►
From YouTube: Kubernetes Office Hours (West Coast Edition) 20180718
Description
This is our monthly Kubernetes Office Hours, for more information check this page:
https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
A
All
right
welcome
everyone
to
today's
US
version
of
kubernetes
office
hours,
where
we
answer
your
user
questions
live
on
the
air
with
our
esteemed
panel
of
experts,
you
can
find
us
in
hashtag
office
hours
on
slack
and
check
the
topic
in
that
channel
for
the
URL
to
event
information.
Before
we
begin.
Let's
start
by
introducing
ourselves.
My
name
is
Jeffrey
Sica
I'm
the
host
this
month
and
panelists.
If
you
please,
starting
with
Ralph
hi.
D
A
That's
a
nice
way
of
putting
it
before
we
start
here
the
ground
rules.
This
is
a
judgment-free
zone.
Everyone
had
to
start
from
somewhere.
So
please
help
out
everybody
by
having
support
supportive
environment,
while
in
the
channel
we
will
try
to
do
our
best
to
answer
your
questions,
but
the
panel
doesn't
have
access
to
your
cluster,
so
live
debugging
is
off
topic,
but
we
will
do
our
best
to
try
and
get
you
moving
down
to
that
next
step
of
debugging
panelists.
A
You
are
encouraged
to
expand
on
your
answers
with
your
experiences
and
pro
tips
audience
you
can
help
out
by
pasting
in
URLs
to
official,
DOX
blogs
or
anything
that
might
be
relevant
to
the
topic
at
hand
with
in
the
chat
post,
your
questions
to
discuss,
kubernetes
io
or
stack
overflow
and
we'll
try
and
get
to
those
as
well.
You
can
also
help
us
out
by
tweeting
and
spreading
the
word
and
just
paying
it
forward.
Each
session
is
recorded
and
available
on
YouTube
if
you're
using
this
as
a
work
resource.
A
Please
let
us
know
how
we're
doing
so.
We
can
make
it
better,
that's
something
we
always
want
to
try
and
strive
for
making
it
better.
If
you
want
to
sit
in
on
the
panel
and
spread
your
knowledge,
you
were
more
than
welcome
and
you
can
earn
a
fabulous
water
bottle
that
I
don't
have
because
George
is
out
of
town
help
us
take
notes
at
a
URL
that
I
will
paste
into
the
channel.
We
are
always
looking
for
marketing
help.
A
So
if
you're
awesome
at
social
media,
please
help
us
out
and,
lastly
feel
free
to
hang
out
and
hashtag
office
hours
afterwards,
if
the
other
channels
are
a
little
bit
too
busy
for
you
and
you're.
Looking
for
a
friendly
home
you're,
more
than
welcome
to
pull
up
a
chair
hang
out
and
ask
questions,
and
with
that
let's
get
started.
A
Let
me
scroll
up
to
the
first
question.
Oh
man,
this
is
getting
unwieldy
here.
That's
the
new
edition
I'm
just
heading
over
to
your
document:
Bob,
okay
yep!
So
we've
started
pulling
questions
from
discuss
focal
and
Stack
Overflow,
but
if
there
is
a
question
that
hops
into
the
chat
like
Shawn's
we're
gonna
prioritize
those
first
Oh
Samir.
Actually,
you
were
first
in
line
as
well,
so
Samir
asks
whenever
a
PV
is
created,
so
whenever
a
persistent
volume
is
created
the
first
time
the
PVC
gets
bound
to
it
with
the
correct
storage
class.
A
If
I
delete
the
persistent
volume
claim
and
then
recreate
it,
then
it
does
not
get
bound
to
the
previous
PV
as
expected.
Instead,
it
creates
its
own
PV
and
volume
for
EBS.
Is
this
expected
behavior?
My
app
expects
the
same
PV
to
be
mounted
to
access
the
data
available
in
the
volume.
Has
anybody
else
faced
this
issue
panelists.
D
That
is
actually
the
expected
behavior
Jenny.
You
don't
want
to
delete
the
PBC
claim.
You
can
delete
the
pathes
associated
with
it.
That's
run
your
application,
that's
not
big
deal,
but
you
don't
want
to
delete
the
PVC
with
storage
classes.
When
you
delete
the
PBC
depending
on
your
reclamation
policy,
it
might
even
auto
just
delete
the
PV
that
was
bound
to
it.
If
you
do
happen
to
like,
if
you
need
to
mount
a
previously
believe
it
or
reclaim
to
P,
be
at
least
an
e
BS,
you
can
go,
get
the
what's.
D
It
called
the
volume
ID
and
create
a
new
PvE,
not
using
the
storage
class
and
essentially
create
a
new
PPC
pointing
to
that
and
that
to
your
god,
I
think,
I.
Think
the
key
word
here
in
PVC
is
the
C
the
claim,
so
you
can
think
of
the
the
claim
as
saying
I
need
this
storage
and
I
need
this
storage
to
be
my
storage.
As
soon
as
you
delete
the
claim,
what
you're
telling
them
to
kubernetes
is
you're,
saying
I
no
longer
need
this
storage
do
with
it.
D
As
you
will
you
know,
and
so
when
you,
when
you
release
that
claim
you
have,
you
have
claims
you've
washed
your
hands
of
the
storage
and
kubernetes
is
free
to,
when
you
add
a
new
claim,
allocate
new
storage
for
that.
As
you're
saying
the
new
claim,
you're
saying
I
want
you,
storage
I
need
some
new
piece
of
storage.
C
So
for
four
images,
I
mean
I.
There's
a
lot
you
can
do
here.
I
would
say
think
about
what
the
foundation
of
your
images
and
how
they're
being
built
from
the
ground
up.
Don't
don't
worry
about
image
layers
as
much
worry
about
why?
Why
are
we
using
Ubuntu
as
a
base
image?
Why
we're
using
Debian?
Why
we're
using
Arch,
Linux
or
whatever
you're
doing
right
a
lot
of
people
think
that
they
need
a
full
operating
system
for
their
applications.
They
really
don't
and
in
terms
of
security
and
overall
reliability
of
your
systems.
C
C
So
you
really
don't
have
to
worry
too
much
about
trying
to
optimize
that
by
default,
layers
are
taken
care
of,
but
the
big
thing
here
is
when
you
do
have
a
docker
file
and
you
do
have
multiple
statements
and
in
it
ensuring
that,
for
instance,
a
rhumb
line
has
everything
that
you
want
to
do
everything
that
you
want
to
achieve
in
that
run
line.
Don't
do
multiple
run
statements
for
multiple
redundant
functions,
so
each
one
of
those
each
statement
in
the
docker
file
creates
another
layer
right
which
creates
more
overhead.
C
D
D
I
think
we
do
that
in
some
cases
and
then,
of
course,
there's
also
there's
also
alternative,
build
tools
that
just
kind
of
do
that,
like
you
call
so
the
bunch
of
the
different
the
different
docker
build
tools
that
are
not
docker
build.
Do
that
so
bill.
The
I
know
if
I
tell
them
I
can't
even
rent
that
project,
but
build
up
those
that
I
all
can
do
that
I
believe,
but
I'm
pretty
sure
some
of
the
other
ones
can
do
it
as
well.
D
The
other
thing
we've
actually
seen
borrowed
sorta
frame
how
we
handle
things
in
HPC
world
is,
if
you
have
a
lot
of
common
stuff,
you
might
mind
up
sort
of
creating
like
in
it
and
if
I
share
with
all
that
and
then
mounting
that
as
a
sort
of
shared
volume
amongst
most
your
pods.
So
your
images
themselves
can
be
really
small,
but
if
you
have
this
large
collection
of
shared
dependencies
or
applications,
they
can
be
sure
to
do
everything
that
way.
It.
A
Okay,
I
think
that
answers
that,
if
that
didn't
please
let
us
know
easy,
has
two
questions.
If
that's,
okay
and
I
think
it
is
the
first
one
is
I've
noticed
pods,
occasionally
getting
stuck
starting
up
due
to
them,
failing
to
mount
a
secret
volume
with
something
like
below,
and
they
posted
a
little
block.
Restarting
the
pod
always
fixes
it
any
idea
what
causes
this?
So,
let's
start
with
that,
one.
A
D
Had
to
guess
off
the
top
of
my
head
there's
a
some
sort
of
race
going
on
between
service
account,
secret
creation
and
and
odd
start
hypothetically.
The
I
thought
the
automatic
retry
mechanism
should
catch
up
with
that
eventually,
and
you
shouldn't
have
to
restart
your
pod
I'm
curious.
Is
this
right
after
a
new
service,
account
has
been
created,
or
is
it
like?
The
service
account
has
existed
for
a
while
and
the
the
that's
just
intermittent
failures,
but
in
either
case
I
do
remember
seeing
someone
asking
about
this
before
on
the
bug
tracker.
A
Okay,
while
we
get
more
information,
let's
move
on
to
Evie's
second
question:
pretty
new
to
CN
is
so
calico.
In
this
example,
are
there
any
tips
to
help
visualize
network
policies
to
help
identify
where
and
why
stuff
is
being
dropped,
since,
as
far
as
I
can
tell
you
don't
get
any
logs
that
give
this
info
Ralph
went
ahead
and
started
linking
some
in
from
calico,
but
I'd
love
to
hear
from
anybody
else
possible,
or
you
know
Ralph.
If
you
have
any.
B
C
C
A
D
That
makes
the
answer
life
much
less
obvious.
If
the
service
account
has
existed
for
a
while
and
and
you're
seeing
that
I
think
that
sounds
like
a
bug,
if
you're
able
to
reproduce
it
or
to
get
any
more
detailed,
cubelet
logs
like
if
you
can
run
your
cubelet
at
a
higher
a
lot
of
verbosity
and
see
if
there's
anything
useful
in
there,
I've
done
recommend
posting
it
to
the
kubernetes
github
issues
and
end
tag
cig
node
in
it,
and
you
know
worst
comes
to
worst.
A
D
A
I'm
gonna
read
it
I'm,
trying
to
migrate
a
latency-sensitive
apt
to
kubernetes.
We
are
using
kubernetes
1.98
or
won
9-8
installed
with
cops,
but
percentile
95
response
time
increases
a
lot
as
I
found,
some
known
bugs
like
CPU
limits.
I
wanted
to
know
if
there
was
something
else
known
or
how
to
help
to
further
debug
this
right.
A
Now
it's
on
dedicated
servers,
the
deployments
and
everything
are
done,
but
when
trying
to
migrate,
there
is
a
performance
impact
on
the
percentile
95
response
time
for
some
critical
endpoints
it
is
100%
reproducible
and
he
links
to
an
issue
or
the
configuration
is
the
same
and
then
I
saw
this
bug
and
links
to
an
issue.
It
stopped
using
CP
limits
that
helped
a
lot,
but
the
performance
is
still
about
20%
worse
and
this
is
being
measured
in
the
application
itself.
Ruby
app
when
the
request
arrives,
gets
the
time
and
then
again
when
it
finishes.
A
Writing
it's
using
unicorn
to
process
the
request.
So
this
rules
out
any
queue
proxy
issues.
The
pot
is
three
containers:
the
app
and
nginx
container
in
a
metrics
container.
The
app
has
one
CPU
request,
while
the
nginx
and
metrics
containers
have
10m
and
20m
respectively.
None
of
them
is
using
much
CPU
considering
their
requests.
A
D
It
does,
it
do.
Did
I
Oh
like
to
disk,
it
gets
a
little
bit
weirder,
okay.
So
here's
what's
crazy.
All
this
communication
is
like
between
the
three
containers
in
the
pot
and
flipping
it
over
to
host
networking
equals
true
improves
it.
Are
they
communicating
across
localhost,
yes,
but
flipping
to
host
network
equals?
True
improves
it
yes,
I
know,
that's
the
expression.
I
had.
A
D
Really
weird
with
the
IP
tables
rules,
but
I
can't
I'm
having
trouble
imagining
what
it
would
be.
Oh,
the
system
was
all
provisioned
with
cops
and
using
cops
default,
CNI
driver,
which
is
forgive
me
of
it,
but
Steve
like
it
doesn't
do
anything
crazy
I
mean
if
it's,
if
it's,
if
it's
communication
inside
the
pod
across
and
it's
actually
localhost,
so
it's
across
the
it
should
be
across
the
loopback
device
right
yeah.
D
D
A
D
A
D
Would
I
would
tag
sig
note
and
sig
networking
in
that
as
well
to
get
the
right
people
looking
at
it?
Probably
sig
networking
the
more
the
clearer
one
there,
but
just
in
case
signal
as
well
might
be
useful.
Aws
might
be
good
too,
with
that
being
the
default
for
the
AWS
sort
of
world
can
I,
so
one
other
thing
I
would
try
is
see
if
you
can
reproduce
this
behavior
with
like
a
single
node
cluster.
That's
not
stood
up
like
or
stood
up
on,
like
a
local
VM
or
stood
up
on.
D
You
know
a
different
cloud
provider
or
anything
just
just
to
see
if
it's
like
something
weird
about
the
interaction
with
AWS
as
well,
because
that
would
that
would
narrow
it
down
a
lot,
because
if
it
does
end
up
being
a
WI
specific
like
that,
might
point
to
something
much
clearer
than
that.
If
it's
general
was.
B
There
different
CNI
used
did
they
did
run
a
try
using
a
different
CNI
in
that
set
up
to
see
if
it
changed
anything
just
cute
net,
because
I
would
be
curious
if
it
that
worked
or
it
didn't
make
a
difference.
The
CNI
provider
that
was
being
used,
because
that
would
kind
of
roll
out
like
rule
out
some
issues
that
it
could
be
yeah.
That's
a
good
suggestion.
A
C
So
I
was
gonna,
say:
I
mean
we're
starting
to
see
operators
for
things
like
database
databases,
things
like
bolts,
things
that
take
a
lot
of
effort
to
deploy
and
I
could
see.
Seeing
you
know
doing
one
forget
lab,
write
things
that
have
multiple
components:
things
that
have
their
own
upgrade
paths
that
might
be.
You
know,
relatively
quick,
I,
think
there's
a
lot
that
operators
provide
and
I'd
like
to
see
more
of
this.
This
you
know
come
come
of
age
for
a
lot
more
different
applications.
C
Instead
of
let
me
go
to
at
the
helm
chart
and
see
if
there's
a
chart,
that's
super
massive
that
I'm
gonna
have
to
manage
and
worry
about.
18
different,
you
know
components
right,
I
prefer
the
operator
model,
then
I
do
just
the
you
know
worry
about
my
home
charts
being
updated
right
so
that
that's
something
I'd
like
to
see.
C
I
think
that,
for
me,
yeah,
every
every
major
project
it
seems
like,
is
working
on
an
operator
member
core
OS
before
being
bought
the
kind
of
tectonic
piece
I
think
they
were
starting
to
work,
especially
with
Pesce
Co
from
the
bolts
on
the
vaulting
kind
of
calling
them
like
their
app
stack
where
they
were
just.
You
know,
applications
that
had
operators
for
you
before
them,
so
I'd
like
to
see
more
of
it.
For
literally
anything,
it
makes
life
a
lot
easier.
A
D
I
would
also
like
to
see
operators
for
more
of
the
like
the
common
components
on
the
cluster
like
I
think
it
would
be
really
cool
if
you
could
define
the
state
of
your
cluster
as
like,
give
me
a
cube,
DNS
and
nginx
ingress
controller
and
copy
of
metric
server
or
whatever,
and
you
declared
your
nginx
ignorance
controller
with
a
decorative
configuration
format.
Instead
of
you.
D
Applies
and
configuration
variables
and
stuff
and
and
and
you
know
but
like
that
and
I'm,
not
picking
on
them,
do
not
say
anything.
I
haven't
actually
comment
check
to
see
if
there's
controllers
for
maxi
dress
but
like
in
general
components
like
that
I
think
I'm
very
much
looking
for
colors
with
us.
A
Forward
to
that
significantly
same,
the
docs
have
definitely
need
to
be
upgraded.
Yeah
and
sean
has
one
last
question:
he
promises
what
in
the
cloud
native
space
are?
Are
you
folks
most
interested
and
excited
about
I'll?
Take
this
so
I
have
two
sides
of
me
once
just
a
giant
nerd
and
the
other
works
for
the
University
is
like
a
research
programmer,
so
I'm
really
interested
in
applying
all
the
cloud
native
stuff
to
just
academia
in
general,
Bob's
gonna
say
the
same
thing
as
stole
his
Thunder
this
time.
So
that's
that's
half
of
me.
A
D
The
big
thing
I'd
like
I'm,
really
really
looking
forward
to
is
the
like
multiple
different
kinds
of
container
Iser
is
being
able
to
be
here
like
run
side
by
side.
So
if
you
want
to
have
like
a
sandbox
container
Iser
settings
to
a
normal
container
Iser,
so
if
you
have
some
that
does
need
to
run
privileged,
you
can
do
it
that
way
or
if
you
want
to
you,
know
you
don't
trust
something
run
it
in
G,
visor,
run
it
and
cut
up
I,
think
that'll
be
that'll,
be
sweet,
especially
if
we're
out
multi
tenant
clusters.
A
Actually
that
you
just
reminded
me
of
one
other
thing,
so
there
was
news
that
you
know
what
is
it:
chick-fil-a
runs
kubernetes
in
every
store
and
toyota
has
kubernetes
and
their
cars
now
and
everyone
laughs
like
oh,
my
god
that
is
so
ridiculous
and
kind
of
cool.
But
something
I've
been
saying
for
almost
a
year
now
is
like
kubernetes,
isn't
just
going
to
be
for
like
at
scale
computing,
because
it's
a
lot
easier
to
develop
for
that
platform.
So
I
actually
see
more
cloud
native
things
being
applied
at
a
smaller
scale.
So.
D
Looking
forward
to
seeing
the
results
of
that,
so
that,
if
we
don't
have
this,
we
have
less
of
this
awkward
dance
around.
Like
here's.
The
build
infrastructure
for
my
project
and
here's
this
this
weird
docker
file
that
just
runs
all
these
commands
just
to
hack
it
into
getting
a
docker
file,
as
opposed
to
here's,
generating
a
container
image
using
my
native
built-in
infrastructure.
From
my
language.
C
You
know
being
last
here
you
guys
pretty
much
covered
everything.
I
think
that,
as
time
goes
on,
there
are
pieces
of
things
where
DevOps
teams
or
developers
may
be
doing
a
lot
of
extra
work
and
I.
Think
it's
interesting
to
see
how
all
these
tools
are
gonna
come
together,
get
adopted,
get
the
resources
they
need
and
then
build
on
top
of
each
other.
It's
this
compounding
effect,
and
then
things
will
become
easier,
though
the
mundanes
has
the
things
that
you
know:
editing
the
amel
specifically
worrying
about
services
or
managing
things.
C
A
A
If
Z
said
they
would
try
and
reproduce
it
awesome.
Nick
has
a
question
and
it's
a
bit
of
a
general
question.
How
do
you
guys
manage
to
keep
all
of
your
versions
of
kubernetes
fairly?
Recent
kubernetes
core
cluster
seems
to
have
fairly
regular
releases.
Then
there's
lots
of
related,
but
often
required.
Services
such
as
Prometheus,
vault,
etcetera,
D,
I'm
sure
I
could
spend
forever
just
upgrading.
D
So,
on
the
subject
of
that
I
believe
so
we
recently
open
source
a
kind
of
a
operator
lifecycle
manager.
That
is
it's
kind
of
designed
to
help.
Do
that
operator,
to
keep
track
of
your
operators
and
update
your
operators
and
and
yeah
I.
Think
that
that
kind
of
thing
is
the
future,
because
operators
make
it
really
easy
to
deal
with
and
upgrade
individual
components
so
like
on
the
individual
component
level.
D
A
A
A
All
right,
I
have
oh,
that's
a
bad
name
to
try
and
say
a
Peschel
I'm.
Sorry
if
I
butcher,
it
question
I'm
looking
for
some
insight
on
best
practices
for
doing
deployments
with
kubernetes
at
the
moment
we're
trying
to
use
helm,
we've
broken
up
our
services
into
multiple
charts
and
we
have
an
umbrella
chart
that
pulls
in
our
various
service
charts
as
requirements.
Some
rough
spots
that
we've
hit
are
what
should
the
workflow
for
deploying
a
new
version
of
a
single
service?
A
C
Like
I
want
to
attack
this
one
but
I'm
a
little
scared.
So
let
me
let
me
jump
here
to
this
workspace
with
with
this
questions
here
when
when
people
say
best
practices,
I
mean
a
lot
of.
This
is
arbitrary
right.
A
lot
of
this
is
based
on
your
organization,
and
he
mentioned
devs
deploying
right
in
my
organization:
devs,
don't
deploy,
they
push
code
and
then
other
team
handles
the
deployment
right.
So
there's
a
filter
there
and
we
verify
the
configuration
so
that
the
configuration,
if
there's
a
change,
that's
needed.
C
It's
based
on
a
feature
or
something
that's
changed
in
the
code,
and
you
need
to
know
about
that.
So
we
can
deploy
it
as
reliably
as
possible
to
the
cluster.
So
that's
one
one
difference
like
there.
There
aren't
really
best
practices
for
this
right
now.
There
isn't,
if
you
search
best
practices
home
you're,
probably
not
going
to
find
anything.
C
His
first
question:
you
know
a
new
version
of
a
single
service,
creating
a
new
umbrella
chart.
Every
time
we
want
to
upgrade
a
service
I
mean
it
sounds
like
he's,
adding
a
lot
of
unnecessary
work,
and
so
my
first
thing
would
be
keep
it
simple.
Keep
it
stupid,
simple,
while
still
explicit
right
and
so
I
can't
really
tell
you
what
your
workflow
for
a
new
version
of
a
single
service
would
be,
but
I
mean
updating
the
version.
C
You
know,
I,
don't
know
what
his
CI
CD
is,
but
you
know
updating
the
version
to
what
the
next
tag
is
for
an
image,
maybe
or
if
there's
a
new
image,
or
you
know
whatever.
That
is
updating
your
helm
chart
version
as
well.
You
know
being
verbose
and
making
sure
those
are
kind
of
in
a
commit
path.
So
those
changes
can
be
followed.
The
key
thing
here
with
helm
or
any
package
manager
for
kubernetes
and
your
applications
that
not
one
person
should
own
everything.
C
C
You
know
you
know
if
these
are
again
very
ten
puzzle
view
questions,
you
know
for
us
developers
push
code
and
we
kind
of
manage
the
deployments
ourselves,
and
so
the
code
goes
through
its
CI
CD
process
and
then
the
you
know,
images
tag
or
whatever
and
updated,
and
that's
kind
of
an
automated
process
so
that
no
one
has
to
touch
it
and
really
the
only
thing
that's
needed
is
verification
in
the
form
of
a
PR
or
something
like
that.
So
so
now,
let's
see
so
I,
don't
drop
it
to
here.
So.
D
I
want
to
I
want
to
point
out
on
the
subject
of
CI
CD
github
did
a
really
neat
presentation,
last
coupon
about
how
they
deploy
on
their
internal
kubernetes
clusters
and
I.
Think
it's
definitely
worth
watching
the
the
too
long
didn't
watch
is
basically,
they
have
a
bunch
of
configuration
files
checked
in
and
it
deploys
a
new
copy
like
each
PR
and
developers
can
deploy
a
new
copy
of
the
service
into
a
test
cluster,
but
also
you
can
before
PR
emerges.
They
deploy
canary
builds
into
the
actual
cluster
to
see
if
it
works,
which.
A
D
C
D
I
was
a
keynote
I.
Think
one
of
the
one
of
the
other
things
I
keep
in
mind
is
definitely
like.
If
helmets
working
for
you,
that's
great.
If
helm
is
not
working
for
you
definitely
don't
feel
like
you
have
to
use.
How
just
you
know
could
like
use
the
tool
for
the
job
right
and,
if
you
feel
helm,
is
adding
unnecessary
complication.
Consider
other
things,
there's
there's
a
number
of
other
tools
for
managing
their
configuration
and
take
a
look
at
them.
There's
even
tools
for
just
like.
D
If
you
want
to
keep
your
configuration
just
in
straight
communities,
EML
files
and
then
pulling
things
on
top
of
them.
There's
a
sig
COI
has
a
project
that
I
can
grab
the
link
for
that's
kind
of
designed
to
like
layer
extra
config
on
top
of
base
iam
the
file,
so
that's
easier
for
you.
Instead
of
that,
is
it
called
customize.
C
C
Ok,
somebody's
cubic
horn
draft
cube
pack
case
on
it.
There
are
tons
of
other
tools
that
are
maybe
not
at
helm.
You
know
like
helm
is
that
going
all
the
way
up
to
60?
You
know
like
these
other
tools,
kind
of
supplement,
the
yeah
mol
handling
and
the
templating
as
well,
where
charts
can
be
really
really
like
a
huge
barrier
to
entry
for
a
lot
of
teams,
and
they
take
a
lot
of
time.
C
D
A
A
D
And
I
can
take
this
one
so
as
far
as
I
know,
Cooper
neighs
itself
does
not
integrate
with
notary.
However,
the
docker
Damon
does
you
have
to
configure
the
docker
down
on
every
host
with
enabling
the
docker
content,
trust
which
is
just
like
the
env
variable,
docker
underscore
economist
to
or
trust
equals
one
and
then
another
one
that
is
docker
content,
Trust
server
and
that's
just
the
URL
to
the
server
itself.
D
A
A
Alright,
maybe
that's
something
we
check
into
a
little
bit
later,
but
I'm
pretty
sure
Bob's
right
about
there's,
there's
no
direct
link
and
I,
don't
think,
there's
a
project
that
links
the
two
next
question:
THC
DRT
asks
from
what
I
understood.
Cube
cuddle
port
forward
allows
to
do
the
same
things
as
cube,
cuddle
proxy
and
more
indeed,
cube.
Cuddle
port
forward
allows
TCP
traffic.
Therefore
HTTP,
while
cube
cuddle
proxy
only
allows
HTTP.
So
what
is
the
purpose
of
cube
cuddle
proxy?
Why
don't?
We
just
have
a
single
cube,
cuddle
port
forward
command.
D
A
I'm
holding
you
to
it,
so
the
next
question
would
be
from
CR
gee
I'm,
really
struggling
with
all
these
EML
files
formats
facing
what
is
really
needed,
what
should
be
in
them,
what
is
better
to
put
in
them
like
more
descriptive
labels,
etc.
Every
time
I
try
to
stray
from
a
very
generic
sample
stuff
goes.
Wonky.
I
really
need
a
good
resource
on
the
pieces
and
parts
and
proper
layout
of
deployment
files
in
kubernetes
I
have
lots
of
samples,
but
I
would
love
to
see
something.
A
That
explains
why
each
piece
is
there
with
spacing
I
keep
having
issues
with
that.
If
you
guys
don't
mind,
I'll
take
one
for
once
so
yeah
it
can
be
very
frustrating
and
it
is
very
complicated.
The
more
and
the
deeper
you
dive,
a
good
IDE
with
the
right
plugins
does
make
this
easier.
I
personally
use
vs
code.
Vs
code
has
plug-ins
for
kubernetes,
and
it
will
actually
lint
the
amyl
for
you
and
make
sure
things
are
alright.
A
The
other
big
thing
is:
there
are
a
lot
of
documentation,
a
lot
there's
a
lot
of
documentation
just
on
the
API
and
the
API
has
everything
you
need
to
really
know
what
goes
where
it's
just
diving
down
a
rabbit
hole
of
okay.
There's
this
object,
not
just
a
single
variable.
What
does
that
object
have
done
an
aphid,
but
the
IDE
will
help
kind
of
bring
what
you
want
Plus.
What
is
actually
there
and
merge
them
together.
D
Yes,
if
we
used
like
if
you're
working
at
the
command
line
like
cube,
could
all
explain
on
a
specific
object
and
I'll
tell
you
like
every
field
that
that's
the
sort
thing
can
do
it.
If
you
can
read
go
code,
this
is
a
pass
disk,
the
the
I,
so
you
can
get
the
same
information
out
of
the
swagger
documentation.
I
find
this
wire
documentation
to
be
a
pain
applied
to
me.
D
But
if
you
can
read
the
go
code,
the
types
dot
dot
go
file
for
each
of
the
API
is
actually
like
decently.
Well,
documented
and
I
find
it
to
sometimes
be
an
easier
format
to
read
than
the
swagger
documentation.
That's
possibly
just
because
my
eyes
are
used
to
go,
but
if
you
are
already
a
go
developer
or
have
a
passing
familiarity,
I
think
the
the
commenting
in
the
types
that
go
files
are
can
be
very
useful.
D
D
Seen
running
the
like
capital
proxy
as
a
side
car
for
another
pod,
where
you
don't
necessarily
want
to
like
expose
the
token
or
something
that
to
that
possible
thing,
and
then
it
can
just
hit
essentially
the
local
post
and
quarry
it,
and
everything
else
is
that
essentially
the
security
and
OAuth
authorization
is
delegated
to
the
other
container
in
the
pot
yeah.
So
so
cube
CTL
proxy,
and
it's
it's
also
kind
of
useful
as
a
developer.
D
If
you
want
to
play
around
with
the
with
the
kubernetes
api
and
you're
writing
an
application,
I
kind
of
use
cube
CTL
get
raw
is,
is
a
similar
like
single
command
variant
of
this,
but
both
of
them.
What
they
effectively
do.
Is
they
take
care
of
stuff
like
reading
the
cube,
config
file
and
passing
the
off
parameters?
You
know
all
that
jazz
right,
and
so
you
just
have
to
deal
with
when
you're
playing
around
you
just
have
to
deal
with
passing
the
right
path
and
then
so
as
a
developer
of
an
application.
A
A
C
I'm,
okay,
so
I,
don't
know
the
answer,
but
I'm
gonna,
I'm
gonna
say
don't
do
that
and
the
the
other
part
I'm
gonna
give
here
is
you
can
do
anything
you
want
because
it's
iptables,
so
you
could
inject
rules
if
you
wanted
to.
However,
again,
please
don't
do
that
very
much
think
about
what
you're
trying
to
achieve
and
you
go
from
there
and
see
if
there's
something
native
to
do
what
you
want
to
do.
That's
maybe
outside
of
your
cluster
or
provided
from
your
provider
that
you're
using
you
know
yes,
etc.
C
D
C
D
On
a
little
bit
to
that
again,
echo
need
be
very
careful
with
what
you're
doing,
but
it
is.
It
is
technically
possible,
as
long
as
you
don't
interfere
with
the
kubernetes
iptables
chains,
so
kubernetes
will
manage
its
own,
its
own
change
chains
and
if
you
make
changes,
those
will
get
blown
away
and
it
also
insists
on
certain
jumps
being
first
in
certain
changes.
So
don't
necessarily,
if
you
put
a
a
rule
as
the
first
in
certain
in
a
certain
chain,
I
mean
some
of
the
default
chains.
D
Don't
be
surprised
if
kubernetes,
when
it
refreshes
moves,
want
a
rules
up
above
your
role
but
other
than
that
is
technically
possible.
But
you
should
be
very
careful
in
public
I've.
Seen
probably
two
use
cases
for
this.
One
is
compliance
where,
if
you
know
for
some
reason,
you
have
to
explicitly
define
you're
blocking
some
in
your,
but
you
draft
can
be
managing
that
through
Christ.
D
A
A
D
A
A
From
what
I
can
like,
based
on
that
I'm
thinking,
he
needs
to
set
up
some
sort
of
a
service
whether
it's
load
balancer,
like
node
poor,
depending
on
his
set
on
node,
where
it
was
used
so
by
setting
up
a
node
port
or
a
load
balancer.
If
your
cluster
supports
that,
that
is
how
you
would
expose
your
pods
to
the
outside
I
think.
D
A
A
Alright-
and
we
have
actually
hit
the
last
question-
that
we
have
and
I
think
we'll
wrap
it
up
so
mike
williamson
asks
I
have
a
database
running
on
MongoDB
z--,
Atlas
service
I'm.
Getting
my
app
running.
Kubernetes
am
I
correct
in
thinking
that
I
would
need
to
do
something
like
this
and
I
will
post
it,
because
it's
kind
of
a
small
little
block
so
create
a
creating
a
service
and
then
I
would
expect
the
nslookup
for
a
MongoDB
Atlas
to
work.
If
I
exact
into
one
of
my
pods.
D
A
A
Kenzi
asks
when
will
kubernetes
brew.
My
coffee
and
I
think
I
have
an
answer
to
that.
You
see
we
were
talking
about
kubernetes,
going
big
and
also
going
small,
so
the
minute
that
kubernetes
is
actually
installed
in
an
IOT
device
that
will
brew
coffee.
That
is
your
answer
and
I'm.
Also
gonna
guess:
2020
I
have.
D
D
A
C
D
C
C
C
I
mean
you
know
stuff.
We
can
discuss
there's
a
lot
of
great
headlines
from
cute
weekly,
especially
around
the
111
release,
interview,
which
is
on
the
kubernetes
podcast,
which
I
highly
suggest
anyone
listening
in
right
now,
if
you're
listening
this
you'll
love
the
kubernetes
podcast,
it's
nice
and
short
about
a
half
an
hour
and
the
latest
one
was
actually
with
joe
beta
on
the
history
of
kubernetes
and
so
one
of
the
previous
ones.
I
listened
to
that.
C
I
loved
was
with
Josh
Burgess
and
Tim
pepper
on
the
release
releasing
kubernetes
and
what
that
looks
like
so
really
interesting
stuff.
There
there's
a
lot
of
articles
that
are
coming
out
about
more
CI
CD,
with
tools
like
Jenkins
Jenkins
X,
which
is
very
similar
to
what
get
lab
has
been
doing
handling
kubernetes
for
you.
So
doing
things
like
when
you
go
to
run
your
tests,
it
will
deploy
a
cluster
for
you
in
the
cloud
environment
of
your
choice,
just
to
run
your
test
and
then
tear
it
down
for
you
automatically.
C
So,
let's
see
also
Microsoft
has
a
new
show
called
the
open
source
show
on
YouTube,
and
one
of
the
the
episodes
here
is
with
Justin
garrison
and
Bridget
kromm.
How
I
can't
say
her
last
name,
but
they
did
the
cni
book,
and
this
is
talking
about
everything
with
getting
started
with
cloud
native
infrastructure
to
hosting
and
finding
community
events
to
vlogging,
metrics
and
error
tracking.
C
A
Think
that's
a
good
stopping
point.
Leave
everyone
with
something
to
look
up.
So
thanks
to
the
following
companies
for
supporting
the
community
with
developer
volunteers,
giant
swarm
hep
do
liqui
web
Red
Hat.
We've
works,
University
of
Michigan
and
packet
net
and
the
CNC
F
thanks
to
Google
for
sponsoring
the
shirts.
Soon
we
will
be
holding
raffles
for
the
audience
with
shirts,
kubernetes
spinners,
all
sorts
of
cool
stuff,
so
it
pays
to
come
back.
A
Whoever
wins
will
get
a
coupon
code
from
George
and
that'll,
be
good
for
a
t-shirt
from
the
CNC
F
store,
lastly,
feel
free
to
hang
out
in
hashtag
office
hours
afterwards,
if
there
are
any
other,
if
the
other
channels
are
too
busy
or
you're.
Looking
for
a
friendly
home
you're,
more
than
welcome
to
pull
up
a
chair
and
hang
out
with
us,
and
with
that
thanks
panelists
and
thank
you,
everybody
watching.