►
A
And
we
are
live
on
youtube
hello
again,
we
are
here
for
our
22nd.
Everyone
can
contribute
cafe
and
continuing
what
we
are
gonna
learn
around
kubernetes
and
security,
and
today
I've
heard
rumors
about
multi-tenancy
with
kiosk.
A
I
have
no
idea
what
that
is,
but
nicholas
has
prepared
something
or
we
will
try.
It
live
now
yep
and
looking
forward
to
learn
something
new
today.
A
B
You
I
need
to
find
my
window
right
here.
It's
supposed
to
be
because
I'm
following
the
street
yeah
give
me
one
second
and
I'm
ready.
Okay,
I'm
ready
yeah.
B
I
hope
my
internet
connection
will
stay
alive
because
currently
we
don't
have
any
internet
international
number
flat.
I
need
to
tether,
but
it's
currently
working
the
whole
day,
so
this
meeting
will
also
work
yeah,
so
we
are
number
22.,
so
we're
coming
back
to
the
other
topic
a
little
bit
at
the
end.
For
the
last
time
I
would
say
in
the
first
place,
but
later
we
would
of
course
come
back
to
that,
and
I
want
to
talk
a
little
bit
about
multi-tenancy.
B
So,
if
you're
coming
to
the
point
that
you
have
multiple
clusters
or
you
want
to
have
at
least
currently,
what
we
want
to
achieve
in
the
end
is
that
we
have
only
one
cluster
where
multiple
users
can
work
in
independently.
So
that's
the
main
reason
that
we
want
the
main
reason
that
we
want
to
try,
at
least
so,
for
that
there
are
a
lot
of
opportunities
and
also
a
lot
of
solutions.
B
How
you
can
solve
that,
but
we
will
go
into
the
top
eight
with
a
right,
the
smaller,
so
that
I
can
also
turn
speaker
and
you
also.
It
doesn't
have
more
space
on
my
screen,
yeah
and
probably
before
I
know
it's
playing
the
whole
concept
of
multi-tenancy.
I
think
a
lot
of
people
faster
in
reading
stuff,
but
no,
I
miss
it,
but
it's
also
true
daniel
wrote
a
great
blog
post
about
how
you
can
differentiate
between
how
you
want
to
share
your
clusters
in
the
end.
B
So
it's
like,
if
you
want
to
go
with
invert
cluster,
for
every
developer,
yeah,
it's
like
it's
an
excellent
isolation
and
full
cluster
access
and
so
on,
but
the
problem
is
mostly
when
you're
working
in
private
clouds
or
on-premise,
it's
quite
hard
to
do
that.
Also
your
people
needs
to
get
you
need
this
knowledge
on
that,
and
the
maintenance
effort
is
quite
high
because
you
made
you
need
to
maintain
multiple
clusters
and
that's
like
for
the
most
business.
It's
not
really
consuming.
So
it's
like
like
expand.
B
B
We
need
to
control
everything
in
one
place
and
for
that
there
are
multiple
solutions
out
there,
but
right
now
today,
what
we
want
to
do
is
we
want
to
check
kiosk.
So
cheers
comes
from
the
dress
from
death
space.
B
It's
a
german
company,
I
think,
or
it
was
founded
in
germany,
at
least
in
manheim,
and
they
have
two
most
prominent
tools,
so
they
have
death
space
where
you
can
get
easily
spin
up
your
death
environment
into
juventus
cluster
and
right
on
that,
and
they
have
the
students
toward
called
theos
that
enables
us
to
do
multi-tenancy
into
our
tribunal
cluster.
So
why
is
it
no
different?
Why
we
can't
achieve
this
with
with
the
normal
stuff,
when
we
are
looking
back
into
what
they're
currently
doing
is
so,
let
me
know
straight
to
switch.
B
Yeah.
True
is
that
we
have
the
standard
api
group.
So
when
you
are
coming
back
to
the
point
of
t
here,
we
know
the
concept
of
pots.
We
know
the
concept
of
row
binding.
So
if
you
remember
on
that
part
with
a
row,
binding
stuff
is
like
hey,
I'm
a
user,
and
I
get
robin
and
his
first
association
between
the
role
and
the
user
literally.
B
So
it's
like
the
binding
object,
of
course,
and
the
role
so
it's
like
where
we
can
give
access
to
the
user
or
can
define
which
access
this
role
has
and
the
user
that's
attached
to
the
role
in
the
end.
So,
but
this
is
not
enough
really
so
and
now
comes
here.
Tears
comes
in
place
so
that
you
have
at
least
can
create
multiple
namespaces.
B
What
stored?
In
their
terms,
it's
total
space.
You
can
set
up
account
quotas.
That
means
how
many
accounts
can
create
namespaces
on
their
term
spaces,
and
probably
you
can
also
do
templates.
So
it's
like
pre-defined
layouts
how
your
namespaces
will
look
like
all
your
space
will
look
like
in
the
end,
and
for
that
I
created
already
a
cube
cluster.
B
B
Let's
put
one
okay:
currently
you
can
see
on
returning
back
into
the
cluster.
It's
light
yeah.
We
have
a
simple
setup,
so
it's
like
the
control
plane
and
two
nodes.
Currently
I
spin
up
with
cheap
ones
session.
I
will
jump
to
a
later
point.
I
probably
need
to
ask
to
ask
max
why
the
setup
was
not
working
on
my
side
but
yeah.
We
can
relate
to
this.
B
It's
like
the
same
cluster
setup
that
we
had
before
and
now
we
want
to
do
a
little
bit
on
instrumenting
it
for
users
and
so
on.
So
there
are
a
lot
of
ways
how
you
can
do
that
so
in
terms
of
what's
really
important
right
now,
because
when
you
remember
on
the
last
time
is
yeah,
we
set
it
up.
The
authentication
part
and
here's
also
cheers-
plays
an
important
role
because
teos
doesn't
provide
you
an
authentication.
So
that
means
like
you
can
do
the
authentication
like
you
want
to
so
it's
like
yeah.
B
We
can
use
deep
lip
for
authentication.
We
can
use
certificates
based
authentication.
B
We
are
not
too
forced
to
use
the
system
for
the
identification
there,
because
it's
like
a
different
concept
because
tiers
only
do
the
authorization
part
in
the
end,
so
I
hope
so
I
created
already
the
cluster,
so
we
can
go
with
that.
It's
like
that.
We
need
to
have
it
twinnie's
version.
B
B
B
I
hope
that
the
stream
is
not
working
yeah
true
and
when
we
you
get
version,
is
it
only
version
here
also.
B
We
can
see
that
we
have
at
least
in
your
cluster
so
that
we
have
1.30
1.20,
so
we
are
ready
to
go
to
deploy
kiosk.
So,
first
of
all
we
can
check
now
the
admin
context
we
need
to
prepare
the
cluster
at
first.
So
for
that
I
want
to.
I
want
to
create
an
other
user
to
test
the
configuration
with
with
a
service
account,
and
for
that
we
will
create
a
service
account
at
least,
and
then
we
are
ready
to
go.
B
I
hope
it
was
working,
so
we
creating
our
users
for
john,
probably
like
jon
snow,
and
now
we
can
set
up
our
script.
I
prepared
this
already
and.
B
Yeah,
that's
true,
and
now
we
are
preparing
it,
so
we
were
executing
what
the
script
does
is.
Probably
it
will
give
access
to
the
cube,
config
put
it
into
a
new
config
part,
rename
it
so
that
we
have
two
users.
In
the
end
we
have
a
kiosk
user
and
focused
admin
in
the
end
that
we
can
connect
between
the
difference
raw
to
fulfill
the
tutorial
in
the
end,
so
I
hope
everything's
not
working
all
right
looks
good,
yeah.
True
and
now
I
will
export
this
one.
B
Okay
and
now
I
hopefully
have
also
adjusted
admin
yeah,
okay.
So
now,
when
we
want
to
check
so
we
have
no
two
users.
So
when
we're
checking
the
config,
then
you
can
see
that
we
have
two
users,
someone
uses.
The
token
is
like
the
service
account
and
then
we're
using
the
admin
we're
using
the
normal
tls
path,
but
with
only
one
cluster,
we
have
two
contacts
yeah.
So
now
we
have
prepared
our
cluster.
We
can
go
diving
into
the
cheer
stuff,
so.
B
Yeah
so,
first
of
all
we
created,
I
created
already
the
namespace.
Now
we
want
to
deploy
kiosk
so
using
the
tool
that
we
used
last
time
before
and
that's
totally
to
install
our
application,
and
it
would
take
some
time
in
the
end,
a
pot
will
be
spin
up
if
we
will
control
via
clds.
What's
currently
happening
and
what's
not
so
in
the
meantime,
what's
installing
or
is
it
fast.
B
I
hope
it
works
okay
yeah,
so
this
is
the
steps
that
we
did.
So
we
created
the
cluster
admin.
It's
like
our
kiosk
admin
and
we
have
a
user
john,
where
we
can
do
the
stuff
as
john
so
yeah,
I
hopefully
okay.
True.
Now
we
can
check
if
everything
works
correctly.
So
that
means
we
can
switch
into
the
kiosk
namespace
where
we
hopefully
have
a
running,
and
you
can
see
the
tears
is
currently
running
and
you
get
parts
okay,
I
want
to
get
for
lops.
B
B
I
am
cool,
as
you
can
see
during
the
deployment
we
created
new
resources
in
our
jubilee
distresses,
so
our
current
quarters
accounts
template
template
instance.
These
are
all
coming
from
geos
right
now,
so
they
have
only
they've
already
the
ending
of
the
tssh
top
level
domain,
and
this
can
be
now
used.
So,
for
example,
now
I
can
type
cheap
cti.account
and
I
would
get
all
the
lists
of
all
accounts
back
so,
but
currently
we
don't
have
place
accounts.
B
So
it's
now
the
right
step
to
create
the
account,
so
let's
first
create
it.
So
we
can
now
create
this
account
really,
and
that
means
that
we
will
create
a
new
custom
resource
with
with
john's
account,
and
we
have
this
related
to
manage
the
cluster.
So,
let's
create
it.
B
Probably
you
didn't
see
that
before
what's
possible
is
that
you
can
use
with
keep
cj,
you
can
also
use
directly
files
from
a
remote
destination,
so
every
http
server
can
be
used
to
inject
yammers
directly
into
your
kubernetes
cluster.
So
that's
probably
also
new.
So
now,
when
we
check
we
have
the
account
it's
for
john's
account.
Currently
he
hasn't
zero
spaces.
B
But
let's
check,
if
there's
some
more
information
on
that,
it
feels
so
interesting
and
you
can
see
now.
This
account
is
binded
to
our
service
account,
that's
trojon,
so
here's
the
binding.
So
it's
really
the
same
that
we
had
before
with
a
row
binding.
So
account
is
really
similar
to
a
robin
yeah.
B
So
and
now
we
could
check
our
own
account
with
user
john.
So.
B
Yeah,
probably
it's
the
correct
one
that
we
can't
see
our
stuff,
but
now,
let's
try
to
create
a
space
for
user
john,
where
we
now
can
create
a
role
and
so
on
and
let's
go
so.
What
we
do
know
is
we're
creating
a
cluster
robot
node,
coming
back
to
the
juventus
concept,
where
we
give
authenticated
users
by
default,
a
roadster
choose
edit,
where
we
can
edit
spaces
and
so
on,
yeah.
B
So
it's
like
now
we
want
to
assign
john
his
own
space
that
he
can
works
on
that,
it's
like
when
we
probably
oh
wait.
Let
me
just
something
check:
just
user.
B
Yeah,
you
can
also
see
it.
I
I
did
for
impressionation.
It
doesn't
work
so
correct
there.
So,
but
you
can
see
that
here
when
you
are
switching
to
the
tv,
this
user,
who
is
currently
done.
I
can
also
see
my
own
account.
This
doesn't
was
working
with
a
example
before
I
think
I
did
a
mistake
there,
but
it's
fine.
So
in
the
end
we
have
these
new
users.
B
So
if
you
will
need
this
admin,
what's
currently
the
cluster
admin,
if
you
are
checking
the
config
from
here,
it's
like
you
need
admin
and
for
user.
John
is
a
service
that
runs
so
now
we
create
the
space
for
john,
so
john
can
create
his
own
space.
B
Hopefully
so,
let's
switch
to
kiosk
user
and
apply
the
space
and
you
you
can
now
see
the
space
was
created
and
probably
now
you
you
can
see
that
user
john
doesn't
can
ask
for
the
namespaces,
but
when
we
now
checking
under
accounts,
we
see
that
there's
one
space
literally
and
when
I'm
now
switching
back
to
chiost
admin
and
now
check
for
spaces
yeah
group,
you
can
currently
see
that
there's
a
new
namespace,
it's
it's
like
a
space,
it's
for
drone
space
and
when
I
know
also
check
the
namespace
that
I
didn't
could
check
with
that.
B
I
didn't
check
with.
If
we,
if
we
with
the
john
user,
I
have
no
this
namespace
created
so
when
we
are
checking
a
little
bit
into
the
resource
by
itself.
So
when
we're
checking
the
namespace.
B
You
could
probably
see
that
the
namespace
is
labeled
so
for
the
annotation
who
created
it,
and
this
was
done
by
the
kiosk
server
by
itself,
so
creating
the
new
namespace
for
us
for
visa
and
he's
also
doing
the
permission
stuff
so
like
when
we're
checking
out
the
box.
B
So,
if
you're
checking
here,
you
can
see
that
the
kiosk,
what
it
did
it
like
it,
created
the
account
afterwards
it
created
the
namespace.
So
it's
like
in
terms
of
cues,
it's
like
called
a
space,
but
it's
the
equivalent
to
the
namespace
and
kubernetes
layer,
so
tears
will
take
care
of
it
and
create
all
the
resources,
of
course,
so
cool,
that's
the
space.
So
when
I
now
switching
back
to
john
so
we're
using
the
qs.
C
B
B
It's
I'm
curious
now.
What
I
did
in
the
end
is
it
created
ultimately
a
namespace
for
us
now
we
can
deploy
our
simple
application
there.
So,
let's
do
it
well.
We
create
also
our
application.
B
C
B
B
You
can
see
our
application
is
currently
running
as
admin
users,
so
we
are
not
allowed
to
search
for
namespace
by
ourselves
by
the
user,
so
cheers
enforce
us
every
time
to
go
over
with
us
api
and
executing
all
the
commands
for
managing
those.
So
yeah,
that's
true
yeah.
So.
B
What
we
now
can
do
is
we
can
create
a
second
account
that
uses
the
same
admin
but
where
we
can
create
a
new
role.
It's
like
cheers:
here's
space
admin
so
when
we're
checking
the
roads
that
we
have
currently
in
our
cluster
faster.
B
You
can
see
that
kiosk
automatically
created
different
roles
for
managing
all
the
accounts,
so
it's
like
here's
the
space
admin
where
it
can
delete
an
admin,
also
a
namespace,
delete
and
created
last
time.
What
we
assigned
was
we
assigned
the
tiers
to
edit
raw,
but
now
we
give
john
with
your
space
admin
so
that
he
also
can
delete
his
own
namespace
in
the
end
so
yeah.
B
So
when
we
are
now
drawing
back
okay,
let's
apply
the
delete
over
space,
so
we
changed
now
the
account
to
user
john.
It
can
now
be
created.
B
Okay,
so
let's
now
jump
back
to
to
the
space
that
he's
allowed
to
delete,
it's
called
john's
space
deletable.
We
will
switch
back
to
the
user
again
so
because
we
are
now
allowed
to
create
the
namespace.
B
Currently,
I'm
not
allowed
to
create
for
deletable
space,
so
we
are
in
the
example
where
we
created
now
the
space,
but
I
give
john
the
user
access
to
do
that.
So
I
think
I
did
a
misstep
in
before.
Let
me
check,
I
need
to
get
free
account.
B
Okay,
I
got
it
which
is
a
problem.
The
problem
is
that
we
specified
here
the
user,
but
it
doesn't
need
to
be
a
user,
because
we're
using
a
service
account
for
improv
impersonating,
a
john.
We
need
to
change
that.
So,
let's
now
switch
back
to
the
admin.
B
And
that
will
charge,
and
now
we
need
to
get
let's
check
first,
as
I
see
it
correctly,
yeah,
as
you
can
see
here
here
for
the
for
the
normal
account
which
we
specified
before
we're
using
the
time
service
account
and
for
our
last,
we
applied,
we
used
user
and
this
doesn't
match
so
kubernetes
doesn't
know
that
we
use
because
we
are
service
account.
We
need
also
to
change
this
also
here
as
well.
So
that
means
like
when
we're
getting
accounts,
we
will
edit
it
directly
in
place.
B
B
Okay-
currently
it's
funny,
probably
you
can't
see
it,
but
I
can
see
it.
Okay
generally,
kiosk
doesn't
allow
me
to
do
this
as
admin
so
as
to
really
trust
me
to
do
that.
I
it's
not
allowed
to
do
this
in
space.
So
for
that.
B
B
A
D
B
And
now
we
can
do
a
funny
thing.
I
think
it
should
work.
Okay.
First,
we
can
create
delete
it,
the
new
file,
and
now
we
apply
it
again,
because
I
think
you
can't
update
it.
That's
a
problem
replaces.
B
D
You
can
just
find
the
comment
where
you
can
get
the
namespace
resources.
B
You're
right
with
the
namespace
we
need
that
will
work.
B
So,
let's
check
first,
I
would
play
it
afterwards,
yeah
true,
it
was
working.
Okay.
The
problem
was
before
that
when
we
did
this
stuff
here,
because
the
service
account
is
not
in
the
api
group,
airbag
authorization-
it's
laying
in
the
namespace-
so
it
was
hospitable,
said
already.
B
So
it
means
that
we
change
here
for
stuff
from
wherever
place,
where
we
can
find
the
service
account
in
the
end,
so
user
john
is
currently
laying
in
the
service
director.
So
when
I
check
this,
so
it's
just
admin.
You
can
easily
check
this.
So
when
we're
checking
the
user
john
is
created
right
here,
so
you
can
see
it's
like
in
the
namespace,
so
namespace
chord
and
john
is
directly
laying
into
the
just
cluster.
So
it
was
the
reason
why
it
doesn't
work
before.
D
B
D
And
now
you
basically
see
all
the
the
resources
coordinators
have,
which
needs
a
name
space
when
you
create
them.
D
B
B
Do
you
mean
we
that
okay
yeah
the
namespace
stuff
is
like
a
filter
so
that
you
can
fit
over
that?
Okay,
okay,
coming
back,
we
are
back
every
day,
so
we're
creating
the
account.
Now
we
want
to
create
with
john
a
namespace
that
was
deletable.
C
C
B
Yes,
yeah
because
it
says
zoom
said
unstable
connection,
so
I
would
ask
you,
but
hopefully
you
say
that
the
namespace
now
was
created
in
the
last
time.
If
you
remember
when
we
get
him
back
higher.
B
Anywhere
that
currently,
as
caesar
john
I'm
not
allowed
to
do
that,
but
now
we
give
for
account.
We
gave
him
the
access
to
create
his
own
namespace.
So
that's
now
a
really
true
a
new
cool
feature,
so
that
means
is
what
we
can
do
now
is.
First
of
all,
I
can
list
my
own
spaces
and
spaces,
and
you
can
see
that
I
have
two
space
right
now.
I
have
my
own
space
called
drone
space
and
I
have
a
deletable
space.
B
And
it
should
be
deletable,
so,
let's
try
also,
I
don't
know,
what's
happened,
but
let's
try
to
delete
our
first
namespace
and
yeah.
That's
exactly
what
we
want
to
see,
because
currently
we
are
not
allowed
to
delete
the
first
namespace
so
because
we
only
allowed
to
delete
john's
namespace.
That
happens
through
the
account
and
the
row
bindings
that
we
set
before
when
I
check
that
it
needs
to
come
up
a
little
bit.
It's
more
plain
so
because
we
give
the
user
role
our
admin
and
it's
fetched
to
the
namespace.
B
So
yeah,
okay,
that's
true,
mostly
we're
coming
now.
With
this
steps,
we
come
into
the
self-service
mode
in
kubernetes
cluster,
so
that
means
like
the
user
john
can
have
create
his
own
namespace
and
as
admin
you
don't
need
to
do
anything
there.
That's
really
cruel
and
what's
also
an
option
is
like
when
we
get
him
back
to
the
point
that
we
want
to
add
some
more
meta
information
to
our
cluster.
We
can
also
add
now
in
terms
of
a
space
template.
B
That
means,
in
the
end,
that
we
can
provide
default
values
for
all
namespaces
or
for
our
space
in
this
term.
So
let's
use
this
and
apply
this
as
admin.
B
B
So
now,
when
we
hopefully
see
that,
let's
check,
let's
see
correct.
B
C
C
D
B
B
No,
I
don't
find
a
way,
I'm
a
little
bit
too
stupid.
Okay,
yeah,
okay,
let's
create
the
metadata
stuff.
B
C
E
B
Now,
mostly,
it
depends
on
which
fields.
Currently
there
are
fields
in
the
api
resource
so
because
every
resource
has
immutable
fields
that
can't
be
changed
at
all.
The
most
problem
is
that
you
have
two
ways
in
applying
kubernetes
changes,
so
apply
is
more
like
that
we're
doing
a
patch
we
try
to
patch
something
juventus
resource
and
passion
is
sometimes
not
allowed,
but
what
you
also
can
do
is
you
can
delete
it
and
create
it.
It's
like
more
that
we
get
getting
from
the
imperative
way
to
be
no,
it's
not
imperative.
B
C
C
B
B
D
B
B
Currently
we
so
if
breaking
train
is
here,
I
read
every
time
I
read
the
chainshot,
what
are
the
most
breaking
stuff
so,
for
example,
in
1.19
yeah,
that's
right
that
the
api
ingress
is
now
changing
or
the
english
object
has
totally
changed,
and
for
that
I
would
test
it
before
with
all
our
apps.
So
I
have
two
or
three
monorail
posts
currently
in
our
project,
so
that
I
have
one
for
the
cluster
creation,
one
for
the
workshop
management.
B
So
it's
like,
I
would
call
it
more
workload,
management
for
ops,
so
there's
like
the
fluency,
the
monitoring,
all
the
stuff
and
then
the
standard
stuff
that
our
applications
need
right
now
and
then
I
do
it
on
a
test
cluster
base
in
a
smaller
scale.
B
Then
I
start
to
migrate
this
into
the
integration
cluster
and
then
afterwards
we
will
increase
it
a
little
bit
a
little
bit
and
then
we
see
mostly
when
we
get
the
better
test
and
afterwards
we
can
also
do
performance
tests.
So
before
we
go
into
production,
we
are
on
repeat
production,
environment
and
then
we're
doing
performance
testing
also
as
well
to
see
if
everything
is
currently
changing.
Orders.
B
It's
like
there
are
really
great
concepts
right
out
out
now
that
you
can
do
it
in
a
more
advanced,
more
automatic
way,
but
I
currently
depends
a
little
bit
also
on
your
team
size,
how
many
people
you
have
how
how
experienced
they
are
with
all
the
stuff,
and
then
I
would
do
a
strategy
not
doing
all
the
shiny
stuff,
that's
currently
outside
in
kubernetes.
So
it's
like
not
everyone
needed
to
use
right
service
meshes
right
now.
If
you
have
only
two
services,
all
three
services
in
youtube.
We
need
this
cluster
running.
B
Probably
a
service
mesh
is
not
a
good
idea
and
you
need
to
find
the
trade-off,
and
I
really
like
to
do
the
docker
approach
and
all
the
operations
stuff
that
I
do
trying
to
keep
simple
as
possible,
so
it-
and
I
don't
want
to
remember
on
all
the
commands
that
I
do
because
kubernetes
are
so
many
stuff
that
you
need
to
remember
and
need
to
retype
on
that
and
that's
the
reason
why
I
try
to
automate
it
if
it's
possible
and
if
it's
also
simple
possible,
sometimes
but
sometimes
like
a
twitter
last
time
ago,
yeah.
B
Sometimes
there
are
only
two
commands
that
I
need
to
execute.
That's
not
worth
probably
to
automate
it
fully
that
I
because
then
you
need
to
see
which
timing
and
so
on,
but
for
that
do
the
simple
things
at
first,
so
that
it
shouldn't
go
back
to
sleep
or
that
you
can
get
back
to
the
other
words
that
the
system
is
running
again.
That's
the
most
important
point,
yeah.
A
Yeah,
but
I
would
love
to
dive
into
a
specific
session
around
kubernetes
upgrades
experiences
dealing
with
the
docker
shim
deprecation,
as
far
as
I
remember
will,
which
will
be
coming
with
121
122.
I
don't
know,
but
there
will
be
some
things
coming
up
and
probably
we
can
like
either
do
it
live
when
the
version
is
released
or
like
think
about
things,
but
I
would
love
us
to
continue
with
kiosk
and
break
things
and
fix
things.
C
B
Okay,
so
let's
check
back
so
now
we
have
created
our
space
hopeful
now
that
we
have
a.
B
Here
we
go
and
now
you
can
see
you
can
pre-populate
your
space
with
some
information,
probably
you're
wondering
why
this
could
be
interesting.
So,
for
example,
we
use
it
at
scale
or
at
larger
systems,
we're
using
a
a
drop
destroyed
cured.
B
Yeah
it's
another
one,
but
it
would
be
coming
to
cluster
upgrades
because
it's
interesting
when
you
do
that,
but
there's
two
extra
cheap
d
outside
where
you
can
replicate
some
stuff,
for
example,
secrets-
and
this
is
what
we're
using
for
replicating
certificates
in
each
namespace,
because
you
get
the
problem
that
you
have
probably
a
certificate
only
in
one
namespace,
so
a
tls
certificate,
but
you
needed
to
have
it
in
light
100
or
200
namespaces,
for
example,
or
not
100.
We
could
also
say
with
10.
B
10
is
also
enough
and
you
don't
want
to
do
this
by
hand.
Probably
my
site
is
not
loading.
Automation
goes
away
again,
I
hope
not,
but
with
that
you
can
say
cubed.
Okay
label,
every
namespace
that
has
the
label
some
label
with
the
value
label,
value,
get
this
certificate,
and
that
means
that
you
know
don't
need
to
reconfigure
it
or
your
administrator
need
to
do
that.
So
it's
like
that.
B
You
kubernetes
is
a
platform
and
you
want
to
build
so
many
self-servers
as
possible
so
that
as
a
developer
or
as
an
operator,
you
can
mostly
do
it
without
thinking
about
too
much
about
all
the
aspects
so
that
you
can
work
with
it
and
doing
your
productivity
on
it
yeah,
but
no
yeah.
A
I
think
that's
a
great
share,
honestly,
I
don't
care
how
kubernetes
works.
I
just
want
to
deploy
my
app
as
a
developer.
At
least
that's.
B
B
Yeah
and
that's
mostly
what
everyone
is
trying
to
achieve
so,
if
you're
looking
into
the
big
in
into
the
fan
companies
and
also
other
big
companies
like,
for
example,
spotify,
they
have
their
own
internal
platform
to
onboard
users
on
their
trust
us.
So
it's
like
now
we're
getting
in
day
two,
where
we're
really
using
the
cluster
and
as
developer,
it's
not
for
focus
to
operate
in
a
whole
kubernetes
cluster.
B
It's
like,
I
want
only
probably
monitoring
my
application
and
nothing
more
and
doing
the
job
that
this
application
is
running
or
is
working
so
yeah,
okay,
but
coming
back
to
the
topic,
so
I
think
we're
a
little
bit
over
time.
But
it's
not
a
problem
because
we
can.
A
B
Okay,
so
I
will
explain
a
little
bit
of
the
next
examples
and
then
we
oh,
we
can
do
it
right.
Okay,
let's
do
it
so
now.
What
we
do
is
we
create
now
a
limit,
so
probably
john
wants
to
create
multiple,
multiple
namespaces,
and
we
don't
want
to
do
this
as
admin.
So
that
means
that
we
also
can
limit
john.
That
he's
only
allowed
to
create
two
namespace,
for
example.
So
when
we.
C
B
Quarter
management:
that's
what
you
really
want
to
have
in
in
a
multi-tend
environment,
because
not
everyone
should
use,
create
unlimited
resources
and
erasing
computer
resources
and
so
on
yeah.
So
probably
we
can't
pitch
it
again
right
because
we
are
only
about
to
let's
check,
I
think
not.
B
Okay.
This
patching
was
working
interesting,
okay,
so
now
we
created,
we
updated
john's
account.
So
when
we're
checking
we
come
back,
it
calls
john's
account
and
currently
you
can
see
he
has
one
space,
but
he
has
a
limit
of
two.
So
let's
try
to
create
multiple
name
spaces.
B
So
let's
go
back
into
the
tears
user
and
creating
the
the
second
namespace.
B
And
this
word
tool
we
have
now
as
john,
we
have
no
two
spaces
that
we
can
work
with,
but
now
we
want
to
create
second,
a
certain
name,
space
and
yeah.
Probably
not
here
says
no,
you
are
not
allowed
to
do
that.
You
have
you
reach
your
limit
of
namespaces
and
you
are
not
allowed
to
do
anything
here,
yeah,
so
that's
for
one
part
so
that
you
cannot
create
separated.
B
And
that's
by
default
so
because-
and
for
that
also
also,
what
tears
can
do
is
to
set
quotas.
So
it's
like
it's
like
that.
You
can
set
in
two
minutes.
You
can
set
resource
quarters
so
how
many
pots
are
allowed
to
set
up
how
many
cpus
can
be
used
in
max
time
and
so
on,
and
for
that
we
will
set
up
an
account
voter
for
that.
B
And
creating
the
account
folder
for
john.
B
So
we
allowed
only
to
set
two
parts,
but
let
me
check
where
was
the.
B
B
C
C
B
Can
see
we
configured
the
deployment.
B
But
let's
check
why
it
doesn't
deploy,
I
hope
so
you
can
right
now
see
that
we
are
two
from
three
we
change
for
repeater
set,
but
now,
when
we're
checking
the
deployment
reason.
C
B
Okay,
the
status
fit
isn't
printed
out
interesting.
So
if
you're
checking
out
the
status,
we
see
that
the
deployment
tries
to
increase
to
three,
because
we
have
a
total
current
of
three,
but
now
the
web
hook.
So
cleo
says
you
are
not
allowed
to
create
more
parts,
so
that
also
keeps
you
from
spinning
up
multiple
ports
or
too
many
resources
will
be
computed.
B
So
that's
also
chris,
so
that
we
can
setting
account
limits
to
our
accounts.
We
could
do
calculations
on
that,
automatically
increasing
them
and
so
on.
So
there
are
two
more
cool
stuff
that
I
found
out
but
didn't
test
it.
Yet
so
you
can,
as
we
can
see,
so
you
could
also
have
templates
for
namespaces
or
for
spaces
and,
for
example,
you
want
to
configure
default
cpu
limits
and
cpu
requests
in
your
kubernetes,
and
also
you
want
to
inject
default
resources
that
should
be
applied
into
the
space.
B
You
need
to
inject
network
policies
to
suppress
it
or,
for
example,
that
not
many
pods
have
that's
default
values
for
the
cpu
limit
and
for
the
cpu
request
and
the
same
you
not
can
do
it
only
not
with
manifest
if
you're
more
of
a
helm
fan
like
me,
you
could
also
do
this
with
ham
releases,
so
that's
really
cool
and
when
you
want
to
use
this
template,
for
example,
you
can
check
it.
B
B
Yeah,
you
can
see
here
you
would
have
in
template
instance,
it
would
create
the
namespace
and
it
uses
this
final
namespace
in
the
end,
and
that's
really
where
you
have
multiple
options,
so
they
can
do
pre-filling
stuff
for
other
users
and
that's
a
really
good
shot.
But
now
we
are
a
little
bit
to
conclude.
This
right
now
is
what
we
did.
Today.
We
looked
into
multi-tenancy
management.
We
created
parts
we
created
not
robins
directly.
That
would
be
done
by
tiers,
but
we
set
up
accounts.
B
We
set
it
up
a
crown
quota,
so
that
means
like
hey.
We
could
create
only
two
pots
or
something
like
that.
We
could
create
names,
space
that
would
created
a
namespace
and
we
didn't
try
to
get
out
of
templates,
but
template
would
be
further
stuff
where
we
now
pre-fill
our
stuff,
how
our
name
spaces
or
how
to
use
the
apps
will
look
like,
and
now
we
are
in
a
possibility
that
we
could
use.
For
example,
when
someone
from
the
everyone
can
contribute
from
the
subgroup
comes
up.
B
So,
for
example,
from
the
captain
group
he's
a
lonely
allowed
to
create
two
name
spaces
and
is
only
allowed
to
do
use
two
parts
or
something
like
that,
or
using
only
two
cpu
cross,
because
kubernetes
shares
his
resource
across
the
cluster.
So
you
get
only
the
total
muscle
yet
yeah
and
that's
it
from
the
chaos
side.
A
That's
that's
really
interesting.
Is
there
a
like
a
road
map
or
an
idea
to
add
that
natively
into
kubernetes.
B
I
don't
know,
but
I
know
there's
another
kubernetes
competitor
or
like
whatever
you
probably
also
know,
is
openshift
and
openshift.
Has
this
concept
in
place
because
they're
using
upstream
kubernetes
and
extended
with
more
features
for
managing
enterprise
customers,
for
example,
the
developer
from
openshift
or
the
people
who
are
managing
openshift
and
creating
openshift,
have
contributed
to
true
benitus
v
airbag
concept,
so
the
whole
row
based
access
stuff
coming
from
the
upper
50.
A
Interesting,
okay,
yeah
that
that
makes
sense.
I
remember
a
chat
with
a
friend
a
while
ago
that
open
shift
is
like
adding
all
the
rpac
and
security
stuff
on
top
making
it
how
to
say
that
and
easier
to
use
kubernetes
in
production,
probably.
A
For
that
yeah,
but
I
I
remember,
there's
an
an
open
source,
open
shift
distribution.
I
just
you
mean
miniature.
No,
I
think
it's
it's
called
in.
It's
called
you
need
to
look
it
up.
I
think
there
was
an
announcement
a
while
ago,
but
it's
it
has.
A
different
name
still
doesn't
hurt.
A
Giving
giving
those
who
build
great
stuff
for
you
money
so
depend
depends,
of
course-
and
I
think
yusuke
is
like
a
great
tool
for
learning
things
like
using
lego,
bricks,
building
the
cluster,
adding
security
on
top,
seeing
how
things
are
going
and
then
have
like
an
add-on
to
play
around
and
learn
more
how
to
limit
that
and
how
it
works
with
the
web
hooks
and
intercepting
the
the
calls
and
preventing
anything
from
from
happening.
So
I
think
it's
a
great
tool
to
learn
even
more
about
how
kubernetes.
B
Works
yeah,
that's
great.
It's
like
we
are
building
a
platform,
so
platform
is
not
finished
by
day
one.
It's
also
that
you,
edit,
extend
it
to
your
use
case
and
you
build
your
own
platform.
So
kubernetes
is
only
a
framework.
It's
like!
Oh,
it's
more
like.
We
could
also
call
it
it's
a
big
playground
where
we
can
do
a
lot
of
stuff,
so
we
could
also
write
our
own
scheduler
to
schedule
pots
and
different
nodes
with
different
requirements.
B
B
Yeah,
like
network
policies,
you
need
to
build
it
from
each
layer,
so
networking
layer
needs
to
be
intercepted,
which
is
the
security
features
they
have
the
yeah
like.
What's
the
deployment
way,
how
you
want
to
do
deployments,
do
you
want
to
do
a
push
way?
So
should
a
little
partner
push
into
your
kubernetes
cluster,
or
do
you
want
to
do
a
pull
model
base
so
that
you
have
a
release
manager
in
your
cluster,
something
like
flux,
cd
or
other
cd?
B
It's
like
there
are
a
lot
of
turns
options,
and
it's
like
mostly
what
I
propose
to
everyone
use
the
simple
stuff
that
you
understand
or
that
you
understand
at
least
that's
the
most
important
stuff
and
not
what
everyone
is
shining.
What's
true
now
out
of
out
of
these
days,
it's
like
the
same
that
I
said,
yeah
we're
doing
custom
upgrades
with
creating
new
clusters
and
migrating
forward
load
instead
of
using
all
stuff.
Probably
it's
also
more
important
that
we
don't
run
many
stateful
services
in
our
clusters.
B
A
You
just
brought
up
a
good
point
around
gitobs
and
and
flux
and
argo,
because
I
wanted
to
ask
victor
to
enable
us
for
the
gitlab
kubernetes
agent
or
for
the
server
parts,
so
we
can
play
around
with
that
in
future
sessions,
because
we
still
haven't
attached
gitlab,
cice
and
everything
around
it
to
the
kubernetes
cluster,
which
is
something
we
can
do
in
the
future.
A
What
do
you
think
for
next?
What
would
make
sense
next
week?
Should
we
start
off
with
installing
the
promises
operator
and
dive
a
little
into
the
monitoring
things.
B
B
No,
no,
we
can.
We
can
use
also
the
ansible
approach,
I'm
not
a
fan
of,
but
I'm
fan,
so
I
need
to
refill
it.
So
I
mean
I
want
to
have
only
a
simple
pipeline
that
we
can
create
a
cluster
and
can
work
on
it
and
then
adding
workload
on
top
on
that.
So
mostly
what's
more
important,
do
it
in
a
secure
way,
so
that
could
be
how
you
could
handle
secrets
into
the
ditch
repository
in
a
secure
manner,
and
probably
it
could
be
a
public
repository
in
the
end.
B
A
E
C
E
E
B
A
A
Yeah,
that
would
be
awesome
if
you
can
do
that.
Please,
if
you,
if
you
need
anything
the
I
didn't
check
the
headsnack
cloud
account.
There
are
probably
10
000
servers
running
inside.
C
A
E
One
thing
we
can
also
add
next
week
are
some
firewall
routes
to
the
cluster.
So
this
doesn't
happen
again
because,
like
one
or
two
weeks
ago,
they
released
this
firewall
as
a
service
in
the
beta
version,
and
I
already
added
it
to
my
to
my
k3s
cluster
entire
form,
and
so
we
can
just
add
a
few
rules
there
for
our
cluster
as
well.
And
then
we
only
expose
the
api
and
http
ports.
E
Yeah
when
I
prepared,
I
will
think
about
what's
best
to
do
next
of
it
like
in
which
order
we
have
to
do
it,
maybe
there's
an
order
which
makes
more
sense,
and
then
I
can
tell
you
what
I
came
up
with.
E
Yeah,
just
just
thank
you
again
for
it.
I
was
really
happy
to
open
the
package.
A
Welcome
keep
keep,
keep
shining
and
keep
the
spirit
going.
I
I'm
always
saying
I'm
learning
a
lot
and
I
truly
do
so.
I
really
appreciate
it
and
yep,
I
would
say
looking
forward
to
next
week
and
we
are
saying
bye
on
youtube.