►
Description
Last week's session (recording & URLs included): https://everyonecancontribute.com/post/2021-01-27-cafe-14-kubernetes-deployments-to-hetzner-cloud/
Blog post: https://everyonecancontribute.com/post/2021-02-03-cafe-15-kubernetes-deployments-to-hetzner-cloud-part-2/
Repository: https://gitlab.com/ekeih/k3s-demo
Questions? Join our Gitter channel: https://gitter.im/everyonecancontribute/community
A
And
we
are
live
yeah
for
the
second
step
or
the
second
part
of
our
amazing
workshop,
how
to
deploy
kubernetes
kubernetes
cluster
to
redstone
cloud,
and
I
think
with
that
I
just
hand
over
to
our
expert
max
who
wants
to
continue
and
dive
into
kubernetes,
k3s
and
and
much
more.
B
All
right,
yeah,
thanks
yeah,
if
you
watched
last
week
or
if
you
watched
the
recording,
then
you
have
quite
a
good
idea
of
what
we
already
did
yeah
we
started
last
week
using
teraform
and
ansible
with
terraform.
We
set
up
some
virtual
machines
and
networking
on
headset
cloud,
and
then
we
started
to
use
ansible
because
we
want
to
use
it
to
deploy
things
inside
of
our
virtual
machines.
B
B
And
if
you
remember
from
last
week
or
in
case
you
don't-
and
you
are
already
watching
here
for
the
first
time
we
are
using
the
gitlab
state
backend
for
terraform,
but
from
last
week
it's
already
configured
so
terraform
notices
that
our
network
configuration
and
all
our
servers
are
still
missing.
B
B
B
Works-
and
here
we
see
it
works
as
expected,
so
the
goal
for
today
is
that
when
we
end
the
call,
we
have
a
running
kubernetes
cluster
running
running
kubernetes
cluster,
for
us
will
mean
that
we
use
cubecontrol
or
cubectl
or
whatever
you
want
to
call
it.
It's
the
cli
tool
to
talk
to
your
kubernetes
cluster
and
what
we
want
to
have
working
there
is
that
we
get
some
nodes
and
we
also
want
to
retrieve
some
pots.
B
If
this
works,
then
I
will
be
happy.
So
that's
the
goal
for
today
and
right
now,
our
virtual
machines
are
quite
yeah,
unconfigured,
there's
not
much
in
it.
Just
running
linux,
ssh
server,
not
much
more
before
we
start
with
k3s.
As
our
qmanages
distribution,
we
are
going
to
play
around
a
little
bit
with
ansible.
B
B
So
last
week
we
configured
this
dependency
here
that
we
wanted
to
use
not
only
the
hexner
cloud
collection,
but
also
the
devops
collection,
which
is
a
collection
of
ansible
roles,
to
configure
some
things
and
to
set
up
react,
common
software
and
under
debian
or
ubuntu.
You
have
this
package
called
unintended
upgrades
which
will
take
care
of
updating
your
server
without
your
interacting
with
it.
B
So,
for
example,
you
can
configure
to
do
all
the
security
updates
and
reboot
your
machine
during
the
night
and
because
we
don't
want
to
take
too
much
care
of
our
server
when
it's
running.
We
will
just
configure
this
to
automatically
apply
some
updates,
and
during
this
we
will
learn
a
little
bit
about
ansible.
B
B
Next
thing
we
will
learn
is
the
ansible
playbook
command,
which
is
a
command
to
yeah,
do
more
things
in
the
at
the
same
time,
to
like
to
have
a
playbook,
you
run
through
several
steps.
B
I
guess
that
this
is
due
to
some
size
limitation
or
something
that
they
have
so
many
roles
that
I
decided
to
put
it
into
three
different,
not
entirely
sure,
but
we
are
going
to
use
this
from
their
documentation
and
just
accept
it
this
way,
because
it
doesn't
matter
too
much
for
us,
so,
okay
cool,
for
what
hosts
do
we
want
to
do
it?
We
want
to
do
it
for
all
our
hcloud
hosts
this
each
cloud.
Where
does
this
come
from
when
we
listed
our
inventory
down
here?
B
And
ansible
will
search
through
those
collections
for
this
role
and
then
with
ansible.
You
often
configure
host
specific
settings
in
variables,
so
you
can
use
an
more
general
role
and
then
apply
your
specific
settings
and
in
the
devops
project,
which
created
the
roles
we
are
using,
they
yeah
they
did
this
a
lot.
So
we
can
configure
the
whole
software
with
variables
and
before
I
do
100
typos,
I
will
just
copy
it
over
here.
B
B
B
So
this
way
we
already
have
our
first
set
of
yeah
things
we
want
to
do
for
now.
It's
just
apply
this
role
to
all
nodes.
So
if
you
have
never
used
and
any
configuration
management
or
never
have
you
just
answered
at
all,
then
this
might
be
a
little
bit
abstract.
So,
let's
look
what
it
what
it's
like
in
action:
let's
call
the
ansible
playbook
command
and
pass
the
main
yammer
as
a
playbook.
B
B
B
And
one
of
the
nice
things
is
that
usually
you
can
find
a
lot
of
roles
or
for
common
software
and
you
can
use
them
or
you
can
get
inspired
by
them,
how
they
have
written.
And
then
you
can
decide
that
you
want
to
do
it
a
little
bit
in
a
different
way.
Then
you
can
write
your
role
based
on
it,
but
at
least
you
have
a
starting
point
and
all
right,
then:
let's
do
this
without
the
check.
B
B
B
This
means
those
nodes
can,
or
these
virtual
machines
can
communicate
with
this
private
ip
addresses,
but
on
a
when
we
are
looking
at
or
if
we
want
to
really
have
a
secure
connection
between
those
nodes,
then
we
have
to
realize
that
there
is
no
encryption
between
them.
There's
no
automatic
safety,
it
just
protects
us
from
communicating
over
the
internet.
It's
like
it's
heads
now
makes
it
more
secure
for
us,
but
it's
not
really
secure
yet
because
everyone
who
has
access
access
to
this
headset
infrastructure
can
capture
those
traffic
and
look
into
it.
B
Now
you
could
say:
okay.
If
someone
has
access
to
this
headset
infrastructure,
then
maybe
they
have
access
to
our
servers
anyway,
and
that's
probably
true,
but
for
this
demo
we
will
still
go
the
little
bit
advanced
route
and
use
wire
guard
to
encrypt
all
traffic
between
those
nodes
and
with
k3s
what
we
are
going
to
use.
This
is
quite
easy
because
it's
mostly
a
configuration
setting,
so
our
nodes
will
communicate
with
us
private
ip
addresses,
but
in
addition
to
that
they
will
encrypt
all
traffic.
B
B
Let's
call
it
roles
because
by
default,
ansible
will
look
for
this
directory,
let's
create
another
directory
and
let's
call
it
wireguard,
and
now
we
will
use
some
yeah.
The
default
setup
of
ansible
and
ansible
will
look
for
directory
called
tasks
and
in
there
it
expects
some
younger
code
to
tell
it
what
it
should
do
and
we
will
create
this.
It's
the
directory
and
in
there
we
will
create
a
file
and
call
it
mania
because
ansible
we
use
that
this
as
a
starting
point.
B
B
B
If
we
go
back
here,
we
will
now
create
our
job
or
our
task,
not
our
job.
This
is
now
arbitrary
name.
We
can
do
whatever
we
want,
can
call
it,
for
example,
install
wireguard
also
here
this
prefix
is
just
just
a
string,
so
just
for
us
to
know
which
package
we
use
there
and
then
we
use
this
module
we
want
to
have.
I
want
to
install
a
ubuntu
package
called
wireguard.
B
B
B
To
make
sure
that
it
installs
the
current
package
or
that
it
even
was
able
to
find
this
package,
but
now,
if
we
run
ansible
several
times,
it
will
update
this
cache
each
time,
which
is
a
little
bit
of
time
consuming,
because
each
time
it
has
to
contact
a
few
servers,
download
things,
yeah
pass
them
and
everything.
So
we
don't
want
to
do
this
every
every
time.
B
We
only
want
to
do
this
if
the
cache
is
older
than
3
8
600
seconds.
I
think
that
should
be
an
hour
and
then
now,
if
you
run
it
the
first
time
it
will
do
this
update
and
afterwards
it
won't
do
it
anymore.
If
you
do
it
several
times,
but
if
you
do
it
tomorrow
again,
then
it
will
update
the
cache
and
that's
all
we
need
to
do
with
wireguard.
B
And
that's
all
because
our
wire
guards
roll
is
so
simple.
This
has
no
configuration
for
to
be
a
little
bit
more
consistent
can
add
a
tag
for
this
as
well,
and
that's
all
so
now.
Ansible
will
look
in
the
local
roles
directory
for
this
rule
and
if
it
doesn't
find
it
there,
then
it
would
look
here
as
well,
but
it
will
already
find
this
here.
So
that's
good
for
us.
B
A
B
B
Then
this
step
already
takes
a
little
bit
of
time,
and
when
you
do
it
several
times
in
a
row,
then
it's
like
waiting
waiting,
because
each
time
it
has
to
do
this
ssh
connection
to
each
server
and
do
everything
and
there
are
some
tricks
and
config
options
and
other
tools
to
speed
this
up,
and
then
it
gets
a
lot
faster,
but
we
are
not
going
to
dive
into
that.
So
we
will
just
be
patient
and
wait
a
moment
right
now.
B
It's
also
not
taking
time
because
answer
was
slow
right
now,
it's
taking
time,
because
each
of
the
servers
is
installing
wire
guard,
so
that
needs
means
that
it
needs
to
download
this
extract
package
and
everything.
A
Github
gitlab,
whatever
is
down,
we
could
like
create
a
different
image
and
say:
hey
and
separate
is
slow.
B
All
right:
it's
done.
It
installed
wireguard.
So
that's
nice
and
yeah.
Now
we
are
ready
to
start
with
k3s
and
for
k3s.
We
will
also
write
our
own
role.
It's
a
little
bit
more
complex
than
the
wire
guard
rule,
but
I
guess
everything
is
a
little
bit
more
complex
than
the
wire
got
role
we
just
created.
B
B
And
in
there
create
a
directory
like
for
the
wire
guard
row,
we
created
one
that
was
called
not
like
this
dash.
All
right,
then
another
one.
Let's
call
it
defaults
we'll
go
into
this
in
a
second
and
another
one.
Let's
call
it
templates
and
another
one
handlers,
so
that's
all
will
start
with
the
tasks
for
now,
because
task
is
something
we
already
know
so
create
our
main
yama
file,
starting
with
refresh
and
empty
file
going
to
close
the
terminal
for
now.
So
we
have
a
little
bit
of
more
space.
B
B
B
Yeah,
anyway,
their
their
default
way
of
installing
it
is
to
use
the
script.
But
another
way
to
do
it
is
to
download
the
binary
and
just
run
it,
and
the
script
mostly
does
exactly
that.
It
does
a
few
more
things
like
checking
what
system
you
are
running
and
what
what
k3s
version
you
want
to
have,
and
then
downloading
this
for
you
and
yeah
setting
this
up.
So
just
if
you
dive
into
the
k3s
documentation,
there
are
a
few
other
ways
to
install
it.
B
So
all
right,
we
I'm
just
going
to
copy
this
here.
Our
first
task
is
to
download
k3s,
so
we
are
using
the
get
url
module
from
ansible
and
what
it
does
it's
doing,
an
http
request
to
address,
redefine,
and
then
it
puts
it
somewhere
and
off
case.
It
should
put
it
to
this
directory
and
yeah.
The
file
should
be
owned
by
root.
B
Of
course,
both
both
queries
go
to
the
same
domain.
So
if
someone
had
github
or
someone
was
able
to
hack
into
the
k3s
account
and
uploaded
a
compromise
binary,
then
they
would
also
be
able
to
switch
this
checksum,
but
at
least
it
protects
us
a
little
bit
from
some
random
download
errors.
If
we
have
uncomplete
download
or
anything,
then
it
will
fail,
so
it
doesn't
hurt
to
put
it
here.
B
B
For
one
way
we
can
go
to
our
defaults
directory,
create
a
new
file,
call
it
main
so
in
those
directories
mostly,
you
have
a
main
unit
and
maybe
some
more
files.
We
will
just
leave
it
with
mania
and
in
there
we
can
define
this
variable
k3s
version
and
then
maybe
let's
go
to
github
k3s
and
see
what
the
latest
version
is.
B
B
B
B
B
B
B
B
B
B
Let's
close
a
few
things
and
the
basic
idea
here
is
that
each
time
we
download
a
new
version,
we
will
restart
k3s.
So
even
if
we
have
an
existing
version
installed,
then
we
update
the
version
here,
for
example,
tutu
and
then
run
this
task
again.
It
will
download
the
newer
version,
and
if
this
happens,
we
want
to
restart
k3s.
So
we
will
use
the
notify
option
of
ansible
and
we
will
tell
it
to
restart
k3s.
B
B
B
And
we
also
want
to
tell
systemd
to
do
a
daemon
reload
that
tells
systemd
to
check
for
new,
existing
systemd
units
or
service
files
on
the
disk,
because
in
the
next
step
we
will
create
a
new
systemd
configuration
file
a
systemd
unit
and
to
tell
systemd
to
pick
this
up.
We
need
to
tell
it
to
do
a
relay
reload,
so
this
doesn't
mean
that
your
system
d
is
restarting
or
anything.
It
just
means
it's
yeah
reinitializing
some
things,
and
we
will
also
do
something
here.
B
So
then,
this
variable
is
true,
and
if
this
variable
is
true
or
if
it's
running
in
check
mode,
then
it's
possible
for
ensembl
to
reach
this
handler
where
it
wants
to
simulate
a
restart
of
k3s,
but
because
we
are
running
in
check
mode
and
we
are
running
for
the
first
time
there
is
no
k3s
service.
Yet
so
ansible
would
fail
and
tell
us
there
is
no
k-3s
service.
What
should
I
do
and
then
you
could
never
succeed,
running
your
playbook,
so
we
will
tell
it
to
yeah
the
restart
can
fail.
B
B
No
yeah,
that's
that's
one
thing.
We
will
definitely
do
yes,
we
can
do
it
in
the
next
step.
I
think
oh
no.
We
can't
because
we
we
need
something
for
this
k3s.
We
yeah,
I
think,
in
the
documentation,
there's
probably
some
visual
representation.
Here
we
we
have
those
three
virtual
machines
and
on
our
server
we
will
install
k3s
and
on
our
agents
as
well,
and
the
agents
have
to
register
themselves
as
a
server
and
for
this
they
need
a
token,
because
we
don't
want
to
allow
everyone
to
just
register
at
our
server.
B
We
need
some
kind
of
authentication
and
for
in
for
k3s
the
server
if
it
starts
for
the
first
time
and
notice,
it
has
no
configuration
at
all.
Yet
it
will
create
such
a
token
for
us-
and
we
have
to
take
this
token
and
tell
our
kcs
on
the
agent
nodes
to
use
this
to
register
themselves
and
that's
what
we
are
going
to
do.
B
B
Yeah,
this
file
is
created
when
you
start
a
k3s
in
server
mode
for
the
first
time,
and
then
we
want
to
store
this
value,
which
we
can
do
by
telling
ansible
to
register,
and
we
give
it
a
name
k3s
token,
and
this
way
we
can
use
the
value
the
content
of
this
file
or
information
about
this
file
in
the
rest
of
our
ncbi
code.
B
In
our
group
names,
so
this
may
look
a
little
bit
like
magic
there's,
also
something
oh,
no,
now
the
it
seems
to
be
correct.
The
group
names
variable
in
the
answer
will
run
will
contain
all
groups
our
host
is
part
of.
So,
if
we
look
again
at
our
ansible
inventory,
then
we
remember
that
we
automatically
created
those
groups,
servers
and
agents.
That's
why
we
are
checking
his
agent
agents
in
this
list
of
group
names.
B
B
B
A
What
happens
if
there
is
no
server
in
this
group?
Is
there
an
error
on
linkedin.
B
B
B
All
right
so
now
we
have
this
token,
and
now
we
have
to
use
it
and
therefore
we
are
going
to
use
the
template
module
of
ansible.
You
are
using
ansible.
You
probably
will
use
this
module
a
lot
because
it's
the
basic
module
to
create
some
configuration
files
with
some
variables
in
there
to
yeah
yeah
to
template,
and
we
want
to
create
this
systemd
unit
file.
Now.
B
B
B
B
If
this,
if
this
file
changes
during
an
ansible
run,
then
we
want
to
restart
k3s,
because
this
means
we
changed
something
in
the
configuration
of
k3s,
let's
restart
it,
and
the
nice
thing
of
handler's
answer
is
that
if
you
call
it
several
times
here
in
this
row
like
buffer
and
down
here,
it
will
only
happen
once
at
the
end
of
all
those
jobs.
So
you
don't
restart
k3s
once
here
and
then
you
restart
it
again
down
here
and
if
you
have
like
20
20
different
tasks
that
would
need
k3s
to
restart.
B
You
don't
need
20
restarts
you
just
one
restart,
which
is
usually
means
yeah,
a
shorter
disruption
of
your
servers.
If
you
only
restart
at
once,
and
then
again,
we
are
using
this
token
in
there
and
we
don't
want
to
expose
this
token.
So
we're
going
to
use
the
diff
option
again,
but
this
time
we
are
not
saying
false,
because
we
only
want
to
hide
it.
B
B
B
So,
by
default,
if
you
use
the
template
module,
ansible
will
look
into
this
template
directory
of
our
row.
That's
the
magic
matching
of
ansible
there,
so
we
will
definitely
not
write
this
from
scratch,
because
this
would
kind
of
assume
that
we
already
already
know
stuff
about
k3s,
which
we
don't
know
yet
we
will
get
into
this
later
on.
B
And
then
we
will
now
use
the
the
templating
magic
of
ginger
too,
because
first
of
all
we
want
to
check
if
our
current
server
is
in
the
group
servers
and
then
we
run
to
define
yeah
a
little
bit
of
long
start
command.
So
xxstart
is
an
option
for
systemd
to
tell
it
what
what
binary
do
you
want
to
start?
What
command
do
you
want
to
run
when
the
service
starts?
B
B
B
B
B
So
let's
disable
the
integrated
one,
we'll
also
disable
the
built
in
cloud
controller,
because
also
something
for
next
time.
We
will
install
our
own
cloud
controller
and
this
cloud
controller
will
be
hetzner
specific.
It
will
communicate
within
the
head
with
the
headset
api
to
do
some
nice
things
for
us.
We
will
see,
then
then
we
will
also
disable
local
storage
because
we
don't
want
to
use
local
storage.
Instead,
we
want
to
use
the
storage
that
headsnap
provides
us
which
will
also
yeah.
B
B
The
cubelet
is
the
part
of
kubernetes,
which
runs
on
each
of
our
servers
on
each
of
our
nodes,
and
the
cubelet
is
basically
the
primary
part
who
executes
things
for
us
on
every
node
like.
If
we
want
to
start
a
container
on
some
node,
then
cubelet.
The
cubelet
will
do
this
for
us,
and
the
cubelet
is
also
the
part
that
talks
to
our
kubernetes
api
server
when
we
start
like
it
registers
itself
there.
B
Let's
not
think
too
much
about
teins,
yet
basically
it
tells
k3s
kubernetes
to
not
run
anything
on
this
node,
except
if
it
says
I'm
okay,
with
this
taint,
you
can
run
me
there,
even
if
it's
a
master
node,
so
we
we
are
using
server
as
a
name
for
this
node,
because
it's
more
inclusive,
unfortunately,
the
naming
and
kubernetes
still
includes
master.
So
the
taint
is
still
called
like
this,
but
I
expect
this
to
change
in
one
of
the
future
releases,
but
not
yet
so
this
was
a
lot
of
commands.
A
B
B
B
A
Option:
okay,
maybe
my
question
was
not
specific
enough:
the
the
entire
xx
start
line.
Did
you
build
this
up
yourself
or
did
you
consult
the
documentation
or.
B
B
B
But
if
you
start
from
scratch,
then
yeah
you
kind
of
have
to
look
through
the
documentation
here
and
I
think
it's
a
little
bit
hard.
If
you
know
nothing
about
kubernetes
yet
like
then
you
maybe
don't
start
with
all
the
options,
then
maybe,
instead
you
would
go
to
the
node,
and
here
we
have
this
k3s
binary
and
just
started
and
with
all
those
options
enabled,
then
it
will
have
this
default
load.
Balancer,
the
default
ingress,
controller
traffic
and
everything
and
to
you
know,
to
start
learn
about
kubernetes
in
the
beginning.
A
Yeah,
okay,
but
just
change
your
template.
You
can
share
it
later
on
in
your
repository.
B
Yes,
definitely
yeah
everything
we
are
doing
here.
We
are
going
to
I'm
going
to
commit
this
in
the
git
repository
afterwards,
so
you
can,
you
can
definitely
copy
it
from
there.
B
B
B
It
looks
similar,
but
it's
not
the
same
again.
It's
k3s
at
this
time
in
agent
mode
and
now
there's
this
little
bit
long
command
option
here
we
want
to
tell
it
which
server
are
you
supposed
to
talk
to?
Where
do
you
should
register
yourself
and
because
we
just
created
our
virtual
machines
with
terraform?
B
We
don't
know
what
ip
address
this
got.
It's
completely
random.
We
don't
know
this
so
yeah.
We
we
use
ansible
because
ansible
in
the
beginning
and
beginning
had
this
gathering
facts
step.
It
mentions
it
as
very
early
here.
Gathering
effects
and
part
of
this
is
that
it
will
figure
out
all
our
ip
addresses
so
again
for
now
we
are
sure
we
have
only
one
server,
so
we
can
just
look
into
that.
One
give
us
all
ip
addresses,
and
now
the
point
is
there
will
be
several
ip
addresses.
B
B
So
you
put
it
in
here
now.
If
we
think
a
little
bit
in
the
future,
it
would
be
possible
to
template
this
as
well
to
have
this
as
a
configuration
option
for
our
role
and
everything
that
would
be,
of
course,
a
bit
more
yeah
make
it
a
little
bit
more
universal,
but
we
are
going
to
hard
code
it
here
to
keep
it
a
little
bit
more
simple.
B
So
what
we
get
back
here
is
like
take
this
list
of
ip
addresses,
then
filter
for
one
matching,
the
sub
network,
and
then
we
still
get
a
list.
It
could
contain
one
or
more
or
zero
or
more
ap
addresses
we.
We
just
assume
there
will
be
at
least
one.
If
there's
none,
it
will
fail,
and
then
we
will
take
the
first
one.
That's
what
it's
doing
here
and
this
way
we
get
the
ip
address
dynamically.
So
if
we
recreate
the
cluster
the
ip
addresses
change,
then
we
run
ansible
again.
B
So
if
you
remember
in
our
in
our
tasks,
we
used
this
slurp
module.
To
get
this
token,
we
are
looking
into
the
content
and
then
we
are
going
to
decode
it
because
by
default
the
slop
command.
We
put
this
into
a
base64
encoded
string,
but
in
this
command
we
need
to
need
the
plain
text
string,
so
we
decode
it
and
then
we
make
sure
that
everything
white
space
wise
is
removed
like
if
there's
a
new
line
or
space.
B
B
First,
we
use
this
variable.
Then
we
use
a
filter
and
then
we
put
the
output
of
it
in
another
filter
which
selects
the
first
one.
If
we
are
used
to
lose
using
linux
and
the
command
line,
then
you
know
the
pipe
command
and
it's
working
very
similar
like
put
the
output
of
one
part
in
the
next
one,
all
right,
so
in
case
it's
neither
a
server
nor
an
agent.
B
B
B
So
when
you
bootstrap
infrastructure
from
scratch,
then
you
all
often
have
this
kind
of
chicken
egg
problem
like
you
can
only
do
something
if
something
else
exists.
First,
for
example,
we
need
this
token
to
exist
before
we
can
configure
our
agent
nodes
or
we
need
this
hetzner
subnet
to
exist
before
we
know
the
ip
address
of
our
node.
So
it's
can
be
kind
of
tricky
to
don't
get
into
a
race
condition
there.
B
If
you
created
for
the
first
time,
often
if
it's
already
existing
and
then
you
just
want
to
gradually
add
stuff,
you
don't
have
those
problems,
but
in
the
beginning,
when
nothing
is
there
yet,
then
you
have
this
quite
often
so,
and
it
took
me
one
moment
to
figure
this
out
in
this
case.
So
we
are
not.
B
B
We
already
need
this
token
to
exist
on
our
server
right.
So
on
our
clients,
this
or
our
agents.
This
command
will
fail
because
k3s
on
the
server
is
not
running
yet
because
for
the
first
time
starting,
we
do
it
with
this
handler,
but
the
handlers
only
run
as
the
last
step.
If
everything
else
is
done,
k3
is
where
we
started.
B
B
There
are
a
few
different
ways
to
work
around
this
one
would
be
to
put
this
into
different
steps
here,
but
we
could
tell
it
here
to
like
just
just
install
k3s
on
the
server
and
then
when
this
is
done,
do
the
same
for
the
agents.
It
would
be
an
option.
It
would
take
a
little
bit
longer
because
we
would
do
the
whole
playbook
for
the
server
then
the
whole
for
the
agents.
B
B
B
So
we
need
one
little
extra
step
for
it,
because
right
now
it
still
would
run
this
on
all
our
servers
on
all
our
virtual
machines,
and
then
this
would
still
fail
if
it
does
not
exist
yet
so
we
need
a
way
to
tell
ansible
hey.
Wait
until
this
file
exists
on
the
server
and
there's
a
nice
and
simple
module
for
this.
B
B
B
So
that's
more
than
enough
to
wait
for
our
k-3s
server
to
come
up
on
the
server
node.
Usually
it
takes
more
like
20
or
30
seconds
or
something
so.
The
combination
of
waiting
for
this
file
to
exist
here
and
our
different
strategy
to
run
those
tasks
as
fast
as
we
can
on
each
of
the
servers
allows
us
to
yeah
to
solve
this
chicken
egg
problem
so
yeah.
If
you
are
completely
new
to
ansible,
then
this
might
be
a
little
bit
of
mind.
Blown
don't
be
afraid.
B
B
All
right,
let's
run
this
most
likely
edit
some
typo,
I
messed
something
up,
so
maybe
it
just
will
just
fail.
We
will
see
here
gather
an
effect,
so
ansible
is
aware
of
all
the
ip
addresses.
For
example,
we
need
another
template
and
you
see
it
will.
It
is
skipping
those
wait
for
a
slap
step
on
the
server
node.
B
B
B
B
And
here
we
see
our
exact
start
command,
it's
exactly
what
we
put
into
the
template.
We
are
on
the
server
node
and
we
only
wanted
this
exec
start
command
and
if
we
look
on
what
processes
are
running
then,
hopefully
yeah
we
will
notice
here
is
running
k3s,
so
let's
go
to
red,
and
now,
just
in
the
beginning,
when
I
told
you
what
is
our
goal
for
today,
it
was
like
run
cube.
Ctl
cube
control,
cube
cuddle,
whatever
you
want
to
tell
it
so
there's
this
huge
discussion
in
the
kubernetes
community.
B
What
this
binary
is
called,
I
usually
call
it
cube
control.
We
can
also
call
it
cube
ctl.
So
there's
a
ton
of
options
or
cube
cuddle.
It
goes
on
and
on
so
later
on,
we
will
use
cubecontrol
on
our
local
machine
right
now.
We
will
use
it
on
the
server
because
it's
part
of
our
k3s.
B
Cube
c
t,
l
and
there
we
are,
we
now
have
a
running
kubernetes
cluster.
We
have
three
nodes,
we
have
a
server,
we
have
two
agents
which
apparently
are
in
a
ready
state.
We
see
that
the
server
has
specific
roads,
control,
plane
and
master
assigned,
and
we
can
also
see
which
kubernetes
version
we
are
running.
It's
exactly
the
same
version
we
earlier
put
in
this
defaults
file
right,
122,
k3,
s1
and
the
other
thing
we
wanted
to
see
was.
B
B
The
metric
server
is
collecting
some
metrics
in
the
server
and
core
dns
is
the
central
dns
server
in
our
cluster,
so
all
components
in
our
cluster
later
on.
We
use
this
to
resolve
dns
names
in
the
cluster
and
to
the
outside
right
now
they
are
pending,
and
I
think
we
will
not
look
into
it.
Why?
Right
now,
because
it's
a
little
bit
of
a
bigger
topic,
because
we
still
need
to
configure
the
networking
of
our
cluster,
but
that's
maybe
a
little
bit
better
for
next
time.
B
So
apparently,
k3s
still
has
a
few
things
messed
up
there,
networking
wise
so
because
those
ip
addresses
are
wrong
wrong
and
those
parts
are
still
in
a
pending
state.
They
are
not
running
yet
also
because
of
missing
networking
stuff
and
yeah.
When
we
look
into
the
readme
file
from
the
last
time,
it's
a
little
bit
of
preview
for
next
time
and
there's
a
link
cloud
controller
manager.
B
It
goes
to
github
and
yeah,
that's
from
upstream
headset
cloud
again
similar
to
our
ansible
terraform
provider
and
next
time
we
can
deploy
this
to
our
cluster
and
then
it
will
tell
kubernetes
hey.
You
are
running
on
headset
cloud.
This
means
you
have
the
following
ip
addresses
for
the
following
notes,
and
then
everything
will
be
correct,
configured
the
right
way,
so
the
cublet
will
then
know
yeah,
there's
this
internal
ip,
this
internal
network
with
those
ip
addresses
starting
10
to
9,
blah
blah
and
then
just
like
magic.
B
Also,
our
pods
will
start
to
run
and
everything
will
be
fine.
So
that's
a
little
bit
of
preview,
not
sure
we
are
going
to
do
it
next
week
or
the
week
afterwards.
But
when
we
are
feeling
like
continuing
with
this
cluster,
then
we
can
do
this
but
yeah
the
goal
for
today
was
to
see.
We
have
some
notes.
We
have
some
bots,
they
are
not
running
it,
but
they
exist.
B
The
nodes
are
apparently
communicating
with
each
other,
because
the
server
is
already
aware
of
those
agents.
So
the
registration
with
the
token
worked
we
yeah,
we
played
around
a
lot
with
ansible
created
some
roles
and
in
the
same
way
you
can
write
yeah
quite
complex
ansible
roles
to
set
up
everything
automatically.
B
A
We
did,
we
don't
have
any
questions.
As
far
as
I
can
see,
I
wanted
to
say,
like
thanks
was
amazing.
I
learned
a
lot
lots
of
things
to
unpack
and
when
you,
when
you
open
up
the
headset
interface,
doesn't
does
this
look
different
to
before.
B
A
Okay,
perfect
because
I
just
like
I'm
sorry,
I'm
in
the
learning
mode,
I
would
say-
and
I
bet
others
are
as
well.
I
would
totally
love
if
you
got
time
next
week,
so
we
dive
further
into
the
the
cloud
host
controller
before.
If
I
remember.
B
That
correctly,
the
cloud
controller
manager.
A
The
cloud
controller
manager,
because
right
now
I
didn't
understand
what
it
means,
but
I
have
a
have
a
picture
in
my
mind
and
I
would
love
to
see
how
it
works.
B
A
A
Oh,
I
have,
I
have
a
lot,
a
lot
of
ideas,
what
can
deploy
to
kubernetes.
I
also
want
to
bring
in
the
the
monitoring
and
observability
part
with
like
prometheus
and
cube
state
metrics,
and
there
are
many
things
probably
you
want
to
try
out
by
by
following
following
our
sessions
and
yeah.
Maybe
I
don't
know
what
else
can
we
do
yeah?
We
can
create
a
website
and
like
make
it
as
complicated
as
possible.
B
Just
before
the
call
when,
when
the
other
michael
mentioned
a
graphql,
so
so
my
personal
block
is
actually
using
graphql
and
it's
the
prime
example
of
do
you
want
to
run
your
static
block
in
the
kubernetes
cluster
and
yeah,
it's
a
static
block
using
graphql
running
in
accumulators
class.
B
A
A
Yeah,
it's
it's
it's
a
fun
example.
Everyone
brings
up
I'm
thinking
of
like
finding
something
which
which
is
easy,
which
is
aesthetic
website
and
just
like,
deploying
it,
because
we
can
and
then
we
can
say
hey.
This
is
like
it's
a
different
use
case
when
you
like,
connect,
ci
cd
pipelines
and
deploy
it
in
different
environments,
and
there
were.
I
think
there
are
many
things
which
are
of
interest
and
I
haven't
tried
out
yet
and
probably
others
are
interested.
A
In
and
I
can
see
that
marcel
shared
shared
a
link
with
us,
there
was
an
ignited
osmc
around
this
website
and
kubernetes
and
terraform
and
other
things
from.
I
think
it
was
bram
fogeller
from
inuit.
Who,
who
did
the
talk
was
funny,
but
maybe
we
can
try
it
out
and
see.
Oh,
this
is
interesting
okidoki.