►
Description
A Kubernetes community meeting about the Azure provider for Cluster API. Cluster API brings familiar, declarative APIs to Kubernetes cluster creation, configuration, and management.
We would love for you to join us! Follow along and set discussion topics at:
http://bit.ly/k8s-capz-agenda
A
Okay,
now
we
are,
I'm
just
talking
all
right:
we're
ready
to
go
cool.
Welcome
everybody
thanks
for
coming
it's
march
4th!
This
is
the
cluster
api
azure
provider
meeting.
We
are
a
project
under
sig
life
cycle
and
cluster
api
cluster
api
is
the
main
project
and
we're
here
to
talk
about
the
azure
support
for
cluster
api
as
we're
at
kubernetes
meeting.
Please
follow
the
standard
guidelines
which
basically
boils
down
to
be
nice
to
everyone.
A
A
A
B
B
A
A
C
Yeah,
so
all
the
new
types
are
merged
in
and
if
you
have
existing
pr
you'd
have
to
rebase
and
if
you're
making
any
changes
to
your
in
the
api,
folder
or
changing
of
types.
Please
just
make
sure
they're
in
the
you
an
alpha,
4,
folder
and
so
move
them
from
where
you
are,
when
your
basic
might
already
happen,
but
make
sure
they're
in
the
v1
alpha
4
types,
and
if
you
need
help
with
something
please
reach
out.
If
something
is
like
broken
or
whatever,.
C
And
that's
like
we
haven't
yet
done,
like
the
actual
changes
of
the
way
v1
alpha
4
to
change
them
to
like
the
new
breaking
changes
that
we're
expecting
to
do
and
removing
all
the
deprecated
and
stuff
these
issues
for
these
things,
but
we
haven't
done
them
yet.
This
was
just
pretty
much
moving
things,
as
is.
C
We
just
no.
This
is
just
moving
the
types
as
they
were
viewing
alpha
three,
so
we
had
like
a
list
of
new
things
that
we
wanted
to
do.
That
will
be
breaking
that
we're
waiting
to
be
on
alpha
for
these
ones
haven't
happened
yet
there
are
like
different
issues
for
each
one
of
them
or
a
bunch
of
issues
and
there's
a
list
of
deprecated
stuff
that
had
the
deprecated
tag
that
we
said
we
would
remove
when
we
have
b1
alpha
4,
which
also
hasn't
been
removed.
Yet.
A
D
Yeah,
so
we
have
been
plagued
lately
with
some
vmss
test
failures,
most
often
cropping
up
in
windows,
but
oddly
these
were
actually
not
related
to
windows.
It
was,
it
was
actually
just
an
artifact
caused
by
the
amount
of
time
that
it
took
a
windows
node
to
come
up,
which
is
slightly
longer
than
it
takes
a
linux
vmss
to
come
up.
D
So
what
what
we
found
was
happening
is
that
the
the
change
made
to
make
bmss
asynchronous,
meaning
that
it
starts
a
create
or
a
patch,
eventually
finding
like
reconciling
several
times,
possibly
and
then
eventually,
seeing
that
the
create
or
the
patch
had
succeeded
or
failed.
Perhaps
this
asynchronous
behavior
allowed
enabled
the
the
controller
to
start
patching
and
then
it
would
come
back
and
it
would
see
that
say
the
bootstrap
secret
had
changed
or
in
the
windows
case
the
admin
password
had
mutated.
D
D
This
non-deterministic
behavior
ended
up
being
caused
by
this
timing
issue
and
by
the
mutation
of
the
the
actual
model,
so
in
1197
what
we
did
is
we.
We
changed
the
way
that
we
calculate
the
hash
for
the
model
and
that
hash
for
the
model
is
now
calculated
sans
the
admin
password
and
the
custom
data
custom
data
blob,
which
is
the
string,
the
bootstrap
data
secret.
So
that's
what's
there.
D
E
F
Yeah
and
and
so
just
so
cloud
base,
so
we're
using
cloud-based
init
on
the
windows
side,
which
is
a
kind
of
a
cross-platform
version
of
cloud
init
and
we've
configured
cloud-based
init
to
generate
a
password
on
first
boot,
a
completely
random
password,
so
that
initial
password
that
we
give
windows
is
just
for
to
satisfy
azure's
requirements
and
then
the
password
is
completely
random.
On
the
windows
side,
it's
a
120
character,
random
string
and
the
way.
D
Yeah,
we
we
really
wanted
to
you
know,
try
to
be
as
sure
as
possible
these.
These
kind
of
these
kind
of
issues
are
pernicious.
You
know
they're
just
they're
just
you
know
slight
odd
little
timing
issues,
but
they
they
crop
up
and
they're
they're
just
evil.
So
if
anybody
does
see
something
like
this
occurring,
please
alert
me
or
anybody
else
and
open
an
issue
and
we'll
get
some
eyes
on
it.
A
B
Same
thing,
you
get
this
like
not
a
vmss
error
in
the
cloud
provider
logs,
so
controller
manager
logs.
So
I
have
been
digging
into
this
a
little
bit
more
this
week,
and
so
I
just
wanted
to
give
some
updates.
So,
first
of
all
this
this
error
happens
like
it's
a
it
doesn't
always
mean
the
same
thing.
When
it
happens,
you
can
see
that
error,
and
then
it
eventually
succeeds.
That's
something
that
you
know.
B
If
you
see
that
error
in
the
in
the
logs,
it
probably
means
that
it
hadn't
hasn't
found
the
the
vms
yet
because
the
cache
hasn't
refreshed.
So
that's
one
thing.
The
second
thing
is
there:
is
this
error
which
we've
identified
and
james
did
a
really
good
job
at
like
narrowing
it
down
and
what
he
wrote
in
this
issue.
Helped
me
a
ton,
but
it's
basically,
if
you
have-
and
we've
seen
this
happen
mostly
when
you
have
one
control
plane.
B
Cache
might
not
always
be
up
to
date
so,
and
this
happens
for
cab
c,
because
we're
using
sorry
this
is
I'm
getting
a
bit
into
the
weeds.
But
I'm
happy
to
like
go
over
some
of
the
details
again,
if
I'm
being
very
confusing,
but
in
cab
z.
What
we're
doing
is
we're
kind
of
cheating
in
cloud
provider
and
we're
using
the
vmss
vm
type
for
all
clusters
like
we're,
setting
that,
by
default
in
the
azure
cloud
provider,
config
on
the
user's
behalf
and
the
reason
we're
doing.
B
That
is
because
we
were
advised
by
the
cloud
provider
maintainers
that
that's
the
way
to
get
clusters
to
allow
clusters
to
have
both
virtual
machines
and
skill
sets
in
the
same
cluster
like
mixed
nodes
clusters,
essentially,
and
so
that's
what
we're
doing
and
and
so
that's
why?
There's
that
logic
that
checks,
if
it's
a
vm
or
if
it's
a
vmss,
but
it's
a
little
hacky,
because
it's
kind
of
like
assuming
it's
a
vmss
unless
it's
not,
and
so
I
have
a
few
attempts
to
fix
it
in
that
issue.
B
It's
not
very
pretty
because,
essentially
we
don't
want
to
refresh
the
cash
every
time
because
otherwise,
like
that
means
people
who
are
actually
just
using
vmss,
are
going
to
get
cash.
Mitts
cash
misses
every
single
time
when
we
try
to
find
the
vm
and
it's
going
to
refresh
the
cache
every
single
time.
B
So
the
second
attempt
I
have
is
just
to
try
to
only
refresh
the
cache
if
the
node
has
been
the
note
that
we're
looking
for
was
not
there.
Last
time
we
got
the
cash
oh
david's,
gonna
expose
me
or
matt
is
gonna,
expose
me
and
show
my
code
in
front
of
everyone,
but
it's
it's
not
tested
yet,
but
yeah,
essentially,
I'm
like
keeping
the
notes,
cache
and
like
notes,
names
and
then
trying
to
see
like
if
something
got
added
since
last
time
anyways.
B
So
I
will
try
to
yeah
follow
up
with
that,
and
so
that's
one
thing
and
if
you're
running
into
that
error,
but
it
seems
different
as
in
it's
not
eventually
succeeding
after
15
minutes,
then
that's
probably
a
different
issue,
and
we
need
to
look
into
that.
I
think
nader
mentioned
in
slack
that
there
was
one
time
where
he
was
running
into
that
and
it
turned
out
to
be.
There
was
a
public
ip
quota
issue,
so
it
was
never
successful
but
that's
probably
bad
errors
in
the
cloud
provider.
B
B
B
So
that's
kind
of
what
I
was
suggesting
as
a
workaround
to
sean
who's.
Asking
about
this
issue
in
slack
was,
if
you
know,
you're
not
going
to
care
about
vmss
and
you're
not
going
to
use
vmss,
then
maybe
for
now
we
just
unblock
you
by
setting
it
to
standard.
What
I
do
want
to
do,
though,
is
I
want
to
work
on
a
proposal
for
cloud
provider
to
have
like
a
like,
truly
mixed,
like
hybrid
mode,
that
doesn't
care
what
types
the
vms
are
could
be
vms.
B
It
could
be
vmss,
and
then
I
think
eventually
that
should
be
the
default,
because
the
only
reason
we
have
standard
and
vmss
is
because
basic
load
bouncers
don't
support
both,
but
if
you're
using
a
standard
load
bouncer
which,
like
most
books,
are
these
days,
it's
kind
of
the
new
default
and
cabzi
doesn't
even
support
basic
load
bouncers,
then,
in
that
case
you
can
use
both.
It
doesn't
matter.
B
B
I'm
saying
I
would
only
require
the
vm
type
field
if
you're
using
basic
load
bouncers,
and
so,
if
you're,
using
basic
load
balancer,
you
have
to
say
standard
or
vmss,
and
you
can't
use
mixed.
It
has
to
be
one
or
the
other.
If
you're
using
standard
load
balancers,
then
we
assume
you're
just
using
both
and
you
can
use
one
or
the
other
or
both
it
doesn't
matter.
C
B
Yeah
the
reason
for
that
is
that
specific
15-minute
delay
because
of
the
cash
it's
because
we
think
because
the
leader
election
occurs.
If
a
new
control
plane
join
and
controller
manager
fetches
the
cash
again,
so
it
has
a
fresher
cash
and
in
cab,
z
or
in
cluster
api.
You
know
how,
if
you
have
several
control
planes,
the
first
control
plane
joins
and
then
the
worker
notes
start
joining
and
so
very
likely.
Your
worker
nodes
are
going
to
have
joined
the
cluster
before
your
last
control.
Plane
joins
the
cluster.
C
A
B
A
C
D
D
D
B
Why
would
we
get
rid
of
x
like
x,
the
folder,
or
I
completely
agree
about
the
api
grouping?
I
think
we
should
change
the
api
group
thing.
I
think
we
shouldn't
have
used
a
different
api
group
to
start
with,
so
the
sooner
we
rip
off
that
band-aid,
the
better
and
now
that
we
have
the
field,
we
went
off
four
types.
D
C
B
D
So
I
think
I
think
the
takeaway
from
that
is,
if
you
are
gonna,
generate
you're
gonna
generate
something
experimental.
You
can
still
do
that.
You
just
are
going
to
have
to
move
it
into
a
different,
a
different
go
path
and
it's
going
to
have
a
different
folder
directory,
which,
which
is
totally
cool.
That
makes
a
lot
of
sense.
It's
just
our
configs.
D
B
No
changes
in
capi,
but
capy
also
has
a
an
issue
open
that
actually
I'm
assigned
to.
So
I
should
get
back
to
how
that
reminds
me
to
change
the
api
group
for
machine
pool,
because
machine
pool
also
uses
the
different
api
group,
but
cluster
resource
set,
which
is
also
an
experimental,
was
added
with
the
same
api
group
as
the
other
normal
types.
H
B
That's
the
open
question
on
the
table.
I,
like,
I
think,
we're
leaning
for
no,
but
because
it's
experimental-
and
it
would
just
add
a
lot
of
complexity
to
like
implement
like
we
could
do
it.
You
have
to
like
basically
have
like
a
controller
that
generates
the
new
type
like
for
the
new
resource
from
the
old
one,
but
I
think
we
haven't
also.
B
What
we
need
to
do
is
like
see
if
there's
anyone
out
there
who
comes
out
who
comes
out
and
says,
hey
like
I
need
this
like
I'm
using
it,
and
I
need
this
to
like
keep
working,
but
what
I
would
personally
prefer
is
if
we
were
able
to
like
break
it
but
break
it
once
as
in
like
we
change
the
api
group,
but
we
also
take
it
out
of
experimental.
So
it's
like
okay,
now
we're
duplicating
the
experimental
type
and
you're
gonna
have
to
recreate
a
new
new
one
with
the
new
non-experimental
type.
B
But
now
it's
not
experimental
anymore,
so
you
can
rely
on
it.
The
problem
is
we
move
it
out
of
that
api
group
into
a
new
api
group
in
the
experimental
folder,
and
now
it's
like.
Okay,
well,
you
have
to
like
go
through
that,
but
it's
still
not
guaranteed
that
in
the
future,
you're
not
going
to
be
we're
not
going
to
break
you
again.
H
Yeah
I
mean
I
I
can
give
one
example
right
now:
a
dance
form
we
are
using
the
machine,
pool
and
ash
machine
pool.
So
I
guess
if,
if
there
would
be
no
support
for
conversion
in
capricapsi,
we
would
probably
have
to
do
it
so
yeah.
I
know.
Maybe
we
could
work
together
on
that
in
that
case,
to
have
it
in
cap,
your
cab
g,
you
know
the
support
for
converting
old
crs
to
the
new
ones.
D
A
H
Yeah
one
small
question,
so
I
asked
already
in
channel
about
if
the
capsis
system
namespace
can
be
customized
now,
do
you
replied
so
I'll
open
an
issue,
but
are
there
some
comments
from
other
folks,
maybe
so
in
in
cluster
ctl
unit?
There
is
a
parameter
to
a
specified
target
namespace,
so
the
controllers
can
be
deployed
in
a
any
namespace
you
you
specify.
H
This
is
not
related
to
experimentally,
just
the
general
capture
question
so
currently
in
cabzi.
I
think
azure
identity
is
using
cabsie-system
namespace,
there's
a
constant
that
uses
it.
So
are
there
some
concerns
around
making
it
possible
to
specify
a
different
namespace
and
having
capture
stuff
in
a
different
namespace.
H
E
B
Yeah
but
I
think
it's
a
gap
in
the
identity
implementation
if
we
have
a
hard-coded
name
space,
that's
not
configurable,
and
I
think
we
had
seen
that
in
the
pr.
Actually,
it's
just
that
at
the
time
it
was,
I
think,
there's
like
discussion
around
it
in
the
pr
and
we
ended
up
not
fixing
that
or
not
knowing
how
to
fix
it.
But
I
think
we
should
look
into
that
again.
Okay,
I'll
open
an
issue
in
does.
B
Yeah
or
it
might
just
be
a
fix
in
cluster
cuddle
actually
too,
because
I
assume
the
way
it's
like
changing,
because
it's
when
you
specify
target
namespace,
how
does
it
like?
I
haven't,
looked
at
the
code,
but
I
assume
it
does
something
to
change
the
name
space
of
the
infrastructure
provider,
resources
right,
and
so
maybe
it
needs
to
do
it
to
all
the
resources
like
even
the
custom
ones.
B
H
I
C
B
C
B
B
Okay,
I
was
just
curious
because,
like
that's
something
yeah,
I'm
trying
to
what
I'm
just
trying
to
make
it
easy
and
clear
for
users
to
build
their
own
custom
images,
because
it's,
I
think,
right
now,
it's
a
little
bit
confusing
and
it's
also
not
always
very
obvious
that
you
should
like
we're
trying
to
make
the
documentation
say
that
very
clearly.
But
I
think
it's
easy
to
not
read
it
and
just
use
whatever
is
the
default.
So
I
wanted
to
see
if
anyone
had
experiences
around
that
thanks.