
nice
if
the
operator
runtimes,
if
we
have
tools
that,
like
also
are
able
to
use
that
same
UX,
since
maybe
some
shared
API
bits
to
to
declare
what
bases
and
patches
they
should
be
applying.
C
What
I,
what
I'm
learning
from
the
customized
project?
Is
that
there's
a
lot
of
really
interesting
back
flips
that
you
can
do
inside
of
kubernetes?
Api
is
like
deployments
and
pod
specs
and
config
maps
and
secrets
that,
like
I
didn't
know,
you
could
do
for
one
the
command
array
inside
of
the
deployment
you
can
actually
interpolate
environment
variables
into,
and
you
do
not
need
a
shell
to
do
that
at
all.
C
And
then
you
can
source
those
environment
variables
like
from
secrets
and
from
config
Maps
and
then
customize
takes
that
a
step
further
and
allows
you
to
use
config
map
values
and
other
interesting
places
like
annotations.
So
it
like
encourages
you
to
just
use
all
of
the
objects
instead
of
having
like
some
abstract
value,
collection
of
inputs,
which
gets
a
little
a
little
funky.
C
It's
just
a
different
way
of
thinking
and
and
then
the
fact
that,
like
you,
has
these
opinions
really
wants
to
push
your
the
workload
you're
running
into
to
be
able
to
like
have
good
patterns
for
configuration
instead
of
like
and
expecting
the
user
to
do
all
of
this
work
upfront.
So
things
like
the
core
file
having
environment
variables
is
better
right
than
having
something
templating.
It
beforehand.
C
C
The
probably
most
interesting
thing
to
the
things
I'm
hearing
is
that,
like
the
add-on
installer
it
libraries
like
they
should
be
able
to
unpack
an
add-on
and
install
it
and
uninstall.
It
sounds
like
there's
also
other
things
like
you
need
to
be
able
to
fetch
a
structured
list
of
dependencies.
It's
the
container
images,
the
major
one
that
I
can
think
of
there
and
that
should
be
agnostic,
like
from
whatever
is
happening
inside
of
the
library
via
customizer
Jason
net
or
hell,
nor
whatever,
and
then
that
way.
C
Tools
like
kuba
diem,
don't
have
to
know
like
the
inner
guts
of
it
to
do
basic
stuff,
and
then
the
only
other
thing
that
I'm
kind
of
like
wrapping
my
head
around
is
in
order
to
do
more
sophisticated
things
which
is
like.
This
is
probably
not
a
problem
that
we
have
to
solve
immediately,
but
yeah
I
mean
config
validation
or
checking
if
a
network
resources
available
like
these
preflight
things
and
also
like
having
some
way
to
tell
an
add-on
that
it's
being
uninstalled.
C
Like
there's
no
say
you
have
a
daemon
set
right
that
like
mutates,
Linux
kernel
stuff
and
when
it
gets
uninstalled,
it
should
like
unmute,
eight,
the
kernel
right.
So
networking
drivers
been
format,
support
firewall
stuff,
whatever
there's
like
no
real
good
way
to
communicate
in
a
one-step
manner
to
the
daemon
set
that
hey
I
am
being
removed
and.
C
B
Actually,
wouldn't
if
we
I
find
so
if
we
were
finalizer,
it
probably
wouldn't
miss
it
keep
the
other
one
I've
been
thinking
about,
though,
is
it's
not
easy
to
apply
a
delete
right
so
suppose,
I
have
a
suppose:
I
have
a
get
directory
in
the
week
style
right
or
a
sweeper
cell
and
I.
Have
my
local,
DNS
and
I?
B
D
C
C
So
that's
also
helpful
and
then
customize
also
supports
this
experimental
feature
called
a
resource.
Catalog
I
think
so
like
when
you
actually
apply
something
all
of
the
collection
of
those
resources
are
committed
to
a
config
map,
and
it
like
is
working
with
that.
So
I
mean
just
like
normal
algorithm
stuff
right,
lated,
yeah,.
B
The
other
option
I've
been
thinking
about
is
whether
we
should
have
an
enabled
boolean
field
just
because
like
expose,
for
example,
also
I
had
the
node
local
DNS
and
I
installed
it,
and
then
I
had
another
like
repo
that
tweaked
it
like
increase
the
memory
right
and
and
then
I
delete
it
from
one.
But
then
I
apply
the
second
patch
like
if
I
just
apply
it.
My
evilly,
it's
not
a
patch.
It
will
recreate
that
object,
even
though
I
actually
want
to
apply
only
if
exists
type
semantics.
B
So
I
am
wondering
if
we
had
an
enabled
disabled
or
an
enabled
field
that
you
can
set
the
true
or
enabled
false
and
presumably
default
would
be
true.
Then
then
you
would
we
could
actually
like.
Instead
of
deleting
it,
you
would
just
sort
of
turn
it
off,
which
would
be
a
very
clear
signal
and
you
wouldn't
it
would
compose
better
and
you
wouldn't
need
it
yeah.
You
wouldn't
need
to
find
Mizer.
You
probably
have
a
final
answer,
but
you
wouldn't
need
a
finalizer
and
I.
C
B
C
C
C
E
But
Justin
and
a
concept
that
we
have
in
a
couple
places
for
some
of
our
operators,
not
all,
is
an
idea
of
whether
the
operator
is
currently
managing
its
operand,
not
managing
its
operand
or
the
operand
should
be
removed,
which
lets
us
for
cluster
Singleton
types
of
operators.
Lets
us
still
have
the
operator
there
and
able
at
anytime
to
take
over
management
of
the
operand.
It
should
be
there,
but
then
the
difference
between
unmanaged
and
removed
is
removed,
says
I'm
gonna,
you
know
wipe
it
out.
E
E
C
You
you
can
also
just
do
that
at
the
instance
level.
Right,
like
you,
can
do
both
there's
kind
of
similar
things
where,
with
a
lot
of
ingress
controllers
like
they
will
select
their
ingress
objects
based
off
of
like
a
label
selector
and
like
if
it's
not
there,
then
they
don't
operate
on
those
things.
C
B
Jessica
was
there
a
reason
you
didn't
use?
It
went
for
multi
like
multi
objects,
multi
opera.
B
C
Certainly
like
had
struggles
with
that,
like
I,
opened
an
issue
and
everything
and
like
worked
on
the
problem,
but
that
I
was
struggling
with
the
Prometheus
CRD
at
one
point
because
it
didn't
allow
me
to
like
use
a
new
flag
because
they
had
a
structured
kubernetes
api
for
defining
the
prometheus
config,
and
then
it
was
being
expanded
to
flags
inside
of
the
operator.
Right
I
was
like
where's.
My
extra
args,
like
you,
didn't
think
of
everything
here,
command-line
told
about
updated.