►
From YouTube: SIG Cluster Lifecycle - Cluster Addons 20190430
Description
Cluster Addons meeting 2019-04-30. https://docs.google.com/document/d/10_tl_SXcFGb-2109QpcFVrdrfnVEuQ05MBrXtasB0vk/edit#
A
A
B
B
C
A
C
A
You
can
just
generally
explain
how
you
went
about
it,
so
I
might
take
a
look
at
this
later
on
again
and
then
try
to
distill
like
or
see
like
this
is
a
general
approach
that
people
could
take.
Is
this
something
that
we
could
prescribe
to
people?
No
matter
what
to
kid
they're
going
to
use,
so
we
have
some
swing
blocks
so
be
a
bit
more,
but
those
if
you
can.
C
C
C
C
I'm
highlighting
the
things
which
I
think
are
most
controversial
here
and
then
the
idea
is
that
then
there
is
a
controller
that
is
built
with
that
cout
builder,
which
is
a
sort
of
I,
don't
know
a
framework
or
a
tool
that
creates
operators,
sort
of
scaffolds
them
out
for
you.
So
this
is
the
sort
of
commands
for
building
the
coop
builder
controller.
C
Jeff
and
I
have
done
some
work
previously
to
extend
coop
builder
to
better
work
with
the
declarative
case,
which
is
often
the
case
for
Custer
add-ons
and
the
like,
and
what
that
means
is
so
cou
builder
will
typically
create
a
reconcile.
I,
don't
know
you
might
have
lost
the
reconcile
method,
but
we're
typically
with
coop
daughter.
You
get
to
a
point.
C
We
have
to
implement
a
reconcile
method
in
go
code
and
you're
basically
left
to
your
own
devices,
and
the
approach
here
is
to
say:
well
you
want
to
declare
your
define
your
your
offer
that
the
add-on
itself
you
would
prefer
to
define
that
in
the
Amal
product.
Presumably,
and
so
we
have
a
fairly
standard
approach
where
we
read
a
llamo
file
from
a
source
currently.
E
C
Only
disk
it
can
also
be
the
cluster
bundle
or
an
HTTP
website
or
really
anywhere,
and
then
we
essentially
massage
it
and
coo
cuddle,
apply
it,
and
that
massaging
is
a
sort
of
pipeline
where
you
can
do
more
less
whatever
you
want,
because
you
are
in
here,
is
here
sort
of
the
sort
of
standard
pipeline.
So
you
can
see
that
this
is
the
actual
body
of
the
controller
that
where
this
is
the
function,
this
is
the
file
that
Kubler
has
generated,
which
we
have
then
edited,
and
we
have
this
reconciler.
C
So
this
is
pretty
much
standard,
Cupido
boilerplate,
except
that
now,
all
of
our
logic
is
in
this
sort
of
reconciler,
which
is
a
standard
reconciler
pipeline.
Where
we
do
a
series
of
transforms,
so
we
add
some
labels,
we
set
the
ona
ref,
we
like
go
and
look
at
some
other
labels
and
we
update
the
status
to
reflect
the
status
of
the
add-on
that
we
are
deploying
back
into
the
CRD.
We
also
for
the
particular
case
of
coordinates
coordinates
has
some
more
specific
requirements.
C
It
is
not
a
simple
coupe
level
apply
because
you
have
to
replace
in
theory,
two
variables.
The
cluster
dns
domain
and
the
IP
address,
which
you
want
to
use
for
the
two
dns
service,
and
so
you
can
see
that
here
we're
using
string
replacement
to
do
that.
We
could
also
use
you
know
like
a
patch
or
other
type.
Any
other
mechanisms
like
that.
But
we're
in
go
we're
still
in
go
code
here,
so
we
can
do
pretty
advanced
things
like
finding
the
DNS
cluster
IP.
C
You
can
do
that
by
the
convention
is
that
the
kubernetes
IP
is
dot
one
in
your
cider
in
your
server
cider
and
the
DNS
IP
is
dot
ten
in
your
service
cider,
and
so
that's
what
this
logic
implements,
that
they
see
us
and
looks
at
the
kubernetes
one
and
then
like
changes
it
from
one
to
ten
and
it's
pretty
proof
of
concept
code
as
you
can
see,
but
it
basically
gets
the
right
answer.
So
it's
good
enough,
but
you
can
even
make
that
logic
as
complicated
as
you
want.
I
think.
C
So
if
I
bring
up
the
actual
spec
itself,
you
can
see
here
that
we
do
have
a
spec,
but
it
actually
doesn't
have
any
real
fields
of
its
own.
Yet,
but
we
could
in
here,
have
you
know
the
IP
address
to
use
for
the
service
and
we
could
have
the
DNS
domain.
The
cluster
DNS
domain
to
use
and
I
think
that's
an
open
question
as
to
whether
we
should
try
to
make
the
operators
magically
infer
it
or
whether
we
should
have
it
be
explicitly
controlled.
C
B
C
C
It's
not
a
very
is
not
a
criminal
use.
Api
right,
so
it
is
a
I
would
probably
like.
Let
me
just
quickly
so
these
are
the
two
fields.
So
we
have
this
common
spec,
which
defines
the
common
things
like
that
channel
in
the
common
status,
which
defines
the
health.
If
we
have
a
look
at
the,
why
we're
doing
string
substitution?
It's
because
this
is
there's
that
core
file
right-
and
this
is
core
file
embedded
in
the
yeah
mol
manifest.
C
So
this
is
the
this
is
the
one
three
one
yeah,
no
manifest
for
core
D&S
downloaded
from
Reuben
from
KK
I'm
from
the
cluster
add-ons
directory,
which
hopefully
we'll
get
rid
of
and
yeah
this
Cora
file.
Here
you
can
see
that
it's
like
it's
not
it's.
This
would
be
hard
to
use
a
coop
cuddle
patch
right
or
a
customized
patch
on
its
it's
a
sort
of
different
world.
It's
a
different
syntax!
C
C
C
C
Implementation
details,
like
you,
know,
Prometheus,
on
9
153
that
has
to
match,
presumably
some
annotation,
although
it's
not
like
something,
can
magically
just
set
that
yeah
if
to
like,
set
some
other
stuff,
yes,
that
port
annotation
there
to
get
the
correct
port.
So
it's
not
like.
You
have
free
choice
on
all
of
these
things.
Yeah.
F
But
I
mean
it
is
also
associative
possible
that
we
could
say
like
you
know,
there
is
a
this
year.
He
exposes
a
subset
of
this
functionality,
an
opinionated
subset
of
some
sort
like
just
expose
sort
of
high-level
parameters
that
may
matter
to
a
user
in
a
typical
scenario,
and
then
we
can
evolve
from
there.
F
C
I
think
I
think
I,
think
that
makes
sense.
I
think
that
that's
sort
of
the
way
to
do
it
is
that
if
we
have
the,
if
we
have
a
courtney
and
strd
and
we
decide
that
the
dns
domain
is,
it
should
not
be
automatically
discovered
and
it's
something
we
want
to.
Let
people
set
then
yeah
we
could
have
a.
We
could
have
a
field
on
there
that
that
lets
you
set
it
and
we
would
like
generate
the
core
file
for
you
and
then,
if
we
later
decide.
C
F
Could
be
politically
luckily,
instead
of
using
the
complete
map
having
this
as
a
strength
field
in
a
CID
array,
just
just
so
that
it's
in
the
same
place
there
isn't
a
separate
object
to
it.
You
just
say:
okay.
Well,
here
is
the
core
file
for
this
cárdenas
thing
and
that's
as
a
string
and
then
it's
taken
as
ace
all
you
have
an
option
to
kind
of
have
a
high
level
thing
of
poverty
which
is
native
to
this
yearly.
F
I
think
those
are
a
few
things
that
we
could
slip
next
Laurie
yeah
I
mean
just
just
a
brief
note.
I,
don't
know
how
do
you
feel
about
the
overall
velocity
of
the
amount
of
generated
code
you
basically
having
here?
Is
there
some
better
option
that
we
could
down
the
line?
And
you
know
just
I
just
worry
that
you
know
anybody
looking
at
it
who's
not
familiar
with
it
will
be
like.
Oh,
oh
I
need
so
much
code
to
just
like
run
this
thing,
yeah.
C
I
think
I
think
that's
a
fair
point.
I
think
that
the
there
there
are
currently
some
or
the
way
of
the
way
I
wrote
it
up.
There
are
some
manual
steps
in
terms
of
those
you
know,
switching
from
the
qu
builder
to
the
declarative
pattern
that
we're
using
we
are
aiming
to
get
those
into
coop
loader
itself.
So
if
we
like
what
we,
if
we
like
this
approach,
it
will
be
easy
to
generate
that
who
builder
itself
is
a
little
like
it
does
share
it.
C
C
Like
this
is
the
entirety
of
the
meet
as
it
were
right,
so
you
know
it's
some
Arabic
rules
which
I
also
don't
like,
but
that's
a
separate
issue,
that's
effectively
the
boilerplate
and
we
could
probably
reduce
that
a
little
bit
more
and
then
we
have
some
like
this
defines
what
our
operator
does.
So
it's
actually
very
small,
and
then
we
have
the
actual
logic
to
actually
do
the
specifics
of
core
DNS.
So
the
actual
the
code
itself
is
very
so
I'm
not
wild
about
the
extra
code,
but
it
we
can.
E
This
pattern
it's
important
to
like
shuttle
anytime,
okay,
here's
the
first
commit
and
the
first
commit
is
Q
builder
commands.
So
city
ignore
that
is
a
big
point
and
then
the
diff
on
top
of
that
being,
okay,
here's
the
actual
controller
implementation
and
that's
where
we
see
more
like
100
lines
or
less
it
cleared
I
think
it's
literally.
F
Guess
I
guess
I'm
also
wondering
like
because
I
didn't
hear
there
are
other
things
right.
There's
like
there's.
Even
the
operator
framework
is
another
thing
he's
an
operator
for
make
another
framework
and
other
thing
that
the
dis
cinnamon
that
offer
similar
kind
of
functionality
that
you
build.
Also.
Does
it
no
I
I.
F
I
did
he
did
see
a
few
other
things
and
either
on
github,
pretty
cool
well,
and
the
other
point
was
kind
of
like
whether
you
know
if
we
do
Ron
was
a
particular
solution,
say
cube,
build
up
in
the
profile.
This
group
then
do
we
think
that
we
can
drive
development
of
that
solution
in
the
future
in
the
direction,
but
would
be
beneficial
to
us
and
etc.
C
I
mean
cupola
is
a
is
a
community
project
and
they
they
seem
open
to
changes.
They've
asked
that
we,
they
are
very
much
focused
on
their
stability,
guarantees,
they're
trying
to
be
a
stable
API,
and
but
what
they
have
compromised
on
is
they've
given
they've,
given
a
new
repo
for
the
declarative
pattern,
which
is
the
one
we're
using
here.
So
it's
a
slightly
go
grid
import
name,
but
you
can.
Oh
I,
can't
scroll
right
now,
anyway,
there's
a
there's,
a
different
github
repo,
where
we're
able
to
basically
do
a
lot
of
stuff
there.
C
F
This
is
generated,
smooth
situation
generally
come
down
to
like
limitations
of
go
and
how
far
you
can
go
with
the
tap
system
at
present
life
of
generics
etc,
or
are
there
any
any
other
things
that
one
must
keep
in
mind
while
well?
You
know
thinking
about
this
because
I
mean
it
may
be
was
aware
of
previously,
but
maybe
not
I,
don't
know,
I
mean
I,
tried
could
builder
once
and
was
like
whoa.
What
did
it
do
and
what
am
I
supposed
to
worry
about
here?
What
I'm
gonna
worry
about?
He.
C
So
the
the
sort
of
this
is
the
the
meat
of
it.
So
every
like
every
controller,
for
example,
is
in
package
controller,
and
then
they
have
this
ad
name
which
creates
this
adder
function,
and
then
they
have
this
package
controller
controller,
which
goes
in
the
loops
through
those
ad
functions.
And
so
your
actual
controller
itself
is
an
impacted
controller
name
and
there's
the
controller
itself
and
that's
easy.
But
the
a
lot
of
the
weight
come
or
the
the
number
of
files
comes
from
this
add
to
manager
bit
and
the.
C
C
Anyway,
I
did
that
mean
cool
woman.
Let
me
close
understand
one
thing
which
I
actually
I'm
generally
unhappy
about
with
this
whole
approach:
I'm,
hoping
that
maybe
upgrade
our
SDK-
has
a
wonderful
solution
to
this,
but
our
back
bar
back
the
operator
because
it
creates
a
service
account
for
Cordia
nests
in
order
to
create
a
service
because
it's
creating
according
us,
you
know
everything
in
order
to
create
a
service
account.
I
have
to
have
permission
even
if
I'm,
creating
a
service
account.
C
I
have
to
have
the
permissions
in
that
service
account,
which
means
that
the
operators
service
account
itself.
Please
have
all
the
permissions
of
the
thing
it
is
deploying.
So
in
this
case,
Cortinas,
for
example,
watches
guests,
get
lists,
watch
endpoints
names,
basis,
nodes
in
pods,
and
so
we
need
all
those
permissions
in
this
case.
That's
not
a
particularly
egregious
or
bad
policy,
but
it's
a
little
annoying
to
sort
of
have
these
policies
roll
up.
Yes,.
F
Guess
I
mean
one
sort
of
to
me
at
least
one
one
of
this
point
to
consider
there.
What?
If,
what
if
our
operator
didn't
actually
have
a
thing
in
the
cluster
and
was
like
a
client-side
thing
and
is
a
glance
I
think
it
would
be
subject
to
whatever
level
of
access
that
that
you
as
a
as
a
user,
have
like
whoever
runs
that
has
certain
permissions
and,
but
you
know
like,
like
I
mean
in
similar
vein
and
I
can,
like
the
Taylor
problem,
was
solved
by
doing
thing
into
the
client-side.
B
So
and
just
to
clarify,
we
only
have
half
the
Tillet
problem,
because
the
other
part
of
the
tiller
problem
is
that
it
has
a
non
kubernetes
fronted
api,
so
they're
fixing
that
by
putting
on
CR
DS
in
front
of
it.
So
even
if
you
were
to
have
like
a
hound,
3
controller
it
it's
the
same
pattern.
Word
like
you:
have
our
back:
protecting
you
but
yeah
having
a
privileged
component
with
a
service
account
inside
of
the
cluster
is
half
that
problem,
and
that
is
a
trade-off
if
you
want
to
do
like
the
whole.
B
Get
ops
thing
with
the
controller
inside
of
the
cluster,
but
I
like
where
you're
going
and
I
I
thought.
This,
too,
is
that
perhaps
we
could
build
binaries
that
have
a
command
line
component,
a
such
that
they're
usable
in
more
like
a
CI
push
or
like
operator
from
your
laptop
fashion,
so
that
you
could
invoke
parts
of
the
control
loop
as
a
binary
right
and
then
have
like
sensible
logs,
because
your
logs
should
be
good
anyway.
F
I
think
that's
something
that
that
is
force
entertaining
great,
but,
like
I,
don't
know,
I
don't
know
if
there
is
a
way
to
kind
of
think
about
the
problem
in
a
way
that
there's
this
component,
that
it
can
switch
between
different
roles
and
it's
sort
of
from
really
assumes
role
on
the
basis
of
something
something.
I.
Don't
really
know.
F
B
B
F
Let's
say
there
is
something
that
that
runs
permanently
and
then
when
it
does
have
to
make
a
change,
it
makes
a
call
to
something
else,
or
something
else
decides
because
a
it's
authorized
to
make
that
change.
It
should
have
that
level
of
access
and
then
does
that
work,
something
of
that
nature
with
it.
But
then
Denny
again
it
definitely
becomes
multiplicative.
F
B
C
I
think
they're,
actually
some
really
good
ideas
here.
I
think
we
should
keep
brainstorming
them
and
looking
into
them.
I
think
I,
I,
think
I
Soomro
know
who
move
action.
I
think
that
is
possible.
Actually
I
think
like
the
CLI
tool
reminds
me
of
is
also
sort
of
similar
to
pre
creation
and
I.
Think
you
know,
if
maybe
it's
okay
to
just
be
able
to
read
the
surface
accounts,
but
not
write
to
them,
and
then
we
could
also
do
our
own
authorize
there.
I,
don't
necessarily
want
to
do
that.
C
But
you
know
this
is
an
Arabic
limitation.
I
think
one
of
the
things
I
would
like
to
keep
is
one
of
things.
I
like
about
operators
is
that
they
are
able
to
monitor
the
ongoing
health
of
things
in
a
way
to
see
my
tool
finds
difficult.
I
think
she
asked
you
ones
with
a
little
bit
about
some
of
this
data,
so
you
did
a
lot
of
the
work
on
the
status
right
legs.
You
wanna
talk
a
little
about
that
status,
reflection
which
I
think
we
should
whatever
solution.
E
So
you
know
you
say
you
deploy
queer
DNS
that
kicks
off
a
deployment
service,
a
few
other
things
and
it
will
go
and
fetch
those
objects
and
aggregate
performance
sort
of
an
aggregate
health
based
on
that.
So
if
the
deployment
is
up
to
the
date
and
it's
healthy,
you
know
that's
a
true
if
the
service
is
in
a
batts,
that's
you
know
the
end
points.
Are
there
something?
E
That's
that's
a
false
and
we
can
sort
of
aggregate
those
together
and
get
like
a
final
false
value
and
what
I
believe
we
have
I'm
trying
to
separate
the
demo
from
what
Co
got
ejected.
What
I
believe
we
had
is
sort
of
an
error
message
at
the
end.
We
have
that
boolean
healthy
and
then
like
a
more
detailed
like
okay-
and
this
is
the
component
I
saw
I
think
providing
a
way
for
providing
a
sort
of
basic
foundation.
E
That
just
is
like
the
aggregate
community
stuff
and
then,
additionally,
allowing
you
know
the
sort
of
domain-specific
add-on
authors
to
to
write
these
sort
of
ongoing
checks.
I
think
would
be
fantastic,
like
you
could
imagine
a
core
DNS
probe
that
is
deployed
as
part
of
this.
That
is
periodically
making
sure
clustered
DNS
is
working
or
maybe
it's
working
to
a
certain
performance
level.
F
E
I
think
that's
a
good
way
to
put
it
and
I
think
I
think
you
know
that's
sort
of
one
aspect
and
one
of
the
challenges
with
add-ons
is:
they
really
span
multiple
resource
types
and
besides
component
status,
we
don't
really
have
a
good
aggregate
sort
of
concept
like
that
and
I
think
the
status
field
on
these
sort
of
add-ons
is
a
really
good
opportunity
to
to
build
something
like
that
or
serve
explore
at
least
I.
Think
I
think
I
mean.
F
One
is
the
scope
demon
said,
but
collect
some
data
and
sends
it
off
to
a
remote
service,
and
then
there
is
the
Prometheus
beep
that
uses
Prometheus
remote
break
and
also
writes
that
to
remote
service,
and
there
is
a
there's,
this
flux
as
well,
which
monitors
a
huge
ripple
which
is
remote
and
there
and
also
reports
back
to
the
remote
service.
So
it's
like
a
sauce.
F
F
E
E
Oh
we're,
gonna
create
the
most
generic
application
management
thing
in
the
world,
but
I
do
think
that
this
is
just
such
a
good
use
case
to
explore
and
sort
of
solve
these
sorts
of
problems
in
a
real
targeted
way
to
make
this
sort
of
stuff
easier
and
I
think
there's
a
lot
of
like
areas
we
can
leverage
or
learn
from
in
it
and
that's
base
so
I.
Definitely
just
added
that.
C
B
Yeah
I'd
love
to
take
the
floor
a
little
bit
also
Jeff
I,
really
like
the
idea
of
having
a
status
controller.
One
interesting
thing
that
ties
back
to
the
nuances
of
the
our
back
conversation
is
that
the
static
could
there
the
status
controller
for
the
add-on
CRD?
It
can
be
less
privileged
and
run
separately
so
that
it
is
a
thing
since
you
probably
don't
need
to
even
be
able
to
update
stuff,
except
for
the
CR
D
and
then
I
I
did
poke
around
a
operator,
SDK
and
kind
of
have
like
some
hello
world
style
code.
B
Yeah
I
threw
in
like
a
version
thing
in
there
and
then
I
have
a
placeholder
for
that
string.
Field
for
the
core
file
and
I
have
some
ideas
of
kind
of
with
what
Elio
is
talking
about.
Personally
I,
don't
think
that
an
add-on
is
very
useful
if
the
applications
configuration
is
more
extensible
in
a
way
that
the
operator
has
control
over
and
what
I
mean
by
the
operator
is
the
cluster
admin,
because
I've
personally
had
to
modify
core
files
pretty
extensively
to
operate
clusters
in
bare
metal
environments
with
interesting,
DNS
and
service
discovery.
Setups.
C
B
Things
like
it
things
like
resources,
you
would
hope.
Are
you
know
usable
also,
I
noticed
the
add-on
directory
has
a
node
local
DNS
cache
version
of
core
DNS
I
started.
Reading
that
and
there's
some
pretty
interesting
configuration
options.
It's
a
completely
different
deployment
topology.
So
these
are
interesting
things
to
think
about
the
like.
That's
that
deployment
is
so
different.
B
Also
yeah
like
if
we're,
if
we're,
really
gonna,
write
a
CR
D
over
the
core
file
and
we
need
to
be
able
to
like
have
people
append
like
random
strings
to
things.
One
thing:
that's
really
cool
about
the
approach
of
the
operator
potentially
being
able
to
manage
the
config
is
that
we
can
pre
validate
it
and
with
a
without
even
like
doing
a
rollout
if
we
want,
although
we'd
have
to
vendor
or
DNS
libraries,
so
I've
been
turning
on
that
idea,
the
operator
SDK
project
is
interesting.
B
One
component,
that's
a
little
strange
to
me-
is
that
they
have
this
operator.
Lifecycle
manager,
thing
which
seems
like
kind
of
a
like
a
fad
thing
to
just
like
imply
that
people
should
install.
It
also
feels
very
open,
shifty
I'm,
not
educated,
on
the,
like
total,
you
know
context
of
why
these
components
exist
yet
and
like
I,
haven't
I'm
not
mature
in
my
adoption
of
this
framework.
So
if
people
are
on
the
call
that
no
operator
SDK
really
well
really
like
to
discuss,
does
anybody
know
what
that
lifecycle
management
components?
Valuev
really
provides?
B
So
operator
SDK
is
not
tied
to
olam
in
any
way,
a
progressive
Kay
is
essentially
like
in
alternate
route
builder
implementation
and
they're.
Like
discussions
around
like
how
those
things
will
align
going
forward,
one
thing
it
does
do
is
generate
additional
integration
with
ollahm.
If
you
are
using
olam,
so
that's
the
value
there
and
then
olam
itself
is
all
about
keeping
a
set
of
operators
installed
in
a
consistent
state
up
to
date
with
their
dependencies.
B
So
if
you're
dealing
with
a
single
operator
at
a
time
like
you're,
just
playing
with
for
DNS,
there's
a
lot
of
value
to
Nolan,
but
when
you
have
like
ten
operators
with
interdependencies-
and
they
all
rely
on
different
Shirdi
API
versions
and
things
like
that,
that's
what
Olin
is
trying
to
do.
That
sounds
really
applicable
to
the
kind
of
problem
that
we're
really
trying
to
solve,
which
is
creating
a
level
playing
field
for
people
to
you,
know,
publish
and
distribute
their
applications
in
a
way
that
can
be
standard
managed
by
the
installation
tools.
Yes,.
E
Mind
for
sure,
hey.
C
F
B
There
is
so
that's
actually
a
separate
component,
so
by
default,
olam
deals
with
local
sources
of
data.
Very
much
like
you
get
like
an
apt
repo
or
a
young
repo
locally
on
a
machine
to
install
stuff.
There's
also
a
way
to
pull
in
manifests
from
external
and
pull
them
back
into
local,
but
there's
their
separate
components.
Ya.
G
Two
operator
pods,
so
there's
operator
hub
IO
the
community
project
and
place
that
you
can
go
and
you
can
find
all
these
things
and
when
you
go
there,
you
can
get
cube
control
commands
I'll.
Let
you
just
install
these
things
to
your
cluster.
Doesn't
matter
what
kind
of
q+
turnus
there's
them,
what
we
call
embedded
operator
hub
and
that's
where
you
install
a
local
operator
hub
instance
onto
after
bananas
cluster,
and
that
knows
how
to
reach
out
and
get
content
from
a
registry.
B
The
community
and
Red
Hat
have
already
put
in
work.
You
know
to
build
some
tools
that
work
with
a
shared
abstraction
like
if
these
tools
are
installing
operators
and
managing
their
are
back
and
then
like
they've
got
CR
DS
and
people
can
use
coop
cuddle
to
see.
What's
in
the
cluster,
then
like
that's
a
lot
of
problem,
but
it's
a
solution.
That's
really
valuable!
C
C
There's
a
PR
like
the
same
thing:
I
did
with
I
think
that'll
be
I.
Think
I'll
be
helpful
to
sort
of
like
get
the
best
of
both
ideas
and
see
whether
you
know
there's
a
solution
for
the
our
back
problem
sounds
like
a
local
operator
how
it
might
have
solved
the
our
back
problem.
Somehow
what
the
tiller
are
that
problem.
B
G
C
B
And
and
I
do
think
that
you
could
build
some
powerful,
like
a
powerful
library
that
wraps
a
controller
with
some
command-line
features,
so
that
it's
useful
to
people
who
do
not
want
to
run
these
privilege
components,
because,
if
you're
running
it
temporarily
on
a
laptop
that
has
access
to
the
communities
API,
all
of
the
storage
is
in
the
API
server.
And
basically
you
have
that
temporary
credential
for
somebody
to
do
whatever
they
want
right.
B
Cool
the
next
thing
I
wanted
to
just
chat
about
is
like
to
me.
I,
want
to
like
reduce
the
number
of
like
binaries,
that
I'm
deploying
to
my
cluster
and
increase
like
cache
hits
for
images.
So
if
we
want
to
have
a
persistent
management
component,
it's
useful
to
have
like
one
thing
that
can
do
generic
stuff,
with
a
with
a
bundle
of
stuff
from
some
packaging
format,
so
like
Hellman
tiller,
is
a
great
example
of
the
concept,
not
a
great
example
of
like
a
technical
implementation
for
many
reasons
that
are
being
fixed.
B
We
need
a
packaging
format
and
we
need
it
to
be
extensible
for
users
to
be
able
to
like
patch
stuff,
provide
options,
provide
ways
for
those
packages
to
consume
options
like
normal
packaging
things,
and
then
we
just
need
something
to
babysit
the
runtime
of
that
stuff.
It's
just
the
unique
part,
so
flux
already.
Does
this
pretty
well.
B
Sorry,
there's
a
pause,
hopefully
you
can
did
did.
Were
you
guys
able
to
hear
the
clapping
yeah,
so
we've
works.
Flux
has
a
very
large
community
and
it's
an
operator
that
runs
in
your
cluster
that
can
maintain
collections
of
things
that
come
from
a
git,
repo
or
action
formats.
We
have
an
integration
with
the
helm,
release.
B
Crd,
that's
implemented
by
we've
works
helmed
operator,
and
these
are
you
know,
long-running
diamonds
and
the
cluster
that
managed
stuff
in
the
way
that
we
are
generally
talking
about
and
I
think
that
there's,
maybe
some
simple
work
that
we
could
do
to
build
an
integration
and
maybe
a
generic
application
CRD
potentially
that
exposes
values
to
people
and
allows
them
to
even
put
like
maybe
specify,
hey,
take
this
application
bundle
and
then
also
like
apply
these
customized
patches
from
my
own
gift.
And
it's
like
that's
a
really
sophisticated
story.
B
So
if
I
give
you
had
something
generic
that
could
apply
a
bunch
of
customized
directories,
you
know
to
a
cluster
and
then
babysit
that
stuff
and
report
status
back.
You
know
in
some
general
way
you
could
build
a
pretty
powerful
abstraction
than
that.
You
could
then
restrict
and
install
multiple
times
or
have
a
cluster
operator
or
whatever
I'm
curious.
If
anyone
has
thoughts,
I.
C
Mean
I
think
we
discussed
and
we
prototyped
I,
think
or
Jeff
prototyped,
allowing
patches
in
the
CRD
instance.
So
in
this
case
the
core
DNS
CRD
instance,
you
could
actually
put
a
customized
patch
or
a
cuoco
patch
in
that
in
that
instance,
and
so,
if
you
wanted
to
change
the
memory
and
we
hadn't
exposed
that
you
could
have
a
patch
that
chip
patch
those
resources,
I
think
that's.
You
also
I
think
there's
two
areas
of
customization.
You
mentioned
you
mentioned
that
sort
of
customization
of
for
one
add-on.
C
C
Have
a
thing
CRD
or
an
add-on
CRD,
which
would
have
a
manifest,
which
could
be
patched
right
to
me.
I!
Think
that
the
it's
not
a
lot
of
work
to
create
these
operators
once
we
have
all
the
other
like
tooling,
in
place,
they're,
not
particularly
heavy,
if
we
put
them
into
one
binary,
so
you
can't
combine
them
into
one
binary
and
that's
an
area
where
the
machinery
that
we
talked
about
previously
doesn't
necessarily
help
us.
C
C
And
I
think
you
done
having
simple
code.
Is
that
I
sort
of
see
this
world
where,
like
as
time,
progresses
everyone
every
controller
starts
simple
and
then
becomes
more
complicated?
So
you
know
maybe
oh
maybe
Core
DNS.
We
have
to
do
some
complicated
migration
at
some
stage
like
that
we
move
to
accordion,
sv5
or
whatever.
It
is
and
there's
something
fancy
we
have
to
do.
C
We
can
do
that
because
we
have
code,
we
can
always
like
burst
the
bubble
and
and
do
whatever
we
want,
whereas
it's
sort
of
hard,
if
you're
in
a
generic
system,
to
do
that
so
I
hope
if
we
can
make
the
cost
low
enough,
that
we
can
encourage
everyone
to
just
build
specific
types,
but
I
think
it's
definitely
valid.
Yes,.
G
I
do
I
echo
what
Justin
you're
saying
right
there.
That's
exactly
our
thinking
as
well.
If
you
start
out
with
an
operator
for
an
application
you're
trying
to
build
around,
you
can
grow
into
whatever
operational
needs.
You
have
over
time,
whether
that's
migration
or
automated
scaling
or
whatever
it
might
be.
C
B
Yeah
I
I'm
interested
in
kind
of
what
you're
talking
about
with
like
a
core
add-on
controller
manager
right
which
is
having
a
single
binary
with
all
of
the
control
loops
for
the
different
add-ons,
but
that
would
get
a
little
gnarly
with
the
rback
thing.
Right
comes
very
uncomfortable
at
that
point.
Yes,
yes,
and
then
you
have
the
same
problem.
You
know
with
like
even
a
generic
code
base
or
generic
binary
that
you
have
to
play
multiple
times
in
order
to
get
the
granularity
of
our
back,
that's
appropriate,
yeah
I.
Definitely
we
should
all.
B
Thank
you,
I
mean
if
something
has
a
path
to
perform
an
escalated
action.
I
mean
it's.
Unless
you
can
somehow
like
I,
guess
you
could
you
know
what
you
could
do
is
you
could
you
could
do
RPC
through
with
CRD
and
then
use
our
back
to
change
fields
on
the
CRD
that
another
controller
would
pick
up?
That
would
be.
B
Yeah
there's,
certainly
an
element
of
trust
you
have
to
have
for
the
concept
of
operation.
Gentle
and
one
thing-
that's
not
easy
to
solve
right
now
is
something
like
I
want.
This
offer
here
to
be
installed
with
this
level
of
Commission
accepted
against
this
particular
problem.
I,
don't
want
it
to
try
and.
B
That
I
don't
really
want
to
delete.
This
is
kind
of
a
hard
problem
that
we
have
with
the
current
or
that
system.
In
general
case,
it's
kind
of
hard
to
come
up
with
a
functioning
operator
that
has
less
than
the
normal
amount
of
permissions.
It
generally
requires
to
do
this
job,
but
it's
a
really
interesting
problem.
I
am
NOT
sharing
something
we
can
solve
just
in
this
room.
It
seems
like
a
larger
event
policy.
This
session.
B
C
C
B
E
B
D
B
Exactly
yeah
yeah
yeah,
so
it's
like
it
doesn't
really
really
help.
Except
does
that
thing
could
be
running
in
a
different
name,
space
or
whatever,
which,
if
you
didn't
want
a
service
account
in
the
name
space
where
the
application
is
running
to
exists
that
can
actually
manage
the
app.
Then
you
could.
A
Yeah,
we
only
have
a
couple
of
minutes
left.
What
do
we
want
to
do
until
the
next
meeting
in
two
weeks?
Lee,
you
wanted
to
push
some
co2
to
get
up
great
and
the
suggestion
of
doing
the
olam
demo
is
that
something
you
want
to
do
next
meeting:
yeah
cool
cool
yeah
thanks
a
lot
Justin
for
putting
this
together.