►
From YouTube: Kubernetes in the Enterprise Transforming Rabobanks On Premise Applications by Cherwin Nooitmeer
Description
Get ready to dive into the exciting world of Kubernetes adoption in the Enterprise! In this electrifying talk, you'll discover the journey of Rabobank as they adopt Kubernetes and other cutting-edge cloud native technologies. Witness the migration from on-premise systems to Argo Workflows, FluxCD, and EKS, allowing Rabobank to seamlessly deliver their back office COTS application from India straight to their customers. Join us as we showcase the setup of our infrastructure, the challenges we faced, and how we conquered them. Don't miss out on this opportunity to learn and be inspired!
B
Good
afternoon
that
was
entirely
planned.
We
wanted
a
fuller
room.
Now
we
have
it.
We
had
no
problems
whatsoever.
B
A
A
Well,
first
of
all,
let's
talk
about
what
is
the
Enterprise
so
for
me,
I'm
like
a
technologist
at
heart,
so
what
I
thought
the
Enterprise
is
is
just
like
yeah
Dusty
old
people
sitting
at
the
cubicle
Farm,
something
like
this
right
who
thinks
about
when
you
see
an
Enterprise
who
thinks
about
this,
that's
exactly
what
I
thought
right
and
but
when
I
got
older
and
I
saw
what
people
actually
do
and
the
processes
like
the
Enterprise
is
much
more
than
just
a
couple
of
people
or
like
a
bunch
of
people
in
a
room
having
meetings
for
me,
an
Enterprise
is
a
cohesive
ecosystem
that
creates
value
for
the
people
that
work
there
and
also
the
people
outside
of
the
Enterprise,
where,
where
the
Enterprise
or
services
for
it's
a
highly
Advanced
technological
machine
where
people
work
together,
they
have
different
roles.
A
A
This
is
an
Enterprise,
it's
an
ecosystem.
If
people
don't
work
together,
what
happens
to
the
Enterprise?
It
falls
apart
or
it
crashes.
You
know
what
happens
with
this
thing
and
it's
a
fun
story,
because
when
I
started
my
career
a
decade
ago,
we
the
the
people
that
were
there,
the
technologists
and
the
the
lead
developer,
he
called
me
Georgie,
laforge
and
I,
didn't
know
what
Georgie
the
forge
was.
A
I
was
the
Star
Trek
fan,
but
he
commended
me
that
I
couldn't
come
up
with
like
a
very
good
technological
solutions
in
a
short
amount
of
time,
and
now
that
I'm,
like
looking
at
this
whole
end
of
where
what
I've
been
doing
and
stuff
like
that
I
feel
like
hey,
Georgie,
the
fort
there's,
this
guy
gonna,
look
like
him.
If
you
look
at
it.
A
Thank
you,
but
we
also
have
other
people,
of
course,
different
roles.
This
is
the
front
line
risk
that
we
have
at
the
driver
Bank.
These
are
the
security
guys
they're
very
strict
they're
very
to
the
point,
but
they
are
fair
because
understand
with
an
Enterprise
there's
a
lot
of
problems
that
can
happen
and
you
don't
want
to
basically
bring
the
Enterprise
down
and
we
also
have
another
role.
A
These
are
the
architects
and
that's
what
I
see
there's
a
question.
If
you
have
seen
John
he's
right,
there
kind
of
looks
like
I'm
him
too,
but
yeah
he
really
yeah.
So
he
really
makes
sure
that
we
do
the
right
thing
because
he
understands
not
only
low
level
but
also
what
happens
on
top.
He
speaks
with
management
and
also
the
people
above
that
which
is
very
important
to
make
sure
the
Enterprise
keeps
on
flying
around
all
right
a
little
bit
about
myself,
so
yeah
I,
I'm,
Sharon,
neutman
I'm,
an
SRE
at
heart.
A
I've
been
doing
this.
As
I
said
for
more
than
a
decade
now,
I
worked
at
some
more
notable
companies
like
Spotify
back
in
2013
and
then
I
I'm,
originally
from
the
Netherlands,
but
I'm
born
in
Syrian,
Army
I,
so
I
worked
in
Sweden,
then
I
went
to
London
worked
for
volunteer
Technologies
I
started
my
own
company
there,
as
well
did
a
lot
of
cool
things
all
the
way
from
bare
metal,
putting
it
in
the
racks
and
making
sure
that
the
fiber
channel
is
working.
A
The
Cisco
switches
are
working,
everything
is
redundant,
everything
is
working,
fine
and
dandy,
and
the
monitoring
system
is
in
place
and
backups
as
well
and
I.
Just
basically
grew
from
there
to
the
SRE
that
I
am
right.
Now
I
write
a
lot
of
automation,
I
write
a
lot
of
go
I,
do
software
engineering,
but
mostly
on
the
architecture
and
now
as
well
with
ravo
we're
at
the
Forefront
to
transfer
to
the
cloud,
and
there
I
help
the
team.
Our
team
team
Vikings
together
with
also
TCS,
to
make
sure
that
we
get
their
the
application.
A
A
A
So
here
we
are,
we
were
using
AKs
engine
and
actually
was
not
AKs
engine.
It
was
called
ACS.
Engine
AKs
really
wasn't
generally
available
at
that
time.
So
what
Microsoft
did?
Is
they
open
sourced
the
engine
that
basically
installs
kubernetes
for
you
on
azure,
but
it
was
not
ready
for
a
bank
and
why
was
it
not
ready
for
a
bank
yeah?
A
You
can
see
here
right
now,
there's
a
nil
pointer
when
you
want
to
use
hardened
images
and
that's
what
you
want
to
use
when
you're
in
a
bank
you
want
to
make
sure
that
you're
secure.
You
want
to
use
your
own
images,
but
if
you
use
your
own
images
and
you
install
kubernetes
what
happens
it
crashes?
Why?
Because
you
didn't
check
your
pointers,
so
I
needed
to
make
sure
that
it
didn't
happen.
A
So
I
made
this
commit
and
the
same
day
I
got
merged
and
we
could
actually
continue
to
deploy
kubernetes
in
the
bank,
which
is
great,
and
this
is
what
I
call
pushing
the
envelope,
because
basically
AKs
was
not
ready
for
the
financial
industry
at
that
point
in
time.
Without
this
particular
single
line
of
code.
A
A
Have
a
public
load
balancer
exposed
all
your
S3
buckets
exposed
and
then
think
you
can
run
a
bank
like
that
before
you
know
it
you're
hacked
and
then
you
have
to
pay
some
like
I,
don't
know
some
ransomware
money
to
make
sure
that
you
get
your
data
back
so
to
make
sure
that
we
don't
make
silly
mistakes
because,
like
the
number
one
mistake
is
like
open,
S3
buckets
and
for
kubernetes
I
thought,
like
I
heard
a
different
talk.
Not
so
long
ago
there
were
like
one
million
open,
API
endpoints
in
the
wild.
A
So
we
don't
want
that
to
happen
at
the
rabob.
So
what
do
we
have?
We
have
a
bunch
of
Enterprise
roles,
people
groups.
We
have
the
cloud
competency,
Center
the
CCC,
an
incredible
team
at
the
Rabobank.
What
they
do
is
they
help
you
to
make
sure
that
you
make
the
right
choices
inside
of
your
AWS
account.
A
So
you
don't
open
up
like
the
API
endpoint
for
everyone,
but
also,
if
you
do
something
that
is
silly,
there
are
automated
tools
to
make
sure
that
that
silliness
won't
actually
become
a
problem,
because
if
you
create
a
public
loan
balancer,
they
make
sure
that
it
automatically
gets
deleted.
A
A
So
we
make
sure
that
no
problems
happen
or
the
risk
is
at
least
mitigated
or
we
accept
certain
types
of
risks.
We
have
identity
and
access
management.
We
have
to
make
sure
that
we
have
all
the
accounts:
people
who
can
access
the
cluster.
Who
can
do
the
certain
things
you
have
to
make
sure
that,
like
a
group
of
people,
can
access
the
cluster,
we
have
people
from
TCS
right
here.
They
can
also
access
the
cluster
in
a
particular
way.
There's
a
whole
group
of
people
that
make
sure
that
you
get
the
right
identity
and
access.
A
A
All
right
the
placement
in
the
investment
stack.
So
what
are?
Are
we
actually
doing
right?
Why
do
we
have
kubernetes,
as
I
mentioned
before?
We
want
to
make
sure
that
the
Investments
back
office,
the
the
blue
circle,
the
blue
square,
right
there?
That
is
basically
that
what
we
want
to
run.
That
is
the
whole
back
office.
If
you
want
to
do,
for
example,
investment
portfolios
ordering
corporate
actions
famous-
these
are
all
things
that
are
being
handled
by
the
back
office.
There
are
connections
to
euronex.
Some
of
you
all
probably
know
what
euronex
is.
A
This
is
where
you
can
place
your
orders
and
hope
for
execution,
and
this
needs
to
now
run
on
top
of
kubernetes.
We
had
it
on
premise
before
when
you
go
in
with
rabble,
and
you
have
like
your
your
your
phone
and
you
want
to
create,
or
you
want
to
start
open,
Investments
account.
This
is
what
you
see
you
go
through
the
whole
stack
and
in
the
end,
you
come
with
like
the
complex
workloads
where
the
investment
back
office
runs
on
kubernetes
and
the
red
part.
A
This
is
where
I
come
in,
or
we
come
in
as
a
team
to
make
sure
that
that
is
good
and
that
the
functional
teams
can
consume
that
all
right
next,
the
application
architecture.
Well,
this
is
something
looks
very
complicated,
I'm
not
going
to
go
into
details,
but
just
to
give
you
a
view
of
like
how
complex
this
is
there,
you
see
all
the
connections
from
the
external
site
come
in
and
all
kinds
of
things
are
being
hit
and
being
talked
like.
A
We
run
now
with
like
the
40
transactions
per
second,
which
you
can
imagine
any
one.
Trend
action
can
multiply
into
like
five
or
even
10
times
as
much
because
it
propagates
across
the
systems
and
different
systems
need
to
do
different
things,
so
the
client
can
be
helped
so
metrics,
so
we
have
19
systems
integrated.
A
We
have
44
apis
provided
to
the
front-end
applications,
eight
different
communication
protocols
and
70
different
types
of
batch
processing,
and
that's
all
in
a
nutshell
what
you
saw
in
the
picture
before
now:
some
fine
grain
components
myself
particularly
interested
in
the
kubernetes
part,
and
what
are
you
running?
So
these
are
all
the
components
that
you're
running
this
is
devops.
That's
the
the
devops
squad
that
we
that
we
have,
but
so
basically
we
have
like.
We
have
Splunk.
We
have
Diner
Trace,
Amazon
Cloud
watch,
that's
the
monitoring
site
to
deploy
kubernetes.
A
We
use
terraform
and
customize.
That's
basically
the
building
blocks
to
deploy
kubernetes
on
so
terraform
to
deploy
kubernetes,
and
then
we
use
customize
to
do
the
rest
and
inside
of
the
cluster.
Of
course,
we
have
flux,
was
where's
flux
on
our
list
right
there
right
there
so
use
flux
CD.
So
we
use
getups
to
make
sure
that
auto
credentials
stay
in
store
inside
the
cluster
and
the
state
is
reconciled
with
the
get
repository
and
also
the
docker
registries.
A
Right
a
little
bit
more
metrics,
so
we
have
three
accounts
and
five
environments.
Well,
let's
we
have
more
accounts
with
three
active
Accounts
at
this
point
of
time
and
five
environments.
How
can
it
be
because,
like
normally
I
would
do
like
one
account
per
environment
but
there's
a
different
setup
that
we
have
here,
because
if
you
have
to,
if
you
create
an
account,
you
have
to
go
through
the
whole
process.
There's
a
lot
of
people,
as
I
said
before,
involved
to
make
sure
that
we
do
the
right
thing
and
it's
much
easier.
A
If
you
want
to
create
a
functional
environment
that
you
can
do
that
on
top
of
the
kubernetes
cluster,
because
you
can
use
your
kubernetes
to
run
different
types
of
workloads.
So
why
not
just
have
like
different
note
pools
that
you
can
use
that
are
specifically
used
for
a
particular
functional
environment.
So
we
have
performance
tests.
We
have
acceptance
environments,
we
have
all
kinds
of
other
environments
for
like
for
the
staging
account.
A
We
have
the
development
account.
Of
course,
this
is
where
the
initial
cicd
process
starts
from
the
rabo
site
and
we
have
also
production
right
now.
It's
just
one
one
environment
production,
but
it
will
be
split
in
multiple
environments.
Is
it
also
the
amount
of
nodes
that
we're
using
and
staging
has
the
most
notes,
51,
nodes,
720
cores
and
almost
three
terabyte
of
memory
so
yeah?
A
This
is
a
bit
it's
a
pretty
expensive,
but
yeah
we're
we
are
an
Enterprise,
and
so
the
the
operational
expense
is
might
be
a
little
bit
higher,
but
the
capital
expense
is
much
lower
because
you
don't
have
to
use
any
on-premise
systems
anymore.
A
As
I
mentioned
before,
we
do
get
UPS
this
animated
gif.
So
immediately
you
see
what
happens.
Flux
is
running
inside
the
cluster.
We
have
a
developer,
a
developer
changes
to
the
git
Repository
and
what
happens
flux
make
sure
that
the
system
is
reconciled,
but
we
also
have
Docker
images
and
if
there's
a
new
Docker
image
that
gets
pushed
to
the
registry,
flux
will
automatically
deploy
that
image
to
the
kubernetes
cluster.
A
All
right,
so
we
are
now
in
the
process
of
going
to
the
cloud.
It
has
not
been
an
easy
process,
it's
actually
a
very
complicated
process.
There's
a
lot
of
things
that
we've
touched.
There's
a
lot
of
things,
a
lot
of
communication
that
we
need
to
have
there's
also
there's
also
technological
challenges.
What
I
see
in
a
lot
of
companies
is
what
they,
what
they
do
usually
is
they
make
their
own
bespoke
Solution
on
top
of
kubernetes,
we
already
have
a
lot
of
yaml
files
and
what
they
then
do.
A
Is
they
create
a
template
system
to
make
sure
that
you
don't
repeat
yourself
and
I,
think
that
that
is
not
the
really
the
right
solution
to
go.
I
know
how
internally
used
templates,
but
otherwise
I
wouldn't
use
any
templating
system
to
to
do.
Yaml
I
wouldn't
make
anything
bespoke.
So
what
would
what?
What
would
we
do
different
now?
We
would
first
of
all
I
would
like
standardize
as
much
as
possible.
So
there
are
multiple
groups
of
people
in
the
rubber
band
that
are
using
kubernetes.
At
least
two
of
them
are
using
customize.
A
One
of
them
has
a
bespoke
solution
and,
as
we
have
seen
in
the
talk
before
you
want
to
remove
your
unicorns,
you
want
to
move
fast.
You
don't
want
to
have
50
planes
that
you
can
make
in
a
year.
You
want
to
have
50
000
right.
How
do
you
achieve
that?
How
do
you
get
agility
is
by
standardizing?
So
maybe
not.
Everyone
would
like
that.
You
have
some
Rockstar
Engineers.
They
want
to
do
their
own
thing
and,
of
course,
I
understand.
A
That's
also
very
possible,
a
very
like,
like
everyone
wants
to
do
that,
but
for
an
Enterprise
that
just
doesn't
scale
so
standardize.
The
other
thing
that
I
find
very
important
to
do
is
involve
Enterprise
expertise.
Earlier
we've
made
some
decisions
so
inside
of
the
cluster.
We're
also
using
Argo
Argo
is
a
big
part
of
our
CI
CD
system
and
it's
a
tremendous
tool.
It
works
very
well,
it
works
very
fast.
You
can
do
a
lot
of
things
with
that.
A
It's
a
versatile
tool,
but
inside
of
Rabobank
we
also
use
Azure,
devops
and
the
pipelines
are
compliant.
There
are
security
checks
and,
what's
going
to
happen
now,
if
you're
using
a
tool
like
Argo,
it
needs
to
go
to
a
process
to
accept
that
too.
It's
a
cloud
risk
assessment
that
you
need
to
do
before
you're,
going
to
run
a
tool
inside
of
the
cluster,
because
any
tool
that
you
get
from
from
Docker,
Hub
or
anywhere
else
could
be
compromised
or
has
a
maybe
not
the
right
security
posture.
A
A
Let's
see
so
the
next
one
is
start
processes
earlier.
So
if
you
something
a
tool
that
is
not
necessarily
rabo
endorsed
like
Argo,
what
you
can
do
is
start
the
process
early.
If
you
want
to
properly
risk
assess
that
tool,
you
have
to
make
sure
that
you
go
through
the
proper
channels
and
it
can
take
three
months.
Yes,
there's
a
lot
of
people
that
need
to
sign
off
on
things.
People
need
to
actually
check
people
check
the
code.
A
And
another
thing
is
very
important:
is
the
consideration
for
a
day
two
operations?
What
is
day
two
operations?
Your
first
day
operations?
That's
basically
when
you
install
the
the
cluster,
when
you
install
all
the
tools
when
you
just
start
doing
things,
but
you
have
to
maintain
the
cluster
you
have
to
have
updates
you
have
to
make
you
have
to
install
new
tools.
You
have
to
make
sure
that
you
are
with
the
right
API
version
Etc.
So
the
tools
that
you
pick
right
now
they
only
don't
exist
now,
but
they
also
exist
for
your
predecessor.
A
Let's
see
so,
there
are
a
bunch
of
key
takeaways.
First
of
all,
keep
it
simple
see
a
lot
of
people
wanted
to
make
a
lot
of
interesting
things,
but
I
like
boring.
Now,
I'm
now,
like
36
years
old,
some
people
think
it's
not
that
old,
but
for
me,
I've
been
in
there
in
this
industry
for
too
long
and
I,
don't
think
like
new
and
shiny.
It's
not.
A
A
A
So
one
of
y'all
is
familiar
with
customize
nice,
very
nice
who
isn't
okay,
okay,
there's
a
lot
of
people
not
they're,
raising
their
hands.
So
I,
don't
know
who
knows
what
like
like?
What
is
customized
I
will
like
surely
explain
that
customize
is
a
tool
that
basically
allows
you
to
patch
your
ammo
and
perhaps
so
it's
so.
You
have
a
base
ammo
and
you
can
basically
say
well.
I
want
to
take
this
base
yaml,
but
I
want
to
extend
it
with
a
little
bit
of
this
with
this
snippet.
A
Thank
you.
Let's
see,
what's
that,
I
think
you
can
wait.
A
second
extend
no
average
here.
I.
Have
it
here
mirror
for
built-in
display
there
we
go
there.
We
go.
A
A
A
C
C
A
A
All
right
so
very
simple:
this
is
so
flux
if
you
have
to
first
install
flux
and
we
have
install
flux,
I
think
this
is
visible
for
everyone.
Let
me
just
make
sure
that
it's
a
little
bit
bigger.
So
this,
basically,
is
the
basic
flux
configuration
that
you
can
use
to
say.
Okay
I
want
to
already
configure
the
git
repository,
and
this
is
what
you
do
in
depth.
A
We
have
a
director
called
Kate's
short
for
kubernetes
clusters,
Dev,
so
that
happens,
and
so,
if
you
see
here
already,
we
have
here
the
directory
called
case
base.
This
is
where
all
the
yaml
is
in
resize
it
in,
and
then
we
have
the
case
directory
right
clusters
and
then
we
have
def.
Just
like
you
see
here
in
the
path
right
and
now.
If
you
look
at,
for
example,
all
the
applications
that
are
installed
I'm,
not
actually
showing
rftm
rftm.
Is
it's
not
rtfm?
It's
rfdm,
it's
not
a
typo.
It's
a
Rabobank
file
transfer
manager.
A
So,
of
course
you
can't
just
like
actual
trade
data
infiltrate
data.
You
need
to
go
through
a
system
and
there
are
different
endpoints.
You
have
like
S3
buckets
with.
Also
Linux
machines,
you
have
all
kinds
of
like
other,
like
endpoints,
but
you
want
to
control
from
one
place
how
data
gets
from
outside
of
our
Bank
inside
of
Rabobank,
and
so
that
is
rftm
rfdm
has
an
API,
so
you
can
configure
rftm
and
I
wrote
a
little
controller
there.
A
So
this
is
like
an
app
that
I
that
I
install
on
the
cluster,
and
so
but
basically
you
see
here
that
we're
now
when
we
now
Went
to
went
to
customize,
you
saw
that
it
went
to
app
like
the
cluster's
death
and
then
we
have
some
apps
here,
and
here
you
see
that
I'm
pointing
to
Kate's
app
Dev
rftm.
So
let's
see
right,
Gates,
apps,
death.
A
A
So
there's
a
customization
and
then
you
go.
Two
directories
up
point
point
base
rftm,
so
you
go
up
base
and
then
we
go
to
rfdm
and
here's
the
full
deployment
and
so
with
customized.
It's
very
easy.
You
go
from
this
full
deployment.
This
is
what
you
have.
This
is
full
deployment,
but
in
the
end
the
only
thing
that
you
do
for
def
is
you
change
where
the
image
is
coming
from,
because
you
have
to
point
to
the
repository
or
to
the
registry
of
Dev
and
that's
what
I'm
doing
here,
I'm
pointing
to
the
deaf
registry.
A
So
and
it's
another
thing
so
you've
seen
that
I've
installed
an
RTM
controller,
so
the
nice
thing
about
an
Enterprise
is
that
it
is
a
big
ecosystem
of
technology
and
people
that
come
together
to
create
value
but
they're
also,
so
what
they
also
do
is
they
create
a
value
for
people
internally
inside
of
the
company?
So
instead,
so
we
have
a
thing
called
rftm,
but
it
does
it's
not
only
a
GUI,
it
also
has
an
API
and
what
you
can
do
in
the
Enterprise
there's
a
bunch
of
apis
available.
A
You
could
build
all
kinds
of
controllers
for
the
apis
that
are
already
there.
So
this
is.
This
is
the
first
controller
in
the
Rabobank
that
is
actually
using
an
internal,
API
and
I.
Think
a
lot
more
will
follow.
This
is
an
amazing
process,
so
you
can
imagine
if
there
are
a
bunch
of
apis
to
do
all
kinds
of
things
in
your
Enterprise,
you
can
not
only
use
kubernetes
to
deploy
your
applications.
You
can
use
kubernetes
to
basically
configure
your
entire
Enterprise,
so
working
for
an
Enterprise
basically
becomes
like
the
Starship
Enterprise.
A
So
I
think
this
is
good
for
now.
I
still
have
something
to
let's
see
here,
we
go
wait
a
sec
wait.
A
second
I
need
to
make
sure
that
this
is
gone.
A
I
actually
need
to
check
it
over
there.
Is
it
almost
almost
yes,
oh
another
one,
it
gotta
be
kidding
me
man.
There
we
go
all
right,
so
one
thing
show
offense
how
many
people
are
actually
working
for
an
Enterprise
right
now,
Enterprise
organization,
okay,
and
of
those
hands
that
are
up
who
is
not
using
kubernetes
at
this
point?
A
Okay,
you
guys.
Okay!
So
that's
a
very
interesting
thing
if
you
want
to
know
how
to
convince
your
company
to
work
and
to
use
kubernetes.
A
First
of
all,
you
have
to
understand
respect
your
organization
right,
A,
lot
of
people
think
like
okay,
the
organization
is
stupid,
they
don't
use
kubernetes
and
that's
super
bad
and
we're
going
to
just
fight
the
organization.
That's
not
what
you
do.
You
work
with
the
organization
they're
there
for
for
a
reason,
you
make
sure
you
follow
the
process.
A
You
talk
to
the
right
people
get
people
together,
make
sure
that
you
understand
what
you're
doing
you
also
understand
the
perspective
of
management
like
I
can
say
all
kinds
of
things
without
actually
say
yeah.
We
need
to
use
kubernetes.
We
need
to
do
this
or
that
or
whatever,
but
in
the
end
management
has
a
different
mindset.
They
don't
know
about
containers,
they
don't
know
about
clusters,
they
want
to
know.
Does
the
business
work?
Can
it
continue
to
work?
Are
we
in
control?
A
Are
we
not
creating
like
weird
risks
like
they
need
to
ensure
business
continuity,
and
you
need
to
make
the
case
that
the
kubernetes
make
sure
that
you
can
actually
have
a
better
business
continuity,
and
if
that
doesn't
work,
you
just
basically
ask
for
forgiveness,
because
you're
just
going
to
do
it
anyway,
roll
it
out,
maybe
show
something,
and
then
you
can
back
for
permission
later
and
if
that
doesn't
work,
you
should
apply
somewhere
else.
We're
hiring.
B
Thank
you
siren
that
was
brilliant.
Thank
you
very
much,
you're
welcome
and
and
I
was
just
I
was
just
talking
with
with
hairs
from
that.
B
The
the
very
first
item,
respect
your
the
organization,
seems
kind
of
obvious,
but
it
isn't
bringing
something
in
new
requires
courage,
of
course,
but
also
respect
for
those
that
were
not
thinking
it
or
that
didn't
want
it.
So
you
have
to
have
your
own
way
to
exactly
to
talk
it
through
yeah.
So
thank
you
very
much
very.
B
Oh
I'm,
sorry
I'm!
Sorry,
where
are
you
going
stay
here?
Questions
please?
Yes,
we
have
one
over
there.
We
have
one
that
skip
that.
One.
D
Hi,
thank
you
for
your
presentation.
I
do
have
one
question
I'm
here:
yeah
yeah,
so
I
agree
with
the
not
templating
your
yamos,
but
what
about
templating
your
TFR
files.
A
Templated
TFR
files
for
what
purpose
I'm.
D
Just
asking
you,
okay,
let's
say
I-
want
to
have
one
code
base
from
terraform
from
which
I
can
inject
different
tier
four
of
us
for
different
environments,
for
instance.
Yes,
so
you
can.
A
Like
dfr
files
is
kind
of
different
right,
the
problem
with
templating
yaml
is
you
can
create
all
kinds
of
problems
there.
This
white
space,
that
that
is
an
issue
you
don't
know
what
it
looks
like
in
the
end,
but
TFR
files
is
basically
just
a
flat
file.
So
I
think
that's
perfectly
fine
to
template.
You
don't
have
the
same
problems
with
just
a
flat
file
that,
as
it
is
with
yamo.
E
Hey
thanks
for
your
talk.
There
was
a
diagram
s
that
were
pinned
that
a
certain
version
like
Hellman,
Splunk
and
so
on.
What
is
the
update
strategy
for
those
components?
If
there's
any.
A
No,
so
like
yeah.
Basically,
you
can
do
that
by
hand,
of
course,
but
that's
not
going
to
work
like
you
have
also
like,
because
we
we're
using
getoffs.
You
can
use
something
like
dependabot
to
upgrade
certain
types
of
things,
but
not
everything
can
be
easily
upgraded,
so
we
have
to
look
at
it
per
component
on
how
to
see
and
how,
specifically
for
day
two
operations
and
that's
something
that
because
we're
in
the
Forefront
of
the
kubernetes
world
and
the
cloud
transformation.
We
are
also
looking
at
things
like
this
and
how
to
do
that
correctly.
F
I
I
think
you
already
mentioned,
but
I
missed
it,
but
probably
how
are
you
managing
Secrets
in
the
cluster
I
I
didn't
see
it.
A
Well,
we
use
cubesio
in
the
beginning,
but
that's
like
a
a
there's,
a
lot
of
overhead
to
cubesio,
because
you
have
to
cycle
the
keys
and
stuff
like
that.
We
don't
want
to
do
that.
We're
now
using
external
secrets.
So
most
secrets
are
in
the
secrets
manager
in
AWS,
but
we
expose
the
secrets
via
external
secrets.
So
it's
for
it's
in
the
classes,
so
the
application
can
just
consume
the
secrets.
B
G
Question
Sharon
yeah:
is
there
anything
you
can
share
about
what
your
organizational
Team
Dynamics
look
like
to
enable
all
those
repositories
and
all
those
structures,
because,
if
you're
trying
to
build
these
for
developers
we're
trying
to
enable
developers,
then
are
there
any
structures
in
place
to
have
them
productive
for.
A
A
Okay,
yeah
so
for
this
particular
instance
of
kubernetes
clause
that
we
have
right
now,
everything
is
coming
from
offshore,
so
the
developers
don't
necessarily
interact
directly
with
the
cluster.
They
basically
deliver
the
turbo
and
make
sure
with
our
cicd
system,
that
a
Docker
image
is
automatically
created,
so
they
don't
interact
with
the
cluster.
Like
that,
however,
we
are
looking
at
forming
a
platform
team
which
we're
going
to
answer
that
exact
question,
but
conversations
are
still
ongoing.
B
Thank
you
very
much
Sherwin,
please,
one
more
for
showing.
B
B
The
mic
is
still
on
okay,
so
we
are
going
after
after
the
last
keynote.
We
are
going
to
go
everyone
we're
going
to
be
serving
drinks
in
the
sponsor
area
and
around
six,
maybe
a
little
bit
later.
We
are.
There
are
too
many
Italians
in
the
team
to
make
it
on
time,
so
we
are
going
to.
We
are
going
to
move
and
our
barbecue
vegan
barbecue
in
the
bar
area.
Okay,
thank
you.