►
From YouTube: Kubernetes SIG Testing - 2021-05-18
Description
A
So
I'll
kick
in
and
start
it
hello
and
welcome
to
the
kubernetes
testing
meeting.
This
is
tuesday
may
18
2021,
and
this
meeting
is
under
the
cncf
code
of
conduct.
The
short
version
of
that
is
be
excellent
to
each
other.
This
meeting
will
be
recorded
and
uploaded
to
youtube.
A
First
up,
someone
has
listed
plans
for
v122,
I'm
not
sure
who
they
didn't
leave
a
name,
though
anyone
here
leave
that.
A
C
C
Hi
hi
everyone,
I'm
yuvraj.
I've
been
working
recently
to
revamp
the
approve
plugin
that
we
use
on
all
of
our
peers
to
support
granular
approval,
sub
approvals
on
prs
and
there's
a
poc
and
a
doc.
Along
with
that,
and
the
links
are
shared
here
in
the
in
the
agenda.
C
So
the
idea
behind
the
approve,
2
plugin,
which
is
basically
a
variant
of
the
approved
plugin,
is
to
be
able
to
basically
do
granular
approvals.
So
anyone
who
wants
to
approve
right
now
can
upload
a
single
file
approve
a
folder
approve,
a
pro
any
collection
of
sub
fold,
sub
files,
and
that
are
changing
up
here.
Instead
of
having
to
do
an
entire
approval
blanket
of
google,
it
works
just
by
using
the
existing
owner's
file.
C
So
it
supports
the
simple
owners
file
of
this
format
and
the
more
advanced
bonus
files
with
filters
of
this
format.
So
we
don't
need
any
special
bonus
files
to
be
able
to
use
this
new
plugin
and
the
approve
two
plugins,
since
it
supports
a
little
more
features
than
the
previous
approve.
Plugin
has
a
few
additional
commands
that
can
actually
use.
C
So
we
can
do
approve
to
files
and
specify
a
path
to
the
file
in
the
pr
so
that
it
just
updates
that
one
single
file
we
can
use
files
with
wildcards
in
them
and
the
wildcard
you
support
is
basically
star.
C
We
can
approve
all
the
files
in
the
subdirectory
and,
of
course,
as
similar
to
the
previous
approval
plugin.
We
can
just
to
approve
two
to
provide
a
blanket
approval.
This
dock
also
goes
through
an
example
of
how
one
would
use
the
approve
to
plugin.
I
have
a
demo
which
basically
runs
through
the
same
example,
so
we'll
go
through
that
it
would
be
a
little
more
interactive
and
easy
for
folks
to
understand
yeah
before
I
continue.
I
hope
everyone
can
see
my
screen
right.
C
I
forgot
to
confirm
this
before
yes,
okay,
awesome,
so
let's
consider
this
pr
which
changes
a
few
files.
As
you
can
see,
it
changes
files
in
multiple
folders-
and
I
am
this
user
and
the
author
and
the
this
particular
user-
can
has
the
permissions
to
approve,
like
only
underscore
test
files
in
api,
folder
and
everything
under
the
registry
folder.
C
If
this
is
the
case,
we
can
use
the
new
approve,
two
plugin
to
let's
say,
approve
just
one
file,
so
I
have
the
same
pr
open
in
another
tab
so
that
we
can
look
at
this
section
quickly,
instead
of
having
to
scroll
back
and
forth.
So
let
me
do
this,
so
let's
say
I
just
want
to
approve
the
packages
the
second
dot
go
file.
I
can
do
that
using
a
proof,
2
files.
C
C
It
shows
that,
since
the
total
pr
is
technically
not
yet
approved,
it
shows
you
the
links
to
the
owners
file
where
one
could
go
and
look
at
who
can
upload
the
files
and
request
them.
It
also
makes
suggestions
on
whom,
should
you
probably
assign
so
that
they
can
start
approving,
and
these
suggestions
are
based
on
who
already
approved,
who
can
approve
the
pr
and
who's
already
assigned
to
the
pr,
and
it
also
shows
you
the
status
of
the
pr
itself
right
so
right
now,
this
pr
has
changes
in
two
folders.
C
C
We've
seen
how
we
can
upload
a
single
file
now,
let's
see
how
we
can
approve
an
entire
folder.
So
let's
say
I
want
to
approve
all
the
files
under
the
apps
folder,
so
package
registry
ads.
It
would
be
something
like
this
two
files
packages,
history,
apps
and
this.
So
basically
it
is
saying,
approve
all
files
under
the
packages,
the
apps
folder.
C
We
can
see
we
can
see
that
it
approved
the
two
additional
folders.
So
at
this
point
now
three
are
approved:
seven
are
unapproved
again.
The
status
is
roughly
the
same,
because
the
file
changes
are
inside
history.
The
approve
the
new
approve
plugin,
also
honors,
all
the
filters
that
are
set
in
the
owner's
file.
So,
if
I
let's
say,
approve
all
the
files
under
api,
it
should
technically
only
approve
the
first
ones
for
test.go
and
second
underscore
test
dot
co,
because
the
owner's
file
is
written,
such
that
the
user.
C
C
C
Next
we
can
so
at
this
point
we
have
approved
a
single
file.
We
have
approved
a
subset
of
files,
a
folder
and
also
approved
like
a
subset
of
the
files.
The
user
can
also
specify
wildcards
in
the
name
of
the
file.
So
let's
just
approve.
Oh
sorry,
let's
just
approve
first
ones
for
test
dot,
go
and
second
underscore
test
dot,
go
in
pack
packages
so,
and
I
think
we
already
did
that.
But
let's
just
do
that
package
registry
and.
C
Would
so-called
approve
those
two
files,
so
it
supports
wild
cards
in
file
names
as
well
and
as
and
as
previous
approval
plugin.
Oh
sorry,
slash,
approved.
C
Yeah-
and
it
just
approves
the
seven
files
at
this
point-
basically
upload
the
two
other
files,
meaning
the
first
ones
for
tests
and
second
ones,
and
as
the
previous
approved
plugin
supports,
we
can
just
someone
could
just
provide
the
blanket
approved
too,
and
it
would
approve
all
the
files
that
the
user
can
approve.
C
So
that's
the
new
approved
plugin.
There
is
a
link
to
the
poc
and
the
link
to
this
dog
in
the
agenda,
and
I
wanted
to
collect
feedback
about
the
plugin
itself
on
how
what
is
basically
feedback
on
what
needs
to
be
done.
What
needs
to
be
improved
general
feedback
on
anything
else
that
the
approved
two
plugin
should
be
addressing
or
the
reply
comments
about,
is
the
status
reflected
good
enough?
C
Any
other
features
that
we
support
and,
and
also
there
is
an
additional
thing
that
I
want
to
highlight-
one
should
not
be
using
the
approved
two
plugin
and
the
approved
plugin
together
in
the
same
repo
because
they
will
have
conflicting
criteria
about
when
to
apply
the
approved
label
to
appear
so
on
any
depot.
C
One
should
either
use
the
approved
two
plugin
or
only
the
approved
plugin,
and
I
also
wanted
to
discuss
what
would
be
a
good
way
to
roll
out
the
plugin
once
we
get
appropriate
feedback
and
approval
on
the
plugin
itself
and
so
on,
and
I
guess
the
ideal
way
is
just
maybe
like
start
with
one
repo
in
the
k
in
the
kubernetes
or
maybe
just
kubernetes
testing
for
our
kubernetes
community
or
something
collect
feedback
and
go
forward
there
and
also
does
this
need
a
cap.
C
Sorry,
I've
been
talking
continuously
but
yeah
yeah
questions,
feedback.
A
B
C
The
upgrade
went
up
to
two
are
not
both
turn
on
the
repo
and
not
require
approval
for
the
command.
Yes,
as
I
mentioned,
we
cannot
have
approved
and
approved
to
both
turn
on
on
a
repo.
At
the
same
time,
because
as
mentioned,
they
will
have
conflicting
criteria
about
when
the
approved
label
should
be
added.
Maybe
you
can
add
a
validation
step
in
the
prov
config
somewhere
saying
on
any
repo.
Only
one
of
them
should
be
applied
and
through
another
elsewhere,
in
other
cases,.
D
C
Sure
so
the
the
reason
we
chose
to
the
reason,
at
least
we
decided
with
approved
2,
is
because
right
now
is
so
that
both
the
plugins
exist
in
the
test,
infra
repo
and
during
the
rollout
strategy,
since
some
repos
will
still
be
using
the
old
approved
plugin
and
some
might
be
using
the
new
approved
plugin.
We
needed
both
the
plugins,
at
least
in
the
test,
template
repo
and
the
people
can
then,
and
the
kk
reports
can
then
choose
which
plugin
they
want
to
activate
at
that
point.
C
Oh
sure,
sorry,
so
all
the
plugins
in
the
repo
basically
parse
through
the
comments
and
see
if
the
plugin
needs
to
act
on
it.
So
if
both
approve
plugin
and
approve
two
in
look
for
the
same
command,
look
for
the
same
prefix,
it
might
be
a
little
confusing
it.
Might
you
said
you
can't.
C
Yeah
in
case
they
are
turned
on,
but
if
we
add
a
validation
to
the
prop
plugin,
then
that's
not
a
problem,
but
in
case
they
are
turned
on.
At
least
it
would
address
the
issue
but
you're
right
if
we
do
make
sure
that
they
both
are
not
turned
on.
At
the
same
time,
then
both
of
them
can
just
use
the
approve
command
and
that
would
totally
work.
C
Sure
would
it
make
sense
to
mention
the
two
files
which
have
been
removed
in
the
comment,
or
maybe
the
eight
which
haven't
okay,
so
the
the
reason
we
are
showing
what
files
are
approved
and
what
files
are
not
approved,
and
only
just
showing
the
count
is
because
in
case
of
big,
mr
or
in
case
of
even
medium,
mrs,
if
there
involves
a
lot
of
file
changes,
the
plugin
will
have
to
reconstruct
basically
the
tree
of
the
files,
depending
on
the
paths
of
the
files
in
the
mr
and
that
seemed
complicated
for
the
approved
plugin
itself,
and
I
wanted
to
collect
feedback
if
that
really
is
necessary
before
actually
implementing
it.
C
So,
yes,
we
are
open
to
doing
it,
but
I
want
to
collect
feedback
before
we
go
ahead
and
actually
do
it.
I
think.
B
D
C
Yes,
that's
a
good
point,
so
our
partial
way
we
thought
that
we
could
solve.
It
is
at
least
showing
the
status
of
the
folder
saying.
Okay,
the
ones
that
are
partially
approved
or
not
approved
are
the
folders
where
the
files
are
but
you're
totally
right.
If
there
are
nested
folders
missing
files,
it
might
make
sense
to
show
the
files.
C
But
again,
as
I
mentioned,
if
it
is,
if
this
really
is
a
problem
and
if
that's
the
general
feedback,
then
yes,
we
would
implement
a
way
to
actually
show
a
tree
of
the
entire
pr
and
then
like
show
the
status
of
the
approval
against
each
file.
But
again,
if
it's
a
huge
pr
we'll
have
to
reconstruct
a
huge
tree,
especially
if
let's
say
the
pr
includes
updating
a
vendor,
then
that
would
be
huge
right.
So
so
yeah
we
could.
C
A
C
A
C
We
didn't
want
to
touch
the
code
for
approve.
We
wanted
to
make
it
a
separate
plug-in
just
to
get
started
with
the
internal
logic
of
our
approve
and
approve
to
work
is
a
little
different
because
approve
completely
falls
back
to
the
owner's
files
and
then
like
looks
at
it
only
can
do
blanket
approvals.
While
this
supports
a
little
more
granular
approval
pattern,
so
it
does
a
little
more
things
than
the
opera,
plugin
and,
and
also
we
didn't
want
to
change
the
upgrade
plugin.
At
this
point.
A
I
I
want
to
suggest
that,
since
they
can't
be
used
together
anyhow,
we
should
make
the
commands
not
require
the
the
to
just
approve
and
that
we
should
just
roll
repos
from
one
to
the
other
without
so
that
in
the
simplest
chain
like
in
the
simplest
workflow.
There's
no
change
and
you
just
have
like
new
functionality
available
sure
yeah.
D
Because
I
think
today,
if
I
have
the
old
approved
plugin
turned
on
and
I
write
a
comment
like
slash-
approve
files,
blah
blah
blah,
nothing
will
happen.
So
it's
a
purely
forward-looking
change
right.
I
think,
if
you
do
slash
approve
files,
it
will
just
provide.
C
A
E
So
I
guess
I
was
trying
to
answer
some
of
the
or
make
some
suggestions
ahead.
So
I
apologize
if
I'm
jumping
the
queue,
but
I
kind
of
feel
like
I
appreciate
the
desire
to
keep
the
code
as
separate
as
possible
for
proof
of
concept
purposes
and
to
make
sure
it
works,
and
I
think
you've
given
an
amazing
demo.
E
So
I
could
be
cool
with
the
idea
of
merging
and
iterating,
but
I
feel
for
rolling
it
out.
I
really
like
the
idea
of
trying
to
merge
this
functionality
in
to
the
approved
plugin.
It
could
be
as
simple
as
you
like.
You
know.
E
You
have
two
separate
packages
within
approve
a
v1
and
the
v2
whatever,
and
then
we
could
use
plug-in
config
to
decide
what
you
know
which
one
of
those
to
turn
on
so
I
was
suggesting
you
could
have
a
blanket
flag
like
enable
approved
to,
or
you
could
have
more
granular
flags
for,
like
suggesting,
leaf,
approvers
or
enable
selective
approve
that
that
sort
of
deal,
because
this
is
how
we
rolled
out
some
other
approval
or
lgtm
changes
across
repos.
So
the
plugin.
B
E
Or
per
repo
configuration
of
certain
features,
I
feel
like
that
would
be
the
the
cleanest
approach
to
rolling
out
it's
it's
unclear
to
me
like
how
much
additional
shuffling
around
work
that
would
be
for
you,
but
I
feel
like
I
would
be
a
lot
happier
about
supporting
that
kind
of
rollout.
C
Sure,
if
it's
a
ui,
if
it's
about
the
ux
being
straightforward,
so
that
it's
just
approved
for
in
both
the
cases,
then
it
would
still
be
possible
to
do
that.
If
you
just
have
the
two
plugins
in
the
prof
repo
and
then
in
the
config
file,
just
switch
from
one
plugin
to
the
other.
Instead
of
merging
the
logic
for
both
of
them
into
the
same
plugin
and
then
basically
have.
E
Yeah,
I
just
feel
like
having
a
boolean
flag
to
flip
from,
like
one
functionality
to
the
other,
is
sort
of
describes
the
intent
a
little
bit
better.
A
Also,
what
we've
done
in
the
past
is
we've
we've
named
it
such
that
it
indicates
like
this
is.
This
is
going
to
be
a
like
deprecated
out
field
that
will
be
ignored
in
the
future
and
we're
just
using
it
for
the
switch
and
eventually
the
switch
is
the
only
thing
that
exists
because
long
term,
I
assume
we
don't
want
to
have
two
approved
plugins
to
maintain.
A
We
want
to
switch
to
this
one,
and
we
don't
want
people's
config
littered
with
enabling
a
plug-in
name
that
we
want
to
get
rid
of
or
like
approve
commands
that
won't
make
sense.
We
want
to
just
like
make
it
in
place
of
the
old
one
sure
yeah.
E
So
yeah,
I
guess
my
suggestion
would
be
like
I'm
totally
happy
to
merge
this
and,
like
you,
can
enable
it
on
a
repo,
and
you
know
we'll
be
careful.
You
can
be
careful
about
making
sure
the
two
plugins
don't
collide,
but
I
don't
want
to
see
this
actually
rolled
out
until
we
kind
of
move
the
logic
into
the
approved
plugin
yeah
yeah.
E
But
I
don't
mean
to
lead
with,
like
the
the
criticism.
First,
I
think,
like
the
demo,
you
gave
it
answered.
Basically,
all
of
my
other
questions,
which
is
cool.
Okay,.
C
That's
great
you,
you
had
another
question
in
chat
about
the
cancer
behavior.
Is
that
answered
or
tripped
that
was
ben's
question.
A
C
No
problem,
so
the
cancer
behavior
is
very
simple,
so
if
you
do
approve
to
cancel
it
will
cancel
all
the
approvals
that
you
give.
So
you
can't
cancel
approval
for
a
single
file
right
now.
It
will
just
cancel
all
of
the
approvals.
A
Okay,
well
thanks
for
working
on
this,
this
is
really
good
to
see.
It's
been
a
long-standing
request
to
be
able
to
approve
the
filters,
at
least,
if
nothing
else.
I
think
we
should
probably
in
the
fullness
of
time,
move
to
the
next
thing,
but
this
probably
deserves
some
follow-up
discussion,
offline
about
rollout
and
figuring
out
the
rest
of
the
details.
D
Sure
I
think
one
comment
that
would
be
super
useful
to
hear
if
it's
quick,
where
is
the
state
stored
for
what's
approved,
and
do
you
know
what
the
overall
impact
on
token
use
would
be.
C
So
the
the
plugin
itself
doesn't
store
any
state
it
every
time
there
is
a
change.
It
runs
through
all
the
comments
to
calculate
the
state.
C
B
Yep
so
past,
the
last
meeting
aaron
suggested,
like
we
could
move
forward
to
a
separate
browser
for
depth
stats,
so
we
merged
pr
which
runs
stepside
as
a
like
in
the
pro
job,
and
I
can
like
show
that,
if
you're
not
short
on
time,
but
I've
linked
the
pr
in
the
chat-
and
this
is
not
the
final
pr
we
have
to
like
make
some
patches
because
some
stuff
was
not
working
but
yeah,
so
we
added
now
like.
Can
I
share
my
screen?
If
do
I
have
the
permission?
Let
me
just
okay.
Now.
B
Yeah
so
now,
if
you
now,
you
can
run
a
test,
check,
dependency,
stats
and
then
this
will
trigger
the
job.
The
job
will
always
pass
but
like.
If
you
go
and
like
check
the
details,
you
can
see
that,
like
earlier
like
before
the
pr
pr
was
made,
there
were
396
dependencies
and
now
they
have
increased
for
the
total
dependencies
and
the
transitive
dependencies.
B
So
this
was
the
first
step
once
this
pr
got
merged.
We
are
currently
also
adding
another
pr
which
is
to
run
this
periodically
for
kk
after
every
six
hours,
so
just
wanted
to
give
a
slight
update
and
they
thank
you,
aaron
for
all
the
help
with
the
script
yep.
A
Thanks
for
working
on
this,
and
thanks
for
the
update,
anyone
have
any
questions
about
this.
E
B
Right
now,
it
was
just
like
the
periodical
job
which
will
run
on
kk
and
the
already
existing
test
command.
But
I
was
talking
to
dems
about
the
like
bot,
which
ben
mentioned
in
the
last
meeting,
that
having
a
what
comment,
if
actually,
statistics
change
that
would
be
useful.
But
if
you
all
have
like
any
other
suggestions,
that
would
also
be
something
we
could
discuss
and
act.
B
E
Let
me
let
me
rephrase
my
question:
maybe
this
will
show
how
much
I
was
paying
attention.
Does
the
does
the
job
fail
for
any
reason
like?
Is
it
clear
that
somebody
needs
to
fix
something.
B
A
As
an
approver,
I
think
just
having
access
to
the
stats
that
I
can
go
look
at
will
be
pretty
useful,
and
maybe
we
don't
have
hard
rules
about
them
yet,
but
at
least
I
don't
have
to
try
to
like
mentally
figure
them
out.
F
The
other
follow-up
on
the
death
stat
was
like.
Currently
it's
a
manual
trigger,
one
needs
to
go
and
run
the
test
command,
but
the
issue
that
asha's
open
there
was
also
a
solution
like
if,
if
there
is
a
way
that
if
the
pr
has
got
more
file
changes,
then
we
cannot
trigger
that
optional
job.
F
F
B
G
Yes,
hello:
this
is
vladimir
and
I'm
here
to
kind
of
do
an
update.
Last
time
I
was
here,
we
talked
about
the
e2e
framework,
and
one
of
the
things
I
mentioned
was
that
the
e2e
framework
is
going
to
be
implemented
in
a
couple
parts.
One
is
the
test
harness
which
we've
landed
a
an
initial
pr.
G
So
if
you
want
to
go
and
check
out
what
that
looks
like
and
what
we're
thinking
about
and
what
directions
we're
heading
go,
take
a
look
at
the
the
pr
is
already
merged
in
in
the
default
branch,
so
you
should
be
able
to
be
able
to
take
a
look
and
and
play
with
it.
G
The
other
part
that
I
had
mentioned
last
time
I
was
here
was
that
one
of
the
things
we're
thinking
about
is
coming
up
with
a
set
of
helper
functions
or
helper
types
to
assist,
folks
writing
tests
to
interact
with
the
cluster
and
resources
in
that
cluster.
G
So
that's
what
I'm
I'm
going
to
talk
about
today,
so
I'm
going
to
share
my
screen
here
and
I
I
put
a
link
in
in
the
in
a
meeting
doc
to
this
document,
and
this
is
completely
brand
new,
going
on
and
still
being
iterated
on
and
basically
what
this
is
is
after
talking
to
a
few
folks
about
what
we're
doing
with
e2e
test
framework
like
it
never
fails,
and
inevitably
some
you
know,
someone
would
say,
hey
what
really
helps
or
what
I
would
really
like
is
a
set
of
helper
functions
to
help.
G
When
writing
those
tests
to
basically
remove
a
client
go
out
of
the
way
and
give
me
some
tools
to
clearly
and
easily
express
the
the
api
objects
and
any
other
kind
of
operations
that
I'm
doing
with
the
api
server.
So
this
is
the
intent
of
this
particular
document
and
of
this
design.
Like
I
said
it's
it's
very
early
on,
but
I
do
have
a
long
list
of
things
that
I'm
going
to
include
in
there
at
this
point
today.
G
I
only
have
a
few
things,
but
this
would
give
you
an
idea
of
what
what
the
directions
are.
You
could
see
one
of
the
things
I've
already
put
down
is
creating
kubernetes
cluster
proof
of
configuration.
G
How
we
think
that
we
can
do
that
in
an
easy
way
to
to
return
a
cluster,
we're
going
to
have
a
case
package
under
the
client
packages
packages
as
a
sub
package
and
in
in
there
we're
gonna
have
something
called
resources
to
help
you
expose
all
resource
related,
not
all,
but
most
resource
related
operations,
especially
the
cruds
operation,
which
are
the
create
update,
delete
and
list
and
search,
for
instance.
Let's
go
down
here.
G
One
of
the
first
thing
I'd
like
to
see
we
we
work
on
is
a
search
option
which
would
allow
you
to
basically
search
and
return
a
list
of
objects
based
on
arbitrary
or
close
to
arbitrary
arguments
that
you
would
pass
and
the
code
would
go
in
and
figure
out
and
try
to
find
the
object
that
matches
any
one
of
these
parameters
using
in.
I
think
it's
using
an
or
actually
choosing
an
n
combination,
other
functions
and
methods
we're
thinking
about
something
like
a
get
where
you
would
say.
G
I
want
to
get
and
I
don't
want
to
go
deep
into
what
each
line
of
the
document,
because
you
can
take
a
look
at
it.
So
that's
why
I'm
skipping
around
so,
for
instance,
here
you
would
you
see
that
there's
a
resources.get,
so
you
would
use
it
as
such,
where
you
say
res
to
create
the
resources
and
call
to
get
actually.
G
G
G
Where
this
is
something
where
you
would
use
to
to
go
and
get
a
list
of
a
specific
object,
basically,
you
provide
again
you
do
the
same
thing.
You
provided
the
the
shape
of
a
list
of
an
object,
and
you
give
it
to
this
particular
method
and
it
would
do
the
work
that
needs
to
be
done.
The
one
thing
that
I
want
to
point
out
is
this:
api
will
work
with
either
a
typed
object
or
a
an
instruct
unstructured,
so
the
the
intent
is.
G
The
code
will
do
the
right
thing
and
select
dynamically,
which
api
to
use
to
retrieve
or
to
work
on
the
object
that
you're
you're
interested
in
on
on
working
on,
and
we
see
here.
Actually,
I'm
gonna
take
the
time
out
to
point
out
the
the
approach
we
I'd
like
to
see
where
here.
If
we
go
back
here,
we
see
that
there's
a
list
of
options
that
takes
list
options
and
list
option
is
defined
here.
As
do
I
have
it
here.
G
Yes,
it's
defined
as
a
function
that
takes
the
meta
v1
list
option
and
what
that
allows
us
to
do
is
if
there
is
no
option,
you
would
leave
this
empty,
but
you
can
also,
as
we're
doing
here,
you
could
pass
in
predefined
function
as
we
see
here
that
will
take
members
of
these
options
and
in
a
pre-wrapped
list,
option
function
for
you
or
you
can
provide
the
actual
list,
option
function
yourself
and
then
create
and
and
then
so
forth,
and
so
on.
G
So,
like
I
said,
the
the
idea
here
is
to
come
up
with
a
whole
list
of
of
helper
functions
and
helper
types
to
to
make
it
easy
to
to
to
basically
push
client
go
as
far
down
in
the
bottom
of
of
the
usability
stack
as
possible
to
help
folks
writing
code,
and
if
this
proves
a
you
know,
if
this
proves
to
be
something
that
is
useful
in
other
domain.
This
could
be
something
that
we
give
its
own
repository.
So
I'll
stop
here
to
see.
If
there
are
any
questions.
D
I'd
have
put
a
question
in
the
chat:
what
are
the
differences
in
similarities
between
this
and
the
dynamic
clients
from
controller
runtime?
Actually,
one
thing
I
pointed
out.
G
Is
this
would
use
this
is
so
this
is
going
to
use
the
the
same
approach
as
dynamic
client,
which
uses
something
very
similar?
G
G
This
is
not
to
write
controllers
at
all.
This
is
for
a
singular
interaction
with
with
the
with
the
with
the
api
server.
G
If
you
know
in
certain
instances
where
something
merits
a
controllable
interaction
where
you
need
to
have
some
kind
of
where
you
need
to
to
to
do
reconciliation,
for
instance,
that
portion
would
also
be
hidden
from
you
as
well,
and
you
know,
unless
you
really
want
to
be
the
one
to
cr
control
the
reconciliation,
then
you
can
take
control
at
any
point,
but
this
is
based
on
going
back
and
looking
at
what
is
being
done
upstream
in
the
kubernetes
kubernetes
tests.
G
G
D
Taking
aside
some
of
the
constructor
details,
it's
certainly
possible
to
use
the
controller
runtime
client
in
single
shot.
Applications
like
outside
of
a
controller
context.
G
Yeah,
it
is
possible
and
seeing
that
I
think,
there's
no
implementation
yet
I'll
I'll.
Definitely
keep
keep
that
in
mind,
because
I
kind
of
struggle
whether
or
not
I
wanted
to
recreate
any
of
this
because,
as
you
said,
some
of
this
stuff
is
already
in
in
the
controller
runtime.
G
G
Yeah
one
thing
I
do
remember
with
controller
runtime
one
thing:
it'll
do
is
start
a
web
server
for
web
hook
and
that
may
or
may
not
be
something
that's
desirable,
but
yeah
it's
you
know
the
floor
is
still
open.
Nothing
is
is
concrete,
yet
if
it
makes
sense
to
recreate
or
to
reuse,
what's
in
control
run
time,
we'll
do
it.
If
not,
then
we'll
we'll
take
a.
D
G
D
Not
or
actually
you
can
just
do
the
web
hook
by
itself
without
starting
the
rest
of
the
server.
So,
okay,
I
think,
having
a
conversation
with
them
might
be
useful
because,
certainly
like
the
opinionation
there
is,
is
really
strong
and
sometimes
that's
a
real
pain
point,
but
it
seems
like
they
might
be
more
open
to
changing
things.
I
will
do
that.
H
Vladimir
I'd
also
invite
you,
if
you
want
to
attend
some
time
at
conformance
meeting,
because
we
have
a
lot
of
folks
that
just
that's
what
they
do
is
write
tests
and
maybe
get
some
good
feedback
there
and
would
also
just
love
to
hear
your
thoughts.
I
haven't
looked
at
the
controller
runtime
as
as
a
one-shot
thing
steve
if
you've
got
any
links
to
that,
I
would
actually
love
to
pass
that
on
to
the
performance
team.
E
A
E
All
echoes:
do
you
think
I
like
like?
Is
it?
This
looks
like
a
wonderful
api
and
you
should
work
on
whatever
you
think
is
most
important.
It's
coming
across
to
me
that
this
is
like
creating
a
really
nice
simple,
client
api,
which
is
cool.
I
guess
I'm
wondering
like
what
the
specific
pain
points
about
what's
out
there.
This
is
addressing
and
not
that
not
that
you
need
to
answer
that.
E
I
think
my
larger
point
is
I
to
me
a
lot
of
the
boilerplate
and
craft
that
I
see
in
kubernetes.
Existing
end-to-end
tests
is
stuff,
that's
all
around
creating
something
and
then
making
sure
that
it's
definitely
up
or
modifying
something
and
then
making
sure
that
we
definitely
see
the
change.
You
know
some
people
will
do
it
via
polls.
Some
people
will
do
it
via
events.
E
Some
people
will
set
up
a
timeout
one
way
versus
another
and
I
think
I
think,
providing
a
unified
way
to
do
that
will
produce
a
fair
amount
of
pain
over
there,
but
that's
just
no.
G
No,
that's
that's.
That's
part
of
the
part
of
the
motivation
is
that
you
know
doing
an
exploration
of.
What's
how,
as
you
said,
a
lot
of
the
code.
That's
all
over
the
kubernetes
kubernetes
test
packages
is
that
is
to
to
address
flakiness
in
different
ways
and
part
of
what
I'd
like
to
do
with
this
is.
Do
it
once
for
any
any
type
and
wrap
that
so
that
you
don't
you
as
somebody
who's
writing
a
test.
G
You
don't
have
to
worry
about
that,
and
it's
done
and
it's
baked
in
and
you
know
whatever
way
we
do
it.
Maybe
it's
poll,
maybe
it's
event.
Maybe
it's
reconciliation,
I
don't
know
yet,
but
but
that
that
is
part
of
what
I'd
like
to
see
happen
and
another
part
of
the.
G
What
I'd
like
to
see
happen
is,
you
know,
is
some
of
the
some
of
the
convenience
that
you
get
in
an
api
like
control,
I
mean
coupe
control
is
really
an
api
for
human
and
it
does
just
about
everything
we
want
it
to
do,
but
it
does
it
in
a
way
that
shield
me,
as
a
user
from
having
to
know
all
the
details
of
the
internal
working
of
kubernetes
and
kubernetes
reconciliation
and
I'd
like
to
see
something
similar
to
that.
G
But
for
for
developers
where
you
know,
I
have
an
api
that
that
can
shield
me
from
having
to
know
all
the
details
internally,
but
but.
E
Yeah,
I
don't
know
if
I'm
being
too
or
generalizing
by
saying
it
it
feels
like.
I
want
to
make
a
client
go
for
dummies
because
I
don't
feel
like
I
need
to
know
an
awful
lot
to
use
clinco
effectively.
So
I
hear
that
for
sure.
G
Yeah,
I
I
mean
if
it
turns
out
to
be
that,
yes,
that
that
would
be
great,
but
you
know
talking
to
foe
it's
funny,
because
I've
talked
to
several
people
who
have
written
tests
and
re-implemented
test
test
framework,
and
that
is
the
portion
where
they
complain.
The
most
is
you
know.
I
just
want
something
to
allow
me
to
easily
interact
with
the
clusters.
Cluster
objects,
api
and
not
having
to
worry
about
the
internal
working
of
of
how
that
is
done.
E
Makes
sense
if
only
we
had
a
language
that
supported
generics,
yeah
yeah
yeah,
I
think
yeah,
my
only
other
it
looks
like
you
may
be,
covering
it
with
create
options
and
search
options.
I
feel
like
some
of
the
tangled
stuff
I
have
seen
in
tests
is
what
like
what
options
you're
issuing
when
you
like
delete
like
graceful
termination
versus
you
know,
allowing
orphans
or
not
allowing
right
that
sort
of
stuff,
but.
G
Yeah,
those
will
definitely
be
surfaced
when
that's
being
done
yeah,
but
thanks
for
the
update
there,
this
looks
cool
all
right.
Thank
you
very
much.
H
A
Thanks
so
next
we
have
a
discussion
of
a
ci
job
for
proof
of
concept,
vulnerability
scanning
of
kubernetes
kubernetes
steps
using
snick.
F
Yep,
that's
me
hello,
everyone,
so
this
is
about
vulnerability
scanning
of
kk
dependencies,
so
we
have
been
talking
about
this
and
there
are
multiple
options
available.
There
are
actually
a
couple
of
options
available
now,
so
google
team
recently
surfaced
the
go
audit,
there's
a
design
dock
and
we
also
have
a
snake
tool
in
place.
So
snake
has
been
useful
recently
and
it
helps
surface
some
of
the
vulnerable
packages
dependencies
that
we
are
using.
F
So
this
is
about
doing
a
poc
for
running
a
snake,
cli
tool
in
a
ci
job
and
see
how
that
goes
and
how
we
can
make
the
process
after
that,
after
finding
a
vulnerable
dependency,
how
do
we
go
about
fixing
that
and
how
to
generate
that?
So
in
this
plc
there
are
a
few
steps.
So
if,
if
you
can
please
open
the
issue,
that's
linked
there.
F
So
I
think
there
are
a
few
steps
in
there
which
is
in
place
so
a
snake
everyone
can
go
and
create
a
snake
free
account.
They
get
a
token.
Using
that
token,
they
can
authenticate
their
cli
and
run
the
vulnerability
checks
from
their
repo
on
their
command
line
for
kubernetes
repo.
We
got
that
created
and
we
also
got
some
privileged
features
for
the
kkk
repo
from
on
the
developer
advocate
of
snake.
F
They
gave
us
as
a
complimentary
thing,
so
now
we
have
a
service
account
feature
in
place.
So,
as
you
can
see,
the
the
checked
steps
are
we
now
have
a
service
account
feature
available
for
kk
repo
with
that
you
can
create
a
token
and
that
token
can
be
used
to
authenticate
cli
in
a
ca
job.
F
So
the
ask
here
is
that
we
need
to
bring
that
docker
into
kts
intra
and-
and
I
was
talking
to
folks
on
on
call
folks-
and
they
said,
like
it's
been
made
a
cell
service
now,
so
I'm
like
asking
for
help
on
bringing
that
token
into
secret
manager
so
that
we
can
create.
We
can
use
that
in
a
ci
job.
So
I
have
the
token
with
me.
E
I
think
I
can
help
you
with
getting
that
into
secret
manager.
I
will
so
having
it
happen
in
a
ci
job
sounds
great.
I'm
a
lot
more
wary
of
having
it
happen
in
a
pre-submit
job
solely
for
the
reason
that
pre-submits
are
effectively
random
code
right
pre-submits
could
be
bitcoin
miners
for
all.
E
We
know
so
we're
wary
of
pre-submits
that
try
that
could
potentially
try
to
exfiltrate
secrets,
and
so
you
would
want
to
consider
what
the
security
implications
are
of
somebody
stealing
the
snake,
token
secret
and
doing
something
with
that,
but
as
a
continuous
ci
job.
That
sounds
great
and
I'm
totally
happy
to
work
with
you
on
that.
In
fact,
I'll
just
go
ahead
and
assign
myself
to
the
issue.
If
you
liked
you
can
watch
me
do
it
live
so
ping
me
offline
in
slack,
and
I
can
work
on
that
today.
F
F
E
A
Yeah,
I
think
we'll
get
most
of
the
we'll
get
a
lot
of
value
out
of
the
continuous
ci
job.
Anyhow,
where
it'll
be
easier
for
someone
to
monitor
the
results
and
say:
okay,
we're
like
we're
now
failing
with
vulnerabilities
as
opposed
to
pre-submits,
are
really
noisy.
So
the
other
thing
is
we
just
kind
of
want
to
avoid
having
tons
of
pre-submits,
because
they're
really
noisy
and
it's
expensive
testing
every
commit
push
to
kubernetes.
A
E
My
other
requester
asked,
I
guess
is
I
noticed:
dimms
was
the
person
who
commented
a
bunch
of
the
steering
issues,
so
I
think
he's
aware
of
it.
But
like
have
you
run
this
through
the
kate's
code
organization,
sub
project.
F
Yep
tips
is
aware
of:
it
is
actually
guiding
me
through
this,
but
I'll
make
a
point
to
go
through
on
the
code
organization
call
as
well
that's
cool!
That's
that.
E
Project
is
typically
where
I'm
gonna
ask
yeah
that
that
pro
that's
a
project
is
where
we're
talking
about
dependency,
vetting
and
security,
vetting
and
and
all
that
stuff.
So
I
just
want
to
make
sure
that
healthy
discussions
happen.
There
sounds
great
yeah
ping
me
on
slack
and
I
will
unblock
you
all
right
sure.
Thanks.
A
Thanks
thanks
aaron
for
stepping
up
to
help
with
that
we
have.
We
still
have
the
plans
for
v122
topic
from
earlier.
Was
that
you
aaron.
E
It
was
probably
me
and
oh
looks
like
we're
out
of
time.
Everybody
sorry
about
that.
I
don't
know
the
the
real
talk
is
like.
We
still
need
to
finish
our
annual
report
and
then
I
tripped
and
fell
down
a
rabbit
hole
of.
I
have
no
idea
how
to
actually
keep
track
of
caps
in
the
same
manner.
So
now
I'm
lighting
a
bunch
of
pr's
to
the
enhancements
repo
to
make
kep
cuddle
useful
and
get
its
tests
to
pass
and.
B
E
And
then
I'm
gonna
be
scrubbing
our
cups
and
then
I'm
gonna
be
scrubbing.
All
of
the
issues
for
sig
testing
and
kate
and
frank
get
the
intersection
of
those
first
and
then
I
will
look
at
sig
testing
separately.
I'm
trying
to
write
up
a
triage
guide.
B
E
So
it
generally
looks
like
take
a
look
at
everything
in
v121
and
if
we're
not
working
on
it
anymore,
kick
it
out.
If
we
want
to
carry
it
forward,
kick
it
to
v122
tldr.
E
I
will
put
this
to
next
meeting
and
actually
try
to
budget
like
20
minutes
to
walk
through
this,
but
also
post
some
stuff
asynchronously
to
our
discussions
or
slack,
as
I
have
stuff
to
share
and
yeah.
A
I
have
a
super
quick
question
for
you,
so
I've
also
been
trying
to
go
through
all
her
issues
pretty
regularly
and
have
them
in
our
like
triage
boards
and
stuff.
What
is
kept
cuddle
doing
that,
like
labeled
issues,
isn't
doing.
E
A
E
Kind
of
test
that
could
validate
that
all
that
happens
anyway
yeah
I
was,
I
was
a
bad
developer
and
I
like
tripped
and
fell
down
a
rabbit
hole
and
I'm
sorry,
but
I'm
working
on
it.
If
people
have
things
they
think
we
should
be
paying
attention
to.
I
think
everybody
who
has
showed
up
and
talked
about
what
they're
working
on
and
why
they're
working
on
it
has
been
incredibly
helpful.
E
So
if
other
people
have
stuff
that's
like
hey,
I
really
think
we
as
a
community
should
be
focusing
on
this
we're
all
ears,
and
I
would
love
to
try
triage
party.
I
literally
just
had
still
haven't
been
able
to
set
up
a
shared
instance,
but
yeah.
E
A
A
Thanks
everyone
for
coming,
try
not
to
start
seven
minutes
late
next
time,
maybe
we'll
get
a
little
bit
more
of
this
appreciate
your
patience
and
have
a
great
rest
of
the
day.