►
From YouTube: This Week in Cloud Native
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
A
Good
afternoon
everybody
and
welcome
to
this
week
in
cloud
native
episode
number
six
this
week
we're
going
to
get
a
little
bit
more
into
api
deprecation
and
removal.
We're
going
to
play
with,
like
you
know,
kind
of
work,
our
way
through
sort
of
the
blog
post
that
talks
about
it,
we're
going
to
evaluate
some
of
the
tools
that
are
out
there
for
for
testing
that
we
have.
We
still
have
that
problem
and
we're
probably
going
to
build
some
kind
clusters,
tear
some
kind
clusters
down
that
kind
of
thing.
A
So
I'm
glad
you're
here
we're
going
to
have
a
bunch
of
fun
if
you
are
in
the
chat,
go
ahead
and
say
hello,
and
I
can
highlight
you
and
it'd
be
great
to
to
know
that
you're
out
there.
So
welcome
welcome
to
this
week
in
cloud
native
number.
A
All
right
so
again,
if
you
go
here
on
the
left-hand
side
hackmd.io
at
twicken,
if
you
go
here,
you're
going
to
find
a
link
to
the
latest
notes
and
if
you
have
anything
you'd
like
to
share
or
link
in
there
feel
free
to
do
so,
hey
how's!
It
going
good
to
see
you
glad
you're
here.
A
We
always
start
off
these
pot.
We
sure
we
should
be
starting
off
these
broadcasts
with
a
reminder
of
the
coc.
So
this
is
a
cloud
native
foundation,
video
broadcast,
and
so
with
any
of
those
things,
it's
important
to
remember
the
cncf
code
of
conduct.
So
please
don't
throw
anything
into
the
chat
or
questions
that
might
be
in
a
violation
of
that
code.
Basically,
please
be
respectful
of
your
fellow
participants
and
presenters.
A
A
Cloud
native
tv
has
a
bunch
of
different
shows
this
week,
so
this
week
some
of
the
shows
are
coming
up.
We
have
cloud
native
latinx
in
vivo
on
tuesday
we
have
cloud
native
live
on
wednesday
and
we
have
fields
tested
capture
the
flag
in
kubernetes
and
I'm
actually
really
curious,
which
one
kazan
is
going
to
take
on
there.
A
I
wonder
if
it's
going
to
be
kctf
or
if
there's
some
other
thing
that
she'll
be
playing
with
that
they'll
be
playing
with
on
that.
On
that
episode,
it'll
be
tremendous.
I'm
sure,
though,
so
definitely
check
that
one
out
so
there's
new
content.
Every
day
of
the
week
now
the
news
of
the
week,
I
actually
was
able
to
attend
a
a
cube,
a.
A
A
meetup
of
the
atlanta,
georgia,
kubernetes
meetup,
and
it
was
really
great
and
I'm
actually
giving
a
shout
out
here
to
james
circy,
who
is
a
good
friend
of
mine,
works
at
t-mobile,
and
we
worked
together
for
quite
a
bit.
I
was
really
impressed
with
how
joe
put
the
news
together
for
that,
and
so
I've
copied
a
lot
of
what
he's
done
there
and
put
them
in
here
and
figured
I'd
cover
them
here
as
well.
So,
as
you
already
know,
api
removals
are
happening
in
version.
122.
A
A
So
some
of
the
stuff
that
happened
this
week
or
is
getting
ready
to
happen.
Linker
d
got
a
diploma.
They
have
graduated
from
the
sandbox
to
the
cncf
sandbox,
that's
pretty
exciting.
The
contributor
summit
north
america
2021
has
planning,
has
begun.
If
you
have
actually
been,
there
definitely
come
check
it
out.
If
you
haven't.
This
is
what
a
great
opportunity.
I
can't
wait
to
see
you
there
it'll
be
really
a
lot
of
fun.
A
So
if
you're
curious
about
the
event,
here's
the
information
for
it
it'll
be
at
the
jw
marriott
la
live.
Here's
where
you
can
register
the
location
and
the
schedule.
All
of
that
information
is
posted.
I
mean
as
soon
as
it
gets
updated.
I
don't
think
the
registration
is
there
yet
either,
but
yeah
note
as
soon
as
the
registration
link
is
available,
you
will
be
able
to
find
it
here.
A
Oh
that's,
awesome.
I've!
Actually!
On
a
personal
note,
I've
actually
just
recently
decided
to
start
exploring
cubes,
because
when
I
was
a
kid
I
tried
it
and
I
was
not
very
good
at
it
and
like
the
only
way,
I
could
really
solve
these
puzzles
twisty.
These
twisty
puzzles
with
the
butter
knife,
and
lately
I've
been
totally
obsessed
with,
like
solving
all
of
the
twisty
puzzles.
A
A
So
another
thing
that
I
don't
know
if
you've,
if
you've
ever
contributed
to
kubernetes
as
a
project,
you've
probably
interacted
with
feijobot
and
phaser
phase
bot,
has
been
pretty
amazing
and
they're.
You
know
it's
got
some
pretty
fun
stories
like
this
one.
Where
bash
is.
A
Basically
somebody
opened
an
issue
to
make
sure
that
the
facebook
knew
admit
that
it
was
a
bot,
but
what
the
the
bot
does
is
basically
mark
issues
as
stale
if
there's
no
activity
on
them
after
a
time,
and
it
will
also
take
care
of
a
lot
of
a
lot
of
other
kind
of
maintenance
and
housekeeping
stuff.
A
All
of
the
automated
comments
formerly
made
by
facebook
are
going
to
be
made
by
the
k,
the
kubernetes
triage
bot.
As
of
this
pr,
the
kubernetes
triage
bot
account
is
fully
under
the
project's
own
control,
owned
by
sig
contrib
x,
github
management
subproject,
which
means
basically
that,
like
it's
another
one
of
those
pieces
of
infrastructure
that
is
now
actually
managed
by
the
community
rather
than
by
an
individual,
which
is
really
pretty
great,
it's
a
pretty
important
bot
and
it
handles
things
like
lifecycle
and
a
bunch
of
other
stuff.
A
There
is
a
proposal
I
don't
know
if
you've
looked
into
the
sidecar
stuff,
but
within
kubernetes
there's
a
proposal
to
support
the
idea
of
sidecars.
Now
I
know
that
this
is
kind
of
an
overloaded
term
in
that,
when
you
think
about
a
kubernetes
pod
and
you
have
multiple
pods
inside
of
that
pod
or
multiple
containers
running
in
the
same
pod,
you
think
of
all
of
them
as
side
cars
of
one
another
effectively
right.
A
What
this
proposal
does
is
it
describes
a
model
around
which
we
might
be
able
to
describe
that
individual
that
some
of
those
containers
might
need
to
start
before
other
containers
right
now,
it's
sort
of
just
a
list
of
containers,
all
of
which
will
start
somewhat
in
an
uncontrolled
rate
right,
and
this
is
not
taking
into
account
init
containers.
That's
not
what
I'm
talking
about.
A
This
is
actually
just
within
the
construct
of
the
the
containers
list,
or
I
guess
it's
an
array
really
within
the
within
the
pod
itself,
giving
some
giving
some
capability
there
to
kind
of
control
it.
Some
of
the
problems
that
are
trying
to
be
solved
there
are
like,
if
you
had
a
log
forwarder
running
as
a
second
process
within
a
pod.
A
So
these
are
just
some
of
the
relatively
obvious
use
cases
that
people
have
and
if
you're
interested
in
this
they're
looking
for
feedback,
and
so
if
this
proposal
makes
sense
to
you
if
you're
happy
with
how
this
works
definitely
give
a
thumbs
up.
Otherwise,
give
some
comments
that
to
indicate
like
what
you
think
might
be
an.
A
A
A
Chart
repository
contains
a
reference
where
the
chart
archive
for
each
project
is
so
that
means
that
if
you're
like
say,
you
took
the
dependency
for
nginx
in
your
own
chart
when
you're
doing
a
helm,
get
or
helm
fetch
or
helmet
stall,
or
any
of
those
things
of
your
own
umbrella
chart
in
your
own
private
repository.
Then
what
could
happen
is
that
your
username
and
password
could
be
passed
to
whatever
repository
is
holding
the
helm.
The
engine
x
chart
as
well-
and
this
is
you
know,
unexpected
behavior.
A
A
A
Now
this
is
a
fascinating
idea,
and
I
had
I
had
not
heard
of
it
until
joe
had
mentioned
it
in
his
in
his
an
announcement
of
this
particular
issue
so,
and
I
think
I
could
see
how
there
would
be
challenges
but
anyway,
so
the
proposal
here
is
that
you
have
the
ability
to
define
a
mount
name
space
in
which
the
ephemeral
amounts
that
we
create
for
pods
would
be
associated
right
by
default
right
now,
the
amount
name
space
for
all
of
the
ephemeral
stuff,
like
you
know,
if
you're
going
to
do
like
a
amount
of
type
of
you're,
going
to
mount
just
a
scratch
space
within
a
pod
or
what
or
any
of
or
any
of
those
sorts
of
things
like
empty
deer,
then
empty
deer
is
mounted
on
the
underlying
host
in
the
host's
mountain
name
space
and
then
passed
as
a
volume
into
your
running
container
as
part
of
the
instantiation
of
that
container.
A
When
you
kick
off
a
pod-
or
I
should
say
when
the
cubelet
kicks
off
the
pod
in
this
model,
the
idea
is
that
anything
that
we
would
create
ephemerally.
We
would
actually
associate
with
a
different
isolated
mount
name
space
and
maybe
even
share
that
mount
name
space
with
like
some
other
entity
and
and
then
that
mount
name
space
is
actually
where
we're
going
to
mount
any
volumes
for
your
given
pods
in
from
which
gives,
which
is
great,
because
it
improves
the
level
of
isolation
between
the
pod
and
the
underlying
file
system.
A
But
I
can
see
that
it
also
might
add
a
little
bit
of
complexity.
So
it's
an
interesting
idea.
I
haven't
actually
played
with
it
myself,
but
if
any
of
you
out
there
play
with
it,
definitely
I'm
curious
to
get
your
opinion
on.
A
So,
starting
with
the
122
release,
a
lightweight
policy
will
drive
the
creation
of
each
release
schedule.
The
policy
includes
the
first
release
and
the
last
release
of
the
calendar
year
and
the
kubernetes
release
cycle
has
has
a
length
of
15
weeks.
So
the
week
of
kubecon
cloud
native
con
is
not
considered
a
working
week
for
the
sig
release,
mainly
because,
like
obviously
everybody's
at
kubecon
or
cloud
native
crown
should
be
the
weeks
of
actually
because
there's
a
couple
of
them
right.
There's
eu
and
the
us
so
might
be
interesting
to
see.
A
A
This
means
that
there
will
be
fewer
releases
per
year.
It
doesn't
really
do
anything
with
lcs
or
anything
like
that,
but
it
does
mean
there
will
be
fewer
releases
and
it
means
perhaps
it'll
be
a
little
bit
easier
to
adopt
and
and
pick
up
the
latest
releases
for
kubernetes
as
things
go
yeah.
It
is
a
great
question:
russ,
I'm
not
sure
what
what
happens
with
the
with
the
old
with
the
old
fajabot
as
it
goes
out
to
pasture
it'll,
be
kind
of
a
fun
fun
idea.
A
The
sysbox
container
runtime-
I
was
playing
with
this
actually
this
week,
so
if
you're
unfamiliar
with
this
idea,
the
idea
is
that
you
want
to
be
able
to
run
docker
containers
that
have
system
d
or
or
running
inside
of
them
make
them
look
like
they're,
actually
a
little
closer
to
vms.
Now,
like
you
know,
I
can
definitely
hear
that
on
some
level.
This
is
a
weird
thing
to
want
right,
because
you're
you're
operating
a
container.
A
Why
would
you
want
it
to
look
like
a
vm?
You
should
be
able
to,
like
you
know,
keep
with
it.
You
should
live
with
you'll,
be
able
to
live
within
your
means
within
a
container,
not
necessarily
try
to
run
like
all
of
the
linux
operating
system
stack
inside
of
it.
Well,
one
of
the
great
use
cases
for
this
would
be
something
like
kind
right
where
you
could
have
where
you
could
run
your
kubernetes
nodes
as
containers
inside
of
a
inside
of
a
cluster
and
so
you're
able
to
do
a
lot
of
testing.
A
In
that
scenario,
lightweight
testing
you'll
be
able
to
spin
these
things
up
and
tear
them
down
effectively
the
same
rate
as
containers
themselves,
but
not
necessarily
without
the
cost
of
virtualization.
So
it
also
enables
a
lot
more
kind
of
like
it's.
A
great
learning
tool.
You
know,
kubernetes
and
and
docker
are
kind-
gives
you
a
great
ability
to
kind
of
like
play
with
all
the
different
knobs
and
dials
of
cube,
adm
and
that
sort
of
stuff?
A
Well,
sysbox
is
another
one
of
these,
and
there
are
a
few
that
I've
been
playing
with
lately
footlooses
on
another.
One
of
these.
This
box
is
one
and-
and
this
tooling,
basically
systox
is
actually
this
box
is
pretty
low
level.
It
hadn't
happened.
It
has
a
a
run
c
driver
for
it,
so
you
can
actually
plug
it
into
your
existing
docker.
A
This
is
basically
what
you
would
add
to
provide
another
time
for
docker
by
default.
Docker
uses
container
d
as
the
runtime,
but
if
you
wanted
to
add
another
runtime,
you
could
add
one
like
this
and
what
this
does
is
it
gives
you
another
command,
so
you
can
do
docker
run.
Actually,
history
grabs
this
box.
A
It
looks
and
feels
very
much
like
a
container
not
too
dissimilar
from
the
way
that,
if
you
were
to
do
this
with
a
kind,
it
would
work
as
well
now
what's
interesting
is
also
the
the
the
mechanism
this.
This
particular
container
image
has
pre-installed
bits
of
docker
right,
so
I
can
do
docker.
A
A
A
You
can
find
the
image
locally,
so
now
it's
pulled
it
then
I'm
inside
the
container
inside
of
another
container
kind
of
like
docker
and
docker
in
some.
A
A
That's
that
is
basically
how
it's
working,
and
so
this
gives
you
kind
of
a
more
generic
way
of
handling
system
d
pieces.
One
of
the
other
pieces
that
nest
that
sysbox
does.
Is
it
implements
a
user
ns?
So
if
you
don't
already
have
user
ins,
it
won't
work
for
you,
but
there
are
some.
There
are
some
interesting
challenges
there,
like.
I
tried
to
run
this
on
an
archbox
that
had
like
the
latest
kernel
and
it
was
not
working
for
me
at
all.
A
I
had
to
drop
back
to
more
of
an
lts
release,
because
apparently
this
works
really
only
really
well
in
kind
of
like
the
older
versions
because
of
the
shift
fs
requirement,
and
so,
if
you
want
to
play
with
it
it's
here,
it's
a
fun
one.
It
seems
to
work
pretty
well.
I've
had
I've
had
good
luck
with
it.
One
of
the
challenges
I
had
previously
was,
I
was
trying
to
use
ansible
to.
A
I
was
trying
to
use
cube
spray
to
install
a
kubernetes
cluster,
and
I
wanted
like
docker
containers
to
do
that,
because
I
didn't
want
to
go
about
managing
all
the
things
now.
One
thing
I
learned
was
that
in
ansible's
cube
spray
project
or
in
the
cube
spray
project,
if
a
hostname
isn't
already
set
correctly,
then
cubespray
tries
to
set
it
and
the
way
that
it
does.
That
is
through
this
command.
A
A
Then
log
in
again
and
boom
is
foo
right,
so
I
can
still
change
the
hostname
that
way,
but
something
in
the
way
that
hosting
kettle
does
it
like
makes
use
of
something
that
I
don't
understand
yet
and
and
blocks
it.
So
at
some
point
I
might
let's
trace
that
and
see
if
I
can
figure
it
out
but
kind
of
an
interesting
challenge.
A
Talking
about
the
white
paper,
the
the
final
version
here,
and
so
this
is
actually
kind
of,
I
think,
a
pretty
solid
write-up
that
was
funded
by
the
cncf
to
talk
about
the
operator
pattern,
how
it
works
and
all
of
that
stuff.
So
if
you've
heard
people
talking
about
operators,
you
want
to
know
more
about
it.
I
think
this
is
probably
a
really
good
reference
to
begin
with,
so
definitely
check
that
one
out
I
like
that,
it's
somewhat
agnostic.
A
It
talks
about
the
different
frameworks
that
that
are
out
there
queue
builder
cop
cncf
operator
framework,
the
metadata
controller.
A
A
So
a
great
reference
on
operators
there's
a
new
admission
control
micro
framework
and
then
there's
also
the
crestlet,
which
is
a
been
it's
been
moving
along
pretty
well,
but
it's
cubelet,
rust
and
wassum
to
give
you
the
ability
to
run
like
webassembly
as
containers
instead
of
containers
as
containers,
pretty
neat
stuff,
nothing
new
in
the
cve
ground,
and
the
next
thing
I
wanted
to
start
playing
with
was.
I
wanted
a
a
kind
of
explorer
that
take
us
back
to
that
blog
post.
A
So
when
we
get
to
version
1.22,
which
has
already
been
cut,
if
you
start
migrating
to
it,
one
of
the
heads
ups
here
is
that
you're
going
to
start
seeing
things
get
taken
away,
you're
going
to
see
the
api
not
present
for
particular
groups.
A
V1
beta
1
and
now
it
is
just
v1
so
and
and
the
removal
means
that
if
you
still
have
your
object
defined
that
manifest
defined
as
api
group
admission,
admission,
registration,
dot
case,
dot
view
io,
slash,
v1,
beta
1,
then
it's
not
it's
going
to
fail
and
it's
going
to
tell
you.
There
is
no
object
of
that
url
right,
and
so
that's
going
to
be
the
experience
that
you
have
and
you'll
be
surprised
by
it,
and
there
are
a
few
other
ones
here:
custom
resource
definition,
that's
a
big
one.
A
And
it
makes
me
wonder
if
it
is
good
all
right,
so
here's
an
example
of
a
of
a
crd
that
has
been
defined
and
I'm
actually
going.
I'm
going
to
go
ahead
and
apply
this.
I'm
going
to
go
up
here
to
raw
I'm
going
to
grab
that
url
and
we're
going
to
go
ahead
and
apply
it
and
see
what
it
looks
like.
So,
let's
do
find
create.
A
Cluster
and
while
we're
doing
that,
oop
that's
going
to
bring
him
up
122.,
that's
not
what
I
want
do
I
have
a
122,
let's
go
and
take
a
look.
A
A
A
It
looks
like
to
test
this.
We
would
have
to
build
122
unless
I've
already
done
that
which
I
might
have
done,
but
while
we're
waiting
for
that,
let's
go
ahead
and
do
this
kind
complete
cluster,
so
I'm
gonna
go
ahead
and
build
kubernetes
real
quick.
I
know
that
sounds
kind
of
weird,
but
we're
gonna
do
it.
A
Oh
sears,
kubernetes
and
I've
got
it
checked
out
locally
and
the
way
that
I
check
that
out,
this
is
something
I
re.
I
learned
or
kind
of
relearned
recently
was
that
you
have
the
go:
111
module
command
and
if
you
set
that
to
off,
then
you
can
do
a
go,
get
jh
to
io
kubernetes,
and
it
will
put
it
in
ghost
search
case
that
I
have
kubernetes
for
you.
A
A
A
A
A
And
because
my
local
checkout
in
my
go
in
my
go
environment
is
set
to
v122
0
rc
0,
that's
where
I
that's.
What
I've
got
checked
out
locally,
then
kind
will
actually
build
that
particular
version
and
make
it
available
to
us
and
we'll
see
if
this
works,
I
might
have
to
actually
grab
the
the
the
current
release
or
the
top
of
tree
release
for
a
kind
to
make
it
work.
But
let's
see
what,
let's
see
what
happens
if
we
bundle
it
up
this
way?
A
First-
and
maybe
we
won't
have
to
do
too
much
more,
but
this
will
give
us
the
ability
to
go
ahead
and
test
out
those
expiring
apis
and
see
what
that
looks
like.
A
So
these
are
the
things
that
are
being
affected,
so
any
automation
that
you
have
that
does
a
token
review.
You
might
want
to
check
a
look
at
anything
with
subject:
access
review
or
local
subject,
access
review,
self-subject
access
review
anything
you're
doing
that's
actually
checking
the
credentials
or
any
testing
that
you
do
for
any
of
those
things.
Any
of
those
objects
have
to
be
defined.
In
that
way,
the
beta
certificate
signing
requests
is
now
no
longer
beta
and
it's
not
going
to
be
available.
A
The
lease
api
if
you
use
it
and
the
ingress
object
right,
ingress
extensions,
v1,
beta
1
and
networking
k8.io
v1
beta
1..
This
one
has
been
around
for
quite
a
long
time
and
it
will
be
removed
from
serving
it
means
it
will
not
be
available,
and
if
you
were
to
try
and
create
an
object
with
that
old
version,
it
will
not
be
available.
A
Now,
there's
a
couple
a
couple
things
that
I
covered
last
time:
that
I'll
just
I'll
reiterate
here
real
quick-
and
that
is,
if
you
ever
ever
wondering
what
version
is
the
right
version
right.
You
can
do
cubepetal
explain
for
that
particular
object.
Let's
take
an
ingress.
For
example,
I
have
a
cluster
up.
A
A
A
A
A
A
A
Self
subject:
access
review
okay,
so
it
is
under
authorization
case
iov1,
that
is
the
correct
version
and
the
kind
would
be
self
subject:
access
review
and
again,
here's
all
the
information
for
the
object.
That's
one
way
of
determining
the
group
another
great
way
to
look
at
it
is
this
like
cube
kettle
api.
A
Oh
in
this
particular
output-
and
this
is
a
tricky
one,
because
this
will
actually
show
all
of
the
api
resources
that
are
being
served
currently
like
what
things
you
can
define,
and
in
this
case
you
can
see
that
you
could
define
ingress
under
networking
case
to
o
slash
v1
or
you
could
also
in
define
and
ingress
under
exercises,
v1
beta1
and
that's
because
we're
running
version
1.21
we're
running
122.
We
would
not
be
able
to
do.
A
A
A
A
Docs,
but
one
of
the
things
I
really
want
to
make
sure
that
we
highlight
is
that,
like
removal
means
removal,
it
means
it
will
no
longer
be
served.
It
means
that
if
you
try
to
create
that
object,
it
will
no
longer
be
there
right
and
we're
going
to
play
with
that
just
a
minute.
When
I
get
122
up
we're
going
to
start
up
a
122
cluster
and
like
deploy
some
stuff,
that
is
that
that
don't
work
anymore.
A
The
related
api
ingress
class
is
designed
to
complement
the
ingress
concept,
allowing
you
to
configure
multiple
kinds
of
mangroves
within
one
cluster,
if
you're,
currently
using
the
deprecated
ingress,
dot
class
annotation
plan
to
switch
to
ingress
class
name
field
instead,
and
I
believe
that
was
actually
handling
being
handled
somewhat
automatically
when
migration
would
happen.
A
A
A
A
A
A
A
A
A
A
A
A
A
Plugins
work
is
anything
that
has
the
word
cube
kettle
and
then
a
dash
and
then
something
after
it.
That's
actually
how
the
plug-in
trick
will
work
right,
so
cubekittle
will
discover
that
and
make
those
plugins
available
to
you.
A
A
A
A
A
Keep
kill
create;
okay,
I'm
on
the
wrong
one.
Five
two.
A
A
A
A
A
A
Yemo,
so
there
is
the
the
current
valid
object
and
I
can
actually
create
this
same
object,
but
it's
by
copying
into
our
new
context,
but
I'm
not
going
to
do
that
right
away.
Instead,
what
I
want
to
do
is
I
want
to
pull
an
older
version
of
it.
A
A
This
is
kind
of
wild
but
check
it
out.
So
this
time
I'm
actually
going
to
use
the
old
extension.
It's
the
one
that's
actually
being
removed
from
the
cluster.
So
if
I
do
that,
I
can
see
that
I'm
doing
cube
kettle
get
ingress's
extension,
so
I'm
telling
it
that
I
wanted
to
convert
whatever
object.
It
has
an
lcd
into
this
particular
version
of
object
so
that
I
can
see
the
results
of
that
object
right
and
it's
going
ahead
and
it's
gone
ahead
and
done
that
it's
created
extensions
v,
one
beta
one.
A
A
A
A
A
A
But
this
is
the
error
that
you're
going
to
kind
of
want
to
watch
for
if
you,
if
you're
you'll,
know
that
you're
hitting
this
problem,
when
you
see
this
error,
no
matches
for
kind
is
the
key.
Is
the
thing
right?
That's
actually
where
you're
going
to
get
or
it's
going
to
catch
you
out.
A
All
right
so
now
to
dig
into
the
bones
here
a
little
bit
and
show
you
some
other
interesting
stuff.
That's
happening
behind
the
covers,
and
this
is
like
probably
the
easiest
way
I
can
think
of
to
do
a
test
on
like
self-subject
access
review,
so,
first
understanding
what
self-subject
access
review
is
one
way
to
conceptualize
this
is
to
is
to
ask
is
to
basically
it's
the
idea
that
you
can
query
the
api
server
with
specific
questions
to
determine
what
access
you
have
right.
A
So
if
I
were
to
do
cube
kettle
auth
and
I
one
of
my
favorite
commands
actually
and
then
I
do
list,
for
example-
and
it
will
show
me
all
of
the
permissions
that
I
have
with
my
current
credential
against
the
api
server
according
to
the
api
server
itself
and
the
way
that
it
does.
A
A
A
Okay
and
that's
the
default
service
account
in
the
default
namespace
and
we've
identified
it
as
a
system
service
account.
Now,
what's
going
to
happen,
is
it's
going
to
run
this
command
the
self-subject
access
review,
but
it's
going
to
impersonate
this
particular
service
account
and
get
the
result
back.
So
my
question
was:
what
permissions
do
the
difficult
service
account?
Have?
A
A
It
can
do
a
create
of
self-subject
access
reviews,
it
can
do
a
create
of
self-subject
rules
review
and
then
it
has
the
ability
to
understand
a
little
bit
about
the
configuration
of
the
cluster.
So
it
can
basically
walk
the
api
and
see
what
resources
are
there,
but
that's
about
it
right,
interesting
stuff.
A
Now
what
I
was
showing
you
before
was
if
I
wanted
to
see,
for
example,
what
the
api
call
was
that
made
this
api
that
made
this
request.
I
can
actually
pull
that
open
and
take
a
look
right,
and
so
here
is
the
request
body
and
you'll
notice
that
it
looks
a
lot
like
the
json
stuff
or
the
or
the
yaml
stuff
that
we
normally
see.
A
So
it's
a
self
subject,
access
review,
api
version,
authorization,
k8.I,
o,
slash,
v1
and
then
there's
no,
the
metadata
is
effectively
empty.
The
spec
is
defining
the
name
space
in
which
I
want
this,
but
to
see
and
and
the
status
object
exists,
but
doesn't
matter,
and
so
here
is
the
curl
request.
If
I
were
going
to
use
curl
to
do
this,
and
we
can
see
now,
one
of
the
biggest
takeaways
of
this
particular
piece
of
it
is
that
you
can
see
kind
of
how
the
api
removal
will
affect
you
right.
A
A
A
So
here's
the
curl
making
the
call-
and
it's
saying
it's
going
to
put
that
according
to
the
doc
the
cube
kettle
has
converted
that,
based
on
the
ammo
that
I
have
provided,
it
has
picked
up
the
group
and
it
has
applied
it
in
that
uri.
So
it's
going
to
send
it
to
my
api
server
on
slash
apis
inside
of
the
networking.cas
to
io
on
version
v1,
it's
a
namespaced
object,
so
it
determines
what
namespace
I've
targeted
the
default
namespace
by
default,
and
then
the
ingress
create
the
ingress
object.
A
A
A
A
A
A
A
A
A
A
A
That's
cool
okay,
hold
on
history,
grab,
convert.
A
A
A
A
Yeah,
that's
kind
of
a
trip.
That's
a
very
good
point.
A
A
A
A
A
And
it
basically
comes
down
to
discovering
what
the
preferred
version
is
and
then
using
that
preferred
version.
So
I
wonder
if
they've
wired
it
up
to
a
new
api
that
doesn't
exist
yet
because
there
is
now
there
will
soon
be
a
an
api
that
describes
like.
Oh
actually
in
my
cubekill
get
api.
A
A
The
preferred
version
in
an
api,
and
so
I
wonder
if,
if
that
existed,
whether
cubicle
convert
would
be
able
to
consume
it
and
make
the
right
decision,
but
it
used
to
be
that
cube
kettle.
Convert
would
determine
what
the
preferred
version
was,
and
then
it
would
pick
that
and
that's
not
what's
happening
here.
Instead,
what
it's
doing
is
just
I
don't
get.
A
Anyway,
the
last
few
things
I
wanted
to
cover
before
I
bounce
out
of
here
are:
there
are
a
few
other
things
that
are
worth
calling
out,
and
these
are
different
projects
that
I
found
that
give
you
the
ability
to
understand
whether
things
are
deprecated
or
falling
out
of
or
or
have
expired.
A
Thank
you
so
cube.
No
trouble
is
a
great
example
of
this.
It
basically
looks
for
objects
that
have
been
created
and
then
on
a
deprecated
version
and
warns
you
about
them.
A
A
A
A
A
A
A
And
then
the
last
one
is
deprecation
written
by
a
good
friend,
steve
wade,
and
he
is
doing
exactly
the
same
thing
just
like
evaluating
those
manifests
that
you've
provided
and
trying
to
determine
whether
those
manifests
are
using
expired
apis,
and
that
is
our
session
for
today.
I
wanted
to
say
thank
you
very,
very
much
for
joining
me.
It
really
means
a
lot.
A
I
hope
these
sessions
are
useful
and
I
look
forward
to
the
next
one
in
two
weeks
and
come
right
back
here
and
I'll
I'll
meet
you
again
in
two
weeks
and
we'll
cover
some
other
interesting,
fascinating
part
of
all
of
this.
So
I
hope
you
all
have
a
great
week
and
I'll
see
you
soon.