►
From YouTube: Cloud Native Live: K8s all the things!
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
Live
where
we
dive
into
the
code
behind
Cloud
native
I'm
your
host
today,
my
name
is
Whitney
Lee
I'm,
a
cncf
Ambassador
and
I'm,
a
developer
Advocate
at
VMware
town
zoo.
So
every
week
we
bring
new
presenters
who
showcase
how
to
work
with
Cloud
native
Technologies.
So
we
build
things
we
break
things
and
we
answer
all
of
your
questions.
Today.
We
have
Cornelia
Davis
here
with
us
to
talk
about
how
to
kubernetes
all
of
the
things
I'm
so
excited
for
today's
presentation.
A
So
this
is
an
official
live
stream
of
the
cncf
and,
as
such,
it's
subject
to
the
cncf
code
of
conduct.
So
that
basically
means
be
respectful,
be
nice
to
yourself
be
nice
to
other
people
and
chat,
be
nice
to
our
presenter.
Be
nice
to
me!
Please
and
I'll
do
the
same
for
you
friends
who
are
joining
us
live,
please
say:
hi
in
the
chat.
Tell
us
where
you're
tuning
in
from
I
love
the
magic
that
is
streaming
and
if
you
have
questions
during
the
presentation
today,
please
do
add
them
to
chat.
A
We
want
today's
cup
the
presentation
to
feel
like
a
conversation,
so
ask
your
questions.
Don't
be
shy
and
with
that
I'm
going
to
hand
it
over
to
Cornelia
Davis
to
kick
off
today's
presentation,
Cornelia
take
it
away.
Thank.
B
You
so
much
and
I'm
gonna
do
a
little
bit
of
a
fan
girl
stuff
here
for
a
moment.
I'll
tell
every
one
of
you
who
are
listening
that
I
joined
15
minutes
ago
a
little
early
for
this
live
stream
and
was
so
surprised
to
see
Whitney
I
didn't
know
she
was
going
to
be
hosting,
and
she
doesn't
know
me
of
course,
but
I
know
her,
of
course,
because
I've
watched
lots
of
your
videos
Whitney.
So.
A
B
Pretty
great,
so
all
right,
so
with
that
some
of
you
maybe
know
my
my
presentation
style.
You
know
that
I
use
slides,
but
I
promise
promise
promise.
We
will
not
get
bored
and
we
will
not
read.
Slides
I've
got
some
diagrams
and
those
types
of
things,
but
so
without
further
Ado.
Let
me
jump
over
to
my
slides.
Oh
I.
Guess
I
need
to
share
it
right.
Whitney,
I,.
B
Had
to
go
back
and
okay,
so
let
me
go
ahead
and
start
the
slideshow,
so
so
the
first
thing
that
I
want
to
tell
you
by
the
way
Whitney
and
I
talked
about
this
ahead
of
time.
So
Whitney
is
going
to
be
watching
the
chat.
I
can't
see
it,
of
course,
because
I'm
presenting
my
slides,
but
if
you
have
questions
we're
going
to
take
questions
throughout
the
presentations,
so
Whitney
will
absolutely
interject
and
and
bring
your
questions
forward,
and
all
of
you
know
Whitney
as
well.
B
A
B
That
is
awesome.
That
is
really
amazing.
Super
cool
well
good
morning,
good
afternoon,
good
evening
and
maybe
good
middle
of
the
night
for
some
of
you.
Thank
you
for
coming.
I
I!
Don't
take
that
lightly.
So
I
really
appreciate
you
spending
this
time
with
us,
so
so
the
first
thing
that
I
want
to
tell
you
is
when
I
say
kubernetes
all
the
things
some
of
you
might
be
thinking.
Well,
hang
on
I
can't
containerize
everything,
there's
some
things
that
just
are.
It
doesn't
make
sense
for
me
to
containerize
everything.
B
Well,
I'm,
not
actually
going
to
ask
you
to
containerize
everything,
kubernetes,
all
the
things
means
containers
and
other
stuff.
So
that's
a
little
bit
of
a
spoiler
alert.
This
is
not
a
talk
about
containerizing
all
the
things.
This
is
a
talk
about
kubernetes,
kuberneting
that
all
the
things
so
so
we'll
jump
from
there.
B
I
am
a
trained
computer
scientist
I
spent
most
of
my
career
as
a
developer
wasn't
Ops,
but
about
10
years
ago
I
had
the
great
Fortune
of
starting
to
work
with
platform
as
a
service,
specifically
Cloud
Foundry
I
was
part
of
EMC,
went
as
a
part
of
the
pivotal
spin-off
and
worked
on
the
cloud.
Foundry
team
for
about
seven
or
eight
years,
which
was
I,
say
I,
was
so
lucky
to
have
that,
because
that
was
really
the
beginning
of
this
transformation
over
to
the
world
that
we
live
in
today.
B
For
those
of
you
who
don't
know
Cloud
Foundry
it
it
there
some
of
the
architectural
principles,
in
fact
the
ones
we're
going
to
talk
about
here
today
were
there
in
Cloud
Foundry,
we
had
container
images,
we
instantiated
Linux
containers.
We
had
a
scheduler.
We
had
eventually
consistent
all
of
those
things
that
we're
going
to
talk
about
today,
but
by
the
way,
all
of
those
things
before
we
had
Docker
before
we
had
kubernetes
and
so
I
had
the
great
Fortune
of
starting
to
learn
some
of
these
patterns.
B
We're
going
to
talk
about
today
and
I
realized
very
quickly
that,
even
though
we
called
it
a
developer
platform,
we
called
it
a
Paz
and
we
thought
it
was
all
about
the
developer.
There's
as
much
value
in
Ops,
there's,
maybe
even
arguably
more
valuable
for
operations
than
there
is
for
development.
In
these
types
of
pla
platforms.
That
kubernetes
is
a
part
of
as
a
part
of
that
I
got
to
know
everything
Cloud
native
microservice
architectures.
B
All
of
that
and
in
fact,
I
spent
at
pivotal
I
spent
a
lot
of
time
on
cloud
Foundry,
but
toward
my
the
end
of
my
time
at
pivotal,
I
worked
with
VMware
very
very
closely
on
PKS
pivotal
container
service,
which
was
a
kubernetes
as
a
service,
so
I
think
I've
been
touching
kubernetes
since
2017,
now,
maybe
or
16
somewhere
around
there.
So
quite
sometimes,
and
then
the
other
thing
that
I'll
mention
a
little
bit
of
you
know.
Shameless
self-promotion
is
that
I'm?
B
Also,
the
author
of
a
book
with
Manning
called
Cloud
native
patterns,
which
is
an
a
book
aimed
at
kind
of
application,
Architects
and
developers
to
help
them
understand
things
like
retries
and
circuit
breakers,
and
configuration
management
for
these
highly
distributed,
constantly
changing
web
architectures.
So,
okay,
so
any
anything
any
interjections
right
now,
no.
B
Right
so,
if
you'll
all
bear
with
me,
I
know
that
many
of
you
probably
know
the
content,
that's
in
the
next
two
or
three
slides,
but
bear
with
me
a
second
because
I
might
be
looking
at
it
in
a
slightly
different
way
than
you're
used
to
I.
Also
am
sure
that
there's
some
people
who
are
relatively
new,
who
maybe
don't
understand
these
patterns,
so
I'm,
going
to
spend
just
a
few
minutes
on
kubernetes,
101
and
I'm,
really
going
to
focus
on
what
I
kind
of
call
the
kubernetes
API.
B
So
the
way
that
the
and
I'm
going
to
use
containers
I'm
going
to
actually
use
container
images
and
kind
of
the
standard
use
case
for
kubernetes,
which
is
hey,
I,
want
to
deploy
couple
of
instances
of
an
application.
It
happens
to
be
a
hello
world
application,
so
you
can
see
the
things
that
are
highlighted
here.
What
I
want
running
is
I
want
a
couple
of
instances
of
this
application
running
and
I
want
it
to
be
accessible
via
a
URL.
B
B
Do
this
step
two:
do
that
the
kubernetes
API
takes
a
different
approach
and
it
says
I
like
to
call
it
the
Jean-Luc
Picard
approach,
which
is
hey,
just
tell
me
what
you
want
done
and
then
the
machine
will
say
make
it
so
and
it'll
be
done,
and
so
it's
a
very
declarative
thing.
So
what
you
see
here
is
it's
just
an
expression
of
what
I
want.
So
that's
the
API.
B
If
you
will
now
the
way
that
this
basic
pattern
works,
is
that
we
have
this
declaration
on
the
left
hand
side,
and
we
want
to
see
it
instantiated
in
some
runtime
environment,
so
you're.
If
those
of
you
who
are
a
little
bit
more
versed
in
kubernetes,
you
might
be
getting
a
hint
of
where
I'm
going
with
this.
It's
some
runtime
environment,
we'll
talk
a
lot
in
the
next
40
minutes
or
so
about
what
those
environments
look
like,
but
we've
got
some
runtime
environment.
B
So
then,
how
is
that
API
implemented?
Well,
what
happens
is
that
declaration
gets
sent
over
to
kubernetes?
Technically
it
goes
through
the
API
server
I'm,
actually
just
showing
it
here,
where
the
place
that
it
eventually
gets
stored.
There
can
be
some
transformation,
but
in
general,
just
think
of
it
as
hey.
B
Here's
my
that
what
I
want
running
and
I'm
going
to
store
it
in
the
store
for
kubernetes,
which
is
at
CD
and
there's
something
called
a
controller
which
is
watching
that
store
and
it
picks
up
on
what
that
definition
is,
and
this
is
the
implementation
of
the
API.
So
this
is
the
thing
that's
going
to
make
it
so
so
when
I
say
make
it
so,
there's
a
whole
bunch
of
people
on
the
Starship
Enterprise
who
are
going
to
get
all
this
stuff
done.
That's
the
controller!
B
It's
going
to
get
all
this
stuff
done,
so
what
the
controller
does
is
it
sends
things
over
and
it
instantiates
things
over
in
the
runtime
environment,
but
it
does
more
than
that
because
it
also
watches
the
runtime
environment
and
continually
makes
sure
that
the
runtime
environment
is
matching.
What's
on
the
left
hand,
side
now
again
bear
with
me
I
know.
Many
of
you
know
this,
but
in
this
particular
case
in
this
example
for
containers
and
container
deployments.
B
What
is
that
controller
going
to
instantiate?
Well?
First
of
all,
the
first
thing
I
want
to
point
out
is
that
it's
not
a
single
controller,
it's
generally
multiple
controllers.
So
for
things
like
container-based
deployments,
we
have
a
deployment
controller.
We
have
a
replica
set
controller.
We
have
a
Services
controller.
These
are
all
these
Loops
that
are
going
through
standing
things
up
in
the
runtime
environment
and,
if
necessary,
correcting
things
in
the
runtime
environment
to
make
sure
that
it
always
matches
up.
B
So
in
this
particular
example,
we
when
we're
deploying
doing
something
with
the
deployment
well
we're
going
to
instantiate
pods
on
worker
nodes
in
the
kubernetes
environment,
but
you'll
notice
that
I
also
just
showed
you
that
the
runtime
environment
isn't
just
worker
nodes.
It's
not
just
kubernetes.
It's
also
infrastructure
that
sits
out
of
kubernetes
outside
of
kubernetes.
So,
for
example,
in
this
case,
I
ask
for
a
load
balancer
to
give
me
that
connectivity
to
my
Hello
World
app
well.
That
controller
is
also
going
to
set
up
the
load
balancer.
So
you
can
see
that
that's.
B
B
So
the
last
thing
that
we
need
to
think
about
here,
though,
is
that
controller
doesn't
necessarily
have
to
run
inside
of
kubernetes
and
I
was
on
a
a
live
stream
quite
a
number
of
years
ago
with
Kelsey
Hightower.
Yes,
that
Kelsey,
where
he
actually
did
a
demo
where
he
was
running
the
controllers,
just
natively
on
his
local
machine.
He
wasn't
running
them
as
a
process
within
kubernetes,
but
usually
we're
installing
these
controllers
into
kubernetes
and
I'll
talk
a
little
bit
more
about
how
that
happens.
B
Okay,
now
the
last
thing
about
this
kubernetes
101
is
again
I
wanted
to
point
out
to
you
that
these
controllers
often
run
in
kubernetes
and
you'll,
see
later
on
that
oftentimes.
Those
controllers
are
running
as
pods,
but
the
controllers
that
I
talked
about
here,
the
deployment
controller,
the
replica
set
controller,
the
services
controller.
They
don't
run
as
pods,
because
you've
got
this
chicken
egg
problem
like
I
need
those
things
to
run
kubernetes
to
be
able
to
run
containers.
B
B
Cluster
I,
it's
a
single
node,
so
it's
the
control
plane
and
what
you
can
see
here
is
that
I
just
did
a
psef,
so
you
can
see
the
processes
and
of
course,
I
didn't
show
you
all
of
them,
but
you
can
see
right
here
that
the
coupe
controller
manager,
that's
what's
running
that
continuous
reconciliation.
That's
looking
over
at
the
runtime
environment,
okay,
so
it's
kind
of
fun
to
dig
into
the
the
lower
level
details
to
see
where
these
processes
are
running
and
you'll
see
how
it
changes
as
we
go
along
all.
A
B
Isn't
on
that
is
a
fantastic
question.
You
know
what
Whitney
I'm
gonna
hold
off
on
that,
because
okay,
an
example
of
that
later
cool
thank.
A
B
When
you're
running
a
kubernetes
cluster
on
my
kind
cluster
or
I'm
running
it
on
Virtual
machines
or
I'm
running
it
on
bare
metal,
yes,
it
will
be
processes
like
this,
but
you'll
see
in
just
a
little
bit
that
there's
there's
some
exceptions
to
that
cool
it.
It's
pretty
fun.
So,
okay,
so
just
summary:
the
core
kubernetes
pattern
is
this:
oh,
and
what
happened?
I
I,
I,
I
updated
this
slide,
I'm,
not
sure
where
it
went.
B
Oh
I
think
maybe
I
updated
it
in
the
wrong
place,
we'll
see
so
here's
the
core
pattern:
I've
got
a
declaration.
I've
got,
and
these
are
the
terms
I'm
going
to
use
from
now
on,
I'm
going
to
use
desired,
State
and
actual
State,
and
then
the
API
implementation
is
the
controller.
That's
reconciling
those
two
things.
Okay,
so
that's
the
core
pattern
that
we're
going
through.
B
So
then
what
else
can
I
apply?
This
core
pattern
to
one
of
the
things
that
I'm
very,
very
fond
of
saying
is
that
kubernetes
is
often
thought
of
as
a
container
orchestration
engine,
but
that's
just
use
case
one.
What
I
just
went
through
the
101?
That's
just
use
case
one
kubernetes,
the
folks
that
created
this
and
I
just
had
the
great
pleasure
of
watching
Brendan
Burns
talk
about
this
a
few
weeks
ago
at
a
Meetup
up
in
Seattle.
He
talked
about
kind
of
the
Genesis
and
the
the
whole
history.
B
They
were
so
smart
to
think
about
these
extensibility
points
and
the
ability
to
take
this
core
pattern
that
gave
us
abstractions
that
allow
us
to
use
that
same
core
pattern
and
apply
it
to
a
number
of
different
things.
Now
those
patterns
were
there
when
I
first
started
working
with
kubernetes
in
2016
or
2017.
B
I
will
tell
you
from
experience
that
we
were
talking
about
applying
this
to
other
patterns,
applying
this
pattern
to
other
things,
maybe
five
years
ago,
but
it
was
still
pretty
nascent.
There
was
work
on
cluster
API
which
we're
going
to
talk
about
in
just
a
moment.
There
was
work
in
a
few
other
places,
but
there
wasn't
a
lot
of
it
these
days.
Oh
my
gosh.
This
pattern
is
being
applied
in
so
many
different
places,
and
that's
what
I'm
going
to
show
you
today.
B
So
what
else
can
we
apply
this
pattern
to?
Well,
I'll
tell
you
that
we're
going
to
look
at
three
other
examples
and
they're
all
going
to
be
kind
of
infrastructury
and
you'll,
see
where
I'm
going
with
this
as
we
go
along
okay.
So
we
talked
about
clusters
and
what
I'm
talking
about
here
is
kubernetes
clusters,
not
other.
You
know
virtual
machine
clusters
or
anything
like
that.
Talking
about
kubernetes
clusters,
so
remember,
just
a
moment
ago,
I
talked
about
the
fact
that
I
had
a
kubernetes
cluster
and
that
I
had
these
controllers
running
in
the
cluster.
B
But
how
do
I
actually
instantiate
that
cluster
and
again
Kelsey
was
very
famous
for
writing
up
kubernetes
the
hard
way,
and
it
has
been
hard
for
a
long
time,
and
so
we've
been
one
of
the
things
that
we're
doing
is
we're
applying
this
kubernetes
pattern,
which
gives
us
all
sorts
of
advantages
like
higher
levels
of
resiliency
and
easier
management,
maintenance
and
all
of
those
things
I'm
not
going
to
talk
about
all
of
those
in
detail
today.
But
we
get
all
sorts
of
benefits
from
this
basic
pattern.
B
B
So
I'm
just
expressing
what
I
want
here's,
what
I
want
and
we're
going
to
make
it
so
so
what
does
that
look
like
then,
with
this
basic
pattern?
So
we've
got
the
Manifest
on
the
left
hand,
side
on
the
right
hand,
side
we've
got
the
runtime
environment.
Now,
in
the
past,
I
showed
you
that
the
runtime
environment
was
a
kubernetes
environment,
so
we
had
the
worker
nodes.
We
also
had
some
infrastructure
in
this
particular
case.
I,
don't
have
kubernetes
nodes
in
my
runtime
environment.
I
just
have
infrastructure
that
infrastructure
could
be
a
cloud
provider.
B
One
of
the
the
big
or
the
smaller
Cloud
providers
could
be.
Vmware
could
be
bare.
Metal
I've
got
some
infrastructure.
That's
all
I
have
now
I
also,
but
remember
that
the
pattern
is
a
controller.
Is
the
implementation?
It's
the
thing
that
makes
it
so
so
I've
got
a
controller
and
again
there's
multiple
controllers:
I've
got
a
controller.
That's
going
to
handle
provisioning
of
machines.
I've
got
a
controller,
that's
going
to
handle
how
I
distribute
those
machines
across
the
cluster
number
of
control,
plane,
nodes,
a
number
of
worker
nodes,
and
so
on.
B
So
I've
got
this
controller
and
I'm
going
to
ask
you
to
suspend
disbelief
for
just
a
moment
of
where
this
controller
is
running,
we're
going
to
get
to
that
in
just
a
moment.
But
what
is
it
that
the
controller
is
going
to
be
provisioning
and
then
watching
and
making
sure
stays
healthy?
Well,
it's
gonna
create
some
control,
plane
nodes
and
it's
going
to
create
some
worker
nodes.
So
it's
actually
going
to
create
the
kubernetes
cluster.
B
So
now
here's
the
question:
where
does
that
controller
run?
Now
I
told
you
just
a
little
bit
ago
the
controllers
technically
they're
just
processes,
and
you
can
run
them
anywhere
and
you
could
so.
You
could
concoct
a
whole
way
that
you
can
have
these
controllers
deployed
and
then,
of
course,
the
controller
is
going
to
need
to
look
at
some
state
store
to
get
the
state,
which
is
the
Declaration
on
the
left
hand,
side.
B
Well,
you
know
what
I
have
enough
kind
of
Ideal
environment
to
run
these
types
of
controllers,
and
it
also
includes
a
state
store
like
FCD.
Why
wouldn't
I
just
run
this
controller
inside
of
kubernetes
and
the
answer
is
yeah:
that's
usually
how
it
works.
Usually
we're
deploying
cluster
apis,
so
we're
deploying
the
API
into
an
existing
kubernetes
cluster.
B
So
you
might
have
a
bootstrapping
cluster.
It
could
be
a
kind
cluster.
It
could
be
another
infrastructure
cluster.
It
you're
generally
going
to
have
something
where
you're
going
to
deploy
this
controller,
which
is
now
going
to
and
you're
going
to
configure
that
controller
with
pointers
over
to
the
infrastructure.
Cloud
accounts
those
types
of
things
and
then
that
controller
is
going
to
be
able
to
do
its
business.
A
Sense,
if
you
use
just
like
a
local
kinds,
cluster
to
bootstrap
like
real
infrastructure,
that
you
think
you're
going
to
run
later.
That
seems
like
a
lot
of
pressure
to
put
on
your
your
little
local
laptop
on
your
little
local
places
like
once.
Your
real
infrastructure
is
bootstraps.
Can
you
move
that
management
cluster
to
be
something
that's
more
formal
than
just
a
kind
cluster
on
your
laptop.
B
Indeed,
so,
I
I
promise
you
all
that
that
we
didn't
practice
this
Whitney's,
just
so
good
at
asking
just
the
right
question
at
the
right
time.
B
You
might
notice
on
the
slides
is
I
just
clicked
a
couple
of
times.
Is
that
what
we're
going
to
do-
and
this
is
part
of
the
cluster
API
specification-
is
that
this
is
all
implemented
in
that
open
source
project
in
cluster
API.
We're
going
to
do
what
cluster
API
calls
a
pivot
and
what
we
do
is
we
effectively
move
the
state
from
that
bootstrapping
cluster,
because
now,
once
we've
set
up
that
control
plane
and
in
fact,
usually
we
just
do
it
in
the
control
plane.
B
B
A
B
There
there's
a
couple
of
answers
to
that.
One
is,
of
course,
backup
and
restore
so
leveraging,
backup
and
restore
capabilities,
and
many
many
folks
do
in
fact,
in
their
in
their
production
clusters,
will
have
backup
and
restore
capabilities
that
are
happening
on
a
regular
basis
and
they
have
that
as
a
part
of
their
workflows
and
so
on.
B
Now,
one
of
the
things
that
I
didn't
talk
about
is
that
after
I
left,
pivotal
I
spent
18
months
at
weaveworks,
so
you
might
also
know
that
I'm
a
bit
of
a
get
get
Ops
fan,
so
one
of
the
other
things
is
and
I
haven't
emphasized.
This
in
in
Alexis
would
be
so
disappointed
in
me
that
one
of
those
advantages
of
this
declarative
approach
is
that
I
could
leverage
things
like
get
Ops
where
I
can
have
all
of
my
declarations.
B
If
you're,
if
you've
got
a
use
case
where
you
can
tolerate,
it
also
depends
on
how
you're
going
to
to
lay
out
your
your
infrastructure,
if
you're
already
going
across
different
regions,
maybe
you
don't
do
a
backup
or
store,
because
you
you
expect
a
region
to
be
up
and
your
load
balancers
are
just
doing
adjustments
and
you
can
use
more
of
a
get
Ops
approach
to
stand
up.
Another
region
because
you've
lost
a
region
or
you've
lost
something.
So
it
really
depends
on
how
your
overall
infrastructure
looks
and
what
your
slos
are.
B
All
right,
so
we've
done
this
pivot
and
now
as
soon
as
we've
done,
the
pivot
that
same
pattern
that
we
see
in
the
middle
of
the
slide
is
happening
on
the
right
hand,
side
of
the
slide
and
oh
I
lost
a
there's
supposed
to
be
a
little
blue
thing
that
came
up
here.
I
was
struggling
with
my
animations,
but
this
Loop
that
we
saw
here
there's
a
loop
here,
that's
happening
as
well,
so,
on
the
right
hand,
side
I,
don't
know.
Can
you
see
my
cursor
when
I
move
it
I.
A
Can
but
we
have
had
some
words
that
the
slide
font
is
small
I
think
people
are
just
having
trouble
once
you
get
to
that
second
level,
but
I
do
have
a
question
sure
or
a
question
from
the
audience
which
is:
do
you
have?
Do
you
recommend
any
certain
learning
source
to
learn
how
to
do
a
proper
backup
and
restore
capabilities?
You
know.
B
I,
don't
have
anything
offhand,
you
might
know
something
better
than
I.
Do
there
are
cncf
projects?
What
reminders.
B
Valero
is
is
certified
and
is
used
in
a
lot
of
Open
Source
installations,
but
also
in
in
a
tremendous
number
of
commercial
products,
so
I
don't
have
any
resources
off
the
top
of
my
head.
Of
course
you
have
to
understand
the
patterns
as
well.
Anything
from
you,
Whitney.
B
B
So
here
is
it's
just
it's
a
coupe
cuddle
get
pods,
so
I'm,
just
getting
the
pods
here
on
a
capy
managed
kubernetes
cluster.
So
this
right
here
is
the
cluster
on
the
right
hand,
side
after
I've
done
the
pivot.
Okay,
so
I've
done
the
pivot.
The
controllers
are
running
inside
of
kubernetes
I've
got
SCD
all
of
that
stuff
running
inside
of
kubernetes,
and
so
what
I
want
to
point
out
to
you
here
is
just
I've.
Bolded
I've
shown
you
a
few
other
things
that
are
running
in
here
and
I'm.
B
Sorry,
this
isn't
super
beautifully
formatted,
but
I
really
bolded.
The
things
that
I
want
to
draw
your
attention
to
is
that
here
are
those
controllers,
so
you
can
see
here
that
there
is
a
Cappy
controller.
This
is
kind
of
the
base
controller.
That
is
part
of
the
open
source,
but
if
you
remember,
when
I
was
showing
you,
the
Declaration
I
called
out
that
we're
doing
things
with
AWS.
Well,
here's
a
controller
at
the
very
top,
the
Kappa
controller
CAPA.
B
That
is
the
controller.
That's
doing
AWS
specific
things.
It's
communicating
out
to
the
AWS
Cloud,
for
example.
So
if
that's
where
it's
doing
this
AWS
specific
things
here
are
the
things
that
happen
across
all
of
the
different
providers.
So
those
are
the
Cappy
things.
Remember
that
the
Declaration
said
something
about
hey
you're,
going
to
choose
how
you're
going
to
bootstrap
this
cluster
and
I
said
it's
using
Cube
atom.
Here
you
can
see
the
controller
and
again
you
can
see
the
in
the
name.
B
These
are
all
controllers,
so
it's
a
series
of
controllers
that
are
doing
its
job,
so
these
are
and
there's,
of
course,
some
web
hooks
for
communication
as
well.
The
actual
controllers
are
down
here,
but
up
here
we've
got
a
number
of
things
that
are
the
web
hooks
that
are
connecting
into
those
controllers.
B
So
in
this
particular
case,
I
showed
you
when
we
were
that
the
original
controllers
for
like
deployments
and
services
and
those
types
of
things
were
running
as
processes
on
the
control
plane
node
in
this
particular
case,
we're
not
doing
deployments
we're
doing
clusters
they're.
The
controllers
are
all
running
as
pods
in
the
kubernetes
cluster
itself.
B
All
right,
so
that
was
clusters
now
what
about
virtual
clusters
now?
First
of
all,
many
of
you
are
probably
like
what
the
heck
is
a
virtual
cluster,
because
this
concept
is
a
bit
newer.
So
what
I'm
going
to
do
is
I'm
not.
This
is
not
a
talk
on
Virtual
clusters.
There
are
a
lot
of
really
great
talks
out
there
on
Virtual
clusters
and
I
I'd
be
happy.
B
If
you
can
ping
me
or
you
can,
you
know
we'll,
maybe
put
it
somehow
in
the
show,
notes
or
something
I
can
dig
up
a
I
watched,
a
fantastic
video,
the
the
other
day
on
video
on
V
cluster,
so
I
can
share
that
as
well.
B
But
I
want
to
use
this
diagram
just
to
explain
it
a
high
level.
What
V
cluster
is
doing.
What
V
cluster
is
doing.
Is
it's
saying
that,
instead
of
standing
up
this
big
old
cluster,
where
I've
got
let's
say
virtual
machines
or
physical
machines
for
control
planes
and
for
workers,
I
just
want
something,
that's
going
to
look
and
act
and
be
a
kubernetes
cluster,
but
it's
far
more
lightweight.
So
how
can
I
do
that?
Well,
I'll.
B
Tell
you
I've
been
doing
kubernetes
long
enough
that
there
have
been
a
number
of
different
ways
that
people
have
tried
to
do
this.
What
V
cluster
in
particular
has
done
is
it
has
said
well
how
about,
if
we
take
a
big
old
cluster,
that's
what's
showing
here
on
the
lower
part
host
cluster.
That's
what
we're
calling
a
host
cluster!
That's
a
kubernetes
cluster!
How
about?
If
we
take
that
and
we
partition
it
up
into
smaller
pieces
and
have
each
one
of
those
smaller
pieces
act
like
a
full-fledged
kubernetes
cluster.
B
This
is
different
from
namespaces
name
spaces.
You
still
have
a
single
cluster
and
you're
partitioning
that
cluster
up
into
namespaces,
but
there's
certain
things
that
are
only
at
the
global
cluster
level.
So
things
like
these
definitions
of
you
know
these
installations
of
controllers,
for
example,
those
are
kubernetes
cluster
wide
I've
got
CL
various
policies,
you
know
security
policies,
some
of
those
are
cluster
wide
and
so
namespaces
are
still
a
single
cluster
and
we're
partitioning
in
in
a
in
a
different
way
level
of
granularity.
B
A
What
is
what
I'm
going
to
rephrase
what
you
said-
and
you
can
tell
me
if
I
have
it
right
so
so
kubernetes
is,
is,
is
difficult
to
tenetize
like
it's.
It
can
be
difficult
to
have
lots
of
different
teams,
share
the
same
cluster
and
but
it's
expensive
to
give
every
team
their
own,
like
full
cluster.
So.
B
A
The
problem,
yeah
and,
and
so
instead
of
giving
every
team
a
namespace
which
is
problematic,
because
teams
can't
install
tools
into
their
namespace
without
it
being
installed
at
the
root
level.
Yeah
you're
going
to
give
teams
a
virtual
cluster
to
work
with
exactly.
B
Is
that
correct?
That
is
exactly
right,
and
so
what
we
do
with
the
virtual
cluster
is.
We
are
in
fact
it's
so
clever.
We
are,
in
fact,
when
you
deploy
things
into
those
virtual
clusters
and
I'll
show
you
in
a
moment
how
the
virtual
clusters
get
created.
But
when
you
deploy
things
into
the
virtual
cluster
you
deploy
pods
you
deploy
Services.
B
B
It
has
controllers
that
are
running
that
are
doing
things
like
deployments
and
those
types
of
things
like
remember,
the
very
first
ones
that
I
showed
you
where
it
was
running
in
the
kind
cluster,
those
controllers,
those
deployment
controllers
and
those
types
of
things.
Those
things
are
still
running
full-fledged
within
that
kubernetes
environment.
The
only
thing
that
we're
bringing
down
to
the
host
cluster
are
the
workloads
that
we
deploy
into
those
virtual
clusters.
It's
extraordinarily
clever,
and
it
does
it
via
this
Sinker
and
so
on,
and
that's
kind.
B
B
B
All
of
that
stuff
is
running
for
each
one
of
the
virtual
clusters
and
we
see
two
virtual
clusters
here
and
the
workloads
are
running
on
the
on
the
host
clusters
and
by
the
way,
there's
a
whole
bunch
of
super
clever
stuff,
that's
being
done
to
actually
secure
those
namespaces
with
fixed
policies,
so
that
you,
you
don't
have
to
turns
out
that
you
can
get
namespaces
pretty
secure,
but
you
have
to
figure
out
how
to
do
it.
Well,
all
of
that's
implemented
in
V
cluster.
B
By
the
way,
there's
a
common
theme:
Here
V
cluster.
It's
an
open
source
project.
It's
a
cncf
project
yeah.
So
all
of
this
stuff
is
in
the
open.
Okay.
So
let's
go
back
to
our
core
pattern.
So
here's
the
V
cluster
API,
here's
the
Declaration,
so
you
can
see
that
it's
a
v-cluster
kind
and
it
has
certain
things
that
are
specific
to
V
cluster
in
there.
B
So
V
cluster
is
all
about
partitioning
a
shared
resource,
and
so
you
have
to
have
these
policies
and
these
quotas
to
do
exactly
that.
So
you
can
see
here
that
there's
limits
on
CPU
and
memory
and
storage.
There's
also
going
to
be
some
settings
around
some
of
those
security
settings.
So
you
can
say
how
tight
do
I
want
to
secure
those
namespaces
on
the
host
cluster.
Those
are
some
of
the
types
of
settings
that
you
get
to
say
when
you're
declaring
what
you
want
your
v-cluster
to
look
like
your
virtual
cluster,
okay.
B
So
here's
our
pattern
again.
So
there's
controllers
and
I'll
show
you
what
those
controllers
are
in
just
a
moment.
There's
a
cluster
controller
and
you
again
you
get
to
set
things
like
the
kubernetes
distribution
and
the
kubernetes
version
and
how
many
control
plane
nodes
and
worker
nodes
you
have
what's
the
runtime
environment
in
this
case.
Well,
remember:
I,
said
that
V
cluster
is
running
on
top
of
an
existing
kubernetes
cluster.
B
So
now
my
runtime
environment,
I'm,
not
starting
from
scratch,
like
I,
did
with
cluster
API
I'm,
not
starting
with
raw
infrastructure
I'm,
starting
with
the
kubernetes
environment.
Well
gosh,
if
I'm,
starting
with
the
kubernetes
environment.
Remember
that
question
of
where
does
the
controller
run?
Well,
the
controller
might
as
well
just
run
in
that
kubernetes
cluster
to
start.
B
B
A
Sense,
I
have
a
question,
but
so
if
you
have
one
one
host
cluster,
let's
say
five
virtual
clusters:
let's
say
four
out
of
five
of
those
virtual
clusters
all
want
to
use
the
same
open
source
tool
like
k-native
and
they
all
if
they
all
in
still,
okay
native.
Are
you
running
K
native
four
times?
Yes,
okay,
absolutely.
B
A
B
There's
nothing
in
Virtual
class
in
in
V
cluster
to
recognize
that
in
fact,
you're
running
exactly
the
same
instantiations,
because
the
whole
point
is
that
you
want
to
be
able
to
have
potentially
different
settings
so
V
cluster
doesn't
do
anything
to
recognize
that,
in
fact,
it
doesn't
do
any
deduplication,
it's
kind
of
by
Design,
because
you
you
from
a
security
perspective.
You
don't
want
multiple
things
running:
it's
not
making
kubernetes
like
magically
multi-tenant
or
anything
like
that.
Okay,
thanks
yeah,
you
bet.
Okay,
so
here
we
go.
This
is
what
virtual
cluster
looks
like
now.
B
This
is
where
you
ask
that
really
great
question
Whitney
at
the
very
beginning,
where
you
said
am
I,
always
running
these
as
root
processes
and
I
said
ooh.
Not
necessarily-
and
this
in
this
case
remember
that
we
are
running
these
full-fledged
virtual
clusters
inside
of
kubernetes.
B
So
rather
than
having
to
run
these
things
as
root
processes,
we
can
in
fact
run
them
as
containers
in
that
kubernetes
cluster,
and
you
can
see
that
these
are
some
of
the
things
that
are
shown
in
this
particular
screenshot.
So
you'll
notice
here
again
that
this
by
the
way,
is
a
screenshot
from
the
pods
that
are
running
again.
I
have
an
eks
cluster.
So
again
you
can
see
at
the
very
top.
B
It's
not
bolded,
because
that's
not
what
I'm
talking
about
in
this
particular
case,
but
earlier
in
the
screenshot
I
had
the
cap,
a
controller
manager
stuff
highlighted
I've.
Let
those
fall
into
the
into
the
background,
but
I
now
have
a
cap
VC.
So
this
is
the
virtual
cluster.
So
the
way
that
virtual
cluster
works
is
it's
actually
an
extension
to
Cappy
it's
using
the
same
basic
approach
of
cluster
API.
In
fact
it's
using
cluster
API,
but
it's
just
CR.
It's
provided
a
new
cluster
API
provider,
it's
the
virtual
Club,
the
virtual
cluster
provider.
B
So
you
can
see
here
that
some
of
those
core
processes
like
core
DNS
is
running
there
and
right
down
here
this
Cornelia
eks1vc,
because
it's
running
on
my
eks
cluster
virtual
cluster.
This
is
where
all
those
processes
are
running
right
inside
here
you
can
see.
There's
three
containers.
One
of
those
containers
in
this
particular
case
is
k3s,
and
that
k3s
is
where
the
deployment
controller
and
the
services
controller
and
the
replica
set
controller
are
running
they're
all
running
in
that
k3s
for
the.
A
Virtual
machine
for
the
not
the
virtual
machine
but
the
V
cluster
movie
cluster,
exactly
yeah.
B
B
A
We
jump
in.
We
have
a
a
comment
from
before
that
I'm
getting
too
late.
That's
so
when
we
were
talking
about
backing
up
and
restore
with
Valero
someone
said
they're
looking
for
something
similar
like
they
store
their
manifest
files
in
GitHub
and
then
once
the
infra's
set
up
again,
they
deploy
again
into
the
cluster
yeah
I
wanted
to
call
it
out.
We
talked
a
little
bit
about
git
Ops,
but
this
seems
like
a
good
use
case
for
githubs.
Yes,
absolutely.
B
Absolutely
so,
whoever
made
that
comment
I,
don't
know
what
you're
using
to
do
that
instantiation
from
git,
but
the
the
thing
about
git
Ops
is
that
there
are
themselves
controllers.
So
there's
a
pattern
here,
there's
controllers
and
so
some
of
the
the
open
source
projects
again
both
in
the
cncf
that
are
implementing
controllers
so
using
the
same
basic
pattern,
are
flux
and
Argo
CD
that
can
be
used
to
connect.
B
Now
what
you're
doing
is
you're
connecting
from
your
GitHub
repository,
it's
drawing
those
definitions
into
your
kubernetes
cluster,
so
putting
them
in
FCD,
for
example,
and
then
that's
that's
what
that
flux
or
Argo
CD
controller
does
is
its
job.
If
you
will
it's
runtime
environment
is
the
kubernetes
state
store
and
it's
drawing
the
Declarations
in
from
GitHub.
So
it's
the
same
basic
pattern.
It's
it's
a
really
great
call
out
that
it's
the
same
pattern
that
we're
looking
at
across
the
board
here.
A
And
then
we
have
a
question
about
V
cluster.
What
are
the
potential
security
risks
associated
with
using
B
cluster
yeah.
B
So
I
will
again
we
can
put
it
in
the
show
notes
when
we
do
post
this
later
so
I'll
I'll
direct
you
to
the
v-cluster
GitHub
repository
and
there's
a
super
great
chart.
B
I
didn't
put
it
in
here
because
I
didn't
want
to
spend
a
lot
of
time
on
v-cluster,
but
there's
a
great
chart
that
talks
about
a
number
of
different
characteristics
of
shared
clusters,
individual
clusters
and
then
this
kind
of
middle
of
the
road
which
is
V
cluster
and
they
talk
about
things
like
ease
of
use
and
those
things
and
security
is
one
of
them
and
the
to
sum
it
up.
What
they
say
is
that
shared
clusters
using
just
namespaces
the
multi-tenancy's,
pretty
soft,
the
security
is
not
the
strongest.
B
You
can
put
some
settings
in
there
and
it
also
depends
on
a
number
of
other
elements
which
I'll
talk
about
in
just
a
moment.
You
can
do
a
lot
more,
but
you
have
to
know
what
you're
doing,
and
so,
if
you're,
just
creating
a
namespace-
and
you
don't
have
those
policies
in
place,
it's
pretty
weak
and
by
the
way
V
cluster
does
allow
you
to
deploy
it
with
that
weak
security
posture.
B
If
you're
doing
separate
clusters
well,
you've
everything's
separate
you've
got
a
separate
state
store
a
separate
processes,
everything's
separate,
so
that
is
the
strongest
multi-tenancy
or
that's
the
strongest
security
posture,
the
cluster.
What
it
does
is
it
says:
okay,
we,
it
has
something
called
isolation
mode
and
when
you're
in
isolation
mode-
and
you
create
a
virtual
cluster,
it
puts
in
place
a
whole
bunch
of
policies
both
inside
of
kubernetes
itself.
So
it
sets
up
policies
that
do
not
allow
any
type
of
communication
between
namespaces.
So
you
cannot.
B
B
B
B
So
take
a
look
at
the
the
GitHub
repository,
but
that's
a
fantastic
question
and
the
answer
is:
you
can
get
pretty
darn
good
and
we
are
seeing
people
like
code
fresh,
for
example,
who
bring
you
Argo
CD
as
a
service.
They
are
using
V
cluster
in
prod
and
they're,
getting
and
they're
in
a
multi-tenant
environment.
So
it's
it's
it's
it's!
It's
pretty
solid!.
A
That's
cool,
that's
that
was
a
great
and
thorough
and
a
great
explanation.
I
appreciate
that,
and
we
have
one
more
V
cluster
question
before
we
move
on:
is
it
possible
to
communicate
services
within
the
V
clusters
environment
so,
for
example,
app
one.sbc.namespace.cluster.local.
B
I'm
not
sure
that
I'm
completely
understanding,
oh
what
you
want
yeah,
yes.
So
what
you're
saying
is
that
if
I
have
separate
virtual
clusters
and
I've
got
Services
running
in
those,
can
I
do
communication
across
those
without
going
out
and
back
in
so
without
going
through
a
load
balancer,
for
example,
using
just
kind
of
the
the
the
host
clusters.
Networking
I
don't
know
for
sure.
B
I
think
that
there
are
ways
that
you
can
configure
V
cluster,
but
at
that
point
you're
giving
up
some
of
those
security
guarantees
if
you're
doing
it
in
isolation
mode,
no
you're
going
to
have
to
go
out
and
back
in
I
would
I
would
be
a
little
hesitant.
I
mean
one
of
the
things
that
we're
getting
from
the
V
cluster
and
all
of
the
IP.
B
B
Some
of
these
questions
are
great
because
we
were
able
to
talk
about
how
get
get
Ops
is
doing
the
same
basic
thing:
it's
being
applied
all
over
the
place,
but
here's
my
last
infrastructure
thing:
virtual
machines
and
I
promised
you
at
the
beginning
that
when
I
said
kubernetes
all
the
things
that
I
wasn't
going
to
ask
you
to
containerize
everything:
virtual
machines,
there's
Decades
of
Investments
being
that
have
already
been
put
in
place
around
virtual
machines.
We
have
hardened
virtual
machine
images,
we've
done
so
much
work
around
that
we
have
workflows
around
virtual
machines.
B
B
Is
there
anything
that
can
I
bring
kubernetes
and
virtual
machines
together?
Well,
the
answer
is
yes,
and
so,
oh
sorry,
this
this
title
should
not
say:
cluster
API
I
made
some
changes,
I,
don't
know
what
happened
to
them.
Forgive
me
I'm,
going
to
show
you
behind
the
curtain
here.
For
a
moment
this
is
Hubert.
B
B
B
Surprise,
surprise,
compute,
storage
and
Network,
so
we're
going
to
specify
all
sorts
of
compute
storage
and
network
in
there
and
then
here's
my
pattern
again.
Now.
Here's
the
thing
and
the
project
here
is
kuber.
I've
used
the
name
a
couple
of
times
as
well
already,
but
Cooper
is
again
an
open
source
project
in
the
cncf,
and
what
does
it
do?
B
B
So
what
we
are
assuming
here
for
our
runtime
environment
is
that
we
have
kubernetes
we're
leveraging
that
kubernetes
investment
to
actually
be
able
to
run
our
virtual
machines
on
there
as
well.
So
my
runtime
environment
is
kubernetes
and
I
have
a
controller.
This
controller
is
going
to
handle
these
virtual
machines,
compute
storage,
Network
and
all
of
that
stuff.
Well,
just
like
with
v
cluster.
B
B
You
know
the
the
storage
that
all
of
the
different
objects
within
kubernetes.
It's
leveraging
those
kubernetes
objects
and
it's
connecting
those
down
via
CSI
and
cni.
It's
connecting
those
down
to
the
it's
connecting
the
needs
of
the
virtual
machine
down
to
these
compute
storage
and
networking
Primitives
that
it's
getting
from
kubernetes
and
all
of
that
is
inside
of
the
happening
inside
of
this
kubernetes
environment.
B
Now
I'm
yep
I'm,
worried
here,
so
here's
the
architecture,
diagram,
I,
had
I,
think
I
had
a
network
blip
earlier
and
I
made
some
updates
to
slides
and
I
think
it
made
updates
to
slides
that
I'm
now
no
longer
using,
even
though
they're
Google
Slides,
but
here's
the
key,
thank
goodness
I,
have
you
know
my
last
slide
here.
My
last
CLI
slide
is
that
what
you
can
see
in
here
is
that
I
again
have
the
controllers.
This
is
the
kubert
controller,
that's
running
and
applying
that
same
pattern
and
what
is
it
controlling?
Well,
it's
controlling.
B
These
are
all
of
the
containers
in
my
environment.
These
are
all
the
different
virtual
machines
that
are
running
in
my
environment.
Each
one
of
those
virtual
machines
has
a
hyper
and
hypervisor
in
it
as
well
as
and
that
hypervisor
is
running
the
virtual
machines
that
have
been
instantiated
into
there.
B
Okay,
now
the
final
thing
I
want
to
show
you
here
is
that
this
is
kubevert
and
I.
Just
did
now,
I've
been
talking
about
how
the
kubernetes
API
is
extensible,
and
this
isn't
to
talk
about
crds
and
controllers
and
how
you
install
them.
I
know
that
Whitney
has
hosted
lots
of
other
people
who
have
talked
about
this.
So
take
a
look
at
many
of
the
feeds
that
she
has
available.
B
A
B
And
so
this
is
just
this
is
going
to
be
my
last
slide
and
we're
out
of
time
anyway,
but
I
wanted
to
put
it
all
together
on
one
slide
here.
What's
the
thing
I
said,
kubernetes
all
the
things.
Well,
what
we
looked
at
is
we
looked
at
container
images.
We
looked
at
clusters,
we
looked
at
virtual
clusters
and
we
looked
at
VMS.
B
The
amount
of
I
mean
I
think
this
is
just
like
a
poster
child
of
of
the
good
of
Open
Source
and
The
Innovation.
That's
happening
in
the
open
source
space
because
so
much
is
possible,
and
this
is
just
you
notice
there
that
I
bolded
many
more
there's
so
many
more
open
source
projects
and
by
the
way,
commercial
projects
that
are
following
these
patterns
as
well,
so
I
kind
of
am
in
love.
A
It's
super
cool:
it's
it's
I
when
I
back
when
I
learned
kubernetes,
which
I
don't
feel
like
was
that
long
ago,
but
I
definitely
was
taught
it's
a
container
orchestration
platform
and
now,
in
fact,
I
was
a
re-giving.
An
old
presentation
and
I
have
that
definition
in
there
and
I
had
to
be
like
well,
not
really
anymore,
it's
in
everything
and
everything
orchestration
platform,
yep
exactly.
A
We
have
an
awesome
presentation
to
you
for
some
reason:
I'm,
yes
and
I
just
wanted
to
to
second
that
this
was
a
an
amazing
presentation,
really
appreciate
you
very
much
many
thanks.
Many
thanks!
Thank
you,
I'm,
going
to
I'm
going
to
if
you
feel
ready,
I,
don't
see
any
last
minute
questions,
so
I'm
gonna,
close
it
out.
Okay,
does.
B
That
sound
good,
thank
you
I'm
today.
It
has
just
been
such
a
delight
and
so
great
to
partner
with
you
today,
Whitney
yeah.
A
I
hope
we
can
do
it
again
soon,
yeah
me
too.
So
thank
you,
everyone
for
joining
today's
episode
of
cloud
native
live.
It
is
really
great
to
have
Cornelia
Davis
here,
teaching
us
about
how
to
kubernetes
all
of
the
things
y'all
in
the
audience
were
especially
wonderful,
I,
loved,
your
interaction
and
your
questions,
and
here
at
Cloud
native
live.
We
bring
you
the
latest
Cloud
native
code
on
Tuesdays
and
Wednesdays
at
noon.
Us
Eastern.