 Hi You all might have suffered from complexity using boss as you might know I work on the open-sex CPI team and I'm going to share some a short story about How we have our share of suffering from the inside like developing boss Let me start with a really short Overview, it's not a complete overview and nothing really simplified of of boss And I'm concentrating on the registry here. It's like that's going to be used to Provide metadata that has to be updated during a lifetime of the VM think about mount points for persistent disks The flow is kind of the director tells the CPI to tell the registry to prepare some value that the agent will collect at some point in time and then do action on that as a context so I've Three features that we wanted to develop or have developed actually This one rather simple straightforward, we wanted to use domains of keystone v version 3 look rather simple some Some twiddling some if because we want to support v2 and v3 and their path for authentication changed but then just add Domain obviously and tenant is now called project again But some rather simple things the implementation was straightforward. We committed it. The pipeline was green It just didn't work I'll come to that later. I'll have another feature human readable VM names like in AWS on the console You see things like runner slash zero runner slash one On open stack that was VM dash some UU ID Not really helpful and we wanted to change that Unfortunately the agent on open sex themselves is configured to actually use the name to look up meta data in the registry So that was a bit harder, but we found some work around Pipeline went green. It just didn't work That's the last feature that we worked on that's about custom CA certs think about a private open-stack installation Using self-signed certificates. You might still want to really use SSL validation And that's a mechanism to actually provide your custom CA cert Yeah, that was pretty straightforward again like keystone v3 the pipeline was green. It just didn't work So it was this rather innocent looking line of code That is responsible for checking that the agents actually just able to get the settings for his VM And you know the CPI is the abstraction for I is right Hmm not quite the registry is actually calling open stack on its own so we had to Do the v3 stuff there for keystone the CA certs and there was some problem Finding finding a content for that for that VM Sadly this is only called if The call is made without authentication and guess how our pipeline was configured It was configured with basic authentication So it went green with that because the check was just see that if remote IP was just switched off So okay, maybe that was Humorous or not I'm coming to some seriousness Not not as good as you dr. Nick It's an it's an unnecessary layer of indirection And it's actually a single point of failure that wouldn't be necessary like the the director could just talk to the agent directly It's a major break of abstraction So you have actually subclasses of some Ruby class in there for AWS and for open stack and As you've seen in the presentation about the Google CPI New newly created CPIs are actually shying away from from using it and starting to use that Let me close with that Quotation of Cato the older that wanted to have cartago destroyed I'm aware of that this probably took Cato quite some time to get it through the through the Roman Senate He said it whenever he had a speech in there And then the third puny war took quite some time But on the other hand we have it actually on Bosch notes like plans for a for a Bosch CPI version 2 That would get rid of registry and that's so we should just do it That's all from me. Thanks for listening