►
From YouTube: Kubernetes SIG Usability 022520
Description
For more information on SIG Usability check out: https://github.com/kubernetes/community/tree/master/sig-usability
A
B
Kick
it
off
can
hear
me:
okay,
yeah
cool
I'm,
Karl,
Pearson
I'm,
a
user
researcher
at
Red,
Hat
working
on
open
shift,
pretty
much
entirely.
I
have
a
background
in
psychology,
but
I've
been
doing
UX
research
stuff
for
like
three
or
four
years
now,
and
my
general
skill
set
is
pretty
mixed
methods,
but
I
try
to
gravitate
towards
the
quant
and
data
visualization
stuff
when
there's
a
need
there,
just
because
I
think
it's
fun
to
do
stuff
in
our
all
day,
so
I'll
be
lending
wherever
is
useful,
but
particularly
there.
C
A
D
A
A
Incidentally,
survey
was
on
hold
for
a
few
weeks.
Cuz
I
was
out
for
wedding,
so
thanks
for
bearing
with
me
well
I
catch
up
on
stuff,
so
just
for
those
of
you
that
are
joining
in
remotely
or
after
the
meeting.
Just
this
is
our
jobs
to
be
done
proposal
that
we
have
that
we
have
a
going
on
right
now.
This
is
the
full-fledged
proposal
and
there's
a
scaled-down
version
of
it
meant
to
tackle
phase
1
phase
1.
A
In
the
meeting
before
I
went
out
for
for
wedding,
pretty
much
just
went
through
the
survey
and
the
feedback
that
people
had
given.
So
here
we
have
some
basic
profiling
criteria
to
get
to
know
a
little
bit
about
the
user,
taking
the
survey
kind
of
their
involvement
with
development
and
objectivity,
as
well
as
a
little
bit
about
their
environment.
A
So
you
know
I
sent
out
an
email,
update,
kind
of
just
saying
that
here
are
the
things
that
are
left
to
be
able
to
launch
the
survey
and
piloting
it
with
with
relevant
users.
That
would
be
able
to
just
you
know,
do
a
quick
scan
and
see
if
the
questions
make
sense.
If
there's
you
know
no
weirdness
going
on,
and
so
I
know
that
that's
in
flight
right
now,
and
so
as
soon
as
that
is
done,
and
you
know
if
we
need
to
incorporate
any
feedback.
A
Basically,
the
survey
would
be
ready
for
launching,
and
in
the
last
couple
of
weeks,
I
know,
Tasha
and
Valerie
Israel
in
the
past
had
asked
about
just
what
are
the
steps
to
use
the
CNC
F
SurveyMonkey
account
to
be
able
to
share
our
survey
through
there
and
so
I
think
that,
basically,
what
was
decided
there
was
that
this
survey,
being
in
my
personal
account,
which
is
be
transferred
over
to
the
CNCs
survey,
and
then
they
would
launch
it
so
for
piloting.
You
know
we're
doing
the
piloting
just
with
the
survey
in
the
personal
account.
A
Hopefully,
within
the
next
couple
of
weeks,
I
know
there,
there
were
some
people
on
the
call
that
had
mentioned
being
able
to
help
out
with
piloting
does.
Would
anybody
like
to
chip
in
yeah
I
gladly
help
sure
yeah,
then
amazing?
If
we
could
deep
highlighting
within
this
week
or
the
next
couple
of
weeks,
that
that
would
be
great
yeah
thanks
so
much.
A
E
I
did
so
apologies
for
being
late,
hi
everyone-
this
is
Jim
Begg,
waria
I'm,
one
of
the
cofounders
and
this
year
at
numata,
and
what
I
wanted
to
present
here
was
caverna,
which
is
a
policy
management
framework
that
we've
been
working
on
and
I
know.
I've
worked
with
Tasha
also
in
the
multi-tenancy
groups.
I
heard
a
little
bit
about
what
what's
going
on.
E
You
know
what
you
folks
are
working
on
in
the
usability
sig
and
it
seemed
relevant,
so
I
just
wanted
to
briefly
introduce
giver
now
and
see
if
there's
a
potential
for
collaboration
as
part
of
your
efforts
as
well.
So
just
in
terms
of
timing
and
logistics.
How
much
time
should
be
planned
for
for
this
part
of
the
session.
E
It
okay
awesome,
so
let
me
share
my
screen
and
I'll
pull
up
a
quick
slide
deck
just
to
go
through
and
then
I
also
want
to
show
a
quick
demo,
and,
let
me
know-
and
just
you
know
feel
free
to
interrupt.
Let
me
know
if
this
is
relevant,
not
relevant,
etc,
and
you
know
where
we
should
focus,
and
certainly
we
can
set
up
more
time
for
a
deeper
dive.
E
Of
course
that
remains
one
of
the
pain
points
right
kubernetes
has
a
lot
of
you
know,
we'll
know
as
it's
not
secure
out
of
the
box,
there's
a
lot
of
configuration
complexity
and
we
believe
that
one
way
to
address
this
is
through
policies
that
ops
can
set
up
and
provide
self-service
for
developers
within
enterprises
within
organizations
right
and
the
reason
why
we
built
cover
now
and
what
it
you
know.
What
the
goals
here
are.
E
I
really
provides
a
policy
management
framework
which
is
very
kubernetes
native,
so
there
are,
of
course,
solutions
like
open
policy
agent,
which
are
more
general-purpose
policy
management
solutions
which
come
with
a
learning
curve
right
and
some
complexity,
and,
as
we
spoke
to
kubernetes
administrators,
what
we
quickly
learned
is
you
know
it's
the
the
cost
of
learning
of
the
complexity
of
learning
a
new
policy
language.
The
bar
was
just
too
high
for
adoption,
even
though
the
value
was
you
know
was
fairly
clear
to
most
folks.
B
E
Kubernetes
native
is
very
familiar
to
communities
users
and
adopts
the
best
practices
patterns
idioms
within
kubernetes
right
and
we'll
go
through
a
few
examples
of
these.
So
the
goals
you
know
just
making
policies
easier
anybody
who's
familiar
with
kubernetes
constructs,
should
be
able
to
write
giver.
No
policies
was
one
of
the
goals
and
also
in
terms
of
being
able
to
view
results.
E
You
know
like,
as
you
can
imagine,
as
with
any
other
policy
management
type
of
tool,
it
acts
as
an
admission
controller,
so
self
registers
using
to
receive
web
book
events
on
every
API
server
call
and
it
will
handle
both
the
validate
and
mutate
web
hooks.
And
then,
as
policies
or
defined
policies,
are
first-class
resources.
E
It's
a
quick
view
of
how
a
Cuban
or
policy
is
laid
out,
so
a
policy
comprises
of
multiple
rules.
Each
rule
can
match
or
exclude
based
on
kinds
or
names
on
syllable,
selectors,
namespaces
user
information,
including
roles
groups
names,
so
lots
of
interesting
things
that
can
be
done
there
and
then,
as
each
rule
is
processed.
There
is
a
context
that's
built
up,
which
includes
the
admission
request
and
some
additional
metadata,
and
then
the
rules
are
evaluated
in
order,
so
you
have
mutate,
validate
generate
rules
which
can
apply
to
resources.
E
Here's
an
example
of
what
this
actually
looks
like
and,
as
you
can
see,
I
mean
you
know
it's
pretty
similar
to
what
you
would
expect
it
so
well,
this
this
block
is
just
selecting
a
resource,
or
you
can
see
some
match
labels,
something
you
know
you
can
have
match
expressions
in
your
selector.
You
can
have
a
list
of
kinds
for
which
types
of
resources
or
use
wildcards
there,
and
once
the
policy
is
matched
the
rules
within
that
policy,
would
be
applied
or
evaluated
on
the
incoming
resource
itself.
E
E
But
if
there
is
a
value
specified,
then
it's
untouched
and
it's
whatever.
The
user
has
configured
so
so
fairly.
Simple.
We've
tried
to
you
know,
keep
this
if
it
as
as
minimal
decoration
or
sort
of
additional
syntax
as
required.
But,
of
course,
there
is
a
need
to
do
some
conditional
logic,
which
is
where
we
have
introduced
these
type
of
either
anchors
on
tags
or
operators
and
things
to
that
nature.
It's
another
example
of
you
know
how
you
can
you
can
do
some
variable
logic
here.
E
So
in
this
case,
it's
if
you
want
to
check
if
label.
So
if
you
want
to
enforce
that
labels
have
to
be
a
specific
label.
In
this
example,
app
has
to
be
defined
in
the
incoming
resource.
It's
pretty
straightforward,
you're,
we're
using
the
question
mark
to
say
there
at
least
has
to
be
a
single.
You
know
one
character
and
start
doing
to
indicate
that
there
could
be
multiple.
So
as
long
as
there's
something
defined
in
that
lay-up
field,
and
it's
not
null
or
an
empty
string,
it
will
pass
this
validation
rule.
E
E
E
Right,
yes,
it's
a
very
interesting
point
right
and
we're
still
I
think
there
is,
of
course,
from
a
operator
and
admin
perspective
having
this
to
be
secured
by
default
and
not
allowing
any
ingress
or
egress
traffic,
but
then
allowing
either
the
developer
or
whoever's
using
the
name.
Space
to
add
rules
as
required
is
desirable
right.
E
The
challenge
that
we've
seen
is
because
sometimes
it's
not
very
obvious
whether
even
network
policies
are
supported
within
that
cluster
or
you
know
just
making
sure
that
again,
the
right
C&I
is
running
and
properly
configured
and
the
complexity
of
adding
network
policies
sometimes
tends
to
be
the
barrier.
But
overall-
and
this
was
you
know
at
the
last
at
coop
con
in
against
this-
was
the
u.s.
koukin.
E
In
november
there
was
a
session
and
the
multi-tenancy
sig,
where
I
think
it
was
HDFC
Bank
which
was
presenting,
and
they
were
discussing
this
very
same
topic
and
they
said
they.
There
was
a
little
bit
of
grumbling
in
the
beginning,
but
once
folks
understood
how
to
you
know
configure,
and
once
they
had
some
Network
policy
templates,
it
became
pretty
straightforward
and
you
know
their
users
just
got
used
to
that
where
they
would
get
a
namespace
with
no
traffic
allowed
by
deep.
But
then
they
would
add
rules
for
ingress
or
egress,
as
required.
E
So
it's
still,
you
know
the
community
and
with
governo
and
we're
slowly
growing
in
the
feedback.
So
far
has
been.
You
know
fairly
positive
and
it's
it.
The
common
theme
we
see
is
that
the
learning
curve
curve
for
oppa
and
Raghu,
which
is
the
policy
language,
is
pretty
high,
where
you
know
and
cubanos
seems
to
address
that
fairly
well
for
specific
use
cases
right.
It's
not
intended
to
be
a
general
purpose
policy
to
the
workflow
that
you
know
that
you're
asking
well,
that's
that's
very
interesting
and
that's
something
we're
trying
to.
E
E
A
E
So
I'll
wrap
up
in
two
minutes,
so
just
to
kind
of
showcase.
You
know
what
again
just
a
simple
policy
where,
if
you
want
to
disallow
root
users,
what
this
would
look
like,
it's
again,
pretty
very,
very
straightforward
and
familiar
to
somebody
who
understand
who's
kind
of
seen.
You
know
body
ml
or
deployment
yamo.
Several
other
features
we
support.
One
thing
to
highlight
here
is
this:
this
policy
is
written
at
a
pod
level,
but
key
brno
can
automatically
generate
our
rules
for
any
pot
control.
So
that
was
another.
E
You
know
feedback
item
we
received,
which
it's
pretty
interesting
right,
because
if
you,
ideally
you
want
to
write
policies
which
apply
to
all
pots,
but
then
users
typically
will
control
their
pods
or
manage
their
pods
to
something
like
a
deployment
or
a
stateful
set.
So
you
want
to
report
errors
at
that
level
right.
So
how
do
you
achieve
both
where
you're
writing
policies
which
apply
to
any
part,
regardless
of
how
it
was
created,
but
then
you're
reporting
errors
at
the
pod
controller
level.
E
So
we
we
tried
a
few
design
options,
but
what
we
settled
on
which
works
pretty
well
is
at
least
we
think
so
is
where
you
can
now,
when
you
write
a
policy
at
a
pod,
give
or
no
can
through
annotations.
This
can
be
controlled,
but
by
default
it
will
generate
rules
or
pod
controllers
like
deployment
stateful
set
jobs,
cron
jobs
and
then,
if
a
user
you
know,
creates
one
of
those
like
a
deployment
which
violates
the
the
pod
policy,
so
the
pod
template
part
will
be
pretty
much
flagged
and
they
will.
E
You
know
they
will
be
blocked
to
create
that
deployment
itself.
If
that
feature
did
not
exist,
what
the
behavior
would
be,
the
the
moment
would
be
accepted
by
the
API
server,
but
then
the
pod
would
not
get
would
not
get
scheduled
because
the
pod
creation
would
get
blocked
right.
So
it's
those
kind
of
usability
issues
that
we
kind
of
thought
about
and
because
we're
kubernetes
native,
we
can
leverage
existing
patterns
like
the
the
relationship
between
controllers
and
pods
anyways.
E
Let
me
pause
there
and
again
I'm
happy
to
set
up
a
separate
session
where
we
could
do
a
deep
dive
in
a
demo.
The
I'm
sharing
the
git
repo
there's
quite
a
bit
of
documentation.
It's
very
easy
to
install
and
you
know
kind
of
try
keep
Arno
out
it
yourself
right.
If
you
have
a
cluster
either
but
kind
or
you
know
any
local
cluster,
you
can
just
pretty
much
install
and
run
through
this
install
that
GML
and
then
try
out
some
of
the
sample
policies.
E
A
A
A
B
So
for
the
survey
I
guess
people
been
working
on
like
some
operational
stuff
about
like
governance
with
this
data
like
who's
allowed
to
see
the
raw
data,
especially
if
we're
collecting
names
and
stuff
like
that.
Is
that
all
intended
to
be
public
or
like?
Is
there
any
sort
of
communication
to
people
that
are
signing
up
for
this,
like
how
we're
going
to
handle
their
data
and
their
contact?
Information
and
stuff
like
that,
yeah.
A
I
I
think
that
that's
a
great
question
I
would
say
that
we
haven't
defined
that
for
this
specific
survey,
but
I'm
curious
for
since
we
are
using
the
CN
CF
account
just
it.
It
would
be
good
to
know
just
like
what
they're
pretty,
if
there's
existing
procedures
in
place
for
for
handling
that
type
of
data.
B
Yeah
I'm
not
familiar
I,
said,
to
be
honest,
is
the
first
like
sig,
I've
joint
at
all,
so
I'm,
pretty
unfamiliar
with
this
space
in
general,
I'd,
volunteer
and
I
can
but
I'm,
not
sure
exactly.
Someone
might
have
to
point
me
in
the
right
direction
to
like
who
do
I
contact
about
that
or
like
get
access
to
that
information.
B
A
I
I
think
for
for
a
couple
of
us
at
least
I
know
it
for
me
personally.
It's
also
my
first
sing
and
the
only
one
that
I'm
involved
in
so
that's
you're,
not
alone.
There
I
think
Tasha
has
been
pretty
and
Valerie
as
well
have
been
pretty
great
about
knowing
who
to
contact
and
just
kind
of
like
which
slack
channels
to
post
and
ask
questions.
I
know
in
specifically
to
find
the
CN
CF
account.
A
B
A
B
B
A
B
B
A
I
know
something
was
mentioned
previously.
Is
that
because,
where
this
sega's
can't
heavy
on
well,
a
lot
of
the
projects
have
been
user
research
focused
I,
don't
know
if
we
have
as
much
precedence
for
user
research
in
others
saying
like
no,
we
I
shared
some
links
before
of
surveys
that
other
SIG's
have
done
not
through
CN
CF,
but
through
a
it
might
have
been
a
different
survey.
Well,
but
I
know
that
they
shared
raw
results,
but
I
don't
believe
that
they
should
personal
like
information
like
names
or
email.
F
A
B
It
seems
like
the
quantitative
stuff,
and
maybe
some
redacted
qualitative
information
would
be
easy,
but
yeah,
maybe
just
thinking
about
establishing
some
kind
of
process
for
like
if
the
intent
is
to
follow
up
with
these
users
who
who
gets
to
follow
up
or
like
how
is
that
person
vetted?
You
know,
rather
than
just
yeah,
like
the
the
data
governance
policies,
so
yeah
sounds
good.
Yes,.