►
A
A
A
B
B
I
hope
my
internet
connection
will
stay
alive
because
currently
we
don't
have
any
internet
international
number
flat.
I
need
to
tether,
but
it's
currently
working
the
whole
day,
so
this
meeting
will
also
work
yeah,
so
we
are
number
22.,
so
we're
coming
back
to
the
other
topic
a
little
bit
at
the
end.
For
the
last
time
I
would
say
in
the
first
place,
but
later
we
would
of
course
come
back
to
that,
and
I
want
to
talk
a
little
bit
about
multi-tenancy.
B
So,
if
you're
coming
to
the
point
that
you
have
multiple
clusters
or
you
want
to
have
at
least
currently,
what
we
want
to
achieve
in
the
end
is
that
we
have
only
one
cluster
where
multiple
users
can
work
in
independently.
So
that's
the
main
reason
that
we
want
the
main
reason
that
we
want
to
try,
at
least
so,
for
that
there
are
a
lot
of
opportunities
and
also
a
lot
of
solutions.
B
How
you
can
solve
that,
but
we
will
go
into
the
top
eight
with
a
right,
the
smaller,
so
that
I
can
also
turn
speaker
and
you
also.
It
doesn't
have
more
space
on
my
screen,
yeah
and
probably
before
I
know
it's
playing
the
whole
concept
of
multi-tenancy.
I
think
a
lot
of
people
faster
in
reading
stuff,
but
no,
I
miss
it,
but
it's
also
true
daniel
wrote
a
great
blog
post
about
how
you
can
differentiate
between
how
you
want
to
share
your
clusters
in
the
end.
B
So
it's
like,
if
you
want
to
go
with
invert
cluster,
for
every
developer,
yeah,
it's
like
it's
an
excellent
isolation
and
full
cluster
access
and
so
on,
but
the
problem
is
mostly
when
you're
working
in
private
clouds
or
on-premise,
it's
quite
hard
to
do
that.
Also
your
people
needs
to
get
you
need
this
knowledge
on
that,
and
the
maintenance
effort
is
quite
high
because
you
made
you
need
to
maintain
multiple
clusters
and
that's
like
for
the
most
business.
It's
not
really
consuming.
So
it's
like
like
expand.
B
B
B
It's
a
german
company,
I
think,
or
it
was
founded
in
germany,
at
least
in
manheim,
and
they
have
two
most
prominent
tools,
so
they
have
death
space
where
you
can
get
easily
spin
up
your
death
environment
into
juventus
cluster
and
right
on
that,
and
they
have
the
students
toward
called
theos
that
enables
us
to
do
multi-tenancy
into
our
tribunal
cluster.
So
why
is
it
no
different?
Why
we
can't
achieve
this
with
with
the
normal
stuff,
when
we
are
looking
back
into
what
they're
currently
doing
is
so,
let
me
know
straight
to
switch.
B
Yeah.
True
is
that
we
have
the
standard
api
group.
So
when
you
are
coming
back
to
the
point
of
t
here,
we
know
the
concept
of
pots.
We
know
the
concept
of
row
binding.
So
if
you
remember
on
that
part
with
a
row,
binding
stuff
is
like
hey,
I'm
a
user,
and
I
get
robin
and
his
first
association
between
the
role
and
the
user
literally.
B
So
it's
like
the
binding
object,
of
course,
and
the
role
so
it's
like
where
we
can
give
access
to
the
user
or
can
define
which
access
this
role
has
and
the
user
that's
attached
to
the
role
in
the
end.
So,
but
this
is
not
enough
really
so
and
now
comes
here.
Tears
comes
in
place
so
that
you
have
at
least
can
create
multiple
namespaces.
B
What
stored?
In
their
terms,
it's
total
space.
You
can
set
up
account
quotas.
That
means
how
many
accounts
can
create
namespaces
on
their
term
spaces,
and
probably
you
can
also
do
templates.
So
it's
like
pre-defined
layouts
how
your
namespaces
will
look
like
all
your
space
will
look
like
in
the
end,
and
for
that
I
created
already
a
cube
cluster.
B
B
Let's
put
one
okay:
currently
you
can
see
on
returning
back
into
the
cluster.
It's
light
yeah.
We
have
a
simple
setup,
so
it's
like
the
control
plane
and
two
nodes.
Currently
I
spin
up
with
cheap
ones
session.
I
will
jump
to
a
later
point.
I
probably
need
to
ask
to
ask
max
why
the
setup
was
not
working
on
my
side
but
yeah.
We
can
relate
to
this.
B
It's
like
the
same
cluster
setup
that
we
had
before
and
now
we
want
to
do
a
little
bit
on
instrumenting
it
for
users
and
so
on.
So
there
are
a
lot
of
ways
how
you
can
do
that
so
in
terms
of
what's
really
important
right
now,
because
when
you
remember
on
the
last
time
is
yeah,
we
set
it
up.
The
authentication
part
and
here's
also
cheers-
plays
an
important
role
because
teos
doesn't
provide
you
an
authentication.
So
that
means
like
you
can
do
the
authentication
like
you
want
to
so
it's
like
yeah.
B
B
B
We
can
see
that
we
have
at
least
in
your
cluster
so
that
we
have
1.30
1.20,
so
we
are
ready
to
go
to
deploy
kiosk.
So,
first
of
all
we
can
check
now
the
admin
context
we
need
to
prepare
the
cluster
at
first.
So
for
that
I
want
to.
I
want
to
create
an
other
user
to
test
the
configuration
with
with
a
service
account,
and
for
that
we
will
create
a
service
account
at
least,
and
then
we
are
ready
to
go.
B
B
Yeah,
that's
true,
and
now
we
are
preparing
it,
so
we
were
executing
what
the
script
does
is.
Probably
it
will
give
access
to
the
cube,
config
put
it
into
a
new
config
part,
rename
it
so
that
we
have
two
users.
In
the
end
we
have
a
kiosk
user
and
focused
admin
in
the
end
that
we
can
connect
between
the
difference
raw
to
fulfill
the
tutorial
in
the
end,
so
I
hope
everything's
not
working
all
right
looks
good,
yeah.
True
and
now
I
will
export
this
one.
B
Okay
and
now
I
hopefully
have
also
adjusted
admin
yeah,
okay.
So
now,
when
we
want
to
check
so
we
have
no
two
users.
So
when
we're
checking
the
config,
then
you
can
see
that
we
have
two
users,
someone
uses.
The
token
is
like
the
service
account
and
then
we're
using
the
admin
we're
using
the
normal
tls
path,
but
with
only
one
cluster,
we
have
two
contacts
yeah.
So
now
we
have
prepared
our
cluster.
We
can
go
diving
into
the
cheer
stuff,
so.
B
Yeah
so,
first
of
all
we
created,
I
created
already
the
namespace.
Now
we
want
to
deploy
kiosk
so
using
the
tool
that
we
used
last
time
before
and
that's
totally
to
install
our
application,
and
it
would
take
some
time
in
the
end,
a
pot
will
be
spin
up
if
we
will
control
via
clds.
What's
currently
happening
and
what's
not
so
in
the
meantime,
what's
installing
or
is
it
fast.
B
I
hope
it
works
okay
yeah,
so
this
is
the
steps
that
we
did.
So
we
created
the
cluster
admin.
It's
like
our
kiosk
admin
and
we
have
a
user
john,
where
we
can
do
the
stuff
as
john
so
yeah,
I
hopefully
okay.
True.
Now
we
can
check
if
everything
works
correctly.
So
that
means
we
can
switch
into
the
kiosk
namespace
where
we
hopefully
have
a
running,
and
you
can
see
the
tears
is
currently
running
and
you
get
parts
okay,
I
want
to
get
for
lops.
B
B
I
am
cool,
as
you
can
see
during
the
deployment
we
created
new
resources
in
our
jubilee
distresses,
so
our
current
quarters
accounts
template
template
instance.
These
are
all
coming
from
geos
right
now,
so
they
have
only
they've
already
the
ending
of
the
tssh
top
level
domain,
and
this
can
be
now
used.
So,
for
example,
now
I
can
type
cheap
cti.account
and
I
would
get
all
the
lists
of
all
accounts
back
so,
but
currently
we
don't
have
place
accounts.
B
B
Probably
you
didn't
see
that
before
what's
possible
is
that
you
can
use
with
keep
cj,
you
can
also
use
directly
files
from
a
remote
destination,
so
every
http
server
can
be
used
to
inject
yammers
directly
into
your
kubernetes
cluster.
So
that's
probably
also
new.
So
now,
when
we
check
we
have
the
account
it's
for
john's
account.
Currently
he
hasn't
zero
spaces.
B
B
Yeah,
probably
it's
the
correct
one
that
we
can't
see
our
stuff,
but
now,
let's
try
to
create
a
space
for
user
john,
where
we
now
can
create
a
role
and
so
on
and
let's
go
so.
What
we
do
know
is
we're
creating
a
cluster
robot
node,
coming
back
to
the
juventus
concept,
where
we
give
authenticated
users
by
default,
a
roadster
choose
edit,
where
we
can
edit
spaces
and
so
on,
yeah.
B
B
Yeah,
you
can
also
see
it.
I
I
did
for
impressionation.
It
doesn't
work
so
correct
there.
So,
but
you
can
see
that
here
when
you
are
switching
to
the
tv,
this
user,
who
is
currently
done.
I
can
also
see
my
own
account.
This
doesn't
was
working
with
a
example
before
I
think
I
did
a
mistake
there,
but
it's
fine.
So
in
the
end
we
have
these
new
users.
B
B
B
So,
if
you're
checking
here,
you
can
see
that
the
kiosk,
what
it
did
it
like
it,
created
the
account
afterwards
it
created
the
namespace.
So
it's
like
in
terms
of
cues,
it's
like
called
a
space,
but
it's
the
equivalent
to
the
namespace
and
kubernetes
layer,
so
tears
will
take
care
of
it
and
create
all
the
resources,
of
course,
so
cool,
that's
the
space.
So
when
I
now
switching
back
to
john
so
we're
using
the
qs.
C
B
B
B
C
B
B
B
B
You
can
see
that
kiosk
automatically
created
different
roles
for
managing
all
the
accounts,
so
it's
like
here's
the
space
admin
where
it
can
delete
an
admin,
also
a
namespace,
delete
and
created
last
time.
What
we
assigned
was
we
assigned
the
tiers
to
edit
raw,
but
now
we
give
john
with
your
space
admin
so
that
he
also
can
delete
his
own
namespace
in
the
end
so
yeah.
B
B
B
B
B
And
that
will
charge,
and
now
we
need
to
get
let's
check
first,
as
I
see
it
correctly,
yeah,
as
you
can
see
here
here
for
the
for
the
normal
account
which
we
specified
before
we're
using
the
time
service
account
and
for
our
last,
we
applied,
we
used
user
and
this
doesn't
match
so
kubernetes
doesn't
know
that
we
use
because
we
are
service
account.
We
need
also
to
change
this
also
here
as
well.
So
that
means
like
when
we're
getting
accounts,
we
will
edit
it
directly
in
place.
B
B
B
B
A
D
B
B
B
B
So
it
means
that
we
change
here
for
stuff
from
wherever
place,
where
we
can
find
the
service
account
in
the
end,
so
user
john
is
currently
laying
in
the
service
director.
So
when
I
check
this,
so
it's
just
admin.
You
can
easily
check
this.
So
when
we're
checking
the
user
john
is
created
right
here,
so
you
can
see
it's
like
in
the
namespace,
so
namespace
chord
and
john
is
directly
laying
into
the
just
cluster.
So
it
was
the
reason
why
it
doesn't
work
before.
D
D
B
B
C
C
C
B
B
Anywhere
that
currently,
as
caesar
john
I'm
not
allowed
to
do
that,
but
now
we
give
for
account.
We
gave
him
the
access
to
create
his
own
namespace.
So
that's
now
a
really
true
a
new
cool
feature,
so
that
means
is
what
we
can
do
now
is.
First
of
all,
I
can
list
my
own
spaces
and
spaces,
and
you
can
see
that
I
have
two
space
right
now.
I
have
my
own
space
called
drone
space
and
I
have
a
deletable
space.
B
And
it
should
be
deletable,
so,
let's
try
also,
I
don't
know,
what's
happened,
but
let's
try
to
delete
our
first
namespace
and
yeah.
That's
exactly
what
we
want
to
see,
because
currently
we
are
not
allowed
to
delete
the
first
namespace
so
because
we
only
allowed
to
delete
john's
namespace.
That
happens
through
the
account
and
the
row
bindings
that
we
set
before
when
I
check
that
it
needs
to
come
up
a
little
bit.
It's
more
plain
so
because
we
give
the
user
role
our
admin
and
it's
fetched
to
the
namespace.
B
So
yeah,
okay,
that's
true,
mostly
we're
coming
now.
With
this
steps,
we
come
into
the
self-service
mode
in
kubernetes
cluster,
so
that
means
like
the
user
john
can
have
create
his
own
namespace
and
as
admin
you
don't
need
to
do
anything
there.
That's
really
cruel
and
what's
also
an
option
is
like
when
we
get
him
back
to
the
point
that
we
want
to
add
some
more
meta
information
to
our
cluster.
We
can
also
add
now
in
terms
of
a
space
template.
B
B
B
C
C
D
B
B
B
C
E
B
Now,
mostly,
it
depends
on
which
fields.
Currently
there
are
fields
in
the
api
resource
so
because
every
resource
has
immutable
fields
that
can't
be
changed
at
all.
The
most
problem
is
that
you
have
two
ways
in
applying
kubernetes
changes,
so
apply
is
more
like
that
we're
doing
a
patch
we
try
to
patch
something
juventus
resource
and
passion
is
sometimes
not
allowed,
but
what
you
also
can
do
is
you
can
delete
it
and
create
it.
It's
like
more
that
we
get
getting
from
the
imperative
way
to
be
no,
it's
not
imperative.
B
C
C
B
B
D
B
B
Currently
we
so
if
breaking
train
is
here,
I
read
every
time
I
read
the
chainshot,
what
are
the
most
breaking
stuff
so,
for
example,
in
1.19
yeah,
that's
right
that
the
api
ingress
is
now
changing
or
the
english
object
has
totally
changed,
and
for
that
I
would
test
it
before
with
all
our
apps.
So
I
have
two
or
three
monorail
posts
currently
in
our
project,
so
that
I
have
one
for
the
cluster
creation,
one
for
the
workshop
management.
B
Then
I
start
to
migrate
this
into
the
integration
cluster
and
then
afterwards
we
will
increase
it
a
little
bit
a
little
bit
and
then
we
see
mostly
when
we
get
the
better
test
and
afterwards
we
can
also
do
performance
tests.
So
before
we
go
into
production,
we
are
on
repeat
production,
environment
and
then
we're
doing
performance
testing
also
as
well
to
see
if
everything
is
currently
changing.
Orders.
B
It's
like
there
are
really
great
concepts
right
out
out
now
that
you
can
do
it
in
a
more
advanced,
more
automatic
way,
but
I
currently
depends
a
little
bit
also
on
your
team
size,
how
many
people
you
have
how
how
experienced
they
are
with
all
the
stuff,
and
then
I
would
do
a
strategy
not
doing
all
the
shiny
stuff,
that's
currently
outside
in
kubernetes.
So
it's
like
not
everyone
needed
to
use
right
service
meshes
right
now.
If
you
have
only
two
services,
all
three
services
in
youtube.
We
need
this
cluster
running.
B
Sometimes
there
are
only
two
commands
that
I
need
to
execute.
That's
not
worth
probably
to
automate
it
fully
that
I
because
then
you
need
to
see
which
timing
and
so
on,
but
for
that
do
the
simple
things
at
first,
so
that
it
shouldn't
go
back
to
sleep
or
that
you
can
get
back
to
the
other
words
that
the
system
is
running
again.
That's
the
most
important
point,
yeah.
A
Yeah,
but
I
would
love
to
dive
into
a
specific
session
around
kubernetes
upgrades
experiences
dealing
with
the
docker
shim
deprecation,
as
far
as
I
remember
will,
which
will
be
coming
with
121
122.
I
don't
know,
but
there
will
be
some
things
coming
up
and
probably
we
can
like
either
do
it
live
when
the
version
is
released
or
like
think
about
things,
but
I
would
love
us
to
continue
with
kiosk
and
break
things
and
fix
things.
C
B
B
Yeah
it's
another
one,
but
it
would
be
coming
to
cluster
upgrades
because
it's
interesting
when
you
do
that,
but
there's
two
extra
cheap
d
outside
where
you
can
replicate
some
stuff,
for
example,
secrets-
and
this
is
what
we're
using
for
replicating
certificates
in
each
namespace,
because
you
get
the
problem
that
you
have
probably
a
certificate
only
in
one
namespace,
so
a
tls
certificate,
but
you
needed
to
have
it
in
light
100
or
200
namespaces,
for
example,
or
not
100.
We
could
also
say
with
10.
B
10
is
also
enough
and
you
don't
want
to
do
this
by
hand.
Probably
my
site
is
not
loading.
Automation
goes
away
again,
I
hope
not,
but
with
that
you
can
say
cubed.
Okay
label,
every
namespace
that
has
the
label
some
label
with
the
value
label,
value,
get
this
certificate,
and
that
means
that
you
know
don't
need
to
reconfigure
it
or
your
administrator
need
to
do
that.
So
it's
like
that.
A
B
B
Yeah
and
that's
mostly
what
everyone
is
trying
to
achieve
so,
if
you're
looking
into
the
big
in
into
the
fan
companies
and
also
other
big
companies
like,
for
example,
spotify,
they
have
their
own
internal
platform
to
onboard
users
on
their
trust
us.
So
it's
like
now
we're
getting
in
day
two,
where
we're
really
using
the
cluster
and
as
developer,
it's
not
for
focus
to
operate
in
a
whole
kubernetes
cluster.
B
B
Okay,
so
I
will
explain
a
little
bit
of
the
next
examples
and
then
we
oh,
we
can
do
it
right.
Okay,
let's
do
it
so
now.
What
we
do
is
we
create
now
a
limit,
so
probably
john
wants
to
create
multiple,
multiple
namespaces,
and
we
don't
want
to
do
this
as
admin.
So
that
means
that
we
also
can
limit
john.
That
he's
only
allowed
to
create
two
namespace,
for
example.
So
when
we.
C
B
B
B
And
this
word
tool
we
have
now
as
john,
we
have
no
two
spaces
that
we
can
work
with,
but
now
we
want
to
create
second,
a
certain
name,
space
and
yeah.
Probably
not
here
says
no,
you
are
not
allowed
to
do
that.
You
have
you
reach
your
limit
of
namespaces
and
you
are
not
allowed
to
do
anything
here,
yeah,
so
that's
for
one
part
so
that
you
cannot
create
separated.
B
And
that's
by
default
so
because-
and
for
that
also
also,
what
tears
can
do
is
to
set
quotas.
So
it's
like
it's
like
that.
You
can
set
in
two
minutes.
You
can
set
resource
quarters
so
how
many
pots
are
allowed
to
set
up
how
many
cpus
can
be
used
in
max
time
and
so
on,
and
for
that
we
will
set
up
an
account
voter
for
that.
B
B
C
C
C
B
Okay,
the
status
fit
isn't
printed
out
interesting.
So
if
you're
checking
out
the
status,
we
see
that
the
deployment
tries
to
increase
to
three,
because
we
have
a
total
current
of
three,
but
now
the
web
hook.
So
cleo
says
you
are
not
allowed
to
create
more
parts,
so
that
also
keeps
you
from
spinning
up
multiple
ports
or
too
many
resources
will
be
computed.
B
So
that's
also
chris,
so
that
we
can
setting
account
limits
to
our
accounts.
We
could
do
calculations
on
that,
automatically
increasing
them
and
so
on.
So
there
are
two
more
cool
stuff
that
I
found
out
but
didn't
test
it.
Yet
so
you
can,
as
we
can
see,
so
you
could
also
have
templates
for
namespaces
or
for
spaces
and,
for
example,
you
want
to
configure
default
cpu
limits
and
cpu
requests
in
your
kubernetes,
and
also
you
want
to
inject
default
resources
that
should
be
applied
into
the
space.
B
B
Yeah,
you
can
see
here
you
would
have
in
template
instance,
it
would
create
the
namespace
and
it
uses
this
final
namespace
in
the
end,
and
that's
really
where
you
have
multiple
options,
so
they
can
do
pre-filling
stuff
for
other
users
and
that's
a
really
good
shot.
But
now
we
are
a
little
bit
to
conclude.
This
right
now
is
what
we
did.
Today.
We
looked
into
multi-tenancy
management.
We
created
parts
we
created
not
robins
directly.
That
would
be
done
by
tiers,
but
we
set
up
accounts.
B
We
set
it
up
a
crown
quota,
so
that
means
like
hey.
We
could
create
only
two
pots
or
something
like
that.
We
could
create
names,
space
that
would
created
a
namespace
and
we
didn't
try
to
get
out
of
templates,
but
template
would
be
further
stuff
where
we
now
pre-fill
our
stuff,
how
our
name
spaces
or
how
to
use
the
apps
will
look
like,
and
now
we
are
in
a
possibility
that
we
could
use.
For
example,
when
someone
from
the
everyone
can
contribute
from
the
subgroup
comes
up.
B
So,
for
example,
from
the
captain
group
he's
a
lonely
allowed
to
create
two
name
spaces
and
is
only
allowed
to
do
use
two
parts
or
something
like
that,
or
using
only
two
cpu
cross,
because
kubernetes
shares
his
resource
across
the
cluster.
So
you
get
only
the
total
muscle
yet
yeah
and
that's
it
from
the
chaos
side.
A
B
I
don't
know,
but
I
know
there's
another
kubernetes
competitor
or
like
whatever
you
probably
also
know,
is
openshift
and
openshift.
Has
this
concept
in
place
because
they're
using
upstream
kubernetes
and
extended
with
more
features
for
managing
enterprise
customers,
for
example,
the
developer
from
openshift
or
the
people
who
are
managing
openshift
and
creating
openshift,
have
contributed
to
true
benitus
v
airbag
concept,
so
the
whole
row
based
access
stuff
coming
from
the
upper
50.
A
A
A
Giving
giving
those
who
build
great
stuff
for
you
money
so
depend
depends,
of
course-
and
I
think
yusuke
is
like
a
great
tool
for
learning
things
like
using
lego,
bricks,
building
the
cluster,
adding
security
on
top,
seeing
how
things
are
going
and
then
have
like
an
add-on
to
play
around
and
learn
more
how
to
limit
that
and
how
it
works
with
the
web
hooks
and
intercepting
the
the
calls
and
preventing
anything
from
from
happening.
So
I
think
it's
a
great
tool
to
learn
even
more
about
how
kubernetes.
B
Works
yeah,
that's
great.
It's
like
we
are
building
a
platform,
so
platform
is
not
finished
by
day
one.
It's
also
that
you,
edit,
extend
it
to
your
use
case
and
you
build
your
own
platform.
So
kubernetes
is
only
a
framework.
It's
like!
Oh,
it's
more
like.
We
could
also
call
it
it's
a
big
playground
where
we
can
do
a
lot
of
stuff,
so
we
could
also
write
our
own
scheduler
to
schedule
pots
and
different
nodes
with
different
requirements.
B
B
Yeah,
like
network
policies,
you
need
to
build
it
from
each
layer,
so
networking
layer
needs
to
be
intercepted,
which
is
the
security
features
they
have
the
yeah
like.
What's
the
deployment
way,
how
you
want
to
do
deployments,
do
you
want
to
do
a
push
way?
So
should
a
little
partner
push
into
your
kubernetes
cluster,
or
do
you
want
to
do
a
pull
model
base
so
that
you
have
a
release
manager
in
your
cluster,
something
like
flux,
cd
or
other
cd?
B
It's
like
there
are
a
lot
of
turns
options,
and
it's
like
mostly
what
I
propose
to
everyone
use
the
simple
stuff
that
you
understand
or
that
you
understand
at
least
that's
the
most
important
stuff
and
not
what
everyone
is
shining.
What's
true
now
out
of
out
of
these
days,
it's
like
the
same
that
I
said,
yeah
we're
doing
custom
upgrades
with
creating
new
clusters
and
migrating
forward
load
instead
of
using
all
stuff.
Probably
it's
also
more
important
that
we
don't
run
many
stateful
services
in
our
clusters.
B
A
B
B
No,
no,
we
can.
We
can
use
also
the
ansible
approach,
I'm
not
a
fan
of,
but
I'm
fan,
so
I
need
to
refill
it.
So
I
mean
I
want
to
have
only
a
simple
pipeline
that
we
can
create
a
cluster
and
can
work
on
it
and
then
adding
workload
on
top
on
that.
So
mostly
what's
more
important,
do
it
in
a
secure
way,
so
that
could
be
how
you
could
handle
secrets
into
the
ditch
repository
in
a
secure
manner,
and
probably
it
could
be
a
public
repository
in
the
end.
B
A
E
C
E
E
B
A
A
C
A
E
One
thing
we
can
also
add
next
week
are
some
firewall
routes
to
the
cluster.
So
this
doesn't
happen
again
because,
like
one
or
two
weeks
ago,
they
released
this
firewall
as
a
service
in
the
beta
version,
and
I
already
added
it
to
my
to
my
k3s
cluster
entire
form,
and
so
we
can
just
add
a
few
rules
there
for
our
cluster
as
well.
And
then
we
only
expose
the
api
and
http
ports.