►
Description
Don't miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from 18 - 21 April, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A
Hello,
thank
you
for
watching
this
presentation.
I'm
Sergio,
concatenos
I'm,
the
proud
leader
for
Monaco
here
in
cubeshop,
I'm
gonna,
be
talking
today
about
implementing
tool
chains
in
the
cloud
native
area.
A
Kubernetes
has
a
wide
spectrum
of
tool,
there's
more
than
2
000
tools
that
you
can
use.
We
think
of
kubernetes
as
one
thing,
but
actually
there's
a
lot
of
components
in
different
places
that
need
to
be
put
together
and
that's
the
reason
why
you,
you
have
so
many
certified
distributions
and
you
can
have
different
ways
of
doing
the
same
thing.
What
we
know
is
that
writing
configuration
for
application
in
kubernetes
is
a
complex
process
and
it's
prone
to
arrows.
A
We
know
that
security
concerns
is
low
on
delay
rollouts
in
the
last
Red
Hot
state
of
security
of
kubernetes
2022,
53
percent
of
the
respondents
were
actually
doing
that
and
in
the
same
survey,
93
percent
has
encountered
some
security
incidents
in
their
kubernetes
environment.
In
the
last
12
months.
Only
it's
seven
percent
didn't
have
any
problem
wide
at
least
53
percent
we're
having
misconfigurations
in
the
configuration
so
being
able
to
understand
what
you're
deploying
and
how
to
configure
it.
A
A
Why?
Because
there
are
many
ways
of
provisioning
components
and
connecting
them.
For
instance,
you
can
use
a
database,
internal
or
external
to
kubernetes
itself
and
that's
very
good
ways
of
connecting
your
application
to
your
database
and
making
it
persistent.
For
instance,
you
could
use
another
proxy
in
a
sidecar
container
or
you
can
connect
the
other
three
to
your
database
using
an
IP
address
that
you
need
to
somehow
use
inside
your
application.
A
Also,
we
know
that
there's
only
a
few
uses
in
change
steam
that
are
experts
in
kubernetes
human
attack
with
marketing
studied
in
2022,
was
saying
that
and
in
our
conversation
with
users
we
know
is
the
same.
That
has
two
problems.
The
first
one
is
the
operation
Engineers
that
know
how
to
deploy
and
create
the
configuration
required.
It's
a
bottlenecks,
so
all
the
people
will
have
to
ask
the
channel
Guru
to
know
how
to
do
the
things.
A
The
other
thing
is
because
it's
so
complex
you
can
mess
it
up
in
so
many
ways
that
even
the
people
that
know
how
to
do
this
will
stop
and
will
be
scared
of
making
mistakes,
and
so
that
comes
again
to
the
additional
lead
times
and
to
the
bottlenecks
of
the
actual
devops,
Ops
or
platform
engineers,
and
that's
a
problem,
because,
when
you're
faces
with
a
bottleneck-
and
you
have
somethings
as
complex
as
kubernetes
to
tent
up
to
make
the
minimum
possible
so
copy
and
paste
from
the
internet
reusing
some
other
configurations,
I
think
that
we're
seeing
a
lot
and,
let's
not
forget
that
kubernetes
itself
evolve
so
there's
deprecation
of
apis
with
each
version.
A
So
it's
few
months
you
will
have
to
review
and
you
will
have
to
take
into
account
all
the
changes
that
have
happened
in
the
last
version
of
kubernetes
and
in
some
cases,
big
things
get
deprecated
of
new
solutions
that
are
more
flexible
and
more
performance
are
out
there.
So
it's
good
for
you
for
your
cost
or
for
your
business
to
have
all
of
that
in
your
mind,
so
there's
a
lot
of
tools,
but
we
know
there's
some
tools
that
you
must
use.
A
The
first
one
is
kubernetes
itself
all
the
con.
The
configuration
in
kubernetes
is
written
down
in
manifest
they
are
Json
or
jaml.
Even
those
some
tools
use
other
versions
like
jsonet,
but
what
the
kubernetes
Manifest
to
is
that
they
specify
the
desired
state
of
an
object.
So,
instead
of
telling
the
steps
to
do
to
do
something
to
do
a
task,
what
you
tell
kubernetes
is
what
is
the
desired.
A
Final
stats
and
kubernetes
will
make
everything
in
possible
to
change
the
state,
the
actual
estate
to
the
state
Define
as
the
side
state,
you
can
have
different
manifest
in
a
configuration
file
or
you
can
have
one
manifest
in
each
configuration
file.
In
any
case,
that
many
version
of
many
ways
you
can
manage
that
Manifesto
use
any
place,
but
specifically
I'm,
going
to
be
talking
about
a
couple
of
things
that
every
single
instance
of
kubernetes
normally
have
the
first
one
is
Helm
and
Helm.
A
Helm
is
really
important
because
most
of
the
third
party
content
it's
available
right
now
in
as
a
Helm
chart
and
is
distributed
using
home
repositories
or
OCA
based
Registries,
but
normally
anybody
has
use
or
it's
going
to
be
using
help
in
the
future,
because
that's
the
easiest
way
to
use
deploy
applications.
Of
course,
there's
other
Advanced
use
cases
like
operators,
but
how
we
have
found
is
mostly
used
in
most
deployment,
because
it's
really
really
easy
to
use.
A
Helm
sums
the
problem
with
stalling
and
updating
applications,
but
sometimes
you
need
to
customize
that
their
labels
use
them.
Different
configurations
are
different
if
you
are
in
a
production
environment
that
you
are
in
a
development
environment,
so
there's
an
alternative
that
is
actually
part
of
cube
cuddle
that
is
called
customize
and
customize
what
it
does
said
to
have
an
atom
plating
environment.
What
it
does
is,
gets
the
based
manifest
and
it
will
changes
what
it's
called
overlays
or
patches.
Just
basically
get
your
base
manifest,
and
it
will
apply
a
patch.
A
We
will
modify
it
adding
or
changing
the
values
inside
to
produce
the
final
manifest
that
I
deploy
that
it's
very
powerful
because
you
don't
have
an
additional
extraction.
Even
though
you
need
to
know
how
to
do
the
modifications,
but
with
a
few
files
you
can
easily
deploy
different
configuration
in
one
environment
or,
in
the
other,
audio
can
add
the
configuration
and
the
data
that
you
are
missing
or
you
have
to
enforce
when
you're
doing
that.
A
Actually
help
and
customize
can
be
used
together.
So
if
you
think
of
the
application
as
the
package
of
the
application
and
the
Manifest
the
resources
inside
it
their
configuration
of
all
the
environment
variables,
that's
really
fits
into
hell,
because
that's
something
that
you
know
beforehand,
that
you
can
Define
in
a
values,
file
and
all
the
different
aspects
of
this
and
then
deploy
it.
But
also
many
times
you
have
the
runtime
configuration
like
security
context
or
the
seal
Security
application
needs,
and
for
that
customize
is
actually
the
best
place
to
do.
A
Actually,
that
is
so
true
that
tools
like
flux
or
Argo
include
ways
of
using
Helm
and
customize
in
their
workflows,
and
if
you
are
using
Cloud,
you
mostly
are
will
be
using
continuous
development,
because
if
you
want
to
get
all
what
the
clouds
offers
you
as
a
business,
you
need
to
be
able
to
deploy
easy
and
you
need
to
be
able
to
scale
and
change
the
application
as
soon
and
as
fast
as
possible,
and
that's
the
other
tool
that
you
should
be
doing
or
you
must
be
using.
That
is
one
continuous
deployment
tool.
A
Some
of
them
are
all
the
old
time.
All
these,
like
Jenkins
but
argon
flux
are
are
great
for
kubernetes
because
they
are
kubernetes
native,
they
have
been
designed
and
they
work
flawlessly
inside
kubernetes
and
with
kubernetes,
and
all
of
that
at
the
end
is
going
to
be
supported
by
jit
and
g-tops.
That
is
also
a
huge
trend
in
the
market.
A
Is
this
enough,
of
course
not
which
said
there
was
2
000,
there's
a
lot
of
components
that
has
not
been
defined
in
kubernetes
and
you
need
to
choose
by
yourself
talk
about
Hellman
customized,
but
in
order
to
deploy
something
using
continuous
deployment,
you
need
to
create
a
container
tools
like
build
packs
allowed
you
to
automatically
create
the
containers
or
Builder.
It's
another
alternative
for
that,
but
also
because
there's
so
many
pieces
in
kubernetes.
Some
other
people
prefer
to
go
to
instructions
and
Define
application
in
a
high
ground
structure.
A
A
We
talk
about
argon
flux
for
continuous
deployment,
but
also
you
need
to
do
things
like
testing
and
if
you
want
to
continue
deploy
something,
it
is
well
done.
If
you
think
of
testing
it
before
you
deployed
automatically
to
like
test
Cube
or
k6,
allowed
to
do
testing
and
allowed
to
do
everything,
you
need
to
make
sure
that
your
tests
are
running
as
close
as
production.
As
possible,
the
small
pieces
that
you
need
to
Define
how
storage
is
going
to
work?
A
How
do
you
use
long
color
as
you're
using
Rook
how
you're
going
to
connect
to
your
network
cni
all
versions
of
network
connectors,
psyllium,
whatever
you
do,
there's
a
lot
of
decisions
that
will
impact
how
your
application
grow
behave,
scale
and
work
with
networking.
Let
me
tell
you:
networking
is
a
huge
problem
when
you
go
to
distribute
the
system,
because
it's
underlined
underpins
everything
you're
doing
so,
any
problem
with
networking
will
mostly
become
a
problem
with
the
storage
communication
services
and
everything
that
is
there.
A
In
many
cases,
as
we
said,
you
can
work
to
make
your
environment
more
secure
and
kubernetes
out
of
the
box
is
not
secured
by
default,
but
you
can't
use
specific
version
of
kubernetes
and
you
can
install
pieces
that
will
make
those
things
work
better,
like
open
policy
agent
on
kevverno
to
make
sure
that
dump
some
policies
that
are
being
used
in
your
environment
or
things
like
third
manager
that
will
automatically
create
and
upgrade
your
certificate.
A
There
are
more
things
around
Prometheus
for
historical
for
historian
metrics
flying
D,
to
store
logs,
open
Telemetry
to
know
what
your
application
is
behaving
on
the
different
steps
or
Crush
plane
to
communicate
or
your
kubernetes
cluster
to
third-party
services.
There's
a
lot
of
decision
to
maintain,
but
anything
you
do.
A
You
need
to
take
into
accounts
and
steps
to
make
sure
that
you're
taking
the
right
decision
and
everything
is
working
at
inspected.
So
first
design
it
to
fit
to
your
development.
Workflow.
Don't
try
to
go
around,
don't
try
to
get
other
things.
It's
it
has
to
be
something
used.
You
don't
want
your
developers
going
away
of
the
workflow
to
be
able
to
use
any
of
the
tools
you
choose
in
many
cases.
That
means
forgetting
about
that
tool
that
everybody
likes,
because
it
doesn't
adjust
to
your
specific
workflow
and
what
your
company
needs.
A
Another
thing
is
helping
them
well,
we
know
that
not
all
developer
are
kubernetes
experts,
so
reduce
their
cognitive
loads
use
tools,
use
things
that
will
basically
reduce
the
cognitive
load
will
put
what
they
need
to
take
the
decision
that
will
reduce
the
number
of
decisions
they
have
to
do
related
to.
That,
of
course,
is
automation.
A
Is
there
something
that
is
core
to
the
developer,
then
let
them
do
it.
Is
that
something
that
it's
a
task
that
they
don't
really
need
for
the
day-to-day
work,
automated
and
automating?
That
is
going
to
help
them
both
taking
out
something
they
need
and
just
making
sure
it's
always
executed
in
the
pesos
way.
Even
though
automation
itself
is
a
huge
task,
the
other
thing
is
take
into
account
that
you're
going
to
scale
your
tiny
application
is
going
to
become
more
complex
as
your
application
grows
and
kubernetes.
A
All
your
tools
and
all
your
services
there's
something
some
always
things
that
you
didn't
take
into
account
at
the
beginning
or
things
that
you
need
think
about
third-party
tools
for
support
or
billing
or
any
of
the
tasks
that
you
know
you
will
be
needing,
but
they
don't
make
any
sense
either
because
they
are
a
SAS
and
you
need
to
call
it
outside
or
because
they
don't
belong
into
a
kubernetes
environment.
I'm
happy
to
say
that
almost
everything
can
be
deployed
then,
but
not
100
of
the
workloads
can
be
in
kubernetes
and,
of
course,
make
security.
A
A
And
traditionally
what
happened
is
that
you
had
a
lot
of
tools
to
do
this
BS
code
IntelliJ,
you
have
a
lot
of
sources
of
information
that
allows
you
to
Define
what
is
going
to
happen,
but
the
first
thing
you
need
to
understand
is:
what's
going
on
what
it's
actually
in
your
environment?
Can
you
know
the
details?
A
Can
you
know
what
is
working
because,
as
we
said
before,
because
you
are
running
into
a
continuous
deployment
pipeline
most
of
the
cases
or
because
you
basically
manually
change
something
knowing
exactly
what
you
have
in
your
cluster
is
not
a
straightforward
tool,
a
task.
In
many
cases
you
have
to
go
on
deep
into
detail
to
understand
what
happened
and
in
a
world
where
a
lot
of
people
do
copy
and
paste
from
stack,
Overflow
or
from
any
other
place.
This
is
a
great
thing
to
have
some
tool
that
allows
you
to
inspect.
A
The
second
is
because
you
change
something
you
something
breaks.
You
want
to
know
why
and
having
a
history
of
what's
having
happening
and
being
able
to
go
back
and
compare
and
know.
What's
going
on,
it's
something
very
important
and
of
course
right
now,
almost
everybody
used
it
or
some
jit
based
tool,
but
any
SVN
any
any
Source
control
system
is
going
to
help
you
do
it.
There's
one
thing
here
is
that
when
you
compare
the
history,
normally
you
compare
the
configuration
files,
but
that
doesn't
mean
you
can
compare
directory
what
they
mean.
A
A
configuration
file
will
basically
create
resources.
What
you're
trying
to
compare
is
those
resources,
not
the
configuration
file
and
in
some
cases
like
when
you're
using
customize,
that
can
be
different
than
you
expect,
because
customize
can
go
and
modify
the
things
after
you
do
that
if
you
can
go
and
generate
information
that
is
valid
the
first
time
that
will
be
optimals.
A
A
How
can
you
speed
that
use
templates
dedicate
time
to
select
the
right
tools?
The
tools
that
you
need
use
some
editor
there's
a
lot
of
editor
available.
Monocle
is
one
of
them,
of
course,
that
is
kubernetes
aware
and
can
help
you
to
reduce
cognitive
load
and
make
things
easier
and
use
a
standard
like
helmet,
customize,
there's
other
tools,
there's
always
new
tools.
Coming
to
the
market
stating
that
they
can
reduce
the
stress
and
the
cognitive
load
needed
with
a
new
instruction
that
is
easier
to
use
in
a
lot
of
cases.
A
That's
true
and
having
a
new
tool
will
basically
make
easier
the
work
of
many
people,
but
in
many
cases
that
will
introduce
additional
complexity,
not
at
the
beginning,
in
the
shiny
path.
But
at
the
moment
you
have
to
debug
something
you
will
have
to
go
back
to
helm
and
customize
on
on
the
Manifest,
and
you
will
need
to
understand
how
government
this
is
working.
A
So
don't
think
that
any
of
those
tools
will
take
out
the
burden
of
knowing
what's
going
on,
but
they
will
reduce
the
burden
of
defining
it
in
a
way
that
makes
sense,
check
everything
and
you
see
ICD
tools.
So
it's
completely
automatic
and,
of
course,
always
verify
that
what
you
have,
after
all,
the
tool
chains
and
all
the
steps
taken
to
deploy
is
exactly
what
you
were
expecting
in
production.
A
I,
hope
this
helps
you
and
I
helped
you.
You
have
thought
of
new
things
and
new
ways
of
improving
your
deployments
and
your
configuration
and
your
tool
sets
thanks
for
listening.
You
can
find
us
in
our
Discord
or
indeed
Hub.
You
can
go
to
our
web
page.
There's
a
lot
of
conversational
ideas.
We
will
love
to
have
with
you,
so
good
luck
and
I
hope
I
see
you
soon.