►
Description
#sig-cluster-lifecycle
#capn
#capi
A
All
right,
good
morning,
everybody,
this
is
the
march
9th
cap
in
office
hours.
As
always.
This
is
recorded
and
posted
to
youtube.
So
don't
say
anything
you
wouldn't
want
to
be
broadcast
to
the
whole
world.
We
have
a
couple
items
on
the
agenda,
so
I
think
we
can
just
get
started,
but
actually
before
we
do
do,
we
have
any
new
folks
that
haven't
been
here
before
I'd
like
to
do
a
quick
introduction.
A
Cool
all
right
as
well,
if
anybody
is,
if
you
can
go
and
add
yourself
to
the
attendees
list,
I'm
going
to
drop
the
actual
google
doc
for
this
in
the
zoom
chat.
A
B
Yeah,
okay,
so
I
would
like
to
discuss
two
issues.
The
first
one
is
when
I
implement
the
nested
etcd
controller,
we
wanted
to
use
some
existing
templates
like
when
we
create
the
etcd
parts.
We
need
to
know
like
what
should
we
pass
into
the
command
line?
Something
like
that.
So
I
would
like
to
know
how
can
we
refer
to
templates
like?
Should
we
put
the
just
the
pod
templates
of
the
etcd
in
our
caption
repository
or
how?
B
If
layer,
should
we
use
any
magnesium
that
allow
user
to
specify
what
templates
they
wanted
to
use?
So
I
think
we
used
to
we.
B
We
talked
it
talked
this
before
and
we
decided
to
use
the
the
common
spec
from
the
could
be
builder
declarative
patent,
the
repository,
but
I
I
I
discussed
with
chris
last
week
or
two
weeks
two
weeks
ago
I
forgot,
but
chris
you
you
mentioned
that
this
feature
is
not
stable
right
now,
right,
it's,
they
are
going
to
change
how
they
are
going
to
use
this
common
spec,
like
the
version
and
channel
to
refer
to
the
template
right.
So.
A
No,
it
is
so
from
their
side
of
things.
It
is,
it
is
standardized.
Okay,
it's
more
just
it.
So
I
think
what
that
might
have
been
my
mistake
on
how
I
communicated
that.
So
what
I
was
thinking
was
that
we
could
go
forward
with
what
you
did
for
the
fcd
implementation
and
then-
and
we
could
merge
that,
and
then
we
can
try
to
realign
a
little
bit
more
with
the
declarative
patterns
as
we
go
forward.
So
basically
don't
implement
anything
specific
to
that.
A
A
We
can
go
and
use
their
their
file
based
or
directory
based
structure
to
actually
load
those
manifests
in,
and
then
we
just
populate
them
from
our
reconciler.
That's.
B
What
I
was
thinking
I
see
okay,
so
could
you
remind
me
how
they
totally
achieved
this
like?
I
noticed
that
there
are
two
fields:
one
is
the
version.
One
is
the
channel
version
means.
What's
the
version
of
the
specific
component
like
1.2.3,
the
channel
means
if
this
release
is
stable
or
nightly,
or
something
like
that,
and
you
just
mentioned
they
use
things
like
directory
directorate
to
organize
all
this
version
in
a
channel.
So
does
that
mean
we
need
to
create
directory
inside
our
caption
repository
or
we
need
to
host
it
someplace
else.
A
Yeah,
so
let
me
actually
share
my
screen,
I
guess
and
I'll
take
you
on
on
a
tour
as
I
have
used
it
and
know
about
it.
I'll
just
go
through
the
examples
that
they
already
have.
Let's
see
share
my.
A
A
All
right
so,
basically
we're
looking
at
the
declarative
patterns
project
for
their
guest
guest
book
operator.
I'm
just
going
to
go
through
this
because
it's
already
pre-built,
so
what
they
actually
do
in
here,
that's
a
little
bit
different
is
when
you
actually
set
up
your
controllers.
Your
controllers
are
written
much
more
lightweight
than
what
we
have
in
terms
of
the
only
thing
it
has
to
do.
A
Is
it
kicks
off
like
a
common
reconciler
and
the
common
reconciler
goes
through
and
it
can
do
object,
transformations
on
any
of
the
resources
and
you
can
pass
it
in
in
any
functions
that
can
go
and
change
any
or
mutate
any
of
the
actual
manifest
the
raw
gamma
manifest
files
for
you.
You
can
set
owners
on
it.
You
can
set
labels
so
on
and
so
forth.
You
can.
A
Then,
if
we
go
back
how
they
actually
structure
that
and
how
you
actually
point
to
it
is
the
in
the
types
you
have
like
what
you
already
know
about
the
common
spec
and
patch
spec.
So
the
patch
spec
allows
you
to
override
anything.
You
want
kind
of
like
a
customized
patch,
and
then
the
common
spec
defines
this
the
version
and
channel
now
in
version
and
channel
how
those
actually
happen
are
set
up,
is
there's
this
channels
directory
at
the
base
of
every
project
and
in
essence
these
could
be.
A
A
Is
how
it
how
it
gets
the
manifest
for
each
one
so
in
ours,
we'd
actually
have
manifest
name,
etcd
version,
whatever
the
version
is
that
we
have
in
defined
in
our
stable
deployment
and
then,
if
we
go
back
to
channels
you
go
into
guestbook.
So
this
is
notice
how
how
the
naming.
A
B
So
I
have
a
question
so
the
the
version
here
does
that
align
with
the
version
of
the
components
or
just
the
version
of
our
controller
like
if
we
have
a
new
version
of
etc.
3.5.0
then
do
we
need
to
create
a
new
version
under
maybe
stable
channel.
For
that.
A
C
A
Have
those
maintained
I
do
vince,
there
is
some.
There
are
some
policies
within
within
cluster
api
about
versioning,
or
at
least
there
was
at
one
point
I
remember
hearing
is
that
is
that
a
conflict,
because
I
what
I
remember
from
this
is
a
long
time
ago,
if,
if
I'm
right
was
each
version
of
cluster
api
was
specific
to
a
version
that
was
actually
released,
and
so
you
would
update
the
component
tree
for
cluster
api.
A
Yeah,
sorry
about
that,
so
I
was
over
there
for
one.
Second,
no
worries.
Can
I
I'll
repeat
my
question,
so
I
remember
from
a
while
back-
and
I
don't
know
if
this
is
still
the
same
policy
but
in
in
cappy
at
one
point
there,
the
policy
was
versions
of
the
released
kubernetes
versions
that
you
could
create
with
them
were
associated
with
versions
of
the
actual
control
plane
components
like
the
cappy
components,
or
is
that
not
the?
Is
that
not
the
case?
E
So,
just
because,
like
the
version
of
the
of
which
components.
E
That
happened
in
the
past
because
of
breaking
changes,
but
so
alpha
3
is
actually
the
widest
release
so
far
and
we
still
keep
supporting
the
new
releases.
E
Okay,
it
might
happen
that
in
the
future
we
won't
like
you
we're
going
to
say,
like
hey,
you
have
to
update
in
the
new
version
to
get
the
new
kubernetes
version
but
like
unless
that's
required,
like
I
usually
discourage
that
because
yeah
we
want
to
support
like
a
wide
range
of.
A
Case
versions
and
it
goes
backwards
as
well,
so,
if
you're
on
118
and
you
had
like,
if
you
have
down
till
one
sec,
is
it
basically
like
follows
the
version
skew
for
it
or
is
it
because
the
the
the
thing
that
I'm
trying
to
figure
out
is?
Is
it
okay
if
from
a
cappy
perspective,
or
is
this
any
breaking
or
weird
implementation,
if
we
support
say,
for
instance,
in
our
controller,
we
have
versions
for
ncd
that
are
3.5.4
3.5.5,
3.5
point
like
and
and
up
and
down,
and
both
ways
on
the
version,
sku
or.
A
E
Would
do
the
backward
compatible
way?
That
would
be
the
the
way
that
we
we're
doing
that
today.
So
actually
also
clarified
like
there
is
a
minimum
version
for
the
management
cluster,
which
is
119.
I
want
to
say
for
alpha
4
and
it's
116
for
alpha
3..
The
the
main
version
is
dictated
by
a
few
factors,
but
the
workload
cluster.
It's
like
much
wider.
E
We
do
support
like
a
wide
version,
but
we
don't
support
any
downgrade.
So
that's
you
can
go
back
like
from
after
you.
Upgraded
a
cluster
there
is.
There
is
something
we
want
to
support
is
rollback
to
make
sure
that,
like
you,
could
you
know
roll
back
to
the
previous
stable
version,
but
we
don't
do
that
yet
so
yeah
backward
compatible
sounds
like
the
way
to
go
and
making
sure
that
you
can
only
go
up.
It's
actually
like
a
good
limitation
to
put
in
place
when
you're
starting
up.
A
B
Okay,
yeah
sounds
good
yeah,
okay,
so
I
will
keep
the
current
implementation
and
we
will
merge
it
first
and
later
we
will
move
forward.
We
will
try
to
align
with
the
implementation
of
the
the
declare
declarative
pattern.
Yes,.
A
B
I
okay,
so
okay,
let's
talk
about
the
second
issue.
I
have
so
I
discussed
with
you
last
week
and
we
agree
with
that
that
the
ncp
controller
are
going
to
create
the
ca.
The
root
ca
for
all
the
components
and
each
nested
components
will
component
controller
will
be
reached,
then
will
be
responsible,
create
the
actual
certification
and
certification
based
on
root
right.
B
B
A
Let's
see
yeah
that
sounds
slightly.
Concerning
I
mean
I
would
I
want
to
vince
if
you
have,
if
you
have
background
on
on
what
q8m
is
doing
there
yeah?
How
does
that
actually
happen?
Because,
because,
if
cube
adm
is
is
not
generating
the
certificates
up
front
and
it's
a
lot
and
it's
passing
it
down
to
the
actual
machines
to
generate
then
what?
How
would
that?
Actually,
how
would
that
typically
function.
E
So
for
control
plane,
you
have
to
pass
like
all
the
casings
and
the
keys
to
make
a
control,
plane,
initialize
or
join
the
for
nodes.
It's
just
the
ca
search
of
the
cluster.
E
E
Cluster,
well,
you
could
have
access
to
both.
I
guess
if
that
makes
sense
so
like
I'm,
so
look
for
the
workload
cluster,
like
the
secrets
are
like
on
disk.
So
if
you
have
someone
that
already
has
ssh
in
one
of
your
machines,
the
security
holes
say
somewhere
else
right
for
our
back.
E
E
So
there
is
the
concern
that,
like
the
secrets
are
stored,
you
could
use,
I
guess,
an
external
ca,
but
that
doesn't
really
solve
the
question
like
you
could
go
around
and
like
not
like
make
it
so
that,
like
you,
use
external
cas
and
things
like
that,
but
then
you
have
to
generate
all
those
things
that
and
management
of
those
certificates
will
become
that
nightmare
really
quickly,
especially
in
you
know,
in
capi,
where
everything
is
immutable,
you
want
to
delete
and
recreate
machines,
and
then
you
have
to
generate
those
certificates.
B
Yeah
so
so
yeah
like
ben
said,
if
we
assume
that
the
management
cluster
is
cannot
be
accessed
by
an
average
user,
then
I
think
it
can
be
secure
if
we
it
can
be
secure
enough.
If
we
just
have
this
assumption
and
then
we
can
store
the
both
the
ca
and
rsa
key
inside
secret
and
the
secret
is
just
on
the
management
cluster,
so
the
workload
cluster
will
not
have
the
right
to
the
user
of
the
workload
cluster
will
not
have
the
right
to
access
this
secret,
so
that
can
be
okay.
A
From
that
side
of
things,
so
that's
really
to
generate
so
we
get
around
this
in
in
vc
or
in
in
what
you
did
in
vc
manager
by
doing
everything
at
the
virtual
cluster
controller
and
generating
all
the
search
for
everything.
Now
I
think
going
back
to
our
chats.
I
think
we
talked
about
doing
you
and
I,
on
slack,
were
talking
a
little
bit
about
maybe
storing
the
actual
client
certs
from
the
controller
instead,
which
would
get
around
that.
A
So,
if
we
basically
had
the
ncp
generate
all
of
the
key
pairs,
while
it
still
had
the
ca
and
the
rsa
key,
we
wouldn't
need
to
actually
pass
that
down
correct.
B
I
mean,
if
did
you
did
you
just
say?
If
the
ncp
controller
generate
all
the
roots
include
root
and
also
the
certificate
everything
yeah?
That
would
be
good,
that'll
be
good,
then
I
think,
then
you
don't
need
to
pass
the
ca
or
isa
key
into
the
secret.
You
can
just
store
the
client
certificate
and
key
inside
the
secret.
B
That
will
be
enough
for
all
these
components
to
talk
to
each
other,
because
etcd
only
need
to
talk
to
api
server
only
need
to
talk
to
etc,
and
the
controller
manager
only
need
to
talk
to
api
server
yeah.
So
we
only
need
to
have
two
sets
of
client
certificate
and
a
key
pair,
etc
and
api
server
just
to
begin.
Okay,.
A
Yeah
then
we
need
to.
We
need
a
way
to
be
able
to
generate
them
for
be
all
being
able
to
off
to
cubelets
or
via
an
agent
right
as
well.
B
Cubelets,
be
an
agent
yeah,
yeah,
correct,
yeah,
right
right
if
we
wanted
to
have
another
like
cubelets
client
certificate.
B
D
A
Okay,
so
what
I
ended
up
doing
is
this
morning
I
went
around
and
I
just
I
went
back
and
updated
my
ncp
doc,
so
I
had.
I
hadn't
had
a
chance
to
poke
you
and
say
if
you
can
go,
give
that
a
read,
but
in
essence
what
I
ended
up
doing
was
writing
it
up
as
though
we
would
do
generation
of
the
client
certs
as
well
and
do
based
on
your
our
chats.
Sorry,
everybody.
A
You
weren't
all
a
part
of
this,
because
we
did
this
in
in
dms,
but
in
essence,
we
were
chatting
about
how
we
could
potentially
store
the
std
client
certs,
based
on
the
same
name,
name
prefixing,
that
we
use
in
capi.
So
let
me
actually
just
share
my
screen
and
I
can
show
what
I
what
I
ended
up
writing
up.
A
I
did
a
little
bit
of
a
tbd
on
some
of
these
things
because
I
don't
know
all
of
the
certs
that
we're
going
to
need
to
generate
and
we
can
always
mutate
this
later.
Let
me
share
my
screen
again.
A
So
in
theory,
if
we
go
down
to
search
so
basically
what
I
ended
up
doing
is
calling
out
another
another
piece,
which
is
the
the
key
pairs
for
every
single
component.
So
we'd
have
cluster
name
dash
component
dash,
client,
cert
and
those
are
going
to
be
the
key
pairs,
basically
in
essence,
generating
very
similar
to
what
we're
doing
for
for
the
service
account,
and
then
we
have
the
so
how
that's
all
structured
is
all
written
out
there.
A
So
we'd
have
ncd
as
a
prefix
as
a
component
name
proxy
as
a
component
name,
cubecontroller
or
controllermanager,
sorry
as
a
component
name
and
then
potentially
cubelet,
and
then
anything
else.
We
might
add
later.
We
can
add
into
this
list
as
known
components
as
for
other
pieces
that
can
get
deployed
as
pods.
How
does
that
sound?
A
B
A
E
B
A
Yeah
so
right
now
I
only
have
it
as
the
proxy
cert,
but
I
guess
I
can
make
another
one
yeah
I'll
add
in
another
one
that
is
the
the
api
server
as
well.
So
let
me
I'll
update
that
I
did
a
couple
other
updates
to
there
to
resolve
everybody
else's
feedback
on
that
dock.
If
you
want
to
give
that
another
read
through
as
well.
E
One
thing,
though
you
might
want
to
think
about
chris,
is
like
I've.
Seen
like
you,
you
don't
have
anything
else
apart
from
that
api
server,
how
are
you
going
to
handle
like
certificate
rotation
and
things
like
that
when
you
want
to.
A
E
D
A
good
idea,
let
me
think
about
how
we
could
do
that
since.
A
A
Things
because
yeah,
so
we
can't
expect
everybody,
does
everybody's
gonna
use
cert
manager
for
their
deployment,
and
so
we
need
to
have
a
common
path
for
people
to
be
able
to
provide
their
own
cert.
For
how
for
how
these
control
planes
will
get
brought
up.
D
A
Yeah,
so
the
idea
there
is
cert
manager
is
an
add-on
that
you
can
use
and
by
having
a
common
named
secrets,
you
could
overwrite
those
by
saying
in
your
certificate
resource
with
cert
manager.
You
specify
the
name
of
the
component.
You
want
it
to
generate
a
cert
for,
and
it
will
generate
the
secret
into
that
it'll
generate
a
secret
and
store
it
in
that
name
that
you
specify
in
your
certificate,
and
so
you
can
override
anything
that's
in
this
dock
by
using
cert
manager,
but
we
need.
A
Built
in
that
that
will
at
least
manage
it
at
a
at
a
self-signed
way.
Okay,
so
that
we
can
deploy
this
without
cert
manager
as
well.
A
I
thought
it
was
only
it's
required
in
v4,
but
not
v3,
right
unless.
A
B
So
I
think
if
the
certificate
manager
can
generate
all
these
things,
then,
and
also
can
do
the
rotation
like
certificate
rotation.
I
think
it
can
be
good
option
right,
because
if
we
do
not
use
certificate
manager,
then
the
ncp
controller
have
to
be
responsible
for
the
whole
life
cycle
of
their
certification.
We
have
to
do
rotation
update
all
this
right.
A
Okay,
all
right,
so
if
we
were
to
do
that,
if
we
were
to
basically
make
it
so
that
it's
a
requirement
on
cert
manager
yeah,
let
me
let
me
spin
my
wheels
on
that
one
a
little
bit,
I'm
trying
to
think
if
that
would
cause
any
issues
to
require
cert
manager
to
do
the
generation
for
the
search
for
the
control
plane.
A
Components,
because
I
understand
why
it's
therefore
at
least
for
for
the
cappy
control
plane,
but
I'm
trying
to
figure
out
why
it
would
be
there
for,
if,
like
cube,
adm,
is
typically
generating
the
search
and
managing
the
search
for
the
workload
clusters.
E
So
you
usually
like
a
weekend.
You
start
manager
because
qbn
runs
on
the
machine
and
it's
like
too
early
for
that
workflow
foster
to
actually
have
those
certs.
But
in
this
case
like
given
that
you
might
well,
I
don't
know
how
they
could.
You
will
have
to
figure
out
like
attaching
of
nodes
but
from
the
control
plane.
You
could
leverage
certain
manager
and
yeah
just
create
those
crs
and
get
the
secret
and
push
it
down.
A
A
You
can
supply
your
own
search
with
this,
but
we're
going
to
follow
the
same
path
that
we
have
with
the
cube,
adm
control,
plane
and
bootstrap
provider
that
it
does
some
of
that
generation
for
you
if
those
aren't
supplied
or
if
those
aren't
generated
for
already,
but
I
guess
that
makes
that
would
make
that
makes
sense.
All
right,
I'll,
spend
some
cycles
and
update
that
all
right
and
think
through
how
that
would
work.
C
Sure
I
think
student
manager,
definitely,
if
increase
you,
think
it
is
reasonable.
We
can
definitely
go
there,
but
my
current
environment
is,
I
don't
know
how
much
time
we
are
going
to
spend
if
we
really
do
stuff.
But
if
we
want
to
make
our
marched
milestone,
this
is
okay.
C
We
just
do
some
mean
simple,
just
leveraging
what
vc
manager
part
of
key
management-
very
simple,
there's,
not
a
great
story,
but
again
our
first
release
and
we
can
put
a
manager
in
our
the
next
is,
I
think,
which
is
more
reasonable,
because
this
is
a
blocker.
I
don't
want
to
spend
another
two
weeks
to
explore
how
to
resolve
this
blocker.
A
No,
that
makes
sense,
I
think
the
biggest
thing.
The
biggest
thing
that
we
need
to
solidify
is
what
the
names
should
be
on
those
so
that
we
don't
have
to
change
the
names
on
the
secrets,
and
I
think
those
at
least
are
are
solid,
because
those
follow
the
same
format
that
we
have
in
capi.
So
if
we
can
follow
those
patterns,
j
use,
what
we
have
in
vc
manager
to
implement
the
entry,
but
then
also
be
able
to
support
overrides
with
cert
manager,
then
we're
okay.
A
C
A
Can't
come
up
yeah,
okay,
yeah
that
makes
sense
yeah.
So
then
I'll
I'll
probably
go
through
here
and
change
a
couple
of
the
pieces
in
in
the
the
dock
about
using
the
cube,
idiom
stuff
and
point
more
towards
the
vc
manager
code
base,
and
then
we
can
generate
or
we
can
leverage
those
use,
the
new
names
and
then
yeah
and
move
forward
with
that.
A
Cool
all
right
does
anybody
else
have
anything
that
they
want
to
bring
up
we're
at
the
end
of
our
agenda,
for.
A
Now,
at
some
point
faye,
if
you
get
a
chance,
I
would
it
would
be
super
awesome
still
to
do
a
demo
of
what
you're
doing
with
the
experimental
stuff.
But
that's
separate
from
from
this
of.
C
Course,
but
not
today,
because
I
I
I
wish
I
can
do
that,
I
I
wish
I
could
do
the
you
know
kind
of
tutorial
little
tutorial
this
week,
so
sure
we
get
everything
done
and
my
demo
would
go
would
kind
of
go
through
that
tutorial.
C
Okay,
one
thing
is:
maybe
we
can
take
some
time
to
discuss
when
he
is
we
can
describe.
We
are
about
the
example
controller
for
the
crd,
okay,
yeah
yeah,
so
so
so
my
yeah.
So
I
think
I
think
I
agree
with
what
this
is
common
generated.
I
I
think
that
that
controller
can
be
as
simple
as
generic
as
possible.
C
I
I
was
even
start
thinking
it's
just
it
just
has
some
document
but
but
but
you
put,
you
know,
actual
coding
in
that,
so
I
think
it
is
okay,
but
I
agree
with
most
of
what
chris
was
mentioning
say
using
the
name
like
just
fool.
C
My
little
concept
is
you
put
a
sample
code
like
it
did
like
all
the
petroleum
dws
uw
thinker,
so
so
my
worry
is
that
are
you
going
to
have
to
make
consistent
every
time
we
change
rules
so
because
this
is
not
like
you
know,
interface
code
or
framework
code,
which
is
kind
of
pretty
stable.
C
It's
real
kind
of
working
piece.
I'm
not
sure.
Is
this
good
enough
to
just
put
actual
code
there
or
just
use
kind
of
document
describe
what
you
are
going
to
do?
I
don't
know
which
one
is
better
so.
D
I
think
the
code
is
just
example
that
so
we
can
it's
not
to
enforce
people
to
use
it,
but
I
put
there
just
example
that
how
I
use
this
your
framework
to
generate
another
thinker,
that
if
anyone
wants
to
separate
the
syncer-
or
they
want
to
combine
with
your
existing
thinker,
that
you
can
combine
a
big
thinker,
including
the
not
optional
component,
but
also
this
is
cr
which
he
defined
separately.
So
this
is
how
it
works.
D
So
when
you
change
the
infrastructure
in
the
future,
I
think
you
evolve
very
quickly,
but
I
still
hope
that
people
can
can
still
make
sure
this
kind
of
a
some
implementation
which
some
company
like
us,
we
did
can
be
compromised
that
the
people,
when
changing
your
infrastructure
code,
not
too
dramatically
that
make
this
piece
not
workable,
but
this
is
not
enforced.
Just
put
there
to
make
sure
we
have
example
and
people
can
contribute
on
it
and
enhance
it.
The
start
point
because
just
writing.
D
I
already
finished
writing.
So
the
code
is,
there
is
a
shouldn't
matter
right
for,
for
your
entire.
C
D
So
I
will
make
file
it's
separate
there,
because
this
example.
So
if
you
look,
the
structure
is
totally
like
a
separate
thinker.
We
build
it.
Build
start
root,
from
example,
is
not
from
the
virtual
cluster,
so
I
will
put
a
make
file
there
so
that
people
can
build
it
and
to
to
fill
it,
and
if
they
don't
have
time
they
can
enhance
it
in
case
I
I
made
something
wrong,
but
it's
quite
complicated.
D
That's
I
make
everything
work
now,
so
it
dynamically
can
introduce
crds
then
on
the
cr
can
be
synced
and
can
be
patrolled.
So
this
is
a
maybe
someone.
C
Yeah,
I
wonder
my
point:
is
you
can
do
that
away,
but
so
we
have
two
two
ways
to
so
so
if
we
want
to
maintain
that
the
problem
is
how
to
maintain
that
right.
If
we
want
to
maintain
that
which
means
every
time
we
do
the
change
in
the
amazing
curve
repository
I
need
to
think
about.
Oh
there
is,
there
is
an
example
there
should
I
change
that
file
as
well.
So
that's
that's
kind
of
it's
okay.
If
we
all
agree,
we
do
that.
That's
fine,
so,
on
the
other
hand,
is
rosie
example.
C
D
Yeah,
so
the
way,
if
you
look
at
the
code
currently
in
example
except
this
api,
the
the
full
all
I,
the
crd
crd
apis,
which
is
generated-
this
is
separately.
But
if
you
look
at
the
core
of
this
code,
it's
just
one
of
the
sinker
components
like
underscore
source.
Crd
noun
is
an
underscore
source
score
slash.
We
call
it
a
project
as
a
or
full.
So
this
is
like
one
component
very
slim,
very
slim.
There.
Everything
is
a
import
from
your
infrastructure.
D
Nothing
was
actually
there,
so
there
are
only
actually
three
files
which
can
be
put
as
a
component
under
slash
resource.
D
Copy,
if
you
just
do
importing
no
yeah
everything
imported,
so
only
so
this
you
can
consider
it.
It's
just
slash
resource
resource,
slash
component,
this
everything
is
there
and
nothing
else
from
so.
Actually,
I
can
even
check
into
the
resource
slash
directory
as
a
new
component.
A
new
sync
command
like
a
crd
example,
but
we
put
example
is
that
I
don't
want
to
interfere
with
your
infrastructure,
so
everything
is
is
just
imported
from
your
main
infrastructure.
C
D
C
D
Yeah,
if
you
do
the
bit,
the
idea
is
that,
hopefully,
if
people
do
this,
big
change
also
should
consider
this
kind
of
if
he
agreed
this
example
cr
resource
synchronization.
He
should
also
do
one
step
to
make
sure
that
also
compliant,
because
this
is
just
as
the
exact
same
kind
of
a
component
as
the
normal
thinker,
which
we
use
user
use
it.
So
I
don't
want
you
to
make
dramatic
change
in
the
infrastructure
that
so
the
people
very
hard
to
use
your
infrastructure
in
the
long
run.
D
So
this
is
a
one
way
to
to
make
sure
our
infrastructure
is
generic
enough,
so
everyone
can
benefit
from
that.
So
this
is
a
is
a
good
thing
for
the
infrastructure.
A
A
C
D
And
everything
yeah,
but
I
think
a
good
thing
for
you,
the
single
infrastructure
that
the
people
do
use
crds
and
they
do
have
dependence
on
your
infrastructures
so,
like
recently,
some
of
the
changes
are
so
dramatic
and
of
course
it's
a
good
way
is
not
to
break
a
lot
of
things,
but
they
do
have
some
complication
on
the
crd,
our
component.
D
So
in
this
thoughts
I
put
this
component
in
so
at
least
when
you
change
the
infrastructure,
you
need
to
have
some
reference
that
oh
people
use
this
way,
so
I
have
to
change,
make
sure
it's
still
compliant.
It's
not
so
dramatically.
Change.
Only
think
of
this
10
count
the
standard
component
in
your
sinker.
I
think
this
is
good
for
the
long
run
for
the
sinker
infrastructures.
Yeah.
C
I
totally
agree
with
you,
but
but
the
problem
is,
you
know:
even
the
synchro
has
been
there
for
a
year,
but
I
would
say
still
in
very
early
stage,
so
we
don't.
We
don't
even
have
a
formal,
you
know
formal
release
date
yet
so,
which
means
I
mean
at
least
for
currently
any
code
change
or
any
recorded
refectory.
We
were
thinking
we
are,
we
shouldn't
worry
too
much
about.
You
know
breaking
kind
of
others,
because
we
are
not
even
released
even
even
a
beta
version,
so
that
that
that's
that's
a
reason.
C
At
least
at
this
moment
I
don't
want
to
put
very
strict.
You
know
enforcement
on
how
we
change
the
info
code,
because
it's
not
a
good
implementation
anyway,
we
need
to
change
it
right.
So
if
we
release
something,
for
example,
we
formally
release
a
one
point,
any
release
we
have
formally
released.
Now
we
need
to
think
about.
Oh
any
changes.
We
need
to
be
very
cautious
about
where
that
break
others.
So
that's
a
that's
a
that's
a
reason,
but
I
I
agree
with
you
once
you
know
we
we
release
it.
It
has
to
be
stable.
C
D
So
this
gives
you
some
vision
that,
because
this
infrastructure
is
so
nice
that
can
serve
a
lot
of
purpose,
I
have
some
new
ideas
to
make
it
to
even
grow
on
different
angles,
but
with
all
this
index
either
in
the
example
is
experimental
is
tightly
not
very
tightly
combined
with
your
existing
code,
but
at
least
loosely
tied
loosely
coupled
with
your
infrastructure
code,
which
gives
us
at
least
some
some
some
reference,
at
least
for
the
people
to
to
work
this
way.
C
Yeah,
I
think
sometimes
I
think,
as
a
project
getting
bigger
and
bigger.
I
think
people
will
face
this
kind
of
thing
right
if
we
kind
of,
for
example,
we
have
so
because
the
example
crd
you
can,
you
can
treat
it
as
another
kind
of
experimental
features
which
is
can
stand
alone,
which
is
stand
alone,
things
based
on
the
base,
sinker
infrastructure,
but
you
do
something
else,
but
if
we
agree
that
freedom
of
photos
for
the
scheduler
that
I
was
doing
so
I
never
ask
you
know
anybody.
C
You
can
change
thinker
whenever
you
want,
you
don't
need
to
think
about
the
experiment,
I'm
going
to
think
experiment
to
matching
the
latest
infrastructure.
So
I,
unless
so,
I'm
not
asking
everybody
to
change
something
to
make
sure
the
experimental
can
work.
So,
on
the
other
hand
there
that,
if,
if
you,
if
you
think
okay,
you
don't
want
to
put
extra,
you
know
constrain
or
burden
or
anybody
to
change
synchro
code.
So
you
are
going
to
be
responsible
to
sync
any
changes
on
the
synchro
to
to
the
experiment,
crd,
I'm
I'm
totally
fine
with
that.
C
D
Yeah,
I
agree
so
at
least
I
have
a
point
to
just
start
discussing,
because
when,
if
I
lose
this
code
after
several
months,
people
change
this
infrastructure,
I
have
no
any
base
to
talk
start
with,
because
it's
very
complicated
things.
Now,
if
the
code
is
there
at
least,
I
can
point
out
this
some
certain
line
that,
with
your
new
change,
is
make
difference
or
make
difference.
So
this
way
at
least
there
is
a
reference
point
that
I
can
start
to
talk
and
make
sure
the
guy
who
check
the
infrastructure
code
can
recycle.
D
Is
this
the
best
way
or
not?
If
he
thinks
best
way,
then
I
would
do
the
change
on
my
side.
The
example
code
make
sure
it's
compliant,
but
at
least
the
code
there.
We
can
have
a
start
point
to
discuss
why
your
infrastructure
change
is
good
or
bad.
So
at
least
I
have
some
reference.
If
I
just
put
a
document
there,
no
code,
it's
really
hard
to
put
everything
there,
so
you
cannot
even
start
to
talk.
D
Yeah
pr,
so
I
can
point
into
the
code.
So,
for
example,
you
did
a
big
pr
to
change
that.
So
then
I
can
point
to
this.
You
know
review.
I
can
tell
him
that,
okay,
if
we
want
to
compromise
something
like
like
in
the
cr
sinker
like
in
example,
if
you
do
a
little
bit
change
this
way,
that
would
be
nicer
or
at
the
end
he's
not
agree
on
that.
D
So
this
way
we
have
to
can
can
start
a
discussion,
otherwise
it's
hard,
because
when
you
do
a
pr
I
have
known
my
code-
and
I
also
forgot
this
code.
So
maybe
the
change
is
very
hard
to
to
to
to
in
the
in
the
cr
area
that
cannot
be
seen
cannot
be.
A
From
a
maintenance
perspective,
I
think
is
really
what
what
faye's
getting
at
trying
to
maintain
this
going
forward
and
making
sure
that
we're
keeping
everything
in
sync
in
sync-
and
in
essence
I
mean,
if
you
look
at
a
big
project
like
kubernetes
or
anything
like
that,
you
don't
really
see.
Example,
sample
controllers,
for
example,
being
in
tree
in
here.
It
does
feel
like
this
could
be
written
as
a
relatively
simple
dock.
That
says,
if
you
want
to
go
through
like
tutorial
like
we
have
for
the
for
the
tenant
dns.
A
If
you
want
to
go
through
this,
these
are
the
five
steps
that
you
have
to
do
or
10
steps
that
you
have
to
do
to
go.
Do
this,
and
here
we
can
basically
take
everything
that
you
did
copy
it
into
markdown,
and
then
we
don't
break
potentially
build
time.
We
don't
build,
we
don't
break
any
build
life
cycles
as
we
get
this
all
this
code
moved
over
into
cap
n
and
we
have
to.
We
have
to
actually
run
it
through
ci
processes,
since
we
don't
have
any
of
that
in
in
the
multi-tenancy
repo.
A
I
doubt
we'd
get
something
from
the
from
the
sig
side
of
things,
but
potentially
we
can
talk
with
our
ospo
and
figure
out
if
there's
a
way
that
we
could
publish
this
separately.
Otherwise,
we
might
be.
We
might
maintain
this
internally,
just
as
a
here's
sample
code
for
for
our
folks,
using
it
and
then
otherwise,
point
to
otherwise
point
to
a
document
that
we
wrote
instead
so
basically
take
take.
This,
take
the
three
files
that
you
have
in
essence
convert
those
into
into
parts
of
a
markdown
file.
A
That
says
this
is
a
patroller
and
a
patroller
does
this,
and
this
is
how
you
would
write
one
that
looks
very
similar
for
a
cr
and
all
of
like
a
walk
through,
like
you'd,
get
out
of
the
book
book.qbuilder.io,
for
example,
to
make
it
a
little
bit
easier
to
follow
along
because
right
now,
yes,
the
sample
code
makes
sense
and
it's
eaten
and
it's
easy
to
go.
Look
at
and
walk
through,
but
I
think
being
able
to
explain
it.
A
A
little
bit
deeper
is
going
to
be
much
better,
much
more
beneficial
to
to
someone
trying
to
pick
these
things
up
and
build
these
art
themselves
versus
having
example
code
physical
example
code.
That's
compilable,
because
they
can
always
go
and
look
at
what
the
patrol
or
what
the
patrollers
look
like
in
any
of
the
resources
and
any
of
the
dws
or
uws
in
any
of
the
other
existing
resources
as
more
reference
for
compiled
examples,
and
those
are
always
going
to
be
more
up-to-date
than
an
example
directory.
A
That's
just
in
the
in
the
repo
does
that
seem
to
echo
what
you're
looking
for.
A
A
If
you
want
to
make
a
custom
sinker,
what
do
you
do
and
walk
through
the
process
that
you've
done
multiple
times
to
build
these
sinkers
before
and
phased
on,
and
chow's
done
and
jerry's
done
and
everybody's
like
everybody's
built
these
things,
but
now
we
should
probably
make
it
more
concrete
that
says:
okay,
these
are
what
the
different
components
of
a
sinker
are.
A
This
is
what
this
is,
what
each
of
those
different
style
sinkers
are
and
how
you
would
write
them
yourself
if
you
wanted
to
do
one
for
your
custom
cr
and
then
you
and
I
can
talk
and
try
and
figure
out
if
there's
a
way
that
we
can
house
example
code
somewhere,
that's
not
in
tree,
so
not
in
this
actual
repo
at
all,
so
that
you,
if
you.
D
Both
agree
on
that
and
then
I
move
it
this.
I
close
this
pr,
so
yeah.
A
You
don't
have
to
close
this
pr,
I
mean
you
can
keep
the
pr
open.
We
can
just
move.
We
can
move
this
into
into
a
a
docs
file
instead
and
then
and
make
those
make
those
go
files
either
referenced
into
or
loaded
into.
No
they'd
have
to
be
copied
over
into
a
markdown
file
as
like
the
the
tutorial
for
how
to
do
it.
C
Yeah
yeah
yeah
yeah.
That's
exactly
what
I'm
saying
so
you
can
even
put
that
somewhere
called
markdown
file.
That's
okay,
but
just
don't
make
something:
that's
comparable
come
viable.
If
so,
if
you
make
comparables
as
I
think
chris
got
a
good
point,
so
you
need
to
make
sure
it
doesn't
break
ci,
so
I
so
it
can
be
annoyed
if
the
project's
getting
bigger
and
bigger.
So
every
time
you
you
there's,
some
complex
error
happens
in
the
example
directory
and
and
so
yeah.
That's
my
point.
C
I
think
I
think
especially
from
any
people
want
to
write
sinker.
I
think
they
cannot
be
a
dunk
developer.
They
have
to
have
some
understanding
about
everything
that
has
been
working
so
just
show
them.
You
know
what
are
example
code
and
if
you
just
tell
them,
please
copy
these
three
files
and
the
dual
sed
replace
part
to
crd,
and
it
probably
just
will
work.
A
Yeah
something
yeah,
because
then
you
could
really
talk
about
the
the
intricacies
that
you
had
to
deal
with
there
like
keep
the
changes
that
you
had
to
do,
because
you
didn't
have
to
make
changes
to
the
the
like
core
infrastructure
of
the
sinker.
I
noticed
that,
like
you,
had
to
make
sure
you
had
to
export
the
the
check,
the
meta,
the
meta
fields
that
weren't
already
exported
those
were
just
those
are
typically
unexported
functions
in
there.
A
A
In
this
in
this
pr,
because
I
think
those
are
good-
I
mean
I
assume
that
faye
would
agree
like
if
we
need
to
export
functions
so
that
we
can
do
build
these
custom
thing.
These
custom
syncers
and
not
have
to
copy
a
bunch
of
functions.
Let's
make
sure
and
push
those
upstream
so
that
or
push
those
into
the
the
course
anchor
keep
those
changes.
It's
just
instead
of
having
those
three
files
that
that
you,
that
are
an
implementation
of
a
foo
sinker.
C
Just
it's
playing
a
thief
kind
of
you
copy
something,
and
you
make
a
thief.
Just
explain
that
beef
and
it's
more
valuable
to
me,
because
now
we
can
look
about
we
can
come.
We
can
think
about
potential
recommendation
of
the
chord
structure
to
to
make
sure
that
the
diff
as
small
as
possible,
so
that
that's
all
our
purpose
right.
A
Yeah
and
just
to
just
to
show
sorry,
I'm
going
to
share
my
screen
for
two
seconds
as
well,
just
to
kind
of
show
what
what
I
think
we
mean
here.
The
the
perfect
example
of
this
is
the
tenant
dns
stuff.
A
So
to
do
our
our
forked
core
dns,
we
didn't
for
core
dns
code
base
and
put
it
in
the
repo
and
make
it
something
that's
compilable
from
here
the
it
explains
the
problem
state,
what
you're
trying
to
do
the
solution
and
then
exactly
as
face
saying:
okay,
what
would
the
diff
be
to
actually
make
this
happen?
So
in
this
instance,
it's
a
little
bit
easier
because
you
can
just
copy
this
and
make
and
like
execute
the
patch
for
this.
A
For
us,
it's
probably
going
to
be
the
example
code
that
you
already
wrote
in
each
one
of
those
files
that
goes
in
here
and
then
it
will
go
through.
Okay,
once
you've
done
this,
you
need
to
write
a
command
file
that
imports
these
things
and
imports
your
new
syncer
and
then
from
there
you're
good.
So
in
essence,
taking
those
three
four
files
and
just
putting
them
into
markdown.
A
Cool
all
right
we're
getting
close
to
the
end
of
the
hour.
Is
there
anything
else
we
wanted
to
bring
up
before
we
drop
off?
Otherwise
we
can
see
everybody
next
week
and.