►
From YouTube: 20220802 SIG Usability
Description
Brian Grant demos kpt
A
A
B
Okay,
I
think
you
should
be
able
to
see
that
now.
So
in
terms
of
a
little
bit
of
background,
this
is
an
approach.
That's
I've
been
calling
configuration
is
data
and
what
the
ui
can
do
with
the
help
of
our
back
end,
which
we
call
the
package
orchestrator
is.
It
can
actually
modify
configure
reading
right
in
storage.
B
So,
instead
of
like
the
kubernetes
dashboard,
which
interacts
directly
with
live
cluster
states,
this
ui
can
interact
with
the
configuration
in
git
and
then
a
get
ops
tool
can
apply
that
state
automatically
to
the
cluster,
so
that
the
idea
is
to
enable
capabilities
that
today
kind
of
bring
together
the
capabilities
of
get
up
style
tools
or
infrastructures,
code
style
tools
and
traditional
tools
where
we
can
apply.
You
know
traditional
ux
techniques
to
mitigate
domain
complexity,
to
provide
step-by-step
guidance,
and
things
like
that.
B
But
what
we're
looking
at
now
is
how
to
apply
this,
to
the
thing
that
most
companies
use
about,
which
is
but
kind
of
something.
That's
happened
in
the
kubernetes
ecosystem.
Is
that
you
know
most
there's
a
kind
of
an
assumption
that
most
people
are
deploying
their
applications
with
a
configuration
tool
like
helm
or
customize,
or
something
like
that,
so
the
user
experience
developed
in
most
kubernetes
dashboards,
portals
consoles,
uis
etc,
are
somewhat
incomplete.
So,
for
example,
I
can
show
the
the
kubernetes
dashboard.
Let
me
see
if
I
can.
C
B
You
know
it's
a
somewhat
incomplete
experience.
The
this
cades
ymo
tool
actually
has
a
somewhat
more
complete
experience,
but
it's
kind
of
flat.
It
just
presents
sort
of
all
the
options
together.
So
I
think
you
know
an
interesting
question
is
what
kind
of
step-by-step
guidance
would
be
more
helpful
in
constructing.
B
The
kubernetes
resource
description
for
for
real-world
use
cases,
and
you
know
I
think,
we're
just
starting
down
that
path,
but
you
know
just
to
show
the
namespace
example
so
in
this
example,
their
namespaces
and
the
associated
policy
resources
like
resource
or
our
back
role
binding,
for
example,
have
a
lot
fewer
options.
So
you
know
first
represents
a
flat
form,
but
you
can
imagine
if
there
are
more
options,
you
need
to
structure
it
more
with
progressive
disclosure
and
step-by-step
guidance
and
smart
defaults,
and
things
like
that.
B
The
configuration
is
just
represented
as
data
as
kubernetes
yaml
and
then
the
code.
The
functions
manipulate
the
data
so
much
more
like
a
traditional
ui
tool
or
cli
tool
or
automation,
tool
that
interacts
directly
with
the
live
state
and
read,
modifies
and
writes,
say
we
manage
configuration
in
a
similar
way.
B
B
B
B
Just
leave
it
at
that
and
then
you
know
we
need
to
add
a
role
mining
to
name
spaces,
and
we
will
assume
that
there's
a
cluster
role
called
app
admin.
So
we
will
add
a
reference
to
the
cluster
role,
app
admin,
and
we
will
bind
that
to
a
group
and
say
that
that
group
has
a
form
decided
by
the
platform
team.
B
So
then
you
know
we
need
to
provide
the
rest,
the
variance
for
that
when
they're
provisioned,
so
that's
done
with
functions
so
one
function
function
we
need
is
to
set
the
namespace
name
to
some
unique
value
when
we
create
namespaces
from
this
blueprint,
we
also
need
to
change
the
group
in
that
role
binding,
so
we'll
actually
use
a
transformation
that
we
repackaged
from
customize
to
to
modify
the
role
binding.
That's
the
trickiest
bit
common
transformation.
We
could
actually
write
a
dedicated
function
for
that,
but
you
know
apply
replacements.
B
B
So
in
this
case
we
are
going
to
use
the
name
of
the
package
which
we
put
in
into
this
config
map
here
automatically.
For
now
we're
going
to
use
the
name
of
the
package
to
set
the
name
of
the
namespace,
which
is
kind
of
a
nice
simple
convention
that
creates
a
unique
identity
for
every
deployable
instance,
and
we
want
to
modify
the
role
binding
and
we
want
to
change
that
group
string
and-
and
that's
we
only
need
to
change
that
first
part
of
the
group
string.
B
B
B
And
then
we
need
to
add
a
function
for
that
apply
replacements
configuration
that
we
specified
we
we
can
we're
look
planning
to
create
a
way
to
do
this
automatically
to
automatically
map
these
input
types
to
functions,
so
people
don't
need
to
manually,
add
the
functions,
but
for
now
I
can
just
do
that
and
use
autocomplete
effectively
to
identify
that.
So
that's
basically
it.
B
Nope,
it's
just
a
little
bit
slow
for
some
reason.
So
once
we
have
done
the
edits
that
we
think
we
need,
we
can
propose
a
change
and
then
someone
else
on
the
team
could
review
and
approve
the
change.
And
what
we've
done
here
is
created
an
experience
where
it
can
be
reviewed
directly
in
the
ui.
Now
here
we're
starting
from
scratch.
So
there's
nothing
really
to
compare
with
you
know
they
can
just
take
a
look
and
you
can
make
that
view
as
as
nice
or
as
structured
as
you
want.
Like.
B
Go
ahead
and
approve
that
and
then
this
blueprint
becomes
available
for
deployment,
so
we
can
deploy
right
from
here
or
we
have
the
the
model
we're
using
is
we're
fully
rendering
all
of
the
configuration
to
deploy
in
advance.
So,
instead
of
having
a
template
that
renders
and
and
doesn't
apply
on
the
fly,
we're
doing
in
advance,
so
you
can
completely
see
what
you're
deploying
you
can
present
it
in
a
structured
way.
You
can
validate
it.
However,
you
like,
and
do
automated
checks,
review
and
approval
whatever
you
want
here.
B
B
B
So
now
that
I
created
that
blueprint
it's
in
in
the
list
of
available
blueprints,
because
we
have
that
repository
specified
the
repository
to
go,
look
for
blueprints
and
you
know
I
can
just
create
a
backend
say
for
this
and
say
yeah
go
ahead
and
create
the
deployment
now,
in
this
case,
all
of
the
changes
all
the
edits
are
completely
automated.
So
here
we
see
that
the
namespace
is
changed.
B
B
B
Yeah
that
doesn't
seem
to
be
working
for
some
reason,
but
you
know
we
could
show
the
diff
from
upstream.
The
diff
is
not
super
interesting,
because
these
are
the
changes
that
we
expected
to
take,
but
you
know
once
we
go
ahead
and
prove
that
approve
this.
This
will
get
merged
into
that
other
repository,
and
we
can
should
see
that
here,
here's
back
in
one
so
yeah,
that's
stored
and
now,
like
I
said,
the
get
ops
process
in
the
background
can
actually
sync
those
resources.
B
B
So
I
think
this
is
an
interesting
model
like
I
said,
because
we
can
apply
all
the
users
techniques
that
we
would
apply
to
a
livestream
ui
or
to
a
git
provider's
ui.
We
could
apply
to
the
use
economism,
so
that
would
that
you
know
things
that
people
think
you
know
don't
use
a
ui
to
manage
a
production
environment
or
today
this
actually
enables
game
equation,
and
it
actually
would
enable
people
to
make
changes
through
ui
and
still
have
repeal.
I
can
go
create.
B
B
B
Just
like
I
created
these
deployments
from
so
you
could
potentially
create
classes
of
blueprints
for
different
scenarios
for
namespaces
for
applications
for
other
things
you
needed
to
do
in
kubernetes,
but
even
for
creating
those
base
blueprints
some
of
the
resources,
like
anything
with
a
pod
spec,
for
example,
is
pretty
complex,
so
being
able
to
provide
more
guidance
and
more
structure
around.
That,
I
think,
is
an
interesting
prospect
that
hasn't
really
been
much
explored.
I've
looked
at
a
bunch
of
dashboards.
I've
looked
at
you
know.
B
B
C
A
Take
somebody
else's
service
wholesale
copy.
It
paste
it
change
the
two
things
that
they
needed
and
then
commit
it
and
then
never
look
at
it
again.
So
from
that
perspective,
like
the
blueprint
idea,
I
think
would
be
very
helpful
right
because
you
could
enable
platform
teams
to
say
like
no
just
like
don't
copy
and
paste
just
use
the
blueprint.
A
I
noticed,
as
you
were
doing
the
demo
like
there
were
some
deep
internals
that
could
show
up
as
part
of
like
a
blueprint
that
maybe
a
a
novice
user
wouldn't
really
know
or
care
about
or
could
easily
blow
their
foot
off.
But
you
could
you
could
abstract
that
away
through
the
ui
and
really,
you
know,
make
it
easier
for
for
newer
users
to
to
be
able
to
use
the
thing
and
then
make
it
easy.
B
So
people
are
copy,
not
copy
pasting.
The
whole
chart,
but
they're
copy
pasting,
the
values.yaml
and
doing
the
same
thing.
So
you
know
structurally,
it's
a
little
bit
simpler
to
merge
in
an
automated
fashion,
but
otherwise
you
know
is
is
pretty
much
as
complex
if
all
the
default
values
are
in
there
and
whatnot
and
to
some
degree
that's
you
know
what
they're
giving
up
when
they
do.
That
is
it's
no
longer
api,
so
no
standard
tools,
work
with
it,
there's
no
standard
documentation
that
goes
along
with
it
about
what
the
values
mean.
B
There's
you
know
no
standard
ui
for
presenting
those
values
you
know
other
than
as
just
a
kind
of
a
generic
form,
or
you
know,
even
as
just
about
the
ammo
itself,
so
you
know
understanding
what
values
are
available
and
what
changing
those
values
does
almost
always
requires.
Looking
at
the
charts-
or
you
know,
asking
someone
who's
familiar
with
the
chart,
so
you
know
that
I
think
the
general
my
general
sense
is
that
we
can
have
a
lot
more
leverage.
B
C
Yeah,
I
think-
and
this
is
I
guess,
coming
as
a
question
from
like
a
novice,
this
idea
of
like
optimizing
usability,
but
for
building
the
blueprint
itself.
It
would
be
interesting
to
get
like
y'alls
thoughts
about
how
you
balance,
like
suggestions
on
how
to
like
manage
this,
like
config
workflow
and
maybe
like
breaking
down
these
like
steps
granularly
against
just
this
idea
of
like
having
to
click
a
lot
of
buttons
and
like
not
being
able
to
see
everything
at
once
or
like
what's
the
trade
off
there.
C
B
Yeah
I
liked
elliot's
idea
of
the
having
different
modes
for
people
with
different
levels
of
familiarity.
You
know
people
who
need
more
step-by-step
guidance.
May
people
who
are
more
familiar
may
skip
around
more.
The
analogy
I
like
to
use
is
turbo
tax,
which
you
know
the
tax
taxes
are
super
complicated.
B
It
hasn't
has
a
sort
of
a
wizard
that
walks
you
through
it,
but
it's
not
an
abstraction
in
the
sense
that
it's
not
preventing
you
from
changing
any
particular
field
of
any
particular
form.
You
can
actually
go
through
this
step-by-step,
where
it
asks
you
a
bunch
of
questions
and
populates
information
or
you
can
choose
I'll,
do
I'll
choose
what
I
want
to
actually
go
fill
out
and
you
can
just
hop
around
and
select
flip
between
deductions
and
income.
B
If
you
want
and
things
like
that,
and
then
there's
the
form
view,
which
is
really
the
raw
view,
and
if
you
change
a
value
in
the
form
view
it
does
not
get
overridden
by
the
wizard
at
least
I've
never
had
it
happen
to
me.
So
you
know
it's
not
it's.
It's
providing
you
know,
stan
it's
using
standard.
Ux
approaches
to
mitigate
the
domain
complexity
and
that's
even
more
complex
than
kubernetes
for
sure.
B
But
letting
you
choose
the
sort
of
the
level
of
simplification
that
is
appropriate
for
you
right.
So,
like
the
first
time
I
used
turbotax,
I
went
through
the
step-by-step
guidance
and
then,
after
that
I
was
familiar
with
how
it
was
laid
out.
I
hopped
around
said
you
know.
I
know
these
parts
are
not
relevant
to
me.
I'll
just
skip
those,
so
that's
sort
of
the
mental
model
for
how
I'm
imagining
it
and
another
example
of
that
that
I've
seen
that
has
done
well
is
my
asus.
B
Wi-Fi
router
had
a
mode
like
that,
where
you
know
there's
a
simple
mode
where
you
know
almost
everything
is
automatic
and
I
I
just
have
to
enter
minimal
information
like
what
you
know.
Actually
even
you
know,
generating
passwords
and
stuff
can
be
on.
I'm
not
gonna
just
have
to
know
what
it
is,
but
you
know
there's
also
an
advanced
mode
where
I
can
go
and
change
lots
of
networking
knobs
that
only
a
networking
expert
would
know,
and
if
I
change
those
they
don't
get
stomped
by
the
device.
B
So
that's
only
two
two
modes,
auto
everything
in
advance,
but
I
think
it's
some
shows
the
concepts
you
know
in
this
different
domain
can
also
work
where
it's
not
abstracting
the
underlying
details.
It
is
simplifying
how
to
manage
those
underlying
details
and
something
I've
seen
since
the
beginning
of
kubernetes
is
that
abstraction
is
hard
like
people
from
the
beginning.
Even
when
kubernetes
had
vastly
fewer
knobs
and
vastly
fewer
resource
types,
people
tried
to
abstract
the
resources
with
you
know,
jsonnet
or
some
other
configuration
tool
and
is
very
difficult.
B
Like
I'm
not
aware
of
a
lot
of
successes
there
for
people
trying
to
do
something,
that's
very
general
purpose
like
an
off-the-shelf
application
or
a
blueprint
that
works
for
all
the
applications
in
an
organization
or
something
like
that
it
can
be
very,
very
challenging
there
also,
I,
I
think,
a
lot
of
times
people
get
caught
up
on
reducing
boilerplate
or
you
know,
applying
minor
simplifications,
and
that
ends
up
not
having
a
lot
of
value.
It
just
gets
in
the
way.
More
than
anything
else.
B
B
You
know
so.
Keep
control
has.
If
you
know
the
right
combination
of
flags
you
can
use,
keep
control
creates
to
create
the
ammo.
For
you
keep
control
creates,
you
know,
client
equals
dry
run
or
whatever
it
is
now
dash
or
yaml,
and
it
will
spit
out
the
ammo
for
you,
so
I
actually
have
been
using
that
and
it's
not
bad.
You
know
if
we
made
that
more
obvious
or
a
first
class.
You
know
new
command
like
cube
control
generates,
or
something
like
that.
B
B
If
not,
if
not
for
upgrade
everything
I
showed
you
could
basically
just
do
with
macros
right,
like
you
could
take
a
take,
a
blueprint,
run,
a
macro
spit
out
a
variant,
and
that's
that's
nothing
new!
Really.
The
tricky
bit
is
actually
okay.
If
now,
how
do
you,
if
someone
changes
the
blueprint?
How
do
you
update
all
the
deployments
that
were
generated
from
that
blueprint?
B
Mechanism
is
actually
needed
and
we're
still
working
on.
You
know
exactly
the
right
semantics,
but
my
mental
model
is
kind
of
similar
to
a
customized
base
where
the
blueprint
is
providing
defaults
and
if
the
consumer
hasn't
overrided
those
defaults
and
those
you
know
new
defaults
get.
Arguably
you
shouldn't
change
defaults
in
the
blueprint,
because
changing
defaults
is
sort
of
a
breaking
behavior,
but.
B
You
know
just
as
an
example,
if
you
make
a
mistake
in
a
blueprint
and
then
some
deployments
get
created
from
it
and
you
want
to
fix
all
of
them
all
those
you
want
to
put
the
fix
in
the
in
the
blueprint
and
then
roll
out
that
fix
in
all
the
direct
instances
right.
So
just
as
I
you
know,
the
example
I
showed
was
pretty
simple,
but
even
then
you
know
I
run
this
demo
lots
of
times
and
half
the
time.
B
You
know
I
would
want
to
add
that
to
the
blueprint
and
then
go
update,
all
the
deployments
to
get
that
change
right.
So
I
think
that
is
the
sort
of
the
interesting
bit
or
one
of
the
interesting
bits.
There's
there
are
some
other
challenging
things.
We're
working
on
application.
Configuration
is
one
that
we're
looking
at
right
now.
B
So
so
that's
you
know
something
we're
working
on
right
now
as
well.
Do
you
also
have
that
same
problem
with
versioning
and
upgrade
of
the
mutators
as
well
yeah?
So
that's
another
thing
we're
thinking
about
you
know
the
platform
team
probably
wants
to
manage
the
versions
of
those
functions
right
now,
the
tags
for
the
so
that
we're
using
containerized
functions
and
the
tags
are
in
the
kep
file,
and
that
probably
is
going
to
be.
B
You
know
it's
good
for
predictability,
but
it's
probably
going
to
be
a
maintenance
issue.
So
one
thing
we're
thinking
about
so
our
back
end
has
made
all
the
configuration
accessible
through
apis
through
kubernetes
api
is
actually
using
an
aggregated
api
server,
so
that
enables
us
to
run
all
kinds
of
automation
on
the
configuration
content
in
storage.
So
in
theory
we
should
be
able
to
discover
all
the
set
of
packages
in
a
repository.
B
Check
what
function
versions,
they're
running,
for
example,
change
those
and
propose
that
change
and
do
whatever
automated
validation
or
testing.
We
want
to
do
and
then
merge
those
changes
in
a
progressive
fashion,
so
that
conceptually
should
all
work.
We
need
to
actually
go
build
a
prototype
of
that
and
improve
that
we
did
build
a
prototype
of
bulk
upgrades,
so
update
a
blueprint
and
then
you
know
discover
all
the
packages
that
were
drive
from
that
blueprint
and
propose
up
upgrades
to
those,
and
that
worked
great.
B
The
workflow
is
a
little
bit
tedious,
so
we
probably
would
adjust
the
workflow,
so
they
can
be
bulk,
approved
bulk
reviewed
and
approved,
and
we
can
actually
run
automated
checks
already.
So
I
showed
mutator
functions.
We
can
also
run
validator
functions,
so
we
could
run
automated
validation
checks.
You
can
think
of
them
conceptually
like
github
statuses
or
some
or
things
like
that
or
mission
control
in
kubernetes.
B
It's
effectively
admission
control
for
git,
so
we
can
prevent
merging
changes
that
fail
the
checks
or
we
could
automatically
merge
things
that
pass
the
checks
but
yeah
and
the
workflow
can
base
basically
be
whatever
people
want
it
to
be
and
we
have
the
base
after
any
mutation
that's
made.
We
run
all
the
functions
again,
so
they
need
to
be
item
potent,
but
that's
the
image
control
aspect
of
it.
B
So
it's
it's
yeah.
It's
definitely
clear
that
it's
gonna
be
something
that
platform
teams
need
to
do,
and
I
I
I
think,
the
other.
The
other
thought
you
know
kind
of
riffing
on
the
you
know,
making
it
easy
for
some
and
having
more
advanced
for
others
is
possibly
having
better
descriptions
in
terms
of
what
the
mutators
do,
such
that
it's
more
obvious
to
people.
You
know
which
mutator
to
pick
et
cetera,
yeah.
Absolutely
I'm
also
been
thinking
for
the
application
use
case.
B
We
will
want
the
ui
to
understand
certain
mutators
that
you
know
we
expect
to
be
commonly
used
much
like
customize
has
you
know
some
built-in
transforms
that
are
that
are
commonly
used,
so
we
have
a
kind
of
a
general
purpose,
discovery
mechanism
where
we
can
register
repo
and
discover
what
functions
are
in
there
and
then
in
theory.
We
could
attach
metadata
to
those
functions
and
you
know
filter
them
in
various
ways.
So
currently
we
have
filtering
based
on
whether
a
function
is
a
meditator
or
a
validator.
B
So
if
you
are
adding
a
validator,
it
only
shows
you
the
validator
functions
and
then
in
the
repo.
Definitely
one
thing
I've
noticed
is
where
the
input
type
is
well
structured
like
in
the
apply
replacements
case.
We
could
automatically
know
what
functions
get
run
in
that
case
and
the
user
wouldn't
have
to
deal
with
it,
but
also
for
the
resources
in
the
blueprint
like
namespace
rolebinding.
B
Usually
there
are
functions
that
apply
to
specific
resource
types
like
set
set
namespace,
for
example,
and
that
applies
to
most
resources,
because
most
resources
are
namespaced,
but
we
have
some
specific
functions
that
apply
to
specific
resource
types.
So
we
can
suggest
functions
based
on
what
resource
types
are
in
the
package,
which
is
a
more
generalized
version
of
no.
You
know
invoking
a
specific
function
for
specific
input.
B
So
we're
looking
at
things
like
that,
but
yeah
in
terms
of
modifying
the
lots
of
the
pod
spec,
we're
trying
to
figure
out
the
balance
between
supporting
those
edits
directly
in
the
ui
and
creating
functions
that
can
modify
parts
of
the
pod
spec,
because
there
are
some
of
the
attributes.
We
want
to
be
common
across
all
the
applications
in
an
organization,
for
example.
B
So
for
those
we
would
like
to
have
a
function
that
we
can
just
say
make
it
so
like
make
no
make
sure
none
of
the
pods
are
privileged
or
none
of
them
auto
mount
the
service
accounts.
Things
like
things
like
that,
so
those
things
will
probably
you
know
those
best
practices
as
platform
teams
develop.
Then
they
would
probably
want
to
create
functions
for
those
and
then
automatically
apply
those
functions
to
all
the
packages.
So
we're
also
looking
at
attaching
functions
at
the
repo
level.
B
A
B
You
know
kept
has
been
around
for
a
little
while,
but
a
lot
of
this
functionality
is
new
since
may
yeah,
so
like
the
dui
plug-in
and
the
package
orchestrator
back-end
in
particular,
and
we
also
just
recently
open
sourced
config
sync
as
well.
So
now
it's
kind
of
a
more
comprehensive
package
for
automating.
B
B
You
have
to
write
the
configuration
by
hand
at
the
end
of
the
day,
you're
in
a
text
editor
an
ide
writing
it
by
hand
and
with
this
approach
you
know
id
is
sort
of
the
proof
of
concept,
but
I
think,
as
we
get
into
security
remediation
and
tools
that
you
know
try
to
instill
best
practices
and
things
like
that,
there'll
be
more
automation
that
that
we'll
be
able
to
apply
to
constructing
the
configuration
machine.
Learning
is
another
thing
we're
looking
at.
A
A
B
B
Ux
really
trying
to
inform
how
the
cli
is
designed,
I
mean
keep
control
itself
at
this
point
is
hard
to
change,
because
it
has
so
many
users
and
documentation
and
things
like
that.
But
for
things
for
things
that
are
additive,
and
we
could
look
at
how
to
streamline
the
experience
more
for
what
people
actually
do
anyway.