►
Description
Welcome to part two in our ongoing meet-up series dedicated to solving problems that arise when aspects of the PHP space don’t play nice with Kubernetes, like object file storage and role-based user controls as they apply to API interactions.
Our story: https://bit.ly/3bznSXC
Our efforts to provide open source developers with a simple way to leverage K8s: https://bit.ly/3qeShi1
Catch up with the group on GitHub: http://bit.ly/338dXC5
A
A
This
week's
pretty
interesting
for
us
we've
got
a
lot
going
on
specifically
a
lot
of
the
people
that
typically
participate
are
in
Barcelona
right
now,
so
we
have
quite
a
few
people
in
queue.
Con
coupons
are
pretty
exciting
event
for
everybody
didn't
get
a
lot
of
agenda
items,
but
let's
go
ahead
and
just
jump
in
typically.
What
we
do
is
we
start
off
with
a
quick,
hello
and
who's
here.
I
can
start.
My
name
is
Kevin
bridges.
I'm
the
CTO
at
a
company
called
tread
technology.
We
do
a
lot
of
kubernetes
work.
B
So
I
spend
a
lot
of
time
in
the
community
for
many
years
and
there
have
been
deep
in
in
the
kubernetes
world
for
a
couple
years
now.
These
days,
I
work
for
Microsoft
working
on
aks,
managed,
kubernetes,
offering
and
just
kind
of
saw
that
this
was
happening
today
and
thought
I'd
come,
say
hello
to
old
friends
and
see
see
how,
through
pallone
cube,
is
coming
along.
C
Yeah
anyways
Florine
Larten
also
see
a
couple
familiar
faces
here:
yeah
been
in
the
drupal
community
for
a
while
too,
and
currently
CTO
for
a
blender,
triple
agency
or
I,
guess
Drupal
agency
that
we
do
a
lot
more
other
things
nowadays
and
and
yeah.
So
we're
also
like
we're
not
launching
a
hosting
product.
We
have.
We
do
for
our
own
clients
and
and
yeah.
So
we
have
a
mixture
of
Drupal
and
non
Drupal,
stuff
and
yeah.
Also
quite
an
interesting.
That's
that
whole
could
burn
ad
space.
A
D
I
went
now,
I
have
been
in
duple
community
for
the
past
twelve
years
and
I
am
currently
working
with
fertility
of
Starcom.
We
are
planning
to
launch
a
product
platform
as
a
service
for
psu
products,
especially
to
people,
because
I
have
a
lot
of
tool
experience.
So
probably
we
are
starting
with
that
and
I'm
a
product
of
the
product
tree
and
it
obviously
uses.
E
A
Great
okay,
well
one
of
the
things
that
we
kind
of
are
identifying
as
we
have
some
of
these
meetings
or
one
of
the
real
reasons
that
we
wanted
to
start
talking
about.
This
was
that
there
are
specific
problems
in
the
PHP
space
and
Drupal
that
don't
play
well
with
kubernetes
the
ones
that
we've
been
able
to
identify
as
being
very
problematic
right
out
of
the
gate
or
things
like
object,
file,
storage,
I,
there's
a
host
of
issues
that
I
think
Brad
Jones
surface
that
are
directly
related
to
that.
We
have.
A
You
know
some
targeted
efforts
that
we
can.
We
can
kind
of,
engage
on
to
help
people
out
or
maybe
collaboratively
help
solve
these
problems
for
each
other.
So
that's
definitely
been
one
of
the
things
that
we've
been
talking
about.
I,
put
a
link
to
our
meeting
minutes
and
agenda
I'll
put
it
into
the
tsums
that
it
gets
caught
there
for
anybody
that
watches
the
video
afterwards.
A
So
for
me
that
that's
really
kind
of
an
interest
point
I
I,
don't
really
quite
know
how
to
run
this
particular
meeting
because
of
the
the
smaller
attendance.
But
maybe
if
we
could
just
take
a
few
minutes
and
go
around
and
talk
about
some
of
the
areas
that
we're
currently
focusing
on
or
some
of
the
problem
spaces
that
we're
currently
having
in
kubernetes
and
see.
A
That's
huge
for
us
right
now
we're
spending
a
lot
of
time
focusing
there
and
getting
that
to
work.
I'm
spending
a
lot
of
time,
understanding
what
different
authentication
layers
mean
to
kubernetes
and
how
to
get
them
to
all
play
together
properly.
It's
been
a
bit
of
a
challenge
for
us.
You
know
we
started
going
down
the
kubernetes
route,
I.
A
B
Mean
that's!
That's
a
really
good
intro
I
mean
I'm
I'm,
very
curious,
like
exactly
what
what
part
of
the
authentication
authorization,
you're
you're
interested
in
I
mean
I'm,
assuming
you're
running
or
you're
wanting
to
go
multi-tenant
on
top
of
cube
and
then
what
expose
exposed
cube
api
to
end-users,
yep.
B
A
Because
we
wanted
to
make
sure
that
we
could
track
a
user
across
different
products
and
across
different
systems,
so
that
we
could
provide
a
unit
Universal
way
for
them
to
authenticate
and
we've
completely
separated
out
authentication
and
authorization.
So
they
can
authenticate
be
associated
with
any
number
of
things
that
we
do.
In
addition
to
having
proper
are
back
controls
inside
of
kubernetes
and
accounts
provision
for
them
and
organization
management
and
everything
else
that
goes
with
that.
C
I
guess
it's
pretty
interesting
because
we're
actually
coming
from
from
a
very
different
angle,
so
we
are
like
building
and
we're
working
in
a
setup.
That's
really
made
to
work
within
an
organization
pretty
much
assuming
that
you
can
trust
everyone
and
so
like
very
permissive
set
of
tools
where,
where
we
just
want
to
our
developers
to
be
able
to
do
stuff-
and
yes,
we
will
need
to
figure
out
billing.
We
definitely
should
have
something
that's
secure,
but
there's
we
like
the
domain.
C
The
main
goal
is
to
have
pretty
much
a
cluster
where
we
can
just
have
developers
just
do
stuff
and
just
create
a
represents
where
you
push
their
code
and
then
the
CIA
just
takes
care
of
deploying
everything
and-
and
we
actually
doesn't
have
something
that
works
quite
well
for
that,
but
yeah.
The
completely
different
set
of
issues.
C
For
example,
we've
seen
that
many
of
the
like
when
it
comes
to
its
object,
storage
for
or
file
storage
for
for
Drupal
file,
uploads
most
of
the
solutions
that
actually
work.
They
rely
on
something
outside
of
the
cluster,
and
that
makes
it
difficult
to
provision.
And
for
us
we
actually.
We
want
to
provision
a
new
environment
for
every
single
branch
that
gets
pushed
and
if
you
need
to
wait
five
minutes,
then
your
help
deployment
will
have
a
timeout.
Everything
needs
to
wait
and
that
doesn't
actually
work.
C
So
so,
for
these
kind
of
reasons,
we
actually
really
want
to
have
something
that
well,
it
doesn't
necessarily
need
to
be
in
the
cluster,
but
we
need
to
be
able
to
have
a
reliable
way
of
just
quickly
provisioning
things
on
the
net
and
and
yeah
many
of
the
solution
that
we
we've
seen
that
actually
work
either
they're
too
slow
or
they're
really
expensive,
because
if
you
want
to
have
like
hey,
you
have
20
developers
on
the
project,
so
between
open
call
requests
and
things
like
that.
They're
gonna
have
30
environments.
C
Also,
we
see
that
we
have
exactly
the
same
kind
of
issues
with
file
uploads,
which
is
like
it's
stupid,
because
it's
such
a
negligible
part
of
the
project,
but
at
the
same
time
it's
really
the
one
that's
causing
a
lot
of
issues
and
we're
we're
following
a
few
different
options
at
the
moment.
So
there's
there's
some
new
developing
in
route
regarding
NFS
support
that
seems
like
it
could
eventually
be
an
interesting
one,
also
as
I
mentioned
in
the
in
well.
It
was
mentioned
in
the
the
agenda
from
last
week.
D
C
Clone
and
fly
system,
so
it
seems
like
all
of
this
solution
can
require
some
kind
of
compromise,
and
so
we-
and
that's
also
one
thing
that
we
see
we
really
are
totally
fine
with
having
a
very
opinionated
set
up.
So,
for
example,
the
whole
challenges
that
were
mentioned
regarding
installing
Drupal
and
needing
like
these
kind
of
like
Drupal,
not
having
access
to
your
files
and
so
on.
We
don't
really
care
about
that.
We
the
way
that
we
deploy
code,
it's
pretty
much
well.
C
A
You
yeah
a
file
management
is,
is
becoming
a
pretty
big
deal
in
the
Drupal
space
and
I
linked
a
couple
of
issues
that
have
been
surfaced
earlier.
That
I
might
be
worth
considering
some
type
of
a
collective
effort
to
focus
on
a
I
think
that
if
we
can
get
into
a
working
flow,
you
know
I'm
willing
to
dedicate
resources
to
Drupal
issues
to
be
able
to
solve
those
issues
to
help
move.
D
I'm
completely
new
to
Canada,
so
I
didn't
get
much
to
interact
with
it,
so
we
are
indirectly
using
kubernetes
through
Rancher
API,
so
we
have
a
rancher
pipeline
set
up
and
is
integrated
with
git
lab
and
obviously
the
rancher
has
this
multi
agency.
So
it
does
most
of
our
work
like
multi-tenancy
the
pipeline,
the
triggering
and
everything
so
right
now
we
are
concentrating
on
building
a
building
and
metering
section
where
we
could
I
mean
any
client
who
runs
a
application.
D
We
could
just
break
down
the
entire
costing
into
invoice
saying
that
this
much
we
have
consumed
you
have
consumed
the
AWS
resources.
We
have
consumed
some
of
our
host
services
like
the
doctor
industry
and
the
bandwidth
and
stuff.
So
right
now
we
are
concentrating
on
that
and
next
plan
of
action
for
us
in
our
product
is
to
have
a
set
up
to
run,
run
deck
platform.
I
hope
most
of
the
people
are
aware
of
on
deck,
so
run.
A
D
D
E
From
my
perspective
and
I
take
a
more
infrastructure
based
approach.
Obviously
you
know
the
main
things
that
remind
our
managing
attach
resources.
The
few
database
tier
object,
storage,
you're
attached
file,
storage,
etcetera,
but
it's
also
imagine
configuration
and
ensuring
that
you
know
there's
a
consistent
layer
between
you
know
how
we
configure
things
improve
entities
for
sound.
We
configure
things
in
PHP,
that's
where
the
concerns
I
still
have
I
realized.
There
are
several
different
approaches
to
it.
E
Obviously
you
know
Florian
already
talked
about
you're
managing
attached
resources
and
I
mean
there
is
some
movement
in
the
communities
community
overall,
there's,
obviously
Service
Catalog
there,
a
few
open
source
projects
that
do
things
like
deploy,
databases
and
so
forth.
I
understand
the
wait
time
for
that
is
kind
of
painful
at
times.
However,
that's
usually
you
know
not
the
software
itself
as
much
as
it
is
the
provider,
that's
creating
those
resources.
So
yeah,
that's
really
kind
of
the
questions
that
I
can
answer
an
approach
where
I
think
gonna
be
the
major
problem.
A
A
E
E
Sniffing
explosion
at
home
and
that's
a
sticky
subject,
because
everybody
has
a
different
opinion
about
helm
and
how
it
works.
I
realize
that
work
on
version
3,
the
move
away
from
the
tiller
concept
is
definitely
gaining
traction,
although
it's
not
competing
with
customized
and
at
least
five
different
other
solutions
that
I
can
see
and
they're
out
and
about
and
even
top
of
that
at
home
itself
doesn't
prescribe
a
specific
method
of
how
the
release
is
happening
themselves
just
about
how
its
packaged
and
some
of
the
additional
votes.
E
E
Or
hungry
I
have
not,
but
I've
been
attracting.
What
version
3
was
supposed
to
achieve.
The
the
entire
break
from
tiller
was
probably
the
biggest
piece,
along
with
the
capabilities
of
the
understanding.
Role-Based
authentication
were
the
original
model.
The
filler
did
not
do
that
very
well,
so
I
wouldn't
need
to
bone
up
on
that
I
get
in
know
nothing.
I
could
actually
speak
accordingly.
I.
C
Actually
gave
it
a
try
just
yesterday
and
yeah
it
works,
there's
a
few.
Well,
it's
definitely
alpha
in
terms
of
what
even
just
like
CLI
parameter
sets
are
so
there,
but
do
absolutely
nothing
and
and
the
only
way
to
ug.
Like
said
the
namespace,
you
pretty
much
need
to
set
it
in
your
cube,
config
and
and
then
it
will
follow
that
and
just
ignore
the
namespace
parameter
and
things
like
that.
C
So
it's
definitely
not
ready
for
production,
but
these
are
more
like
cosmetic
changes
or
cosmetic
stuff
in
terms
of
how
you
interact
with
the
CLI
and
otherwise
it
seems
to
work.
But
it's
it's
not
something
that
you
can
just
use
help
to
end
helm
3
in
parallel,
because
they
have
different
ways
of
working
and
yeah
you
don't
you
don't
get
to
see
any
of
your
helm,
2
releases
with
helm,
3
and
vice
versa,
and
so
that
that's
that
also
makes
it
a
little
bit
difficult
to
just
try
it
out
progressively
so
it
pretty
much
uni.
A
I
know
on
our
team:
we
have
a
love-hate
relationship
with
helm
when
it
works.
It's
amazing
when
it
doesn't
work,
it's
very
difficult
to
debug,
it's
very
difficult
to
understand.
What's
going
on
and
then
suddenly
I
have
an
engineering
team
complaining
about.
Why
are
we
using
helm
as
a
templating
language,
so
I'm
curious?
A
C
A
C
We
kind
of
managed
that
there
there's
a
well
the
helm,
has
a
built-in
test
tool
which,
in
my
opinion,
is
pretty
much
useless
and-
and
we
have
had
actually
some
really
good
success
with
the
unit
test
plug-in
so
pretty
much
it.
It
generates
your
templates
and
then
you
can
run,
run
specific
queries
and
that's
actually
been
working
really
nicely
in
terms
of
catching
things,
indentation
issues
and
so
on,
and
so
yeah
I
see
that
hell
Muni
dust.
Yes,
that's
this
one
and
it's
been
it's
been
helping,
so
it's
hurts
less,
but
I.
C
B
I'll
add
a
couple
tidbits
here:
I've
been
using
hemp
extensively
for
a
long
long
time
and
it
came
from
came
from
Dale's
who
created
home
to,
and
it
worked
pretty
closely
with
people
working
on
home,
3
I
will
say
that
at
least
the
way
that
I
use
some
I.
Basically
don't
use
tiller
already
it's
it's
not
difficult
to
use
home
without
touching
tiller
in
any
way
shape
or
form.
B
There's
a
couple
different
ways
to
approach
that
you
can
either
just
use
home,
template
directly
and
pipe
that
straight
to
keep
CDL
or,
if
you're,
writing
your
own
CLI.
It's
it's
really
really
simple
to
just
import
the
tiller
libraries
and
call
them
directly
so
that
you're
not
actually
using
trpc2
a
tiller
server,
you're
just
executing
the
same
code
that
tiller
would
have
executed
and
I
I've
definitely
had
fairly
good
success.
B
Spits
back
are
not
that
much
different
than
what
what
the
cue
baby
I
would
spit
back
so
anyway,
it's
it's.
It's
definitely
a
challenge
and
and
I've
had
pretty
good
success
with
this
home
unit
test
library
as
well.
It
stops
a
lot
of
the
one
thing
that
it's
caught,
the
most
for
me
is,
is
just
essentially
no
pointer
errors
that
way
down
in
a
values
file
or
something
that
this
this
plugin
just
instantly
catches
all
those
problems.
So
I
definitely
do
like
that.
B
A
Cool
well,
yeah
I,
don't
know
yeah,
you
know
late,
like
I
said:
we've
got
I'm,
not
quite
sure
where
we
stand
officially
with
home.
To
be
honest,
I
know
that
we've
as
a
result
of
some
of
those
deep
debugging
issues
that
you
touched
on
Matt
I
know
that
we
kind
of
isolated
it.
It's
a
very
specific
functionality
that
was
very
easily
manageable
and
I.
Don't
know
if
we're
going
to
be
looking
at
it
going
forward,
specifically
because
of
the
work
that
we've
done
to
to
not
use
it.
B
I
mean
I
think
a
really
good,
really
good
operator.
It
work
it's
better
to
not
use
something
right
because
I
mean
an
operator.
Is
it's
it's
better
to
import
the
libraries
directly
and
use
client
go
directly
and
not
have
to
ever
go
yeah
no
and
have
added
to
its
processing,
so
I
think
that
that's
definitely
a
smart
decision.
I
I
think
he'll
make
sense
for
for
some
things
that
make
sense
for
sharing
some
best
practices
about
about
how
random
people
can
install
something
like
Drupal
on
a
kubernetes
cluster.
C
At
the
same
time,
we
see
that
like
for
us,
especially
we.
We
have
a
project
that
have
some
nodejs.
Some
some
reacts
that
also
have
some
server-side
rendering
we
have.
We,
we
use
a
less
search
quite
a
bit,
so
we
often
have
this
kind
of
project
that
have
multiple
different
components
and-
and
it's
I'm
not
sure
that
it
would,
since
you
have
one
operator
that
does
all
these
things,
putting
them
together
and
in
it
seems
like
helm,
could
actually
be
quite
good
at
having
what
managing
this
kind
of
setup,
where
you
have
multiple
things.
C
B
So
it's
it's
interesting
I
think
there
is
a
balance
that
that
can
work
and-
and
it's
not
necessarily
one
or
the
other-
that
somehow
you
still
have
to
go,
create
those
ers
and
and
I
think
that
that
it's
it's
not
a
it's,
not
a
bad
way
to
do
it
like
it
there
they
need
to
be
parametrized.
You
need
different
variables,
whatever
it's
like.
B
A
It's
cool
well,
one
of
the
things
that
we
have
on
the
agenda
coming
out
of
this
is
basically
a
starting
to
talk
about.
You
know
how
do
we
want
to
organize
this
group?
How
do
we
want
to
centralize
our
efforts,
and,
and
what
do
we
want
to
do?
Essentially,
it's
kind
of
been
floated
over
the
past
couple
of
meetings
and
yeah.
A
I
know
that
there's
a
fair
amount
of
interest,
but
I,
don't
know
that
we've
actually
targeted
anything
to
do
or
devised
a
way
to
come
together
as
a
working
group,
so
I
just
modeled
what
was
happening
in
the
kubernetes
world
as
far
as
the
SIG's
are
concerned,
to
get
this
started
and
I'm
definitely
interested
in
people's
ideas
about
how
we
can
move
this
forward
so
throwing
that
out
to
the
group.
If
anybody
has
any
ideas.
A
So
we've
got
a
host
of
operators
that
were
in
the
process
of
polishing
up
and
are
going
to
open-source,
so
I
think
that
what
I
would
like
to
see
as
far
as
they
goal
is
a
common
set
of
operators
for
Drupal
and
maybe
done
in
a
way
that
is
community
specific.
So
for
me,
what
that
means
is
that
if
we
can
show
the
Drupal
community
a
good
way
of
implementing
an
operator
for
Drupal,
then
we
could
also
potentially
show
the
WordPress
community
a
similar
pattern.
A
So
I
sort
of
any
ideas,
I
guess
I'll,
just
throw
a
couple
of
them
out
there.
I
was
kind
of
thinking
that
you
know.
We've
got
a
couple
of
issues
that
we've
prioritized,
or
at
least
they
had
been
thrown
out
there.
Maybe
we
can
start
really
focusing
it
on
those
issues,
maybe
a
slack
poll
to
determine
the
value
of
them
and
then
start
dedicating
resources
to
actually
fixing
those
issues
and
looking
into
them
to
me.
C
A
A
So
I
don't
know,
I
think
getting
a
little
bit
more
structured
about
how
we're
approaching
these
and
maybe
raise
the
top
two
or
three
general
issues
that
that
we're
encountering
right
now.
File
system
management
seems
to
be
the
number
one
thing
coming
up.
Maybe
we
can
start
putting
together
a
couple
of
issues
and
I
think
that
Brad
Jones
was
very
active
in
the
both
that
we
had
at
Rubicon.
A
So
I
think
that
he
has
some
insight
into
some
additional
issues
that
might
want
to
look
at
it
maybe
work
a
little
bit
with
Jeff
Deerling
to
get
some
insight
as
to
some
of
the
problems
they're
experiencing
on
that
side.
Maybe
by
the
next
meeting
we
can
surface
two
or
three
issues
that
are
worth
at
least
talking
about
in
the
next
meeting,
and
that
might
be
a
good
next
step.
Yeah.
D
From
the
last
meeting,
I
saw
the
video
sorry
that
was
the
first
meeting
I
guess
so
from
that
I
got
an
idea
that
I
could
run
some
benchmark
tests
on
some
of
the
projects.
I
have
with
the
different
file
systems,
class,
the
face
and
NSA
storage,
and
what
else
you
have
so
I
thought
I
could
run
some
tests
on
benchmarking
test,
send
some
hundred
thousand
requests
and
maybe
publish
the
data
so
that
others
could
also
continue
with
that
and
publish
their
own
data.
D
In
that
way,
probably
we
could
at
least
get
one
grip
on
performance
issues
and
other
things.
Other
issues
which
were
mentioned
in
the
first
call
were
this
file
of
issues
coming
from
NFS
I
guess.
So,
if
you
could
figure
out
the
multiple
issues
from
different
storage,
it
could
be
helpful
for
others
also
to
make
edition
when
they
want
to
go
for
a
so
it
system
for
their
kubernetes
I
mean
in
the
Drupal
community.
So
if
the
data
is
that
it
would
be
easier
for
others
paper
that
you
I
know.
D
E
C
And
we've
also
done
some
benchmarks.
Well,
there
was
a
while
ago,
but
it
turns
out
that
mixing
helm
and
jmeter
actually
works
out
really
nicely
so
that
you
can
just
you
like
use
home,
to
create
a
bunch
of
releases
at
once
and
really
just
not
like
a
hundred
requests
or
hundred
thousand
requests
on
one
environments.
But
it's
really
like
having
a
pretty
much
a
full
cluster.
So
that's
yeah,
I'm
happy
told
you
to
point
to
that.
A
Cool,
so
let's
talk
about
action
items
for
a
little
bit.
It
sounds
like
the
first
action
item
is
going
to
be
to
create
an
issue
to
start
talking
about
this
I
think
that
I
I
don't
know
what
my
inclination
is
to
create
it
on
github
instead
of
on
drupal.org,
but
I'm
curious.
What
people
think
about
that.
A
Easy
enough,
I,
like
small
groups,
we
get
consensus
much
easier.
This
way,
sweetie
so
I,
first
action
item
for
me
is
going
to
be.
To
summarize,
this
meeting
maybe
provide
a
couple
of
links
to
the
specific
file
issues
that
we've
seen
lists.
That
Steve
is
going
to
start
working
on
some
benchmarking
information
for
us
and
then
maybe
use
that
as
a
discussion
point
to
start
taking
this
forward
to
the
next
level.
The
next
meeting
that
we're
going
to
have
is
going
to
be
offset
by
four
hours.
A
D
A
B
A
Now,
unless
we
have
an
on-prem
installation
we're
using
the
manage
providers,
I
first
simplicity
and
scale,
it's
been
significantly
easier
across
the
board.
Managing
my
sequel
clusters
inside
of
kubernetes
is
a
bit
much
when
such
easy
services
exist.
You
know
so
I
am
curious.
What
other
people
are
doing
now.
C
We're
praying
a
few
like
well
for
the
production,
well,
we're
not
in
production
yet,
but
the
posh
and
like
environment,
that
we
have
it's.
It's
pretty
much
using
hosted
services
and
then
pretty
much
using
the
database
within
the
cluster
for
developing
environments
and
just
anything
that
just
needs
to
be
disposable.
D
I
got
one
question:
if
somebody
would
answer
so,
we
are
planning
to
use
the
undead
to
perform
these
actions
like
taking
a
database
snapshot
replacing
a
day
tables.
These
are
the
general
tasks
we
have
with
Drupal
by
clearing
cache,
restoring
the
files
I
mean
running,
remove
commands.
So
what
would
be
the
best
solution
to
abstract
it
to
the
user
so
that
they
don't
Union
me
not
give
them
the
CLA
axis
from
the
UI
GUI
itself?
They
could
run
those
actions,
so
I
think
of
ran
that,
but
anyone
else
cancellation,
better
solution.
C
So,
first
here
y-axis
actually
as
much
as
we'd
like
to
not
give
users
CLI
access
which
standard
triple
level
up
in
practices.
It's
really
difficult
not
to
do
that,
and
you
need
to
keep
your
users
so
pretty
much
what
we've
done
and
we
we
actually
have
a
container
like
a
that's
running
like
next
to
the
application
that
is
running
the
same
code
base
but
with
SSH,
and
we
have
a
jump
host
so
that
pretty
much
you
SSH
into
the
drunk
hosts
and
then
gets
forwarded
to
the
to
the
actual
2d
actual
container.
C
That
gives
you
access
to
your
codebase
and
connects
to
the
database,
but
it's
not
the
actual
container
where
the
application
is
running
and
we've.
Actually,
we
have
some
codes
in
the
jump
host
that
promote
checks,
the
github
API
for
the
public
keys.
So
that's
that's
actually
what
it
gives
us
authentication
and
authorization
in
in
one
step.
It's
the
github.
Api
is
not
very
fast,
but
it's
actually
really
nice
to
say
well
developers.
C
A
Went
down
in
some
paths,
we
started
with
github
installable
application,
with
the
assumption
that
we'd
be
able
to
realize
more
velocity
as
a
result
of
offloading
some
of
the
authorization
and
our
back
controls
to
get
up
that
gives
us
the
organization
management
that
lets
the
organization's
manage
their
own
users.
There
was
a
lot
of
upside
to
that
argument.
A
What
we
ended
up
finding
out
is
that
that
doesn't
translate
very
well
to
a
larger
system,
so
we
needed
to
come
back
to
something
that
gives
us
a
central
repository
of
our
users,
so
that
we
can
be
able
to
manage
them
through
different
scenarios.
This
is
where
we
started
evaluating
things
like
octa
as
an
identity
provider.
A
So
what
that
gives
us
is
the
ability
to
work
with
different
systems,
so,
instead
of
just
being
github
in
the
concept
of
organizations
and
users
as
they
apply
to
github,
we
can
now
work
with
get
lab.
We
can
work
with
bitbucket.
We
can
work
with
all
of
these
different
systems
and
allow
them
to
interact
with
our
hosting
environment.
So
it's
been,
it's
been
a
challenge
and
it's
not
a
solved
problem
to
this
day.
We're
still,
you
know
having
very
deep
engineering
conversations
about
what
exactly
our
back
means.
A
A
We
we
basically
stood
up
another
API
that
genericized
some
of
the
cube
functions,
so
we
don't
expose
those
two
users
and
they're
interacting
almost
directly
with
the
cube
API
through
that
interface,
so
so
I
think
the
real
takeaway
that
we've
learned
is
that
the
more
that
you
can
stay
cute
natives,
the
better
off
you're
going
to
be
with
all
of
these
things
and
we've
had
to
do
some
some
magic.
We
had
to
get
into
bootstrapping
the
cube
API
to
be
able
to
get
it
work
with
the
firebase
tokens
properly
and
I
expect.
B
Curious,
if
anybody
has
done
any
investigation
of
breaking
out
of
a
container
with
PHP
I,
just
worry
so
much
about
a
multi-tenant,
dribbled
setup,
because
you're
running
code,
that
you
can't
trust
and
and
it
it's
easy
enough
to
to
break
out
of
a
container
and
I-
definitely
worry
about
this.
With
this,
this
SSH
sidecar
that
you
were
mentioning
Florian
liked
it,
but
that
scares
me
a
great
deal
if,
if
these
are
people
that
you
don't
trust
just.
C
A
E
E
Think.
If
you
worry
about
that
specifically
in
the
context
of
this
conversation,
then
you're
not
yeah,
it's
we're
not
giving
you
know
the
issues
of.
We
can
actually
affect
right
here,
the
proper
time
and
proper
guidance
I.
Do
you
think
it's
a
valid
discussion?
I'm,
not
sure
that
PHP
sell?
Can
you
watch
in
regard
since
we
have
a
limited
access
memory
and
Colonel
little
functions,
although
of
course
you
know
Inc
a
myriad
injecting
things,
a
convenience
Eli
so
I'm
not
as
much
worried
about
the
Drupal
aspect
or
the
the
P.
E
Even
the
PHP
aspect
of
this
as
much
as
I'm
worried
about
the
general
container,
security
and
I,
don't
know
if
there's
a
good
answer
to
that.
I
mean
they're
they're,
never
Goethe
products
out
there
that
make
this
long
little
easier
tools
like
Falco,
for
example,
that
watch
the
kernel
calls.
But
again
it's
not
I,
don't
know
if
we
have
an
answer
for
that
yet,
but
at
the
same
time
you
know
I'll
go
back
to
the
cloud
in
general
argument.
You
know
when
Amazon
launched
ec2
yeah.
This
was
a
valid
concern
to
back
I.
B
Yeah
I
mean
I
the
way.
The
way
that
I
use
cubed
is
it
it's
definitely
multi-tenant,
but
it's
running
all
trusted
code
and
and
so
I'm,
just
very
interested
in
this.
This
problem
of
of
a
multi-ton
kubernetes
cluster
with
untrusted
users,
it
it
sounds.
It
sounds
like
something
that
I
wouldn't
want
to
try
to
do
today,
but
it
sounds
that
it
doesn't
seem
like
we're
ready
for
it.
But
I
don't
know
it's
it's
a
fun
fun
problem
for
sure.
A
D
B
Yeah
I
mean
so
it's
it's
tricky,
but
depending
on
what
it
is
like,
you
can
approach
it
with
the
same
problem
or
the
same
sort
of
scenario
as
an
operator
right
like
you
can
essentially
have
an
action
CRD
or
something
like
that.
That
ends
up
that
you
that
then
not
the
operator
actually
executes
those
actions
and
that
that
allows
you
to
limit
what
can
be
done
so
that
not
anything
and
everything
can
be
done,
and
you
can
validate
and
stuff
like
that.
B
So
that's
that's
probably
how
I
would
approach
it
just
so
that
it
keeps
it
all
it.
It
keeps
it
all
together
and
then
you
can
I
mean
you
can
pump
back
statuses
to
that.
To
that
custom,
resource
and
stuff
like
that,
so
I
I,
don't
know.
There's
there's
lots
of
ways
to
solve
these
sorts
of
things
right,
but
but
my
main
thing
is
is
just
not
opening
up
anything
and
everything
to
be
done,
because
then
someone
someone's
going
to
exploit
it.
D
A
Well,
we're
at
time
so
I
do
want
to
be
respectful
of
everybody's
day.
Thank
you
very
much
for
participating.
We
have
a
couple
of
action
items
that
we're
going
to
start
focusing
on
we'll
post
some
follow-up
information
in
the
slack
Channel.
So
again,
thank
you
all
for
participating,
and
hopefully
we
can
turn
this
into
something
amazing,
yeah.