►
From YouTube: 2020 09 21 GSoD Office Hours
Description
Google Season of Docs office hours September 21, 2020. Topics included an overview of Katacoda and an overview of Helm in the Jenkins context.
A
B
B
Awesome
so
for
anybody
that's
seen
me
do
presentations.
You
know
that
I
I
often
botch
them,
so
I'm
gonna
do
my
best
as
I
work
this
I
did
this.
I
I
set
this
deck
up,
which
I
will
share
with
everybody
once
this
is
done.
I'll.
Add
it
to
the
agenda
notes
I
put
this
together,
but
I
didn't
actually
think
through
talking
through
it.
So
I'm
going
to
do
my
best.
B
This
will
be
sort
of
an
introduction
to
helm
in
catacota
we're
going
to
start
off
with
the
helm,
introduction
what
I
would
say
and
I'll
leave
this
up
to
z,
knob,
how
you
would
do
this
if
you
want
to
ask
questions
as
we
go
through
it
or
if
you
want
to
wait
till
the
end,
either
way,
I'm
fine.
This
is
more
of
items
for
you,
okay,
all
right!
So
for
the
jenkins
for
jenkins
and
helm,
there
is
a
chart
that
is
currently
available.
B
It
is
at
the
repo
at
jenkins,
ci
and
then
into
the
jenkins
chart.
This
chart
installs
a
jinkin
server,
which
allows
to
spawn
agents
on
kubernetes
use
a
light
utilizing
the
jenkins
kubernetes
plug-in
a
first
commit
for
this
was
in
2016..
It
was
by
vic
englishes.
I
think
I
said
that
correctly.
He
is
from
google
super
awesome
person.
B
It
has
had
300
contributions
by
180
contributors.
We
moved
this
in
november
13
on
november
13th.
Let
me
start
that
over
again
migrated
this
to
the
jenkins
ci
jenkins,
repo
as
helm,
stable,
and
the
reason
that
we
did,
that
is
because
november
13
2020,
the
current,
stable
and
beta
helm
repos
will
be
deprecated,
so
everybody
is
now
having
to
move
to
their
incubated
repos
kind
of
an
overview
on
how
to
install
this
chart
you're
going
to
need
a
kubernetes
cluster
and
then
you'll
also
need
helm
version
3.
B
B
Once
you
have
these
two
items,
the
prerequisites
ready
to
go.
You
will
install
this
by
doing
a
helm,
repo,
add
the
jenkins
repository
and
then
you
just
do
a
helm,
repo
update
and
that
will
actually
pull
all
of
the
metadata
in
and
then
you
can
just
do
a
helm,
install
you
can
call
it
my
release.
The
actual,
as
you
see
here,
it's
called
my
release.
You
can
change
that
name
to
anything
you
want
and
then
you'll
just
actually
reference
the
repo
and
then
the
chart
that
you
wish
to
install.
B
What
do
you
get
you
get
jenkins
running
on
kubernetes,
which
spawns
agents
on
demand
using?
This
is
what
I
put
the
awesome
kubernetes
plug-in.
I
am
one
of
the
maintainers
of
that
plugin,
as
well
as
jks
configuration
support,
which
is
the
default
configurations
out
of
the
box,
which
can
be
customized
via
the
values.yaml
file.
I
will
go
into
a
little
bit
more
of
what
the
values.yaml
does,
but
essentially
on
a
high
level.
A
B
A
B
D
B
B
I
am
not
going
to
actually
do
a
demo
in
here,
because
it's
very
straightforward
and
what
I'd
like
zenop
to
do
is
to
really
get
an
understanding
of
how
you
do
this.
I
would
like
you
to
try,
after
we're
done
to
do
the
an
installation
yourself
and
you
can
do
this
with
minicube
and
then
I'd
like
you
to
ping
me
directly
christine
you
have
a
good
standing
kubernetes
as
well.
It's
my
understanding,
correct.
B
B
B
And
how
does
the
auto
reload
work
so
the
actual
drink
controller
will
will
do
the
trigger
reload
it'll?
Do
the
jks
reload
for
the
jenkins
ci
s,
config
will
update
the
configurations
and
then
watch
for
changes
very
straightforward
and,
if
you're
familiar
with
how
eddie's
illustration
works,
this
will
seem
very
familiar
to
you.
So
so.
A
For
me,
as
a
jenkins
administrator-
that's
quite
impressive,
so
that
says,
if
I
change
the
configuration
as
code
definition,
the
running
jenkins
will
automatically
reload
it,
and
that
is
correct.
Well,
that's
cool!
Okay!
So
there's
yeah!
Oh
very
nice!
Thank
you,
okay!
So
the
so
for
me,
as
a
jenkins
administrator,
you've
made
my
life
easier
that
my
act
of
deplo
of
storing
something
to
the
git
repository
where
I
track
the
configuration
will
or
can
automatically
upgrade
that
and
install
it
into
my
into
my
kubernetes
cluster
cool.
That
is,
that
is
correct.
B
And
so
how
does
the
auto
relay
work?
Is
the
jenkins
controller
called
the
java
ops?
It
does
a
reload
token.
It
takes
the
pod
name
and
sets
that
as
a
variable,
it
really
sidecar,
which
is
where
the
task
configuration
is
and
then
does
a
reload
call
to
the
api,
and
essentially
that's
what
it
looks
like
right.
There.
B
I'm
going
to
leave
out
how
you
can
configure
ingress
and
the
reason
being
is,
is
the
documentation.
Zinab
will
you'll
definitely
touch
on
this.
I
felt
that
for
this
type
of
an
introduction
going
into
its
and
and
ingress
objects
and
the
ingress
controller
is
a
little
bit
more
in-depth
because
of
the
different
ways
you
could
do
it.
You
could
use
engine
x,
you
could
use
hiv
proxy
and
it's
a
little
bit
involved.
B
So
I
didn't
want
to
like
confuse
you,
and
so
what
does
your
setup
look
like
when
you
do
this
initial
helm
configuration
of
the
containers
which
will
be
in
a
knit
container,
your
jenkins
controller
and
then
the
reloading
of
the
jks
config
you'll?
Have
your
two
services,
which
will
be
for
the
ui
and
the
agent
they'll,
be
your
persistent
storage
and
then
notice.
Your
are
back
here,
and
this
is
the
problem.
B
I
think
you
may
be
running
into
xenoblack,
which
it
has
a
schedule
agent
and
then
another
job
that
does
the
watching,
for
the
configuration
is
code
config
map,
these
all
have
service
accounts
that
are
allowed
for
the
this
particular
chart.
It
allows
this
at
the
cluster
level,
not
the
name
space
level.
So
from
a
permission
standpoint,
when
you
allow
things
at
the
cluster
level,
it's
a
little
bit
more
insecure,
but
this
is
just
to
get
somebody
going.
B
I
would
say
if
you
wanted
to
lock
this
down
a
little
bit
better,
you
would
move
this
to
a
name
space
level
which
would
be
the
cluster
role
and
then
the
cluster
binding
poster.
I
always
forget
those
so
understanding
the
jenkins
as
your
permissions
and
kubernetes,
which
permissions
do
the
agents
have
in
the
cluster
the
permissions
of
the
service
account
of
the
agent
pod,
and
this
is
again
what
I
was
talking
about,
which
service
accounts.
Do
they
use
nothing?
Ins,
nothing
is
specified
default.
That's
that's
more
for
security.
B
And
how
are
permissions
granted
to
a
service,
as
I
was
saying
earlier,
there's
two
types:
the
role
binding
is
permissions
per
name
space
where
the
cluster
role
binding
is
permissioned
to
the
whole
cluster,
and
this
picture
sort
of
gives
you
an
overview
of
what
that
looks.
Like
I
think,
for
the
documentation.
It
will
be
really
call
this
out,
because
this
is
sometimes
an
item
that
is
overlooked
in
the
wider
commune,
the
specifics
between
role,
bindings
and
cluster
rule
bindings
and
how
those
are
used
a
lot
of
times.
It's
been
my
experience.
B
People
will
just
use
cluster
role
binding
because
they
want
to
just
they.
They
don't
want
to
have
to
deal
with
the
security
aspects
of
that,
but
I
think
it
would
be
important
for
us
to
call
that
out
and
documentation
to
steer
people
correctly
why
it
is
a
bad
idea
to
run
agents
in
a
jenkins.
Namespace,
remember,
jenkins,
kubernetes
plug-in
needs
kubernetes
permissions
as
well
as
to
be
able
to
do
things
with
that
service
account,
and
if
that
service
account
gets
deleted,
it's
just
super
bad,
so
I
always
have
agents
running.
B
I
I
think
it's
the
best
practice
to
have
agents
running
in
a
different
name
space
other
than
where
your
jenkins
is
installed.
So
generally
you'll
see
a
couple
online.
If
you've
seen
the
online
talks
that
I've
done,
I
will
install
the
jenkins
controller
in
the
jenkins
namespace
and
then
I
will
have
a
agent
spun
up
in
a
murray
namespace
when
a
job
runs.
B
And
this
tells
you
a
little
bit
more
separate
control
and
their
resource
consumption,
and
this
is
again
how
you
can
do
this
using
the
helm
chart
which
is
already
out
of
the
box,
set
up
to
do,
and
I
have
to
so.
I
didn't
realize
that
when
I
did
these
slides,
I
you
can
actually
see
the
behind
this
picture.
The
the
helm
command
that
you
could
use,
which
permissions
does
the
helm
chart,
grant
none
your
best
for
you,
you'll
know
best
which
permissions
you
need.
B
That's
why
we
don't
just
sort
of
grant
cartridge
admin
root
access,
so
I
think
that's
best
and
if
I'm
going
too
fast-
and
you
have
any
questions-
please
stop
me
here-
we
have
what
we've
con
called
an
agent
namespace,
which
has
a
separate
controller
in
the
agent
paw.
These
are
allowing
limited
resources
only
on
the
agent
name
space
and
that's
better
for
secure
and
so
resource
consumption
of
the
cluster
overall.
B
A
B
A
Can
you
back
up
just
so
so
this
one?
The
idea
is
that,
as
the
jenkins
will
scale
up
and
down
the
number
of
agents
it
uses
and
by
putting
the
agents
in
a
separate
name
space
from
the
from
the
jenkins
controller
from
the
jenkins
master,
that
that
allows
me
greater
safety
or
greater
ability
to
say
no,
you
can't
use.
Can
you
could
you
elaborate
a
little
on
this
agent
name,
space.
B
Yeah,
so
so
what
this
does
is
two
things
one.
It
gives
you
security
because
now
you're
not
co-mingling
everything
in
one
name
space
and
it's
somehow
an
eight.
Let
me
take
a
step
back
agents
have
the
ability
to
be
ephemeral,
meaning
they
can
spin
up
for
the
life
of
the
job
and
then
tear
down
or
if
you
want
the
agent
to
be
long-lived
that
long-lived.
B
The
reason
that
you
want
to
have
these
in
a
separate
name,
space
spaces.
It
gives
you
the
ability
for
secure
jobs
not
to
run
in
any
part
of
the
agent
name
space.
The
second
part,
which
I
think
is
actually
a
little
bit
more
better
than
the
security
aspect,
is
the
resource
consumption.
A
lot
of
times.
Clusters
are
under
humanities
clusters.
There
are
a
heavy
load
already,
especially
with
the
jenkins
controller
and
all
the
jobs
that
may
be
there,
and
sometimes
jobs
do
not
get
configured
correctly.
B
So
you
may
have
jobs
that
are
retaining
large
logs.
I've
seen
that
at
some
companies-
and
you
may
take
the
cluster
down
to
be
able
to
better
control
resources,
you
can
separate
the
agents
out
into
their
own
name
and
space.
This
allows
you
to
control
that
namespace
as
opposed
to
controlling
the
jenkins
namespace
as
a
whole,
which
is
where
the
controller
will
live.
B
Yeah
I
I
found
that
it
was
better
to
have
the
separate
namespace
not
only
for
security
resources,
but
let's
say
I
want
to
just
be.
Let's
say
I
have
log
aggregation
happening
in
the
kubernetes
cluster
and
I'm
really
going
to
the
api
to
look
through
the
api
logs.
If
I
have
to
look
through
the
full
jenkins,
namespace
and
weed
out
all
the
controller
logs
and
all
that
it
becomes
super
difficult,
this
makes
it
a
lot
easier.
B
Thank
you,
plugin
installation.
How
does
it
work
possible
improvements?
I'm
not
going
to
go
too
deep
into
that,
but
some
parts
I
will
say,
is
how
to
configure
your
credentials.
There
is
a
kubernetes
credential
provider
plug-in
in
that
helm.
Chart
you
only,
and
now
I
see
you
have
a
typo
in
here.
You
only
need
to
set
the
are
back,
read
secrets
to
true
and
it
will
create
the
necessary
roles
and
role
bindings
again.
This
is
at
a
namespace
level
and
I
put
a
link
to
where
that
is
in
the
actual
code.
B
C
B
B
B
B
Coda
provides
isolation
for
so
you.
Basically,
you
can
spin
up
your
own
environment
and
learn
about
whatever
the
subject
matter
is
and
the
subject
matter
is
called
sessions.
It
has
an
integrated
editor
that
allows
you
to
experiment
with
creating
configurations,
updating
or
exploring
sample
applications.
B
It
helps
gain
a
deeper
understanding
of
how
the
technology
can
be
used.
For
example,
a
user
can
copy
a
snippet
of
code
like
I've
done
here
into
the
editor
and
run
that
against
a
virtual
environment,
the
interactive
environments
can
be
embedded
into
websites
or
documents
that
allow
us
to
be
able
to
maintain
a
consistent
look
and
feel.
I
added
a
link
on
here
on
how
to
do
that.
I
thought
that
would
be
really
beneficial
for
you
xena.
B
B
So,
at
a
high
level
right
now,
currently
there's
a
kubernetes
scenario.
There's
also
a
jenkins
scenario.
I'm
currently
working
on
the
jenkins
and
kubernetes
scenario,
and
my
hope
is-
is
that
will
be
released
the
first
week
of
october
and
then
we
can
get
that
into
the
into
the
documents
that
you
have.
What
I'd
like
to
do
is
also
when
I
create
the
repo.
B
I
excuse
me
when
I
create
the
the
release
I'd
like
to
be
able
to
give
you
access
to
that
xenob,
and
maybe
possibly
you
become
one
of
the
maintainers
of
that.
I
think
it
would
be
a
really
good
opportunity
to
get
more
involved
in
in
actual
like
code
releases,
and
it's
not
super
difficult
to
maintain,
and
I
would
help
you
all
the
way
through.
D
I
think
it
was
a
good,
a
high
level
discussion.
I
maybe
it
sounds
like
now
that
we've
got
some
free
time
to
start
looking
at
maybe
particular
problems
that
you
know,
z
and
enough
you've
run
into
yeah,
especially
with
getting
started.
Really,
it's
always
good
to
have
a
good
fee
like
it's
all.
I
never
see
a
problem
having
like
a
baseline.
B
B
Exactly
I
didn't
want
to
go
too
in-depth
because
I
didn't
want
it
to
be
like
over
technical
in
the
sense
that
you
may
just
get
lost
in
all
the
details.
It's
easy.
I
always
found
it's
easier
to
to
have
a
little
bit
of
a
guide
and
then
do
something
hands-on
myself
right
zenob
did
you
want
to
maybe
share
your
screen,
so
we
could
see
what
the
air
was
that
your
pod
was.
C
A
B
Well,
I'm
still
waiting
for
her
screen
to
to
to
show
up.
I
can't
say
mark
that
you
are
correct.
It
is,
it
is
more
of
a
training
tool,
but
the
beauty
with
this
training
tool
is
you're
able
to
you're
able
to
write
scenarios
really
with
ease,
and
you
can
take
scenarios
and
combine
them
like
kubernetes
and
jenkins.
It
just
makes
it
easier
to
deliver
training
content.
B
B
C
A
B
A
B
Supports
what
yeah,
what
so
you
know,
cubes
ttl
getpods
all
namespaces
allows
me
to
see
all
of
the
namespaces
and
get
quicker
to
like
what
I'm
looking
at,
rather
than
think
it's
in
the
jenkins
name
space.
This
helps
me
get
get
there
a
lot
faster.
Can
you
backspace
two
times
enough
and
do
a
dash
n
space
jenkins.
C
B
D
B
B
B
B
B
C
B
B
B
E
C
B
B
Okay
in
my
cluster
world
binding
you
can
see
that
in
the
api
group,
I've
actually
linked
the
service
account
in
here,
and
I
don't
think
you
have
that
linkage
happening
in
your
cluster
role
bindings
and
that's.
What's
stopping
it.
So,
just
to
reiterate
what
I
said,
you
have
an
account,
a
service
account
already
created
and
it's
called
jenkins,
but
you
don't
have
that
service
account
linked
to
the
actual
permissions
in
the
cluster
roll
binding.
B
Now
remember
a
cluster
role,
binding
means
this
is
at
the
actual
cluster
level
and
not
name
space
level.
If
it
were
namespace
leveled,
it
would
be
a
roll
binding
okay.
So
what
you'll
need
to
do
is
using
the
command
that
I
I
gave,
which
is
the
cube.
Ctl
get
cluster
roll
bindings,
okay,
you're
going
to
want
to
create
a
new
cluster
roll
binding.
B
That's
called
jenkins
that
ties
this
service
account
that
you
have
already
to
that
and
that
will
allow
the
permissions
and
you
can
see
also,
this
is
the
cluster
role
and
the
cluster
role.
These
are
all
of
the
actual
commands
that
are
allowed,
and
my
guess
is,
is
your
helm.
Chart
is
trying
to
execute
one
of
these
commands,
but
because
the
linkage
is
not
there,
it
won't
work.
I'm
going
to
send
you
the
link
to
this
repo
I'll
put
it
in
the
chat
right
now.
Give
me
just
a
second.
B
B
C
C
A
C
A
Okay-
and
I
heard
I
had
heard
a
good
suggestion
earlier
today
in
a
conversation
with
oleg-
he
liked
the
idea
that
you
were
that
you
started
last
week
of
hosting
the
the
initial
documentation
of
google
doc
for
people's
comments.
He
suggested.
You
might
also
want
to
share
a
link
to
that
google
doc
to
the
jenkins
docs
mailing
list,
so
that
we
can
encourage
other
people
to
help
us
review
it
and
comment
on
it
even
before
it
becomes
a
pull
request
to
jenkins.io.
B
A
Yes,
we
do
not
need
to
be
spammed
in
your
document.
Absolutely
we've
had
that
problem
already,
so
I'm
I
remember
well.
Well,
there
are
even
times
when
I
wonder
if
I
want
to
turn
off
comments
because
of
obnoxious
comments
so
for
sure,
it's
great
to
send
a
link
to
it
and,
if
you're
willing
to
allow
public
comments.
Initially,
that's
a
real
positive
if
someone
starts
becoming
obnoxious
or
annoying
or
unacceptable.
A
C
C
B
C
A
Great,
thank
you
so
zena,
one
of
the
things
that
would
help
me
is
if
we
we
just
keep
notes
in
the
in
the
google
doc
for
this
office
hours,
I'm
I'm
typing
some
things
in
there
now
as
a
placeholder,
but
that
way
I
have
a
plate.
We
have
a
place
to
embed
marquis,
marquis,
hyperlink,
so
marquee
overview
of
katakota
and
helm
and
includes
diagnosis.
B
A
A
A
D
A
Okay,
excellent,
so
we've
got
at
least
one
mentor
available,
so
thursday's
meeting
is
will
go
as
planned.
Excellent
thanks
everyone.
Thank
you
very
much.
Recording
a
link
to
the
recording
will
be
posted
in
about
an
hour
after
I
get
it
archived
and
placed
on
youtube.
Thank
you.
Thank
you
have
a
great
week.
Everybody
youtube.