►
From YouTube: Cloud Native Live: Crossplane - GitOps-based Infrastructure as Code through Kubernetes API
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hey
everybody,
if
you
are
watching
right
now,
we
had
a
slight
technical
hiccup,
so
victor
and
nick
will
be
with
us
very
shortly.
We
apologize
for
that.
So
we'll
just
wait
for
them
as
we're
waiting
I'll
just
really
quickly
highlight
crossplane.
So
crossplane
is
a
kubernetes
add-on
that
basically
enables
your
team
to
assemble
infrastructure
resources
that
may
exist
outside
of
your
kubernetes
environment.
A
One
more
person
we'll
we'll
wait
for
them,
but
I
was
just
victor.
I
was
talking
really
quickly
about
about
what
cross
plane
is
there.
He
is
nick,
is
here,
okay,
all
right,
so
I
think
we're
back
on
track.
Thank
you
to
everyone
in
the
in
the
background,
doing
all
the
heavy
lifting
and
making
sure
producing
is
is
going
as
it
should.
We
apologize
for
the
hiccups.
Let's
continue,
I'm
gonna,
let
victor
and
nick
introduce
themselves
go,
go
ahead.
Take
it
away
victor.
B
So
yeah,
I'm
victor,
I
am
principal
something
something
in
cut
fresh.
I
mean
I'm
not
sure
what
to
do
anymore,
but
I
work
for
codfresh.
We
are
a
company
behind
a
few
products
and
lately
my
major
interest
is
around
github's
huge
fan
of
fargo
cd
and
similar
products
and
cross
plane
just
happens
to
fit
perfectly
into
into
that.
That
amusement,
let's
say.
C
Hey
folks,
my
name's
nick
I'm
also
a
principal
selling
something
at
a
upbound
where
I've
been
leading.
I've
been
leading
cosplay
in
engineering
for
the
last
two
years
from
from
upbound
standpoint
about
it
was
the
company
that
originally
open
sourced
and
founded
crossplane,
as
well
as
the
rook
dot
io
project
falling
off.
C
I
am
a
steering
committee
member
and
pretty
active
contributor
to
crossplay
and
definitely
have
a
lot
of
architectural
insight
into
how
it's
all
put
together
and
my
background's
site
reliability
engineering
same
as
you,
I
think,
mario.
So
I
was
in
sra
for
about
10
years
at
places
like
google
and
spotify
before
I
before,
I
decided
to
go,
try
and
build
my
own
infrastructure
project.
A
Very,
very
cool
yeah.
Well,
you
both
are
higher
levels
than
I
am,
so
you
have
much
more
industry
experience
and
much
more
of
an
idea
of
how
to
build
something
of
this
stature.
So
with
that
it
sounds
like
victor,
has
kind
of
a
presentation
or
kind
of
a
flow
that
he
wants
a
scenario
he
wants
to
share
with
us.
A
A
B
Sure,
okay,
so
I
I'll
try
to
keep
it
short.
So
if
we
can
discuss
and
talk
about
it
and
potentially
answer
questions
instead
of
me,
just
you
staring
at
my
screen,
I
hope
that
you
see
a
black
black
screen
over
there.
That's
my
terminal!
So
what
I
did
I
didn't
do
much
in
advance.
I
created
the
very
I
created
the
simple,
quick
kubernetes
cluster.
I
installed
crossplane
and
I
installed
gk
providers
simply
because
I
will
be
using
gk
today,
but
basically
whatever
I'm
doing
applies
to
azure
aws
whatsoever.
B
So
let
me
just
actually
start
creating
a
cluster
using
crossplane
and
then,
since
that
will
take
like
five
six
minutes,
something
like
that,
then
I
can.
I
can
talk
about
why
I'm
doing
all
this
and
why
bother
in
the
first
place,
so
I'm
using
kubernetes
right
so
cube
cattle
apply
file,
name
and
some
kubernetes
definition
in
this
case
gk
yaml
and
that's
about
it.
Now
there
we
are
now.
Let
me
show
you
the
actually
before
I
show
you
the
definition
very
quick.
B
B
Theoretically,
it
could
be
anything,
and
it
is
designed
to
do
that,
even
though
most
of
us
are
focused
on
containers
at
the
moment,
so
going
back
to
crossplane,
I
tend
to
lose
the
focus
very
often.
The
reason
why
I
like
it
is
because
it
allows
me
to
use
kubernetes
api
to
do
absolutely
everything.
My
application
is
running,
kubernetes
infrastructure
being
somewhere
else
and
so
on
and
so
forth,
and
another
thing
that,
and
since
it
is
used,
it
is
based
on
crds,
basically
kubernetes
crds,
essentially
and
nick
will
correct
me.
B
That
means
that
I
can
leverage
the
whole
ecosystem
that
that
I
have
set
up
or
we
have
set
up
around
kubernetes
right.
If
I
like
using
customize,
I
can
use
customize
to
manage
my
crossplane
definitions.
If
I
like
using
helm,
that's
also.
Okay,
if
I
want
to
use
flux
to
manage
my
github's
processes
or
argo
cd,
I
can
do
that
as
well
right.
B
So
it's
more
about
looking
for
something
that
is
part
of
a
broader
ecosystem,
then
the
evaluating
the
value
of
that
something
in
isolation
right
and
there
is
nothing
that
beats
kubernetes
today,
anyways
those
were
kind
of
my
main
motivations.
Now
let
me
go
back
to
what
I
created
right,
so
I
executed
this
definition
here,
which
is
the
simplest
possible
I
can
have-
and
this
says
hey,
I
want
to
create
a
kubernetes
resource
that
happens
to
be
called
gk
clustering.
That
has
you
can
probably
guess
from
the
names
what
it
is
right.
B
This
is
basically,
if
you
look
at
this,
if,
if
you're
familiar
with
terraform
or
pollumi
or
whatsoever,
these
are
the
same
arguments
more
or
less
same
definitions
that
I
would
use
there,
except
that
I
can
treat
now
this
in
the
same
way,
how
I'm
treating
everything
else,
I'm
almost
everything
else,
I'm
doing
today
how
I'm
treating
my
applications,
how
I'm
creating
stateful
sets
deployments
k
native
this
or
that
right,
everything
putting
in
the
same
box
using
the
same
api
or
kubernetes.
In
this
specific
case
now,.
A
A
And
this
is
this
is
his
gk.yaml
file,
which
he
has
has
counted
out
for
for
you
to
view
he's
showing
you
two
different
manifests
in
here
and,
and
these
manifests
are,
are
our
crds
right?
You
can
see
container
gcp.crossline.io
api
version
victor.
Can
you
get
a
little
bit
really
quickly,
just
brush
up
on
what
crds
are
and
what
what
this
actually
means
for
people
interfacing.
B
Sure
here
this
is
crd
is
a
short
for
custom
resource
definition.
Basically,
you
can.
If
you
use
plain
words,
you
can
say
that
kubernetes
comes
with
certain
resources
like
this
is
a
pod.
This
is
replica
set.
This
is
deployment.
This
is
this
and
that
right
so
out
of
the
box,
kubernetes
comes
with
certain
capability
or
certain
resource
types
that
you
can
use,
but
then
kubernetes
was
never
supposed
to
be
something
that
we
use
directly.
B
At
least
from
my
perspective,
kubernetes
from
day,
one
was
designed
to
be
the
platform
to
build
platforms
and
you're
supposed
to
choose
what
you
want
to
kubernetes
to
do
beyond
what
comes
out
of
the
box,
and
we
do
that
by
installing
custom
resource
definitions.
Basically,
we
are
creating
additional
resource
types
that
kubernetes
can
consume,
and
that
can
be
almost
anything
right
like
right
now,
you're
seeing
custom
resources
that
were
extended,
that
extend
kubernetes
capabilities
by
and
those
those
resources
are
gk
clustering,
notebook
which
were
installed
or
defined
when
installed
crossplane.
B
A
A
Lean
on
nick
yeah,
I'm
gonna
leave
on
nick
a
little
bit
later
to
talk
more
about
providers
and
kind
of
like
where
they
are
in
terms
of
versioning.
What's
ready?
What's
right,
you
know
what
what
can
you
use
now
versus?
What's
kind
of
in
progress
and
and
mileage
may
vary
for
sorts
of
providers
right,
because
not
everything
is
perfect,
I
don't
think
yet.
So
all
right
victor
continue.
B
Okay,
so
if
I
go
back
to,
if
I
go
to
my
browser,
sorry
wrong
browser
here
this
one,
I
left
the
screen
intact
right.
This
is
this
was
before
I
before
I
did
whatever
I
did
in
this
demo,
and
if
I
refresh
the
screen,
here's
my
kubernetes
cluster
right.
It
was
created
because
I
sent
a
request
to
my
kubernetes.
B
In
this
case.
Many
people
are
even
running
locally.
I'm
cheap
right,
saying,
hey!
I
want
to
create
this
and
that,
and
that
happens
to
be
a
kubernetes
cluster
that
has
one
node
pool
here.
It
is
with
only
one
node
right,
the
simplest
possible
kubernetes
cluster.
I
could
come
up
with
and
now,
if
you
prefer,
on
the
other
hand,
if
you
prefer
to
to
use
cli,
that's
at
least
my
preference.
Without
doubt
you
can.
You
can
just
examine
all
that
through
cli,
you
can
do
cube,
catal
get
gk
clusters
right.
B
This
is
that
custom
resource
definition.
This
did
not
exist
before
install
crossplane,
and
I
made
the
type
over
here
right
and
you
can
see
the
yes
that
cluster
that
I
created
it's
red.
It's
synced
right.
It's
showing
me
similar
information.
What
I
see
from
google
cloud
console-
and
I
can
do
the
same
thing
with
notepal
now
before
I
before
I
go
on.
Let
me
just
confirm
that
my
cluster
is
really
running
and
I'm
going
to
do
that
by
patching
cube,
config
and
outputting
the
nodes
and
come
on
there.
We.
A
A
A
B
A
chicken
and
egg
right
I
need
I
need
for,
I
need
for
crossplane
and
other
tools
that
I
will
show
later.
I
need
the
kubernetes
cluster,
so
so
I
need
that
and
for
me
for
this
demo
it
was
easier.
Just
mirror
cube,
start
right.
I
could
have
went
to
gks
and
created
one.
So
I
need
that
initial
kubernetes
cluster.
I
need
to
install
the
the
initial
tools
I
have
and
basically
what
I'm
trying
to
say
here.
The
only
tool
I
would
ever
install
manually
is
is
argo
cd,
but
I'm
getting
there
later
right.
B
A
That
is
super
cool
and
and
for
those
of
you
locally
that
are
looking
at
developing
and
using
kubernetes
on
your
laptop
there's,
of
course,
docker
for
desktop,
which
includes
a
kubernetes
component
and
there's
also
kind
kubernetes
and
docker,
which
I
use,
and
I
love
because
of
its
flexibility.
It's
declarative
nature,
so
there
are
ways
of
doing
this
beyond
minicube,
depending
on
your
environment,
so
very
cool
victor.
Take
us
take
us.
Take
us
through.
This
looks
really
awesome.
B
Now,
if
I,
if
I
go
to
this
to
the
note
pool
that
was
created
for
me,
I
created
the
regional
cluster,
but
there
is
only
one
node,
I'm
supposed
to
have
three
nodes.
If
I
created
my
original
cluster
correctly-
and
I
obviously
didn't-
I
made
a
mistake
in
my
yaml
definition
and
it
didn't
do
what
it
should
do
now
if
I
go
and
edit
here
and
I'm
now
skipping
crossplane
completely
right.
B
I
can
see
here
that
the
mistake
I
made
was
that
I
created
the
notebook
that
uses
one
of
the
zones
in
that
region,
but
I
forgot
to
create
to
add
additional
two
regions
to
sorry
zones
to
that
region.
So
that's
a
mistake.
I'm
going
to
correct
right
now
and
I'm
doing
it
completely
outside
of
the
cross
plane,
and
I
have
a
sinister
reason
for
doing
that.
You
will
see
soon
right,
but
anyway
I
made
the
mistake.
I
created
the
cluster
in
the
wrong
way.
B
C
A
Nice,
nice
I'm
a
little
worried
because
he's
he's
kind
of
out
of
band
right
and,
in
my
mind,
he's
out
of
band
he's
in
a
console
doing
something,
but
he
originally
used
cross
playing
to
create
the
resource.
What
is
going
to
happen?
I'm
really
I'm
really
interested,
I'm
also
interested
in
if
you
were
going
to
edit
and
right
size
or
correct
your
configuration.
B
No,
it's
not
nice
at
all.
You
will
see
in
a
second
right.
Actually
what
will
happen
in
a
second
will
be,
or
in
a
minute
or
two
or
five
minutes
will
be
nice,
and
so
let
me
actually
explain
what
will
happen
and
that's
the
reason
why
that's
one
of
the
the
things
that
crossplane
does
and
kubernetes
in
general
does
and
other
tools
don't,
and
that
is
that
it
is
there.
We
are
there.
B
We
are
right,
crossplane
through
kubernetes
scheduler,
basically
just
like
when
you
define
up
deployment
with
two
pods,
and
if
you
change
that,
if
you,
if
you
change
it
somehow
manually,
if
you
destroy
a
pod
kubernetes
will
recreate
it
right
same
thing
is
happening
here.
I
defined
that
I
want
to
have
a
cluster
in
one
zone
and
that's
what
was
propagated
to
my
cluster
and
that's
what
crossplane
did
it
created
a
cluster
with
one
zone?
B
I
went
and
changed
the
state
of
my
cluster
manually
to
three
zones
and
additional
nodes
were
created,
but
what
is
happening
right
now
is
that
crossplane
is
kicking
in
and
saying
no,
no,
no!
No!
Stop
there
right.
You
said
that
you
want
one
zone
and
I
made
that
you
made.
We
made
the
contract,
we
made
an
agreement
that
they
will
be
that
I
will
do
my
best
to
make
sure
that
it's
always
fun
zone
and
basically
it
is
rolling
back
my
manual
change,
which
sounds
scary
for
many
people.
B
But
for
me
that's
exactly
what
I'm
looking
for
right.
I
want
a
tool
that
will
make
sure
that
whatever
is
my
desired
state
and
my
desired
state
is
what
is
starting.
It
is
always
the
same
as
the
actual
state
right
and
if
anybody
wants
to
change
the
state
of
my
infrastructure
in
this
case
or
my
applications,
that
change
cannot
be
done
manually
by
hocus
pocus
magic.
It
needs
to
be
reflected
in
git
right.
B
B
If
I
show
you
what
this
is
what
I
had
before-
and
this
is
what
I
should
have-
and
basically
I'm
changing
my
manifest
to
have
three
zones
instead
of
one
zone
right
the
right
way
to
do
it
now,
the
right
way
to
do
it.
Actually,
I'm
going
to
copy
it
is
not
to
interact
at
least
from
my
perspective
in
my
head.
The
right
way
to
do.
It
is
not
for
me
to
interact
directly
with
kubernetes
either
the
right
way
to
do.
It
is
to
do
something
like
this.
B
Actually,
actually,
let
me
go
to
the
ui
right.
What
I
have
here
this
is
argo
cd
and
simple
as
possible
right-
and
I
told
argo
cd-
that
it
should
monitor
this
repository
this
repository
over
here
and
that
it
should
monitor
the
directory
production
in
that
repository.
So
whatever
is
in
that
repository
is
what
should
be
created
in
this
cluster
right.
B
So
if
I
wanted
to
change
the
state
of
something
of
my
applications
or
infrastructure
or
whatsoever,
the
way
how
I
would
normally
do
it
is,
is
I
now
lost
my
thought.
What
did
I
want
to
do?
Yes,
I
will
take
this
manifest
that
I
showed
you
here.
I
will
put
it
into
the
directory
production
that
my
argo,
the
instance
is
monitoring
and
I
will
add
those
changes.
B
I
will
commit
those
changes
with
the
creative
message
that
says
something
and
I
will
pull
those
changes
to
get
right,
not
interacting
directly
with
my
cluster
everything
stored
as
code
everything.
All
the
code
is
always
in
git
and
what's
or
not
right,
and
if
I
watch
the
nodes,
you
will
see
that
there
is
one
node.
B
While
for
the
rest
of
the
things
you
know
I
might
be,
having
I
don't
know,
cube,
build
something
or
simply
deployments
or
stateful
sets.
I
don't
care
anymore
because
from
now
on,
basically,
my
interaction
goes
only
and
exclusively
with
with
git,
neither
with
git
neither
with
kubernetes
nor
with
consoles
or
whatsoever.
B
B
A
B
Absolutely
so
let
me
actually
let
me
draw
it
for
you
right,
while
you're
watching
my
pod
going
right.
So
what
is
happening
is
that
we
have
a
git
repository
right
that
has
you
can
see
this
on
my
screen.
Yes,
it
has
some
benefits.
Those
manifests
are
something
whatever
they
are
and
I,
as
a
person
I
am
interacting
only
with
git
right.
Whatever
I
want
to
do
is
define
this
code
and
my
code
isn't
git.
B
That's
the
only
place
we're
not
using
svn
anymore
right
now
I
have
a
kubernetes
cluster
or
it
could
have
thousand
kubernetes
clusters.
Doesn't
matter
right
now
I
don't
care
need.
I
don't
have
access
to
that
cluster.
I
don't
need
to
have
access
to
a
cluster,
because
I
have
installed
argo
cd
in
that
cluster,
which
is
monitoring
this
git
repository
right,
and
what
and
from
that
perspective,
this
git
repo
is
the
desired
state
desired
state.
That's
where
by
desires
are
defined
and
argo
city
is
making
sure
that
whatever
is
in
desired
state.
B
B
A
This
is
wonderful,
I
love
live
diagramming
and
apparently
the
demo
gods
are
with
you
victor
because,
like
this
is
perfect,
there's
no
there's
no
screw-ups
everything's
working
as
expected
for
the
most
part,
I'm
I'm
jinxing
ourselves,
though.
Okay,
so
to
reiterate
in
maybe
leighton's
terms,
so
argo
cd
is
and
what
you
saw
victor
do
in
the
ui
there
in
the
argo,
ui
is
sink
down.
Changes
in
the
get
repo
into
argo.
B
A
Is
get
ops?
This
is
when,
when
you
hear
the
term
get
ops,
this
is
what
we're
talking
about
right
and
then,
in
this
case,
one
of
the
items
was
a
gke
cluster
definition,
which
you
saw
earlier
victor,
create
that
he
submitted
that
he
put
in
this
repo.
Argo
is
now
making
sure
that
exists
in
kubernetes
and
then
crossplane
and
its
associated
crds
and
controllers
is
then
taking
it
upon
itself
to
talk
to
google
and
create
those
resources
for
you
via
the
api
right.
Does
that
does.
B
B
B
That
would
create
those
things
I
could
have
done
that
the
major
difference
between
using
some
form
of
ci,
cd
pipelines
and
argo
cd
is
that
argo
cd
is
continuously
monitoring
my
git
repo.
So
it's
not
one
shot
action
right
that
that
might
actually
in
the
states
their
live
state.
The
real
estate
might
change.
So
it's
continuously
monitoring
and
seeking
those
two
things.
That's
that's.
A
To
my
cluster
for
sure,
okay
got
it:
okay,
so
yeah.
This
is
what
we
talk
about
when
we
talk
about
get
ops.
This
is
kind
of
the
modern
cd
pattern
that
that
we're
starting
to
see
right-
and
this
is
as
in
the
comments
many
of
you
have
said.
This
is
really
true
infrastructure
as
code-
and
this
is,
I
would
say
this-
is
so
much
more
developer
friendly
as
well.
We
don't
have
to
worry
about
access.
A
We
have
a
very
well
defined
path
for
changes
to
get
deployed
and
there's
a
lot
more
that
you
can
do.
I'm
sure
we're
not
going
to
get
into
it
in
this
session,
but
when
you
think
dev
staging
production,
disparate
environments,
right,
there's
a
lot
more.
You
can
do
in
terms
of
prs
and
testing
in
certain
environments
and
things
like
that.
So
really
quick.
I
don't
want
to
go
too
far
without
answering
just
a
one
or
two
questions,
so
we
have
one
question
here.
A
C
Yeah
you
you
effectively,
I
think,
if
what
you're
asking
is,
could
you
in?
Could
you
use
crossplane
to
make
a
cluster
and
then
use
crossplane
on
that
cluster?
The
answer
is,
is
yes
we
actually,
we
have
a
the
various
cross-plane
resources
like
the
gke
one
that
you're
seeing
victor
demonstrate
are
installed
by
what
we
call
providers.
We
have
tons
of
providers
for
all
kinds
of
different
things
where
we
want
to
be.
You
know,
providers
for
every
api.
You
can
imagine.
We
have
a
domino's
pizza
provider,
for
example.
A
Gotcha,
okay,
so
there's
another
really
good
question
as
well.
Here
it
it
goes
around.
Let
me
see
oh
hold
on
my
panel.
What
happens
if
you
delete
your
management
kubernetes
cluster,
so
that
this
mini
cube
cluster
that
you,
you
created?
What
happens
if
you
delete
that?
Does
it
change
anything
with
any
of
the
resources
that
were
created,
I'm
guessing?
The
answer
is
no.
A
B
A
Gotcha
gotcha,
okay
cool,
so
someone
actually
else-
and
this
is
the
last
question
for
now-
I
want
to
make
sure
we
can
continue
here.
What
happens
if
victor
is
part
of
a
team?
Does
that
person
need
access
to
his
mini
cube?
So
I
can
actually
actually
answer
that.
One
large
thanks
for
the
question.
I
think
the
big
thing
here
is
minicube
is
running
locally
on
his
own
laptop.
A
He
is
not
it's
not
another
resource
that
the
company
has
it's
it's
a
local
dev
environment
and
in
that
dev
environment,
it's
a
kubernetes
cluster
right.
It's
a
creation
of
a
kubernetes
cluster
which
he
is
using
to
then
provision
outside
resources,
and
I
think-
and
we
can
talk
about
an
hour
later-
victor-
is
providing
the
authentication
needed
for
the
google
for
gcp
right
to
to
his.
As
I
said,
I'm
not
sure
how
that
is,
and
what
we
can.
A
B
You
take
it
from
there
exactly
exactly.
I
have
it's
really
cube
right.
You
cannot
access
my
mini
cube
cluster
and
in
this
context
it
even
if
you
could
access
my
mini
cube
cluster.
I
would
never
let
you
do
that
because
you
shouldn't,
but
what
you
can
do
right
now,
if
you're
brave
here's,
the
here's,
the
repository,
if
you
want
to
change
my
me,
my
bricky
cluster
yourself,
let's
say
that
you
work
in
a
team
with
me:
go
to
this
repo
fork.
It
make
a
pull
request
and
change
anything
in
the
in
here's.
B
A
That
is
wonderful,
so
devops
paradox,
cross
plane.
Demo
is
the
repo
everybody
definitely
check
this
out.
I
would
start
it's
a
great
demo.
This
is
something
you
can
play
with
locally.
Just
like
victor
is
doing
right
now,
all
right
victor,
let
us
know,
what's
what's
the
status
of
things,
what
how
are
things
going.
B
B
B
A
Excellent,
I
love
it
yeah.
Let's
just
imagine
everything's,
okay,
we'll
just
sweep
that
under
the
rug
no
big
deal.
Okay!
Is
there
anything
else
you
wanted
to
share
while
we're
looking
at
this
victor
about
this
process?
What
you've,
seen
and
other
things
that
you,
you
really
feel
are
are
really
powerful
that
enable
you
to
either
with
your
with
your
current
team
or
that
you've
seen
with
other
teams
using
crossplane.
B
No,
that's
that's
about
it.
The
rest
is
more.
I
mean
there
are
many
great
features
of
crossplane,
the
ones
that
I
like
personally,
the
most
simply
that
it's
it's
a
kubernetes
definition
and
it
is
sinking
basically
the
desired
state
in
the
current
state
continuously.
So
I
can
whatever
happens,
will
be
corrected
basically,
but
by
crossplane.
So
those
are
the
things
I
like
the
most
now
there
are
composites
that
are
awesome.
A
So
there's
a
ton
of
questions
and
discussion.
I
love
this.
Thank
you.
Everyone
who
is
who's
chatting
we're
seeing
all
the
the
comments
across
all
the
platforms
that
you
are
using.
I
think
our
producers
will
probably
try
to
link
the
repo.
That's
the
github.com
devops
paradox:
crossplane
dash
demo,
repo
and
one
of
the
questions
here
is
around
giving
developers
the
ability
to
deploy
only
infrastructure
that
they're
allowed
to
like
hashicorp
sentinel.
How
would
we
manage
that
access?
I
think
that
access
would
be
managed.
A
B
B
And
in
this
specific
case,
since
I'm
lazy,
I
gave
myself
add
me
permissions
to
do
whatever
I
want,
but
those
permissions
could
be
limited
to
something
else
right,
but
now
that's
one
level
of
of
let's
say
control
that
you
can
have
another
one
which,
if
you
do
use
githubs
in
one
way
or
another,
as
you
mentioned,
the
permissions
are
who
can
create
a
pull
request
and
cooking
measure
pull
request?
That's
basically
the
the
how
you
control
things
and
who
can
review
that
pull
request.
B
And
finally,
we
have
we
could
introduce
opa
into
the
mix,
open
policy
agent
and
say:
hey
okay,
even
if
somehow,
after
all,
those
pull
requests
and
merges
and
confirmations
and
all
those
things
the
resource
get
gets
created,
doesn't
comply
with
certain
rules.
We
could
say:
hey,
you
can
create
the
gk
cluster
right
and
I
will
merge
your
pull
request,
but
opa
can
can
can
be
defined.
That,
for
example,
it
doesn't
allow
you
to
create
gka
resource
that
has
more
than
10
nodes,
just
to
say
something
right.
B
C
I
think
of
access
here
is
having
multiple
layers
that
you
can
sort
of
opt
into.
I
think
is
victor
touched
on
at
the
very
lowest
layer.
There
is
what
does
your
account
for
google
or
azure
or
aws?
Have?
What
is
your
service
account
and
permissions
to
the
cloud?
Then
you
tell
cosplain
somehow
to
use
that
service
account,
which
can
either
be
using
what
we
call
a
provider
config.
Like
victor
said,
you
basically
give
a
secret
that
has
credentials
in
it.
C
We
also
support
iam
based
authentication,
so
you
can
use
the
permissions
that
the
pod
that
runs
crossplane
has,
instead
of
giving
it
a
secret.
Then
once
you're
in
the
kubernetes
level,
you've
now
got
rbac
going
on,
so
you
can
actually
grant
our
back
access.
You
could
say
you
know:
mario,
has
access
to
make
gke
clusters,
but
victor
does
not,
or
vice
versa,
at
the
kubernetes
role-based
access
control
level,
which
is
basically
just
describing
verbs
that
people
can
do
to
resources.
C
Then,
as
victor
touched
on
before,
we
have
what
we
call
composition,
which
allows
you
to
basically
build
your
own
apis.
We
haven't
touched
on
this
much,
but
you
could
effectively
say
I'm
defining
something
called
my
great
acme
corp
kubernetes
cluster,
that
just
doesn't
have
machine
size
as
a
field.
That's
always
fixed,
so
that's
a
form
of
access
control.
C
Then
you
could
have
gatekeeper
and
just
you
know,
opa
anything
in
the
kubernetes
ecosystem
and
then
on
top
of
that,
you
can
go
up
to
your
git
repo
and
use
use
git.
As
a
mechanism.
You
know
only
certain
people
have
access
right.
So,
as
victor
points
out
just
the
fact,
this
is
all
built
in
the
kubernetes
ecosystem.
Just
gives
you
so
many
different
integration
points
and
levels
to
do
these
things
that
it's
super
flexible.
A
It's
layering,
there's
layers
by
which
you
can
choose
your
tool.
You
can
choose
your
process
and
you
can
implement
it
and
many
different
ways.
That's
what
I
love
about
kubernetes
and
the
community
here
there
there's
really
quick,
there's
a
quick
question
on
gke
autopilot,
daniel
magnum,
which
I
will
talk
a
little
bit
more
about
him
later
on
actually
did
a
live
stream,
adding
autopilot
a
week
or
two
back,
and
I
think
we
can
probably
link
that.
A
Possibly
if
we
can
find
that
nick
we
can
get
that
get
that
shared
out,
and
then
there
was
another
question
on
what
your
preferred
solution
is
for
secrets.
I
don't
want
to
go
too
much
down
rebel,
it's
a
little
bit
kind
of
tangentially
related.
I
think
everyone
has
different
needs
when
it
comes
to
handling
secrets.
There's
you
know,
vault,
there's
vietnamese
sealed
secrets,
there's
mozilla
sops,
which
I
have
had
pleasure
of
using
and
is
not
very
developer
friendly,
but
is
definitely
a
solution.
There's
a
lot
of
different
different
things
there.
A
I
don't
think
secrets
are
kind
of
the
key
thing
we
want
to
talk
about
right
now,
but
thank
you
for
bringing
that
up.
Someone
did
ask,
though,
and
I
think
they
just
were
getting
confused-
is
there
terraform
going
on?
Is
there
other
provisioning
code
going
on
here?
That
is
being
used
with
argo?
How
is
argo
deployed
things
like
that
is?
Is
what
what?
How
did
you
deploy
our?
How
did
you
set
up
argo
victor
and
what
was
the
was
the
process
for
that.
B
So
argo,
I
I
had
to
set
up
argo
myself
manually
in
this
case.
I
used
customize
to
do
it
right,
but
and
but
from
there
on
I'm,
not
managing
argo
anymore.
In
that
way,
it's
a
similar
thing
like
the
answer
to
how
you,
how
can
you
use
cross
plane
to
manage
a
cluster
where
cross
plane
is
running
same
thing
with
argos?
So,
basically,
my
goal
is
that
the
only
direct
interaction
I
have
at
least
bright
right
in
interaction
with
kubernetes
cluster
resistor
largo
and
tell
argo.
This
is
where
you.
B
A
C
I
want
to
chime
in
here
for
a
second
with
just
a
little
agenda.
I've
been
pushing
relating
to
aggressive,
I'm
gonna,
keep
saying
this
until
someone
from
the
community.
Does
it
so
you're?
Absolutely
right.
You
know
we.
We
have
a
cross-plane
helm
provider,
as
I
mentioned
before,
that
you
could
use
to
ask
cross-plane
to
declaratively,
go
install
argo
on
another
cluster
and
I
really
wish
we
had
an
argo
cd
provider
for
crossplane,
where
you
could
have
cross-plane
resources.
C
A
Exactly
everybody
watching
we
are
telling
you
you
can
do
this,
we're
giving
you
the
power.
It
is
in
your
hands.
So
there's
a
few
more
kind
of
discussion
here
around
secrets
a
little
bit.
One
question:
are
we
able
to
fully
replace
gitlab
pipeline
by
argo,
cd
or
argo?
Cd
is
dedicated
for
only
deployment
of
kate's
objects,
so
so
gitlab
is
kind
of
so
so
git
lab
is
git
right
and
so
again
we
could
do
this
with
any
git
repository
victory.
A
A
B
A
Yep
for
sure-
and
that's
what
I'm
thinking
as
well,
another
really
good
question
from
john:
what's
the
recommendation
around
provisioning,
the
initial
cluster
for
management?
So
should
we
say
that
we
have
a
management
cluster
that
these
configs
get
deployed
to
and
that
management
cluster
then
works
on
creating
other
clusters?
I
I
also
want
to
tell
john
here
a
little
bit.
I
think
I'm
not
sure
I
would
think
about
it
as
much
from
a
management
side
of
like
I
need
a
management
cluster.
A
I
know
there's
a
lot
going
on
with
cluster
api
and
a
lot
of
other
abilities
when
it
talk
when
we
think
about
how
do
we
just
manage
an
environment
of
clusters
as
as
cattle,
not
pets
right,
I
think
in
the
environments
that
I've
seen.
Of
course,
there
is
like
a
dev
and
a
sandbox,
and
there
might
be
like
all
of
these
five
or
six
different
environments.
A
What
I'm
thinking
more
so
cross-flame
being
is
that
a
controller
that
exists
in
all
of
these
environments
that
let's
say
we
need
a
resource
for
the
sandbox
environment?
The
way
we
would
create
that
resource
is
by
this
declarative,
kubernetes
resource
that
we're
that
we're
defining
right
and
the
the
object
probably
wouldn't
be
another
cluster
as
much
as
it
would
be.
A
A
developer
who
needs
a
redis
instance
that
is
an
aws
render
systems
or
an
elastic
cache,
would
be
an
example
or
needs
a
bucket
created
right
or
some
other
resource
a
database
right.
I
think
that
would
be
probably
the
most
common
use
case
and
and
nick
I'm
interested
here.
What
what
other
use
cases
have
you
seen?
Customers
have
and
do
they
kind
of
take
the
a
sense
of
like
we're.
Gonna
have
a
management
plan
and
we're
gonna
do
everything
there
and
that
will
manage
other
resources
or
do
they
do
it
more
co-located.
C
We
see
a
bit
of
both
there's
there's.
Definitely
many
of
the
people
who
come
to
cross
plain
are
already
enthusiastic
about
kubernetes
and
have
kubernetes
deployed,
so
it's
relatively
rare
to
have
people
come
to
crossland
more
and
more
these
days,
but
it's
relatively
rare
historically
to
have
people
come
to
crossfade
and
just
not
be
kubernetes
users,
so
for
a
lot
of
people.
The
path
of
this
resistance
is
I'll
help
install
crossblade
onto
my
existing
cluster
or
clusters.
C
C
So
you
can
just
go
and
spin
up
a
cluster
that
does
nothing
but
run
crossplanes
separately
and
we
see
people
doing
that
as
well.
Plug
for
my
company,
upbound
cloud
abound.
Upbound
cloud
has
a
great
system
to
go
and
run
your
own
crossblades.
You
can
just
go
to
our
cloud.bound.io
and
click
a
button
to
get
across
plane
and
start
playing
with
this,
and
in
that
case
you
know,
there's
no.
C
C
A
C
C
A
C
This
this
feels
like
something
that
someone
from
the
crossland
community
has
asked,
because
that's
a
very
on
point,
deep
question
in
in
kubernetes:
there's
there's
a
big
document
called
kubernetes
api
conventions
that
sort
of
talks
about
how
you
build
custom
resources
and
one
of
the
things
that
they
recommend
is.
If
you
need
to
refer
to
something
else,
use
a
reference
and
that's
what
we
do.
We
call
them
cross
resource
references.
C
So
quintessential
is
an
example
of
this
that
that
was
one
of
the
first
things
we
solved
was
azure
databases.
Actually.
Does
this
really
cool
thing
where,
when
you
deploy
a
sql
database,
it
doesn't
allow
any
traffic
by
default.
You
need
to
go
and
create
the
file
rule
to
just
use
your
database
at
all,
and
the
firewall
rule
has
to
declare
what
database
do.
I
apply
to
so.
C
Different
ways
for
any
any
reference
to
another
resource
in
this
case
where
the
firewall
rule
needs
to
reference
the
database
it
applies
to
you
can
either
just
give
it.
The
name
of
the
database
in
azure
database
doesn't
even
need
to
be
managed
by
crossplane.
You
can
just
say:
hey,
I
tell
you,
there's
a
database
file
rule
please
go
apply
to
this.
You
can
give
it
a
reference
to
the
database
in
kubernetes,
so
you
can
say:
hey
I'm
managing
my
database
in
kubernetes
using
crossplane.
C
C
Please
go
apply
to
a
database
that
is
big
and
on
the
east
coast
rather
than
specifically
that
database,
and
the
nice
thing
here
is
that,
unlike
other
infrastructure
code
tools,
that
sort
of
build
a
giant
graph
of
these
things,
and
do
it
all
step
by
step
because
we're
continuously
reconciling
we
can
just
keep
trying.
So
you
know,
even
if
you
say
hey,
I
refer
to
a
thing
that
doesn't
actually
exist.
It
doesn't
matter
when
it
does
exist.
Cross-Platform
before
the
reference
gets
resolved,.
A
A
We'll
have
to
share
the
link
to
that
tweet
to
stay
semi
on
topic.
Do
the
xrps
and
and
kind
of
what
you
just
discussed,
kind
of
also
work
in
the
same
plane,
for
we
need
to
get
outputs,
so
instance
urls
or
resources
and
buckets,
and
things
like
that,
so
like,
for
instance,
access
and
secret
keys.
If
we
were
creating
an
im
resource.
C
C
Of
this
thing,
so
we
take
those
and
we
put
them
in
in
the
status.
So
that's
that's
interesting,
but
it's
kind
of
hard
to
refer
to
the
status
of
something
you
can't
tell
a
deployment
to
go
and
easily
read
the
status
of
an
object.
So
you
can
look
at
it
with
your
human
eyes
and
see
you
know
what
region's
in
or
whatever.
So
the
other
thing
that
we
do
is
we
optionally
for
any
resource.
We
have
a
field
called
write
connection
secret
to
ref
and
that
allows
you
to
just
name
a
secret
and
we'll
output.
C
A
C
We
we
follow
pretty
closely
the
kubernetes
versioning
semantics,
so
crossplane
crossplan
is
architected
real,
quick
as
crossplank
core,
which
supports
composition
and
what
we
call
a
package
manager,
which
is
a
quick
declarative
way
to
install
providers.
Providers
are
what
give
you
functionality
for
each
each
thing.
So
if
you
only
use
google,
you
can
install
a
google
provider,
you
don't
need
to
have
aws
crd
sitting
around
all
that
kind
of
stuff,
so
crossplane
core
is
all
actually
already
at
v1
crds.
C
So
you
don't
really
have
to
worry
about
us,
making
breaking
changes
there
for
a
long
time,
we'll
only
make
backwards,
compatible
changes
until
v2
the
providers,
mostly
the
providers,
are
mostly
a
mix
of
alpha
one
and
beta
one
resources
like
kubernetes
when
something
hits
beta
one,
it's
a
pretty
serious
contract
for
us,
so
we
effectively
don't
make
breaking
changes
for
beta
1
resources.
Unless
there's
you
know,
there's
some
edge
cases,
but
we
always
never
make
breaking
changes
to
those
things
we
never
have
so
far.
C
As
far
as
I'm
aware
so,
you'll
be
able
to
go
from
those
beta
1
to
v1
and
honestly
they'll,
probably
the
same
schema
you'll,
probably
be
able
to
just
change
the
beta
1
to
v1
in
your
thing
and
it'll
work.
Alpha
1
is
where
the
risk
is.
Folks
should
be
aware
that
if
you're
going
in
and
using
alpha
1
resources
that
we
don't
offer
a
contract,
we
might
just
make
a
breaking
change
on
those
on
one
day.
If
we
need
to
we've,
we've
got
a
fairly
we've
got
our
patterns
established
so
usually.
C
Lands
in
alpha
one
and
there's
no
big
breaking
changes
these
days.
If
you
did,
there
is
a
path.
It's
a
little
bit
painful,
but
cross
plane
can
adopt
existing
cloud
resources.
So
what
you
can
do
is
you
can
delete
an
alpha
one
resource
when
you
delete
it,
you
can
set
its
deletion
policy
to
orphan,
which
means
we'll
delete
the
custom
resource.
That'll
be
gone
from
kubernetes,
but
the
thing
in
the
cloud
will
still
exist.
C
A
It's
a
little
bit
manual,
but
there
is
a
path.
It
is
possible
sure
that
is
really
good
to
hear.
I
didn't
even
think
there
was
a
path
to
do
that.
I
thought
you'd
just
be
in
the
dark
woods
by
yourself
alone
at
night,
it'd
be
scary,
you
wouldn't
know
what
to
do.
Someone
had
a
question
around
cross,
referencing
and
enforcing
dependencies
between
different
resources,
ie
and
s3
bucket
to
you
know,
route
53
record
with
kubernetes
objects
and
yaml
validation
compared
to
something
like
terraform.
A
I
don't
want
to
get
too
much
into
terraform
here,
there's
another
question
too,
and
he
plans
to
support
terraforms
hcl,
the
hashicorp
language,
to
ease
migration
nick.
What
are
your
thoughts
like?
What
are
what
are
we
seeing
in
terms
of
customers,
people
that
are
trying
to
leverage
this
that
literally
have
tons
of
terraform
right
that
that's
every
organization
I've
ever
been
in?
There's
almost
you
know
one
engineer,
full-time
writing,
terraform
our
organization's
thinking,
like
you
know,
do
you
can
you
help
me,
make
migration
easier?
Are
they
starting
from
scratch?
C
C
Terraform
has
a
kubernetes
provider.
So
one
integration
point
is:
you
can
actually
use
terraform
as
an
interface
to
cross-plate.
You
could
use
terraform
if
you
prefer
hcl.
Let's
say
you
can
write
hcl
that
goes
in
outputs,
these
cross-plating
animals
and
sort
of
get
a
terraform-like
interface
to
this
sort
of
consistent,
self-healing
sort
of
reconcile
process.
C
That
crossblade
has
another
thing
that
we're
doing
is
we
actually
have
a
couple
of
providers
that
are
generated
using
terraform,
so
you
basically
point
a
tool
at
a
terraform
provider
we'll
make
a
cross-plane
provider
from
it.
The
first
one
that
we've
shipped
recently
that
I
think
dan
and
my
other
co-worker
casey
just
did
a
live
stream
about
is
the
vmware
vsphere
provider.
That's
actually
the
crossplane
provider
is,
is
an
abstraction
on
top
of
the
terraform
provider.
C
C
B
Victor
correct
me,
nikki
if
I'm
wrong
right,
but
both
plane,
if
you
take
let's
say
gcp
same
applies
to
aws
in
azure,
both
crossplane
and
terraform
are
have
syntax
that
is
based
on
the
same
api,
which
is
api
of
the
provider.
It's
almost,
I
mean
at
least
I
made
my
conversions
just
by
changing
the
syntax.
I
took
terraform
changed
few
lines
and
then
replaced
equals
with
colon,
because
it's
yummle
and
not.
B
C
Right
they
they've
taken
and
a
lot
a
lot
of
folks
do
this.
You
know
cloud
formation
is
similar,
they're,
they're,
very
wise,
and
I
think
some
of
the
people
working
across
plane.
We
call
this
high
fidelity
right.
You
want
to
take
the
cloud
provider
api
and
you
want
to
make
your
representation
of
that
api
as
close
as
possible.
You
don't
want
to
innovate,
you
don't
want
to
have
opinions,
because
then
anything
someone
can
do
with
the
cloud
they
can
do
with
your
resource
and
you.
C
Want
to
innovate
and
have
opinions,
they
can
use
composition
in
cross
plane
to
like
build
their
own
different
thing
on
top
of
it
that
sort
of
outputs
what
they
needed.
That
matches
a
cloud
so
and
you
know
being
in
the
being
in
this
sort
of
infrastructure
management
game.
We
see
people
come
to
cross
lynch
to
slack
who
are
like.
I
really
am
excited
about
cosplaying,
but
I
hate
yaml
and
I
love
hcl
and.
A
Absolutely
we
needed
another.
This
was
fantastic
and
we
needed
another
session
on
crossplay.
This
is
great.
The
questions
are
great.
I
think
we
did
the
best.
We
could
answering
everything
we're
at
time.
I
just
want
to
make
one
last
mention
we
mentioned
daniel
magnum.
He
is
a
driving
force
of
at
least
myself
and
many
others.
I
know
that
are
understanding
what
crossplane
does
getting
involved.
I'm
looking
at
his
twitter
right
now,
crossplane
community
day,
europe
is
happening.
It's
I
believe,
a
day.
A
Zero
event
may
4th
with
kubecon
eu
that's
coming
up
here
in
may,
and
I
hope
everyone
has
registered
for
that.
That's
going
to
be
virtual
and
then
there's
also
a
kubernetes
podcast,
which,
if
you're
not
tapped
in
the
kubernetes
podcast,
you
need
to
need
to
get
in
that.
It's
from
google
there's
an
interview
of
of
daniel
on
crossplane
talking
about
a
lot
of
these
pieces
that
we've
mentioned
here
today.
I
strongly
urge
everyone
to
to
check
it
out.
I
think
we'll
try
to
provide
all
the
links
that
we
can.
A
I
want
to
thank
victor
and
nick
for
joining
us
today.
I
want
to
thank
the
cncf
for
putting
this
on.
This
was
amazing.
Crossplane
is
for
me
the
way
that
we
modernize
and
help
developers.
We
help
self-service
them
to
allow
them
to
get
the
things
they
need,
so
they
can
keep
moving
without
the
all
the
complexity
in
getting
there
right.
This
is
how
sre
teams
can
can
move
faster
and-
and
it's
just
it's
wonderful,
so
thank
you
everybody
for
joining
today.
My
name
is
mario
signing
off.