►
From YouTube: Deckhouse Kubernetes platform and what makes it special
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone.
Today
we
will
talk
about
deck
house,
kubernetes
platform
and
what
makes
it
special
so
a
couple
of
words
about
myself.
My
name
is
Maxim
nabokik
and
there
is
a
link
to
my
GitHub
account
and
I'm,
currently
working
for
the
company
called
plant.
You
may
know
about
this
company
because
of
our
tech
block
with
illustration
of
little
ants
and
now
I'm,
the
architect
of
the
Dex
house
kubernetes
platform.
So
in
my
free
time
I
am
the
maintainer
of
the
popular
cncf
project
called
Dex.
A
A
Yeah
and
kubernetes
is
the
complicated
thing.
So
maybe
on
top
of
it,
you
can
find
some
familiar
stuff
like
Docker
pods,
you
can
run
some
workloads
using
Coop
control
run
command,
which
is
actually
pretty
cool,
and
there
are
also
resources
that
are
easy
to
understand,
like
Secrets,
config,
Maps
jobs.
But
if
you
want
to
run
proper
production,
kubernetes
cluster,
you
need
to
go
deeper
and
that's
where
you
find
challenges
like
how
to
run
stateful
applications
in
your
cluster,
how
to
write
your
own
custom
resource
definitions:
how
to
monitor
your
cluster?
A
What
is
horizontal,
put
out
a
scale
and
vertical
part
of
the
scale?
What
is
multi-tenancy
about
authentication
about
authorization
about
service
mesh,
about
not
local
DNS?
What
is
CSI,
what
is
cni?
What
is
CRI
and
I
promise
if
you
decide
to
walk
this
pass,
you
will
find
yourself
one
day
in
the
middle
of
the
night,
patching
some
kubernetes
control
playing
components,
writing
key
apps
to
communities
on
directly
interacting
with
dating
your
CD
clusters.
A
A
But
what
do
you
need
to
deploy
a
fully
functional,
kubernetes
I?
Think
you
can
do
it
just
into
steps?
The
first
step
is
that
you
need
to
deploy
kubernetes
somehow
using
your
favorite
tool.
Maybe
you
could
pay
DM,
maybe
cool.
Maybe
could
spray,
maybe
you
can
follow
kubernetes
the
hard
way
guide
it
doesn't
matter
and
for
the
Second
Step.
You
just
need
to
deploy
the
rest
of
your
platform
services.
A
That's
it
and,
of
course,
it's
a
joke.
Of
course.
We
all
understand
that
there
is
a
gap
between
the
first
step
and
the
second
step,
and
that's
why
we
need
platform
and
deck
house
is
the
kubernetes
platform
that
is
capable
of
doing
many
things
like,
for
example,
the
cows
can
provision
Cloud
infrastructure
and
bootstrap
operational
systems,
so
you
can
run
kubernetes
on
top
of
this
service.
A
The
clouds
can
actually
deploy
kubernetes
and
the
cows
can
deploy
also
essential
add-ons
to
your
cluster,
for
monitoring
for
login,
for
authentication
and
other
things,
and
the
cows
also
automatically
manages
and
updates
these
add-ons
and
also
kubernetes
and
also
Cloud
infrastructure.
So
you
do
not
need
to
care
about
this
stuff
anymore.
A
What
makes
the
calls
really
special?
So
there
are
five
points
we
will
discuss
today
and
the
first
one
that
the
cows
is
no
operational
kubernetes
platform.
What
does
it
mean?
So
we
imply
that
the
cows
manages
all
software
on
nodes
and
in
system
name
spaces
and
automatically
provision
set.
For
example,
system
software
nodes,
Linux,
kernel,
CRI
couplets,
are
automatically
managed.
Imagine
that
there
is
a
node,
it's
not
a
real
kubernetes
node
right
now,
it's
just
a
server
virtual
machine
and
there
is
a
decals
agent
installed
on
this
node.
A
It's
not
a
continuous
agent,
it's
more
like
a
system,
G
Unit
and
it
starts
to
provision
a
node
by
deploying
all
necessary
software
on
it,
including
container
runtime
interface
and
couplet.
So
couplet
makes
this
server
a
proper
kubernetes
node
and
with
bootstrap
config.
We
automatically
connect
this
node
to
the
cluster
and
the
most
interesting
thing
about
it
is
that
deck
house
agent
is
also
connected
to
the
control
plane.
So
there
is
a
dedicated
extension
API
server
for
all
the
calls
agents
to
spread
configuration
files
among
them.
A
So
the
Chaos
Agent
knows
the
version
of
all
software
components
on
the
Node
and
if
there
is
no
version
because
downloads
all
necessary
Steps
From,
the
kubernetes
API
and
then
applies
it
to
the
node,
so
kubernetes
course
software
like
control,
plane,
hcd
certificates.
So
these
all
components
are
also
automatically
managed.
A
A
So
inside
of
the
PODS
of
this
diamond
set
is
a
familiar
tool
called
Coupe
ADM
yeah,
it's
slightly
adjusted
to
be
able
to
run
inside
the
container,
but
still
it's
a
familiar
thing,
and
we
all
know
that
Coupe
ADM
deploys
static,
manifests
of
HD
and
for
the
control
plane
manager
and
as
for
the
residence
check,
control,
plane
manager
ensures
that
deployed
static.
Ports
are
running
on
a
node
and
then
demand
set
controller
will
deploy
both
to
the
next
node
and
to
the
last
node,
and
it
works
so
well
like
that.
A
Even
if
there
is
a
power
outage,
so
we
can
just
add
a
new
node
and
label
it
properly
and
then
the
control
plane
manager
will
do
its
job
and
that's
pretty
much
it
and
another
great
thing
about
the
cows
is
that
it
runs
anywhere
like
there
are
lots
of
options
to
run
the
house.
For
example.
The
first
group
of
options
is
popular
clouds
like
Google
Cloud
platform,
Amazon
web
services,
Microsoft
azure,
you
can
run
the
house
on
top
of
these
clouds,
and
the
clouds
is
fully
integrated
with
their
apis.
A
It
can
order
load,
balancers,
disks
and
machines,
and
if
your
company
is
a
government
company-
and
it
doesn't
want
to
accidentally
spill
the
beans-
and
it
only
trusts
private
Cloud
Solutions.
So
it's
also
okay,
the
call
supports
private
clouds,
openstack
VMware,
vsphere
and
bare
metal
installations,
except
that
very
metal
installations
has
no
Auto
scaling
feature
and
the
curls
can
be
also
deployed
on
top
of
managed
kubernetes
solution.
In
this
case
the
accounts
doesn't
punch,
control
plane,
but
still
can
deploy
useful
add-ons
to
the
Clusters.
A
A
That's
also
a
possibility
and
for
the
operation
system,
the
cows
can
be
run
on
top
of
Ubuntu
Debian,
Centos
and
red
hat
Enterprise
Linux,
and
on
top
of
other
Debian
or
centers
based
Linux
distributions,
for
example,
on
top
of
Rocky
Linux
and
which
is
more
important.
Because
clusters
created
with
deck
house
are
entirely
identical
and
no
matter
which
underlying
infrastructure
is
used.
A
You
can
use
hybrid
infrastructures
and
deploy
some
clusters
to
Google
cloud
and
some
clusters
to
your
private
Cloud,
for
example,
to
your
private
openstack,
and
this
will
work
perfectly
and
in
the
interface
of
these
clusters
will
be
the
same
yeah
and
by
following
the
no
operation
approach
and
everything
undergoing
careful.
Pretty
careful
testing
priority
to
release
the
asset
of
our
platform
is
reliability.
So
there
is
a
module
to
measure
SLA
called
up
matter
and
up
method.
A
Does
periodical
checks
to
be
sure
that
every
system
in
the
cluster
is
operational,
not
degraded
and
two
interesting
things
about
upmeter?
The
first
one
is
that
up
meter
can
send
metrics
from
the
cluster.
We
removed
right
to
some
long-term
storage
so
that
you
can
see
the
SLA
for
all
of
your
clusters
in
one
place,
which
is
good
and
admitter
also
deploys
Legends
for
smoke
testing
that
are
migrating
from
node
to
node.
So
you
can
be
sure
that
every
node
in
your
cluster
works
properly
yeah,
and
this
is
the
web
interface
of
that
matter.
A
Module
in
this
picture.
A
You
can
see
that
there
are
glue
groups
of
probes
and
the
first
group
is
opened
and
we
can
see
that
the
basic
functionality
probe
for
the
control
plane
is
failing
and
by
clicking
on
a
pi
we
can
see
for
how
many
seconds
this
prop
is
up
and
for
how
many
seconds
this
prop
is
down
yeah,
and
we
also
can
see
a
percentage
and
if
you
don't
want
to
bother
yourselves
with
historical
data
or
buys
or
percentage,
there
is
a
simplified
status
page,
and
this
status
page
just
shows
you
that,
whether
your
systems
of
the
cluster,
operational
or
degraded
at
the
current
time
moving
further.
A
The
curse
is
an
open
source
project
and
the
house
is
built
on
popular
open
source
tools
like
for
CNA.
We
have
planner
or
synonym
for
monitoring.
We
have
parameters
stack
with
Prometheus
separator
grafana
for
dashboards,
trickster
for
query
cache
and
Vector
to
collect
locks
as
our
security
offerings.
There
is
Dex,
as
our
authentication
provider
set
manager
to
issue
certificates
and
open
policy
agent
as
our
policy
engine
and
for
Network
for
Ingress
controller.
A
We
use
the
most
popular
Solution
on
a
market
called
Ingress
engines,
controller
created
by
kubernetes
team
and
for
the
same
reason
we
use
Easter
because
it's
the
most
popular
service
mesh-
and
we
also
have
some
little
things
to
be-
to
make
the
life
of
users
more
convenient
metal,
B
for
bare
metal
clusters
to
make
them
able
to
load
balance
traffic
and
also
openvpn
server
that
runs
natively
on
top
of
kubernetes
and
provides
access
for
developers
to
service
networks
and
both
networks
for
storage.
There
are
two
options.
A
The
first
option
is
lean
store
and
pirials
operator
managed
by
period
separator,
so
it
can
manage
your
PVC
out
of
the
box
for
the
itself.
We
only
have
a
CSI
driver,
so
you
need
existed
itself
cluster
to
connect
the
account
to
this
safe
cluster
and
SCI
CD
Solutions.
There
are
Helm
and
terraform
that
I
used
internally
by
deck
house
to
provision
infrastructure
and
deploy
modules
for
users.
A
There
is
a
combination
of
arga,
CD
and
Verve
and
all
our
images,
our
platform
images
are
based
on
Alpine
distribution,
because
it's
a
robust,
it's
lightweight
and
all
backs
are
frequently
fixed.
So
there
is
the
mechanism
of
security
updates
for
the
Alpine
distribution,
which
is
actually
pretty
cool,
and
you
can
find
more
info
on
this
page
if
you
want,
because
this
page
is
auto
generated
and
if
we
add
something
new
to
the
house,
you
will
see
this
on.
A
So
we
are
on
landscape
and
you
can
find
more
info
about
decals
by
following
this
link
this
this
the
link
to
our
GitHub
profile
and
the
last
thing
about
deck
house,
which
is
really
cool
and
which
is
I
admire
the
most
is
that
all
the
cloud
services
are
connected
all
together,
for
example,
if
you
want
to
deploy
a
cert
manager
to
a
cluster,
you
need
to
deploy
a
Helm
chart.
This
is
okay,
and
if
you
want
to
deploy
a
Prometheus,
you
can
also
deploy
it
via
Helm
chart.
A
But
if
you
want
Prometheus
to
do
to
use
a
certificates
issued
by
a
cert
manager,
you
need
to
adjust
Prometheus
chart
configuration
a
little
and
for
a
single
chart,
it's
okay,
but
if
you
have
from
7
to
10
charts,
it's
not
so
convenient
right,
that's
where
the
cows
takes
its
place.
So
in
the
house
there
is
a
logic:
how
to
configure
all
modules
globally.
A
For
example,
if
there
is
a
search
manager
enabled
in
the
house,
we
need
also
to
check.
Is
this
a
private
environment
or
not?
So
if
assert
manager
is
enabled-
and
there
is
a
private
environment,
we
try
to
use
self-signed
certificates
for
all
the
calls
modules.
So
if
environment
is
not
private,
we
will
use,
we
will
try
to
use
let's
encrypt
certificates.
If
certain
managers
disable
that's,
not
a
problem,
we
can
disable
https,
so
only
HTTP
will
be
available
into
the
cluster.
A
Another
great
example
is
authentication,
so
if
Dex
is
enabled
in
the
cluster,
so
we
can
deploy
or
else
to
proxy
and
configure
all
Ingress
resources
for
our
modules
to
use
these
or
else
to
proxy,
with
the
auth
request
module
for
authentication.
So
if
Dex
is
disabled,
we
can
just
generate
some
basic
authentication,
passwords
yeah
for
some
development
processes
purposes.
This
is
also
good
and
not
only
connected
Services
make
the
house
great.
There
are
also
managed
services,
for
example,
grafana,
so
grafana
is
not
so
Cloud
native
here.
A
Grafana
needs
a
database,
an
SQL
based
SQL
database
like
MySQL
and
to
run
it
on
top
of
kubernetes.
You
need
to
create
a
persistent
volume
resistant
volume
claim,
and
this
also
not
so
convenient,
so
our
grafana
is
managed
and
our
girlfriend
is
controller
by
our
own
set
of
custom
resources
like
grafana
dashboards
for
dashboards,
to
add
a
data
source
to
graphene.
You
can
typograph
an
additional
data
source
resource
and
for
to
connect
their
funnel
to
alert
manager.
A
You
can
deploy
grafana
alerts,
Channel
resource
and
the
same
goes
for
Dex,
so
Dex
is
not
capable
of
being
configured
by
custom
resources,
so
we
created
our
own
set
of
custom
resources
and
the
cows
can
configure
decks
with
this
set
of
custom
resources.
Also,
we
discussed
how
great
the
cows
is,
but
how
to
install
one
so
to
install
the
house.
You
need
a
personal
computer
or
a
dedicated
installations
here
and
access
to
the
cloud
site,
so
the
installation
is
based
on
two
configuration
files.
A
The
first
file
is
called
config
camel
and
in
this
file
we
describe
the
first
state
of
our
kubernation
kubernetes
cluster.
Like
the
kubernetes
version,
the
state
of
the
house
modules
some
provider
specific
settings
like
whether
we
want
to
deploy
cluster
to
existed
VPC.
Maybe
we
want
to
add
some
security
groups
to
change
flavor
for
the
master
nodes
and
so
on
and
the
second
file,
it's
not
an
ordinary
config
file.
A
So
in
this
file
we
put
resources,
kubernetes
resources
that
we
want
to
deploy
right
after
the
cluster
will
be
ready
for
using-
and
this
is
great
because
everything
in
the
house
is
a
custom
resource
and
to
deploy
additional
nodes.
You
need
to
also
deploy
a
custom
resource
to
deploy
Ingress
and
drinks
controller.
You
need
to
deploy
a
custom
resource,
so
we
will
use
these
two
things
to
provide
access
to
the
cluster
right
after
it
is
deployed.
A
We
give
these
two
configs
to
our
CLI
tool,
called
deck
house
control
and
this
tool
uses
terraform
under
the
hood.
To
deploy,
firstly,
to
deploy
basic
infrastructure
to
the
cloud
like
network
security
groups
SSH
case,
and
then
it
uses
a
second
terraform
file
to
deploy
a
first
control
plane
instance.
Then,
the
curse
control
connects
to
this
instance
by
SSH
and
installs
kubernetes
onto
this
first
Master
node
yeah
and
after
this
it
installs
the
deck
house
controller
to
this
kubernetes
cluster,
and
now
that
the
cows
controller
becomes
in
charge
of
configuring
these
clusters.
A
A
A
So
there
is
a
kubernetes
cluster
created
on
a
previous
step
with
the
house
on
board
and
there
is
a
register,
the
house
dot
IO
somewhere
in
the
cloud
and
in
this
registry
there
are
container
images
with
newer
versions
of
deck
house,
and
there
is.
There
is
also
a
special
image
with
the
text
table.
This
is
not
an
ordinary
image.
This
is
an
oci
formatted
image
and
there
is
no
operation
system
or
binaries
in
this
image.
There
is
also
there's
only
a
single
EML
file
with
information
about
the
upcoming
release.
A
A
Yeah,
the
cows
is
updated.
There
are
some
great
things
about
decals
releases
and
the
first
one
is
release
channels.
Remember
that
previously
we
pulled
our
updates
from
the
image
with
the
text
table,
so
this
text
corresponds
to
one
of
release:
channels
from
less
stable
to
most
tables,
Alpha
Beta,
Early,
Access,
stable
and
Rock
Solid.
So,
for
example,
for
Alpha
Channel,
you
will
receive
the
most
fresh
and
yet
less
tested
updates.
A
So
you
can
also
declare
some
maintained.
Maintenance
windows
in
your
deck
house
configuration
so,
for
example,
maybe
you
want
to
receive
the
house
update
only
on
Friday
evenings.
That's
also
a
lot.
We
cannot
charge
you
for
this
and
if
you
want
to
have
fully
full
control
of
your
decals
updates,
you
can
set
the
updating
modes
to
manual
and
then
you
will
receive
some
notifications
about
upcoming
releases
waiting
for
your
approval,
using
webhook
notifications
or
alerts.
And
if
you
receive
such
message,
you
know
you
just
need
to
go
to
the
cluster
and
run
the
following
comment.
A
A
So
it's
pretty
convenient
because
you
have
a
history
of
releases
line
in
your
cluster
and
we
also
have
a
dedicated
dashboard,
which
is
called
flow
decalcio
for
all
releases
on
every
release,
Channel,
and
we
also
have
dates
of
upcoming
release
on
this
site,
and
we
created
this
thing
because
we
want
to
make
the
process
of
updating
the
cows
as
transparent
as
possible,
and
the
final
conclusion
is
that
kubernetes
is
a
great
ecosystem.
Yet
it's
an
iceberg
and
you
do
not
want
to
touch
Iceberg
with
your
bare
hand,
because
it's
sharp
it's
cold.
A
You
want
some
kind
of
a
box
to
ship
this
Iceberg
and
you
want
this
box
to
be
wrapped
and
with
the
ribbon,
and
this
is
what
is
made
by
deck
house.
This
is
the
final
slide
of
the
presentation.
Thank
you
so
much
for
coming.
So
if
you
are
willing
to
install
the
cows,
there
are
links
below,
and
it
would
also
be
great
if
you
can
go
to
the
GitHub
account
and
click
a
star
button,
because
that's
how
we
know
that
you
liked
our
project,
bye,
bye,
I,
hope
to
see
you
next
time.