►
From YouTube: Cloud Native Live: Enhance your GitOps Experience
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone
welcome
to
cloud
native
live
where
we
dive
into
the
code
behind
cloud
native,
I'm
annie
thomastow
and
I'm
a
cncf
ambassador
as
well
as
a
senior
product
marketing
manager
at
camunda,
and
I
will
be
your
host
tonight.
So
every
week
we
bring
a
new
set
of
presenters
to
showcase
how
to
work
with
cloud
native
technologies
and
they
will
build
things
and
they
will
break
things
and
they
will
answer
all
of
your
questions
so
join
us
every
wednesday
to
watch
live
so
this
week.
A
We
have
two
amazing
speakers
here
with
us
to
talk
about
enhancing
your
git
ops
experience
with
flux
tools
and
extensions,
and
as
always,
this
is
an
official
live
stream
of
the
cncf
and
as
as
such,
it
is
subject
to
the
cncf
code
of
conduct.
So
please
do
not
add
anything
to
the
chat
or
questions
that
would
be
in
violation
of
that
code
of
conduct.
Basically,
please
be
respectful
of
all
of
your
fellow
participants
as
well
as
presenters,
but
now
I'll
hand
it
over
to
the
speakers
to
kick
off
today's
presentation.
B
B
Okay,
so
I
don't
know
if
y'all
can
see
my
screen
yet
I
was
just
going
to
talk
a
little
bit
about.
We
works
real
fast.
Okay,
so,
like
we
said,
we
both
work
at
wefworks
and
all
the
tools
we're
going
to
show.
You
today
are
open
source
tools
that
are
created
by
weworks
to
enhance
your
flex
experience.
B
So
we've
works
is
founded
on
open
source.
We've
donated
a
few
projects,
including
flux
to
the
cncf,
and
we
are
the
get
ops
company.
Our
ceo,
our
ceo,
alexis
richardson
coined
the
term
back
in
2017
and
we've
been
helping
devops
teams
with
their
cloud
native
journey
ever
since.
So
that's
a
little
bit
about
us
and
I'm
going
to
talk
a
little
bit
about
what
is
get
ops
if
you
are
not
familiar
with
it,
so
get
ops
is
a
sorry
get.
B
Ups
is
an
operating
model
for
cloud
native
applications
such
as
kubernetes,
it
utilizes
a
version
controlled
system
most
commonly
get
as
the
single
source
of
truth.
It
enables
continuous
delivery
through
automated
deployment,
monitoring
and
management
by
a
version
controlled
system.
B
You
manage
your
infrastructure
and
applications
declaratively,
and
there
is
a
an
awesome
group
called
the
get
ops
working
group
and
they
manage
this
site
called
opengetops.dev,
and
in
here
you
can
find
a
lot
of
information,
including
the
get
ops
principles
that
were
developed
by
talking
to
a
lot
of
users,
and
so
these
are
kind
of.
If
you
don't
meet.
All
of
these,
don't
think
that
you
can't
be
using
get
ops
right
away.
B
These
are
kind
of
just
what
it
should
be
in
an
ideal
state,
so
you
can
get
started
using
it
and
then
add
some
of
these
in
later
too.
The
first
one
is
that
a
system
managed
by
get
ops
must
have
its
desired
state
expressed
declaratively.
B
The
second
is
desired.
State
is
stored
in
a
way
that
enforces
immutability
versioning
and
retains
a
complete
version.
History.
Software
agents
automatically
pull
the
desired
state
declarations
from
the
source.
So
something
like
flux
like
we're
going
to
be
talking
about,
and
then
software
agents
continuously
observe
actual
system
state
and
attempt
to
apply
the
desired
state.
So
you
get
away
from
things
like
configuration
drift
and
because
things
are
written
declaratively.
B
Including
increased
developer
and
operational
productivity,
enhanced
developer
experience,
you
know
getting
away
from
manual
steps.
You
maybe
aren't
there
on
a
weekend
with.
If
someone
did
something
wrong
manually
and
you
can't
trace
what
was
done,
there's
an
improved
stability,
there's
higher
reliability,
there's
consistency
and
standardization
and
stronger
security
guarantees
as
well.
So
that's
a
little
bit
about
get
ops.
B
What
we
are
going
to
be
talking
about
is
flux,
and
this
is
the
repo
for
flux
and
basically,
what
flux
is
is
it
is
a
set
of
kubernetes
controllers
and,
if
you're
not
familiar
with
the
concept
of
a
controller
in
kubernetes,
it
handles
the
life
cycle
of
objects.
What
should
be
done
when
an
object
is
created,
deleted,
updated,
etc?
B
And,
let
me
sorry
scroll
down
so
it's
a
tool
for
it's
a
get
centric
package
manager
for
your
applications
and
it's
a
set
of
continuous
and
progressive
delivery
solutions
for
kubernetes.
It's
built
with
kubernetes
in
mind,
with
a
lot
of
the
tools
that
are
already
existing
in
kubernetes.
So
it's
really
just
kind
of
drops
in
place
in
your
already
existing
ecosystem
very
easily
and
it
really
reduces
developer
burden
because
it
removes
the
need
for
manual
deployment
processes.
You
don't
have
to
worry
about
being
on
the
right
cube,
control
version.
B
C
B
A
star
for
sure
we'll
we'll
drop
a
link
to
these
as
well.
Okay.
So
one
thing
I
want
to
mention,
because
I'm
going
to
be
doing
a
demo
of
for
to
show
the
first
one
is
we're
going
to
show
weave
get
ups,
which
is
a
ui
that
you
can
put
on
top
of
your
flux,
installation
that
you've
already
bootstrapped
and
yeah.
B
So
it's
a
dashboard
web
ui
and
then
we're
gonna,
show
and
and
to
install
that
we're
actually
gonna
be
using
a
home
chart
which
is
exciting
to
be
able
to
show
how
easy
it
is
to
set
up
a
home
chart
with
flux
as
well,
and
then
I'm
going
to
be
using
the
vs
code
extension,
which
is
a
really
new
feature
as
well,
and
I'm
going
to
show
that.
B
So
that's
what
I
want
to
start
with,
just
to,
because
you're
going
to
be
seeing
me
use
it
in
vs
code
even
to
set
up
the
we've
get
ups
ui.
So
you
can
find
it
in
here.
This
is
our
new
vs
code
extension.
It
is
still
being
updated
and
stuff.
So
if
you
do
notice
anything
when
you're
using
it
just
let
us
know
feel
free
to
give
us
feedback,
we
love
that
kingdom
actually
works
on
it.
So,
yes,.
B
Yeah,
so
if
you
do
use
it,
please
please
let
us
know
what
you
think
and
we're
happy
to
like
we're
constantly
making
changes
as
well.
So
all
right
so.
B
Let's
go
ahead
and
do
this
so
I'm
gonna
open,
yes
code,
so
I
already
me
back
up
for
a
second.
I
already
went
ahead
and
created
a
kind
cluster
and
one
second,
sorry
yeah.
So
I
created
a
kind
cluster
and
I
did
it
ran
a
bootstrap
command.
So
there's
a
flux
has
a
cli
and
it's
really
awesome
super
user
friendly,
very,
very
helpful
as
well.
B
C
I
think
it's
just
the
video
quality,
I'm
not
sure
if
it's
your
internet
or
if
there's
anything.
B
And
I'll
try
to
like
scroll
slow
if
it
if
that
helps
too
okay,
so
this
is
the
command
I
ran
earlier.
This
flux,
bootstrap
command
and
oh
more.
C
And
this
is
from
the
getting
started
guide
if
you
follow
the
get
started
with
flux
guide
on
our
flex,
cd
docs
that
was
pointed
out
earlier.
This
will
get
you
through.
These
are
the
basic
things
that
we
usually
show
in
every
presentation
right
we're
going
to
skip
over
some
of
these,
because
we've
got
a
lot
to
cover
in
more
advanced
topics.
B
Yeah
so
yeah
it's
what
this
bootstrap
command
is
doing
is
if
the
repository
doesn't
exist.
So
in
this
case
I'm
saying
cncf
demo
under
my
my
github
and
so
what
it's
going
to
do.
If
the
repository
doesn't
exist,
it's
going
to
create
it
and
okay
cool
and
if
it
does
exist,
then
it's
fine
it'll,
just
what
it
bootstraps
into
it.
So
what
that
means
is
it
installs
the
flux
components,
but
it
also
puts
all
those
files
into
that
repo.
So
I
can
show
that
real,
quick.
C
B
Yeah,
so
what
that's
done
here
is
it's
created
three
different
files
in
here,
but
the
first
one
is
this
geotk
components,
and
so
this
is
creating
the
flux
system.
Namespace.
That's
the
default
name
space
that
everything
gets
put
in
all
those
controllers
that
I
mentioned
earlier.
Things
like
cluster
role,
bindings,
anything
that's
needed
for
flex.
All
of
those
manifests
are
in
here
and
then
in
the
gtk
sync,
the
way
that
flux
works,
the
there's
multiple
controllers,
one
being
the
source
controller
and
the
source
controller
is
actually
listening
to
a
source.
B
In
this
case,
it's
a
git
repository
source
and
you
can
have
different
things
like
a
helm,
repo
source,
there's
multiple
different
sources,
but
in
this
case,
get
repo
source
and
you
tell
it
the
url
and
what
it
does
is
every
minute.
B
In
this
case
it
goes
and
checks
for
any
art
manifests
that
are
there
and
it
pulls
those,
and
then
the
customization
controller
actually
goes
in
and
applies
those
manifests,
and
in
this
case
it's
going
to
apply
it
in
a
10
minute
interval
sync
and
it's
pointing
to
the
the
get
repo
source
above
it.
B
C
Intervals
out
the
git
repository
interval's
one
minute,
the
customization
interval
is
10
minutes,
but
the
customization,
because
it
has
a
reference
to
the
git
repository-
is
actually
subscribed.
So
when
the
git
repository
detects
changes,
they
go
out
immediately
through
the
customization.
B
I
just
saw
something
about
my
one:
assuming
okay,
so
yeah
and
and
along
with
that
too.
The
10
minute
thing
is
nice,
because
if
if
something
happens
like
if
some
configuration
drift
happens,
some
bad
actor
comes
in
and
deletes
one
of
the
deployments
or
whatever
right
this
customization.
Every
10
minutes
will
will
ensure
that
that
stands
back
up.
So
that's
really
awesome
as
well.
B
Okay,
so
there's
that
I'm
just
gonna
add
it
to
this
way.
So
there's
that
so
now
I'm
going
to
go
into
vs
code
and
do
this
getting
started.
Okay,
so
the
so.
This
we've
get
ops,
expects
that
you've
already
bootstrapped
flux,
it's
going
to
then
be
installed
on
top
of
it,
and
it's
going
to
be
listening
to
your
flux
stuff.
So
what
I'm
going
to
do
now
is
I'm
going
to
use
this
journal
so
maybe
I'll
no
I'll
use
the
other
one.
So
it's
bigger
I'll
keep
using
this
one.
B
I'm
going
to
create
a
password
first
for
the
for
weed
get
ups
for
like
in
actually
logging
in,
so
I'm
gonna
do
password
equals,
I'm
just
gonna
do
test
or
something
not
the
best
password
to
have,
but
yeah
so
and
then
I'm
gonna
run
this
command,
and
so
you
can
find
all
these
steps
on
that
doc
that
I
showed
briefly
here.
So
it's
this
getting
started
with.
We've
get
ops
doc
and
you
can
follow
along
in
here
too
perfect.
A
B
C
So
we've
already
configured
flux
with
the
bootstrap
configuring
cluster
was
done
before
that
off
stream.
That's
it's
a
kind
cluster!
So
there's
not
really
much
to
configure
we'll
get
back
to
that
later,
because
there's
some
configuration
but
and.
C
Yeah,
the
git
repository
and
the
customization
are
the
underpinning
of
flux.
Those
two
work
together
to
deliver
resources
to
the
cluster
and
what
we're
about
to
demonstrate
now
is
how
you
can
deliver
a
slightly
more
advanced
software
package
that
requires
some
configuration
itself
through
helm
and
do
that
in
a
declarative
way
with
flux.
So
this
is
really
two
part.
Two
two
payoffs
we
get
from
this
demo.
We
get
to
show
you,
we've
get
ops
and
we
get
to
show
you
how
to
install
any
software
package.
That's
distributed
through
home.
A
Yeah
perfect:
is
this
a
good
time
to
take
another
audience
question
yeah
yeah
go
ahead,
yeah
cleaning,
kiki
daniel
asks.
What
is
your
recommendation
on
onboarding
a
service
to
flux,
for
instance,
from
centralized
cluster
that
has
flux
installed?
What
is
a
good
way
to
onboard
a
service
to
a
particular
environment.
C
Well,
we're
going
to
show
two
strategies
today,
this
after
we
get
through
with
our
waveguidops
installation
here,
which
is
really
about
installing
a
piece
of
software
from
a
vendor.
So
that's
on
boarding
in
a
way,
then
there
are
two
scenarios
that
we're
gonna
show:
one
is
I'm
a
developer
and
I'm
building
software
using
docker
build
in
ci,
and
I
want
that
image
to
be
deployed
automatically
and
then
the
further
scenario
that
we'll
show
after
that
is
a
more
production,
oriented
scenario
where
we're
going
to
have.
C
B
Yeah,
so
what
I
did
real
quick
was,
I
don't
know
if
y'all
can
see
this.
Let
me
get
rid
of
at
least
that
maybe
this
is
good.
A
B
B
Okay,
so
I
added
a
no
wait:
that's
not
no!.
C
B
Yes,
so
I
use
the
flux,
cli,
real,
quick
to
just
create
the
source
and
the
customization.
So
there's
multiple
ways
you
can
do
that.
Obviously,
the
cli
is
a
really
good
way
to
do
it,
and
then
I
did
the
export
command,
which
then
doesn't
actually
create
the
source.
What
it
does
is
it
actually
creates
the
yaml,
and
that
way
you
can
push
it
to
git
and
let
it
manage
itself
and
then
I
create
like
so
I
grab.
I'm
gonna
grab
this
password
real
fast.
C
B
C
B
So
what
this
is
doing
is
I
said
that
the
source
can
also
the
source
controller
can
also
listen
to
a
helm
repo.
So
this
is
actually
pointing
to
a
helm
repository
the
weave
works
one
and
then
what
the
helm
releases
saying
is
stand
up
this
chart,
but
then
also
with
these
specific
values.
So
this
is
a
really
cool
way
to
override
your
values
and
everything
and
then
yeah.
So
it's
specifically
the
weave,
get
ops,
chart
and
yeah
sorry
got
distracted.
B
Okay,
so
I'm
gonna
save
this
and
then
I'm
going
to
push
it
to
get.
C
So
I
saw
you
put
this
in
the
flex
system
directory
and
there's
a
customization
yeah.
C
We
have
to
add
it
here,
because
this
file
is
if,
if
this
file
is
here,
it
needs
to
have
the
whole
list
of
all
the
manifests
to
apply.
If
this
file
is
missing,
flux
will
just
slurp
up
everything,
that's
in
the
directory
and
that's
fine
too,
but
we're
going
to
show
some
of
the
functionality
of
customize
in
terms
of
resources
and
bases,
and
you
can
connect
I'm
not
sure
how
much
of
that
we're
actually
going
to
show
today.
C
But
we
have
a
few
things
that
do
use
that
so
there
just
skip
one
error.
B
B
Numerous
demos-
and
I
always
forget
okay,
so
the
neat
thing
about
the
vs
code
extension
is
well
one
of
the
neat
things
there's
several
new
things,
but
the
fact
that
you
can
see
the
sources
you
can
see
the
workloads
in
here
and
then
you
can
actually
go
in
reconcile
them
and
so
forth
them
to
actually
go
and
fetch
and
then
suspend
them.
So
let's
say
you
were
making
a
change
in
git,
but
you
didn't
actually
want
it
to
be
realized
in
your
cluster.
Yet
you
can
suspend
either
the
sources.
B
You
can
also
suspend
the
workloads
and
that
way
it
won't
actually
realize
that
change
until
you
resume
it
again.
So
I
am
a
really
big
fan
of
this
extension.
I
think
it's
really
neat
to
be
able
to
just
code
and
then
also
apply
these
changes
right
away.
So
and
then
you
can
see
it
in
the
output
that
it
did
fetch
that.
B
B
B
It
would
be
a
red
x
as
well
so
hopefully.
A
Into
there's
two
more
audience
questions
we
can
always
just
take
them
in
portions
as
well,
but
there's,
for
example,
sankara
asks:
can
the
git
repository
configured
in
the
flux
bootstrap
be
local
clone?
That
is,
can
this
be
used
in
a
test
environment
where
a
developer
has
pushed
changes
in
local
repo
and
wants
to
deploy
the
update
in
some
cluster
for
testing.
C
C
But
there
are
examples:
we've
had
I
host
a
weekly
meet
up
called
the
flux,
bug
scrub
and
we
have
a
youtube
channel
where
you
can
see.
Sometimes
we
have
a
presenter.
We
did
have
one
presenter
who
wanted
almost
exactly
what
you
just
described,
who
added
dns
entry
through
core
dns,
and
it
was
really
neat
presentation
to
show
how
local
you
can
make
it
if
you
can
host
like.
Can
I
host
a
git
repository
in
docker
adjacent
to
the
kind
cluster?
Yes,
and
we
have
examples
of
that.
A
Then
there
was
another
one
as
well.
If
you
leave
off
the
export
flag,
is
the
change
made
immediately?
Yes,.
B
Wasn't
really
in
the
spirit
account,
so
you
do
want
to
do
the
export
and
push
it,
but
you
can
also
create
it
and
then
yeah.
So
it's
not
like
yeah
and
all
of
you
there's.
C
B
C
B
Yeah,
okay,
yeah!
Let
me
just
show
the
list
yeah.
So
in
this
we've
get
ops
ui,
you
have
the
application,
so
this
is
showing,
in
this
case
the
customization
of
for
flux
system,
the
one
that
we
bootstrapped
and
then
the
we've
get
up
helm,
release
itself.
B
And
if
you
go
to
sources
then
you
can
actually
see
all
the
sources
that
are
created,
and
so
these
are
the
ones
that
we've
created
in
the
flux
system,
namespace
and
then
flux
runtime
actually
shows
all
of
the
different
controllers
that
are
part
of
the
flex
runtime.
One
thing
I
didn't
mention
really
quickly
is
that
if
you
do
bootstrap
just
base
bootstrap
command,
then
it
won't
install
the
image
controllers.
B
So
there
is
a
little
extra
flag
to
add
that
you
can
say
add
these
additional
controllers
as
well.
So
I
did
that
when
I
bootstrap,
so
that's
why
they're
here
and.
B
Yeah
and
then,
if
I
click
on
these,
I
can
actually
see
the
different
components
that
are
in
this
managed
application
and
then
in
events,
you
can
actually
see
the
events
that
have
been
going
on,
there's
a
graph
to
see
the
breakdown.
B
I
think
it's
better
if
I
show
this
in
later,
when
I
do
the
pod
info
example,
but
so
I'll
come
back
to
that
and
then
yeah
and
then,
as
I
mentioned
earlier,
about
being
able
to
sync
and
suspend
in
the
vs
code
extension,
you
can
also
do
it
in
here
as
well.
You
can
hit
the
sync
button
to
force
a
reconciliation
or
you
can
suspend
and
resume
it
here
as
well.
B
So
that's
the
ui
in
a
nutshell.
Now
I'm
going
to
deploy
we'll
answer
these
questions
first,
but
basically
I'm
going
to
do
in
a
second.
Is
I'm
going
to
deploy
a
pod
info
application
using
the
image
automation
controllers
as
well
and
and
then
I'll
briefly
show
it
in
here
what
it
looks
like
and
that
way
you
can
kind
of
see
how
the
image,
automation,
controller
works
and
then
I'll
pass
it
off
to
kingdom.
C
So
we
have
one
question
about
two:
two
questions
about
declarative
principles:
is
it
okay
to
use
external
secrets
and
is
it
okay
to
use
templating
tools
like
helm
and
customize
to
template
your
yemel
and
then
apply
from
the
ammo?
C
So
flux
itself
has
customized
built-in?
So
we
obviously
don't
think
that
it's
against
declarative
principles,
flux,
customized
controller,
is
limited
in
what
it
can
use
in
terms
of
external
plug-ins,
since
those
involve
a
shell
out
and
that's
where
we
found
the
vast
majority
of
security
issues
creep
in.
We
don't
support
that
type
of
behavior.
So
we'll
sort
of
limit
you
to
the
more
declarative
things
that
you
can
do
and
and
shun
you
away
from
the
imperative
things
that
you
could
do
with
customize
in
a
different
scenario.
C
Templating
a
helm
chart
is
something
that
you
can
do.
No
one
will
stop
you,
but
the
question
is:
what
do
you
do
with
the
template
and
will
it
break
your
helm
charts
because
that's
how
some
other
helm
tools
work
and
they
they'll
template
out
helm
and
helm?
Has
these
hooks
that
are
life
cycle
hooks
for
when
a
chart
is
installed
or
upgraded
for
things
like
we
need
to
migrate
a
database
and
those
things
have
to
happen
in
a
certain
order.
Sometimes
the
way
that
templating
shakes
out.
They
don't
happen
in
that
order.
C
So
the
point
of
helm
controller
is
to
be
as
close
to
helm
as
possible
and
to
do
things
the
helm
way
everywhere,
so
we
wouldn't
recommend
usually
to
do
templating
in
helm,
because
we
we
support
helm
on
the
metal.
I
guess
is
the
best
way
to
say
it
and
as
far
as
external
secrets,
no,
I
don't
think
that's
against
declarative
principles.
C
C
A
I
think
that's
all
right.
What's
the
daniel's
question
about
monitoring
the
fox
get
ups
deployment
status
and
they're
already
or.
B
C
Yeah
so
there's
a
flux,
monitoring
guide
that
will
show
you
how
to
set
up
flux
with
cube
prometheus
stack
and
all
of
the
flux
related
graph
on
a
dashboards.
We
always
want
to
mention
this
too,
when
we're
talking
about
flux,
uis,
broadly,
because
this
is
the
original
flux.
Ui
is
the
graph
on
a
dashboard.
C
There
is
one
dashboard
for
flux,
controller
status
or
control,
plane
and
another
dashboard
for
flux's
workloads
to
show
you
if
any
git
repositories
have
failed
to
sync,
for
example,
there's
an
alert
manager
configuration
that
will
help
you
see
if
any
flux
resources
are
not
reconciling
for
longer
than
10
minutes.
Those
are
definitely
key
for
production,
flux,
deployments.
B
A
B
C
Yeah
and
at
the
base
level,
when
you're
having
issues
with
flux,
you
want
to
go
in
and
start
describing
resources,
because
every
resource
that
flux
has
will
raise
events
as
things
are
happening.
So
if
you
have
an
error
with
a
helm
release,
it
may
say,
helm
chart
did
not
exist
or
was
was
not
ready
and
then
you
can
go.
Look
at
the
helm,
chart
crd
and
see.
Oh,
what
was
it
that
went
wrong?
C
B
Okay,
so
one
thing
I
wanted
to
mention
real
fast
is
that
we're
about
to
use
this
pod
info
application
that
probably
a
lot
of
people
like
I
know
a
lot
of
people
are
familiar
with
already,
but
we
kingdom
made
a
couple
of
changes,
and
so
we
basically
just
added
an
ingress
so
that
I
don't
have
to
do
port
forwarding
and
all
that
stuff.
So
we
discovered
this
cool
thing
and
we
just
wanted
to
show
it
to
you
real
fast.
B
So
in
kind
when
you
are
setting
up
the
cluster,
you
can
actually
create
a
create
the
cluster
with
this
and
with
these
settings.
And
then,
if
you
install
one
of
these,
you
can
actually
just
use
an
ingress
normally.
So
this
this.
This
was
just
like
a
cool
thing.
C
So
yeah,
why?
Why
do
you
use
an
ingress
instead
of
port
forwarding?
The
main
reason
is:
port
forwarding
is
a
clunky,
very
devish
solution
for
getting
access
to
a
pod,
and
it
gets
you
access
to
exactly
one
pod,
so
for
a
demo
like
flux
or
flagger.
If
we
were
doing
a
flagger
demo,
especially
when
you
want
to
be
able
to
access
multiple
pods
and
see
the
transition
between
them,
it's
not
really
a
great
way
to
do
a
demo.
So
we
wanted
to
have
ingress.
Unfortunately
kind.
C
Has
this
great
documentation
now
about
exactly
how
to
do
an
ingress
controller
in
a
kind
cluster?
There
are
about
three
steps
to
get
it
working.
It's
really
easy
compared
to
a
year
or
more
ago,.
B
Yeah,
so
I
have
already
said
this
yml,
so
I'm
just
gonna
copy
and
paste
it,
but
then
I'm
gonna
walk
through
it
real
fast.
So
this
is
pointing
to
a
so.
The
the
original
pod
info
project
is
under
stefan
and
kingdoms.
Forked
that
and
then
I
first
came
this
project,
so
the
one
that
I'm
pointing
to
is
a
fork
of
a
fork,
and
so
mostly
because
we
were
just
testing
out
image,
automation,
stuff,
so
that's
what
the
source
is
pointing
to
and
then
what
we've
done
is.
B
We
have
two
separate
customizations
in
this
case
that
are
pointing
to
the
same
source
and
the
first
one
is
pointing
specifically
to
this
specif
like
this
path
within
that
repo
and
then
the
second
one
is
pointing
to
this
dot
customize
path.
So
what
those
are
real
quick
is:
oh,
wait,
sorry,
the
deploy,
overlays
automatic
okay,
so
in
here
it's
actually
setting
up
the
we
have
our
image
policy,
our
image,
repo
or
image
automation
set
up.
So
if
I
start
with
our,
I
guess
I'll
start
with
the
imageauto.yaml.
A
C
There's
there
are
three
parts
to
the
flux:
image,
automation,
there's
image,
automate,
update,
automation,
this
resource,
there's
an
image
policy
resource
that
says
what
image,
how
how
do
we
know?
Which
image
is
the
latest
and
which
images
to
select
from
so
that's
a
regular
expression.
There
we'll
see
what
kind
of
image
tag
that
matches
in
a
sec
and
then
the
third
thing
is
an
image
repository
for
the
image
reflector
controller.
C
This
just
reflects
tag
lists,
so
it
goes
and
looks
at
that
public
oci
repository
with
images
in
it
and
says
this
is
a
list
of
images
they
get
filtered
through
the
image
policy.
The
image
update
automation
looks
for
the
latest
if
it's
different
than
what's
in
the
repo
already,
it
will
write
a
commit
and
update
the
rainbow
with
that
new
image.
So
that's
what
we'll
see.
B
And
then
one
thing
in
here
just
to
point
out
is
this:
so
what
we're
doing
is
we
have
a
dev
branch
and
kenyan,
and
I
wanted
to
show
what
it
would
look
like
to
just
have
a
dev
branch.
That's
continuously
being
updated.
Regardless
of
what
version
it
is
right,
major
whatever,
because
it's
a
dub
branch,
and
so
what
we
came
across
is
an
accidental
loop.
Where,
in
the
actions
we
have
it
actually
set
to
build
an
image.
B
C
And
the
important
thing,
the
parameters
for
the
dev
branch-
maybe
we
should
explain
those
as
long
as.
C
One
points
at
the
branch
to
check
out
and
the
other
is
the
branch
to
pull
to
push
to,
so
those
can
be
the
same
or
they
can
be
different.
The
idea.
B
C
B
And,
like
kingdom
said,
when
the
source
finds
the
new
version,
it
will
also
kick
off
the
customization.
So
that's
why
I'm
not
like
also
then
going
in
and
reconciling
the
customization
as
well
all
right,
let's
see,
I
think
it
might
just
be
running.
B
A
B
Okay,
so
I
have
to
also
create
a
a
secret
because
it
needs
to
have
access
to
right
to
the
repo
as
well
right.
So
let
me
go
do
that
real,
quick.
C
A
B
So
I
just
ran
that
command
to
create
a
key,
and
then
I'm
going
to
go
into
my
project
and
put
it
in
there.
You
can
ask
the
question,
I
think
it's
okay.
A
Okay,
so
we
had
sheer
asking
according
to
the
declarative
principle,
there
should
be
no
processes
between
the
desired
and
actual
states.
So
doesn't
decrypting
secrets
go
against
that.
C
So
I
think
the
question
is
really
about
hermeticity.
The
question
is:
is:
is
the
cluster
reaching
outside
of
itself
to
find
anything?
And-
and
the
answer
is
yes,
it
is
always
all
the
time
if
we're
doing
get
ups,
the
git
repo
almost
certainly
does
not
live
inside
the
cluster,
it
will
live
on
github
or
it
will
live
on
a
remote
server
somewhere
that
can
survive
a
disaster
that
downs
the
cluster.
C
That's
the
point,
so
it's
it's,
not
a
violation
of
get
of
declarative
principles
or
get
ops
principles
to
reach
outside
of
the
cluster
for
something,
and
it
is
not
really
a
violation
to
do
something
functional
in
between
something
without
side
effects.
That's,
I
guess
I
guess
that's
what
we're
talking
about.
C
So
I
mean
you
can
have
a
side
effect
that
could
be
we've
rotated
the
secrets
outside
of
git,
and
now
we
don't
have
a
way
to
recover
the
cluster
into
the
exact
state
that
it
was
before
so
yes,
this
is
a
way
that
you
can
shoot
yourself
in
the
foot.
Be
careful.
There
are
two
different
models.
You
can
have
secrets
in
the
git
repo,
which
has
its
own
set
of
drawbacks.
Those
secrets
obviously
have
to
be
encrypted.
C
Those
encryption
keys
have
to
be
protected
and
then
the
possibility
that
they
are
ever
compromised.
You
need
to
have
a
plan
in
place
to
rotate
them.
Those
things
are
also
all
true.
If
you
keep
the
secrets
outside
of
the
git
repo,
so
it
is
complicated
to
handle
secrets.
That's
really
the
nutshell
version
of
the
answer
and
you
don't
want
secrets
in
the
open
or
they
won't
be
secrets
for
long,
especially
if
they're
secrets
that
can
compromise
critical
parts
of
your
deployment
infrastructure,
like
your
git
repository
or
your
cluster
admin
credentials.
C
A
B
That
was,
I
don't
know
if
you'll
notice
me
fumbling,
okay,
so
I
I
forgot
that
we
named
the
secret
very
specifically
so,
but
I
just
had
to
update
that
so
now
this
is
running,
so
the
image
automation
is
also
running
and
the
pod
info
stuff
is
deployed
as
well.
B
So
if
I
was
it,
it
was
pod
info
dot,
local
right.
B
Yay
yeah
hey,
so
we
can
see
here
it's
deployed
and
we
can
see
that
the
version
is
6.15-alpha
dot,
one
in
the
pod
info
project.
We
have
this,
did
I
not
have
it
open
somewhere?
I
did
hand.
B
Yeah
yeah:
we
have
this
make
file.
So
if
I
go
down
here
in
this,
make
file,
there's
a
command
called
version
set
and
we
can
use
that
to
basically
show
y'all
how
the
image
update
would
be
I'm
going
to
run
a
command
request.
So.
C
So
there's
a
chicken
in
the
egg
problem
that
this
version
set
represents
and
flux
we've
been
talking
about
how
flux
can
update,
manifests
to
point
at
the
latest
version
of
the
image
here,
we're
doing
it
in
in
the
make
file.
C
Imagine
that
this
is
part
of
your
ci
or
your
release
process
we'll
do
it
manually
instead
and
that,
and
that
is
to
avoid
the
chicken
and
egg
problem
that
flux
can
only
tell
you
about
images
that
have
already
been
built
and
we'd
like
for
this
version
number
to
be
correct
in
the
image
it
shouldn't
refer
to
the
previous
image
in
in
a
new
image
so
or
in
the
tag.
C
Maybe
those
manifest
don't
actually
go
into
the
image
itself,
all
right,
so
we
updated
the
source
code
and
the
manifests
to
have
this
new
version
number
in
it.
We're
going
to
push
a
new
commit
here
and
that's
going
to
trigger
a
docker
build
yeah
we've
got
it.
We've
got
to
commit
that
we
have
to
rebase
over,
because
the
automation
is
also
working
in
the
background.
C
This
is
going
to
trigger
a
darker
build,
and
this
docker
build
is
based
on
a
new
example
that
was
added
to
the
flux
docs
very
recently
in
the.
B
Oh
yeah
here
use.
A
C
Yes,
the
git
repo
that
we're
working
out
of
right
now
is
github.com
priyanka,
ravi,
priyanka
dash,
ravi
info
and
and
there's
another
fork
at
kingdom
b,
pod
info
that
I've
been
working
on
so
we'll
see
that
at
the
end,
if
we
get
all
the
way
to
the
end,
we're
doing
a
dev
deployment.
Now
from
this
dev
image,
we'll
do
a
slightly
different
deployment
at
the
end
with
a
helm
chart
that's
pushed
to
an
oci
repo.
C
So
the
reason
why
we're
working
out
of
several
different
forks
is
to
have
what
we
really
wanted
to
show
was
like
this
concept
that
you
would
have.
Some
people
are
working
in
their
own
forks
and
then
there's
the
main
fork
that
the
oregon's
so
pretend
that
I'm
the
org,
because
we
don't
have
staphon
here
today-
it's
his
original
work,
but
we
basically
hollowed
out
the
github
workflows
just
to
demonstrate
this
really
simple
workflow,
because
pod
info
is
really
a
staging
ground
for
all
sorts
of
new
and
advanced
features.
C
If
you
go
and
look
at
what
stephan
prodon
has
done
in
his
original
bot
info
repo,
there
are
a
lot
of
really
advanced
github
workflows
in
there
and
there
are
some
that
go
back
quite
a
ways.
There's
one
to
publish
a
helm
chart
to
a
helm,
repository,
there's
one
to
do
a
cosign,
trustless,
artifact
verification.
C
I
don't
really
know
the
details
about
how
that
works,
but
it's
an
example
that's
in
there
and
there
are
details
on
the
flux
blog
about
how
you
can
do
cosine
verification
and
what
we're
building
around
cosine
in
the
flux
project
now,
but
we
wanted.
I
really
wanted
to
have
an
example
in
the
flex
docs
of
what
is
the
simplest
builder
that
you
need
you
don't.
C
You
know,
because
we've
got
a
lot
of
people
that
come
for
support
who
have
big
involved,
ci
pipelines,
and
they
want
to
know
if
they
can
use
them
with
flux.
And
the
answer
is
usually
yes.
If
it
produces
a
container
image,
then
yes,
you
can
use
it
with
flux,
but
we
get
pretty
unsatisfactory
results
from
answering
the
question
that
way,
it's
probably
better
to
show
people
what's
the
minimum
viable
answer.
So,
even
though
flux
considers
ci
completely
outside
of
its
own
responsibilities,
we
did
add
a
document
showing
how
to
do.
B
B
C
So
our
build
succeeded,
there's
a
new
image
out
there.
Now
flux
may
not
have
seen
it
yet,
but
any
moment
now
we
should
see
response
from
the
new
one
with
alpha.2..
I
think
right.
You
did
version.
C
Helm
repositories
and
renewing
the
token
when
pulling
the
chart
there
is
documentation
about
how
to
renew
a
token.
I
think
that
there's
our
new
app
all
right,
yeah
it
worked
so
we
didn't
have
to
update
any
manifests
flux.
Did
that
if
you
go
find
the
commit
that
it
made,
you
can
get
pull
that
commit
and
see
exactly
what
it
changed
or
you
can
check
it
out
here.
Excuse
me
so
so
back
to
the
question
about
renewing
the
token.
C
C
But
yes,
there
is
support
in
the
docs,
for
if
you
search
for
ecr
in
the
flux,
docs
you'll
find
a
lot
of
information,
including
how
to
write
a
job
that
will
renew
the
token
there
is
an
auto
login
feature.
I'm
not
sure
that
that
has
made
it
all
the
way
to
the
helm,
repository
oci
feature
yet
so,
if
not
now,
then
soon
you
will
also
be
able
to
use
leverage
cloud
credentials
like
I
am
roles
to
connect
to
an
ecr
and
you
won't
have
to
manage
renewing
the
token
yourself.
C
There
are
certainly
a
lot
of
features
that
are
these
two
projects
track
each
other
pretty
closely
in
terms
of
new
features.
When
argo
cd
comes
out
with
a
new
feature,
we
are
always
hearing
about
it
and
we
have
people
coming
and
asking.
Can
we
get
this
influx
2
application
stats
is
a
great
example
of
that
and
so
flux
has
this
native
helm
support?
That's
one
thing:
that's
definitely
has
over
argo
cd,
in
my
opinion,
is
there.
C
C
C
On
the
cluster
can
run
in
a
few
hundred
megabytes,
helm
itself
is
not
very.
It
was
not
architected
to
run
as
a
server.
It
was
architected
to
run
as
a
cli,
so
it
doesn't
have
the
same
focus
on
low
memory,
usage
and
performance
in
terms
of
stateful
workloads,
but
all
right.
So
we
want
to.
We
wanted
to
talk
a
little
bit
about
semantic
versions,
and
what
does
the
version
number
mean?
C
We
have
a
semantic
version
number
here
with
a
pre-release
tag,
so
the
dash
suggests
that
this
is
not
a
release
version,
but
a
pre-release
with
some
information
after
the
dash,
and
if
you,
if
you
want
the
details
about
semantic
versioning,
there's
semver.org,
but
rather
than
read
the
spec,
I
thought
we
could
talk
about
senver
and
how
you
compare
it
to
another
versioning
strategy.
That's
not
centered,
like
marketing
versions.
C
If
everyone's
ever
heard
of
marketing
version,
this
is
not
really
a
scheme
so
much
as
just
a
way
that
things
are
done.
This
is
the
version.
The
number
go
up
approach
to
versioning
where,
when
you
have
new
features-
and
you
want
to
highlight
a
particular
release-
you
make
the
first
number
bigger
and
it's
great
news,
because
we
have
a
new
version
number.
C
This
is
totally
different
than
semantic
versioning,
where
the
new,
the
the
new
number
in
the
first
in
the
major
place
means
you
need
to
watch
out
because
something
is
going
to
break
when
you
do
this
upgrade
and
it's
it's
a
different
type
of
versioning.
C
So
when
we're
using
semantic
versions,
we'll
helm
charts,
for
example,
are:
are
semantically
versioned,
that's
one
of
the
requirements
of
a
helm
chart,
and
maybe
this
is
a
good
time
to
share
my
screen
here.
So
I
can
show
the
helm
version
of
this
in
production
here.
C
A
few
name
spaces
here
I
have
one
pod
info:
helm,
oci
namespace,
where
I've
installed
using
a
helm
release,
see
if
I
have
the
right
editor
window.
C
We
have
this
example,
helm,
oci,
that
we
have
deploy
this
cluster
and
we'll
show
a
helm
release
and
a
helm
repository
that
make
up
this
helm
oci.
So
this
has
a
lot
less
in
it
than
the
helm
release
we
saw
before
I
haven't
specified
a
version
number.
I
haven't
specified
any
values,
we're
just
installing
this
chart
with
the
default
values
and
we're
going
to
put
it
into
this
target
namespace
at
infohelmoci.
C
C
A
C
C
C
What
else
are
people
using
off
the
top
of
my
head?
I
can't
think
of
another
one.
Besides
chart
museum,
but
they're.
Definitely
the
helm,
repository
format
itself
is
really
simple:
there's
an
index.yaml
at
the
root
that
has
a
list
of
every
version
of
every
chart,
and
this
is
the
reason
why
it
doesn't
scale
particularly
well.
C
This
is
why
oci
is
such
a
big
advancement
for
us
and
why
we're
so
excited
about
it,
because
fetching
a
list
of
tags
is
very
efficient
compared
to
fetching
a
yaml
file,
that's
full
of
metadata
above
and
beyond.
Just
the
the
tag
number
itself
so.
C
C
C
I
want
to
call
out
this
step
here,
because
this
is
different
than
what's
in
the
docs.
We
used
helm
push.
So
in
a
previous
step
we
did
helm,
lint
and
helm
package
and
then
helm
push
from
the
artifact.
C
This
is
just
pushing
a
gz
file
to
an
oci
target
and
this
is
a
built-in
feature
of
helm,
and
I
wanted
to
call
this
out
because
next
month,
I'll
be
showing
a
brand
new
feature
in
flux,
which
is
this
rehashed
for
customizations,
so,
instead
of
requiring
you
to
use
a
helm
chart
to
get
this
behavior
and
this
behavior
by
that
I
mean
atomic
releases
where
we
see
this
happening.
C
This
is
better
because
you
like
to
test
your
artifacts
before
you
put
them
in
production
and,
and
you
simply
can't
use
flex's
original
image,
update
automation
in
that
way.
It
only
monitors
for
new
images
and
pushes
them
out
immediately.
So
you
can,
you
can
add
a
cluj
so
that
there's
a
pull
request
between
this
point
and
that
point,
but
really
what
you'd
probably
like,
is
to
separate
build,
publish
from
release
and
that's
what
this
accomplishes.
C
A
We
have
a
few
minutes
left.
So
if
anyone
has
any
super
quick
questions
from
the
audience,
you
can
leave
them
to
the
q
a
chat
now,
but
we
have
to
start
wrapping
up
soon
as
well.
B
I
did
want
to
just
mention
the
terraform
controller
real
fast,
so
it's
a
like
another
one
of
weaveworks's
created
tools
and
it's
kind
of
the
newest
one.
It's
the!
What
it
is
is
you
can
do
manual
approvals
or
auto
proof.
So,
basically
you
can
manage
all
your
terraform
resources,
regardless
of
whether
they're
in
kubernetes
or
not,
but
it
is
kind
of
like
a
nice
marrying
with
get
ops
and
terraform.
So
it's
still
using
the
get-offs
workflow.
There
is
a
tfctlcli.
That's
really
awesome.
It
also.
B
Most
recently
has
integration
with
terraform
cloud
and
terraform
enterprise,
which
is
really
cool,
and
you
can
even
set
the
outputs
into
a
kubernetes
secret
as
well.
So
I
do
have
a
demo
already
out
there
on
that
that
you
can
find
on
our
webworks
youtube
channel.
So
if
you
are
interested
in
learning
how
to
get
offset
by
your
terraform
deployments,
you
can
go
check
that
out
as
well.
A
Perfect,
so
we
had
a
few
questions,
really
quick
answers.
Hopefully,
when
referencing
a
third
party
helm
chart,
can
I
use
values
file
in
my
github
repo.
C
A
Perfect
so
then
further
diving
into
fox
and.
C
I'm
not
familiar
with
phases,
but
I
heard
of
sync
waves
before
and
my
understanding
of
how
they
work
is
that
you
sort
of
give
everything
a
number
and
they
sync
in
that
order.
The
way
that
we
do
it
in
flux
is
more
explicit.
There's
a
depends
on
statement.
You
can
say
this
customization
depends
on
another
one
and
then
in
each
customization
or
helm
release
you
have
an
option
of
whether
it
should
do
health
checking
or
not
so
sometimes
you
just
want
to
like.
I
need
this
crd
to
be
installed
in
the
cluster.
I
don't
care.
C
Where
say
you
have
some
admission
controllers
and
we
really
want
to
be
sure
that
they're
firing
before
we
let
any
of
our
tenants,
try
to
put
anything
on
the
cluster
because
they're
bad
people
and
they're
going
to
break
it
if
we
allow
them
to
so
that
that
way,
you
enable
weight
and
then
there's
health
checking
that
gets
performed
and
that's
part
of
the
dependency
check
too
perfect.
A
Then
final
question,
hopefully
with
a
quick
answer
again
related
to
the
third
party
home
chart
question
before
if
the
values
filed
is
from
a
different
rate
quote
than
the
chart
question
mark.
C
So
you
can
incorporate
values
from
config
maps
on
the
cluster.
You
can
incorporate
values
from
other
sources.
The
the
values
are
composed
in
the
helm,
release
itself.
So
wherever
the
helm
release
comes
from,
you
can
bring
in
values
from
where
that
is.
You
can
also
there's
a
feature
we
didn't
show
today
where
git
repositories
can
be
composed
together.
So
if
you
have
resources
that
are
in
two
different
git
repositories,
it
kind
of
works
like
sub
module,
but
it's
a
little
bit
better.
In
some
ways
it
has
better
performance,
characteristics
and
caching.
C
A
Yeah
perfect
that
wraps
it
up.
Thank
you
so
much
to
our
amazing
speakers
really
nice
quick
answers
in
the
end
as
well.
I
love
it.
So.
Thank
you.
Everyone
for
joining
the
latest
episode
of
cloud
native
live.
It
was
a
really
great
to
have
a
session
about
enhancing
your
git
ups
experience
with
flux
tools
and
extensions
and
really
love
the
audience
interaction
this
time
as
well.
Thank
you
so
much
everyone
for
your
questions.