►
From YouTube: Kubernetes Office Hours 20200115
Description
Office Hours is a live stream where we answer live questions about Kubernetes from users on the YouTube channel. Office hours are a regularly scheduled meeting where people can bring topics to discuss with the greater community. They are great for answering questions, getting feedback on how you’re using Kubernetes, or to just passively learn by following along.
For more info: https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
Everybody's
a
little
bit
rusty.
What's
the
cube,
all
right,
we
are
live.
It
is
a
third
Wednesday
of
the
month.
That
means
it's
time
for
kubernetes
office
hours.
You
are
a
monthly
livestream
where
we
hop
on
YouTube.
You
ask
questions
in
the
office
hours
slack
and
then
we
do
our
best
to
try
to
answer
as
many
of
them
as
we
can
channel.
We
have
the
live
chat
over
here
on
YouTube,
so
feel
free
to
start
typing
in
your
questions.
A
How's
it
sound
so
far.
Let
us
know
how's
the
audio.
How
was
your
break?
Everyone
say
hello,
introduce
yourselves,
we
like
to
see
where
you're
from
all
kinds
of
good
stuff,
Alex
asked
me.
If
we're
gonna
have
shenanigans
on
the
show,
we'll
probably
have
shenanigans,
we
did
not
have
a
December
show
due
to
holidays
and
November
was
really
close
to
cute
concept
feels
like
we
have
not
been
around
in
a
while.
A
It
is
good
to
see
everyone
how's
everyone's
break
audience
I'm
interested
in
knowing
if
someone
actually
went
back
to
work
and
something
was
broken
on
their
Cuban
I
t's
cluster,
but
it
was
still
working
like
in
cruise
control.
I
was
wonder
if
that's
like
a
thing
over
the
holidays,
so
with
that,
let's
do
quick
introductions
we'll
go
over
the
rules
and
then
we've
got
your
questions
queued
up
and
we
will
get
started.
A
We
are
going
to
go
for
about
an
hour
and
at
the
very
end,
if
we
read
your
question
live
on
the
air,
we
will
be
giving
you
a
kubernetes
t-shirt,
which
none
of
us
seem
to
be
wearing.
That's
a
thing,
but
it's
the
one
that
has
a
Cuban
Andes.
Let's
wait,
Bob's
wearing
one
you'll
get
one
of
these
snazzy
t-shirts
that
one
of
the
panelists
it's.
A
C
D
F
B
A
All
right
and
Mario
will
be
joining
us
later
in
the
show.
Awesome,
it's
good
to
see.
Everyone
in
chat
looks
like
everybody's
here.
Let's
get
started
with
the
rules
here
we
go
before
we
start.
We've
got
some
ground
rules.
First
of
all,
the
kubernetes
code
of
conduct
is
in
effect,
so
be
excellent
to
each
other.
We've
never
really
had
a
problem
with
here
with
that
here.
So
please
keep
that
in
mind.
This
is
also
a
judgment-free
zone.
A
Everyone
had
to
start
from
somewhere
the
entire
point
of
the
shows
for
everyone
to
learn,
no
matter
what
your
still
level
is.
So
there
are
no
dumb
questions.
Just
ask
your
questions.
You
might
as
well
just
ask
them,
so
we
can
get
them
put
them
on
the
Internet.
So,
as
people
start
to
review
the
back
catalog,
they
could
share
in
the
expertise
and
what
we
do
we'll
do
our
best
to
answer
your
questions.
We
don't
really
have
access
to
your
cluster
or
to
any
of
your
infrastructure
and
don't
want
it.
So
we
won't
be.
A
You
know
helping
you
live
debug,
your
cluster
or
anything
like
that,
but
what
we
will
do
is
try
to
tell
you
where
to
look
to
find
your
problems
or
where
to
get
you
to
the
next
step.
Is
panelists
you're
encouraged
to
expand
on
your
answers
with
your
experiences
and
protips
saying
further
the
chat.
We
have
a
lot
of
experienced
people
in
the
chat
who
are
always
sharing
their
expertise.
A
I
think
every
single
show
someone
pastes
in
a
new
tool
that
we've
never
heard
of,
and
things
like
that
and
that
again
that's
kind
of
why
we
have
the
show.
So
we
could
share
expertise
so
audience
you
can
help
by
pacing
in
URLs
to
projects
that
are
relevant
to
the
question
that
we're
talking
about
links.
The
official
documentation
is
always
appreciated.
A
A
So
any
blog
posts,
you
know
random
github
project,
I
love
getting
rain
of
getting
a
project,
no
one's
ever
heard
of,
and
then
we
look
at
it
in
the
show,
and
it's
actually
awesome-
that's
really
great
feel
free
to
post
your
questions
on
Stack,
Overflow
or
discuss
or
in
slack,
and
then
repeat
them
to
us
here.
So
usually
what
happens?
Sometimes
you
might
have
a
question
on
Stack
Overflow.
It's
not
getting
any
attention
bring
it
here,
we'll
be
happy
to
take
a
look
at
it.
A
You
can
also
help
us
out
by
tweeting
spreading
the
word
paying
it
forward.
If
you
can,
we've
not
tried
this
before,
but
let's,
let's
see
if
we
can
get
a
retweet
going
of
my
announcement
of
this
show
going
live
cuz.
That
would
be
a
lot
of
fun.
So
let
me
link
that
up
and
toss
it
here
and
chat
and
get
some
retweets
there
to
get
the
audience
hoppin.
That
would
be
a
lot
of
fun.
Okay,
and
with
that
panel
you
ready
how's
everyone's
holidays.
A
Everyone
right
any
one
shot
to
work
to
some
that
was
totally
broken.
I
would
love
to
hear
that
story
in
chat.
All
right
so
moving
on
before
we
start,
we
do
have
a
follow-up
from
Brendan
who
says,
following
up
on
the
helmet.
I
was
having
thanks
to
the
fats
from
iPad
draws
us.
We
started
some
experiments
related
to
the
pure
size
of
our
home
deployment,
in
particular
the
values
file.
We
found
that
we
reduced
it
down
from
65,000
down
to
720
4
bytes.
We
didn't
see
any
issues.
A
I
found
a
solution
was
to
break
out
the
creation
of
TLS
secrets.
It
occurs
a
separate
pipeline
just
directly
using
cube
control
thanks
for
all
the
help.
That
is
awesome.
We
love
it
if
you're
stuck
and
we
can't
help
you
and
then
let
us
know
how
it
works
out,
or
we
will
try
to
get
you
more
experts
outside
of
the
show
to
help
you
give
you
a
hand
if
you
ever
find
a
solution.
We
always
appreciate
it
when
you
share
that
with
65k.
A
A
I
I
would
love
to
know
like
when
that
what
Valley
was
changed
like
what
the
change
control
process
was
when
someone
was
like
I
think
I'll
change
this
value,
but
so
VPC
s.
First
question
of
the
day:
V
PC
s,
hey
yo,
any
idea
at
the
ED
Eureka
course
help
begin
with
kubernetes
isn't
worth
signing
up
so
I'm
gonna
generalize
this
a
little
bit
I
think
we
do
get
a
lot
of
questions
on
which
courses
are
good
and
not.
I
can't
really
comment
on
that,
because
I
haven't
taken
any
anything
from
the
audience
here.
A
C
Yeah
so
I
mean
a
year
and
a
half
ago,
I
got
this.
He
K
so
I'll
post
some
course
links,
but
for
a
my
studying,
I
found
the
just
to
get
like
a
general
understanding.
The
EDX
intro
to
kubernetes
course
was
really
good,
so
that's
a
precursor
to
the
one
that
the
Linux
Foundation
offers,
which
is
the
official
training
course
for
CK
I,
also
found
going
through
the
task
list
on
kubernetes
IO
was
super
beneficial
and
then
kind
of
a
go
to.
C
A
Any
other
comments,
if
you
have
an
opinion
on
on
this
in
the
chat,
feel
free
to
just
type
it
in
the
office
hours
Channel.
We
are
streaming
the
channel
along
with
our
video
all
right,
so
hopefully
that
will
get
you
started
and
toss
in
some
links.
Good.
The
next
question
comes
from
pappy,
which
has
been
here
before
welcome
back
and
they
actually
post
gave
us
a
link
from
stack
overflow
for
PHP
fpm
nginx
on
kubernetes
Pantano.
A
You
looked
at
this
before
and
he
got
an
answer
he's
just
looking
for
a
second
opinion,
and
something
we
were
talking
about
before
we
actually
went
here
is
I.
Think
a
lot
of
people
think
that,
because
you're
using
kubernetes,
you
have
to
rewrite
the
world
and
to
go
micro-services
and
when
it
really
comes
down
to
it.
The
rest
of
the
internet
is
running
on
PHP
and
Java,
so
I'm
happy
to
field
those
questions.
So
anyone
have
the
TLDR
on
this
one
here,
because
they
do
have
an
answer
at
at
minus
10.
G
D
Was
mainly
about
where
to
put
the
data
if
you're
splitting
up
the
PHP
at
the
m
and
the
next
process
is
yeah
and
if
I
remember
it's,
usually
you
should
put
it
in
a
volume
on
in
docker
that
used
to
be
a
bit
more
complex.
As
you
have
to
manage
that
volume,
I
would
say
that
in
communities
you
just
creating
a
persistent
volume
should
and
then
mounting
it
to
a
pod
with
three
containers
should
be
nicer
than
because
you
wouldn't
you,
wouldn't
be
able
to
have
it
in
three
parts
and
share
share
volumes
between
right.
A
B
G
B
One
one
potential
idea:
if
you
do
so
any
as
a
persistent
volume,
would
be
to
you
like
there's
the
whole
snapshot
restore
functionality,
that's
in
there,
so
it's
like
as
part
of
your
upgrade
process.
You
get
snapshot
the
volume
well
underlying
storage
support
and
all
that,
in
this
case,
though,
I
would
still
I
would
probably
I
would
probably
win
debate,
making
everything
together
into
a
single
single
container.
Okay,.
A
D
D
There
I
think
I
haven't
experienced
a
lot
of
latency
I
mean
yes,
you
are,
you
might
be
calling
between
two
hosts.
That
might
help
might
might
happen.
It
depends
a
lot
on
your
use
case.
If
you
and
you
you
have
colocation
of
thoughts,
you
can,
you
can
have
affinity,
rules
to
get
them
to
the
same
house
and
as
soon
as
you're
on
the
same
host,
at
least
depending
on
your
networking
setup.
B
One
thing
regarding
that:
if
you
have
stuff
that's
hitting
services,
even
if
you're
on
the
same
post,
you
wouldn't
necessarily
hit
a
pod
that
is
also
running
on
the
same
host.
However,
there
was
in
117
really
says
the
enhancements
lead.
There
was
something
I
think
it
graduated
to
beta
4,
topology,
aware
routing
of
services.
So
you
can
add,
you
know
preferences.
A
Okay,
alright,
we'll
move
on
to
the
next
question.
If
you
have
a
follow-up
to
that,
panting
we'd
be
happy
to
address
it.
Marquis
in
the
chat
dropped
in
a
link
of
resources
he
created
for
kubernetes
learning
resources.
That
is
awesome
thanks
for
that
Marquis
and
welcome
to
the
show.
Let's
see
that
that
keep
asking
your
questions
and
I
will
keep
going
in
this
document.
Here
we
have
a
little
notes
document
with
all
your
questions
queue
up.
Men
bar
tells
us.
Does
anyone
know
how
to
turn
off
the
cube?
A
D
A
A
He's
got,
he
replied
to
himself
with
more
information
here,
so
spread
the
documentation.
It
seems
like
it
shouldn't
turn
on
unless
you
have
one
of
the
proxy
underscore
star
or
requested
or
underscore
star
variables
past
the
API
server,
but
we
don't
have
either
set
and
we're
seeing
errors
like
this
in
our
logs
and
a
bunch
of
errors.
Additionally,
we
tried.
D
A
All
right,
Ben,
hopefully
that'll
get
you
started,
I
see
you're
typing,
hopefully,
that'll
get
you
in
the
right
direction
and
we'll
get
some
follow-ups
from
you.
Awesome
thanks,
Ben.
All
right
next
question
is
from
maths.
Is
there
a
way
to
add
a
static
pot
IP
from
the
cube
underscore
part
of
your
network?
To
my
deployment,
yeah
Moe
saw
that
when
container
restarts
it
comes
up
with
the
same
internal
IP,
interesting.
F
Yeah,
as
far
as
I
know,
you
get
my.
You
cannot
assign
a
static
IP
to
a
board
together
on
the
problem.
What
I
would
what
I
would
do
is
to
create
a
service,
and
you
know,
keep
changing
the
board
that
way
the
service
IP
remains
more
or
less
constant,
and
no,
you
can
access
the
pod
as
it
comes
and
goes.
E
A
A
E
D
D
A
D
F
A
D
If
you're
worried
about
performance
and
service
internal
IP,
IP
tables
might
might
might
give
you
a
little
bit
of
issues,
but
there
is
other
Syrian
eyes
that
that
build
services
in,
for
example,
BPF
and
you
get
quite
a
high
speed
with
that,
like
maybe
look
into
psyllium,
for
example,
not
sure
who
else
does
a
PF
kellyco
is
adding
vpf
support
recently,
I'm,
not
sure
if
they
do
it.
Bob.
A
A
They
said
BPF
Bob
Bob
will
start
to
send
you
some
links
there
Matt
in
a
way
and
then,
as
Sanjeev,
does
point
out,
software's
I
container
writer
II
should
not
assume
that
the
IP
is
fixed.
I
hear
ya,
but
sometimes
we
gotta
we
gotta
put.
We
don't
so
Matt
hope
that
helps
you
out.
That's
that's
a
very
interesting.
A
That's
a
very
interesting
question,
because
I
think
when
you
sit
in
your
first
kubernetes
101
session
or
whatever
the
first
thing
they
tell
you
is
like
everything's
a
pheromonal,
you
know
don't
depend
on
IPS
and
all
that
stuff,
but
then
we
have
software
in
the
real
world
right.
So
that
is
good.
Sean
Chitwood
asked
welcome
to
show
hello
I'm,
trying
to
verify
some
behavior
and
hope
he
can
help
you
at
pods
that
are
deploying
helm.
Church
we
world
our
own
home
operator
for
the
operator.
A
C
C
One
I
use
is
the
we
some
operator.
Yes,
they.
A
D
A
C
A
D
A
So
Sean,
if
you're
on
the
line,
type
of
chat
and
then
we'll
come
back
with
for
you
for
you,
IDs
I'm,
having
too
many
errors
at
the
workers,
physical
servers
that
say
slug
:
unable
to
allocate
memory
on
node
-1
from
describing
the
nodes
with
cube.
Cut'
all
I
found
the
memory
limits
doesn't
reach
more
than
32
percent
on
each
server
should
I
check
anything
else.
All
pods
contain
CPU
and
memory
limits.
B
A
B
F
This
slub
message
seems
specific
to
the
kernel
it's
showing
up
from
the
kernel,
so
I
mean
one
of
the
blog
said.
It
is
perhaps
related
to
a
kernel
issue
or
a
bug
in
the
kernel.
So
the
user
space
clearly
says
that
if
they
have
sufficient
memory,
32
percent,
it's
probably
something
they
have
to
fix.
If
in
the
kernel
or
update
to
a
different
version
of
Linux
yeah.
A
A
B
D
A
Just
so
we
address
bends,
let's
start
getting
a
little
bit
this
specific
weight
job,
don't
follow
memory
requirements
at
all.
Let's,
let's
be
a
little
bit
specifically.
What
happens
with
the
containers?
Take
too
much
memory,
do
they
get
killed
by
kubernetes
or
they
just
allow
it
to
run.
So,
let's,
let's,
let's
explain
this
a
little
bit.
We
don't
even
know
if
that's
this
person's
problem,
but
let's,
let's
clear
the
road
on
what
happens.
What's.
D
The
giorno
for
the
out
of
memory
killing
and
this
doesn't
have
to
be
javac.
It
could
be
something
else
that
is
breaking
out
of
the
container
or
that
is
using
much
more
than
they
should
is.
You
need
to
be
very
diligent
with
your
allocations,
so
you
need
to
have
best
see
group
slices
set
up
for
you,
look
cubelets
and
docker,
for
example,
so
otherwise,
your
your
basically,
your
community
user
space
containers
will
take
up
the
memory
even
from
the
cubelet
and
acute,
and
nothing
will
be
able
to
help
you
recover
that
node.
D
So
we
had
lots
of
issues
just
that
could
only
be
solved
just
by
having
like
lots
of
butters
and
not
sexy
group
sizes
set
up
for
the
system
for
the
cubelet
4
and
then
for
containers,
and
only
giving
the
one
for
containers
to
containers,
but
then
still,
if
you
have
something
that
doesn't
adhere
to
your
container
limits
or
to
the
secret
limits,
like
I,
think
versions
of
Java
before
10
do
not.
But
there
is
this
works.
A
A
A
Alright
to
catch
everybody
up
looks
like
some
CN
eyes.
Do
offer
static,
eyepiece
and
up
that
calico
does.
Arguably
the
most
common
CI
does
support
static,
IP
per
pod
and
Sam
G
has
given
a
link
there.
So
if
you're
really
useful
today,
I'm
gonna
give
you
a
kubernetes
t-shirt
so
stick
around
after
the
show
people
who
help
I
give
out
t-shirts,
I'm
gonna
burn
through
my
t-shirt
budget
and
the
CNC
F
is
gonna.
It's
gonna
be
burning
through
our
T
t-shirt
budget.
So
stick
around.
F
A
A
Okay,
grandpa
asks.
Oh
hey,
sanjeev,
also
asking
a
question
awesome,
so
their
question
is
good
morning.
I
would
like
to
get
some
information
on
everyone's
experiences
with
various
single
sign-on
Oh
IDC
providers,
options
for
M
and
Kim
kubernetes
api,
as
well
as
other
apps,
like
a
fauna,
in
particular
your
experiences
with
ki
cloak
dex,
open
unison
and
o
off
to
proxy.
We
have
not
mentioned
dex
in
a
long
time.
Let's,
let's
catch
up
on
authentication
everyone.
A
F
E
I've
personally
been
using
Dex
and
yeah
I'm
super
happy
with
it.
It's
it's
working
great.
It
supports
the
various
kind
of
different,
basically
like
data
like
configuration
providers
like
Albert,
where
you
actually
study
other
users
and
there's
just
sort
of
matches
of
lab
groups
with
50
are
kubernetes.
Api
yeah
definitely
check
out
that.
D
Right,
jo,
is
the
maintainer
for
to
proxy
use
text
and
click
on
posts.
They
both
work.
Dex
is
much
more
lightweight.
There
might
be
some
use
cases
where
you
there.
We
need
more
than
that,
especially
if
you
have
like
more
advanced
setups.
You
might
want
to
have
actual
user
management
in
there
too,
and
just
like.
D
Identity
providers
for
every
one
key
lock
that
said
is
is
great,
but
it's
also
very
complex
and
very
big,
so
you
need
to
really
get
deeper
to
understand
it
because
you
would
be
running
it.
I
guess
the
proxy
is
good
for
for
authenticating
in
apps,
like
Ravana,
although
I
think
a
lot
of
apps
are
now
also
providing
native
or
IDC
functionality,
so
you
could
directly
hook
up
the
Exile
key
talk
to
them.
If
not
all
su
proxy
is
definitely
not
a
bad
option.
B
A
B
A
So
both
like
I
just
want
to
make
sure
that
both
options
are
like
still
maintained.
You
know
you
don't
paint
yourself
into
a
corner
by
choosing
the
one
that's
getting
sunset,
so
it
sounds
like
both
projects
are
still
being
actively
maintained
and
you
don't
have
any
issues.
As
far
as
I
go
Pierre
mentions,
I'm
securing
microphone
is
from
easiest
with
nginx
annotations
with
OAuth
proxy
and
then,
since
the
link
there.
Thank
you
for
that
max
guys.
Welcome
back
I.
A
A
D
E
A
A
A
A
That
we
will
looks
like
lots
of
people
are
typing.
Then
Bartels
mentions
off
zero.
That's
in
the
in
the
question
thread
here.
So
someone
brought
up
a
good
point
that
we
should.
It
probably
helps
to
put
the
repeat
the
question
in
slack
so
that
the
information
is
in
the
live
stream,
while
we're
doing
that
so
we'll
figure
out
something
cleaner
than
that
cuz
right
now,
I'm
looking
at
the
thread
and
it's
not
showing
up
on
the
on
the
stream,
but
all
right.
A
One
second
threading
is
both
the
greatest
and
most
terrible
feature
of
slack.
It's
really
a
nice
organized.
It's
just
least
going
back
to
these
questions
really
hard,
so
they've,
tossed
in
their
logs
for
a
cute
cuddle
described
pod
and
their
push
notification
trigger
yeah,
moe
and
they're
cute
cuddle
get
pods.
The
someone
needs
time
to
consume.
This
I
can
come
back
to
you.
If
one
of
you
just
wants
to
read
and
then
come
back
up
to
you,
I.
A
Right
in
the
meantime,
if
you're
joining
us,
let
me
just
do
a
public
service
announcement,
while
y'all
are
catching
up.
If
you're
joining
us
from
YouTube
there's
the
kubernetes
office
hours.
We
do
this
a
third
Wednesday
of
every
month.
We
hop
up
to
YouTube.
We
keep
your
questions
and
we
try
to
get
through
them
as
quickly
and
as
safely
as
possible.
We
always
enjoy
community
participation,
and
this
panel
is
a
bunch
of
experts.
A
So
if
you
want
to
hop
on
or
a
bunch
of
volunteers,
so
if
you
want
to
hop
on
here
and
pay
it
forward,
we
do
have
a
rotating
set.
The
commitment
is
one
hour
a
month.
All
we
need
as
long
as
we
get
five
people
or
whatever
to
to
run
the
show.
That's
really
all
we
need
so
we're
always
looking
for
new
people
to
help
mix
it
up
different
levels
of
expertise.
A
So,
if
you're
interested
in
that,
please
let
us
know
in
the
meantime,
we'd
like
to
thank
the
following
companies
for
supporting
the
community
by
allowing
their
volunteers
to
sit
on
the
panel
for
us.
That's
a
giant
swarm
stock,
X,
pivotal
pusher,
calm,
we've
worked,
vmware
the
University
of
Michigan
Red
Hat,
Utility
Warehouse
and
the
city
of
ottawa,
ontario
canada
for
Chris's
expertise
and,
as
always,
a
special
thanks
to
the
CNC
for
sponsoring
this
giveaway,
which
we
will
get
to
in
about
15
minutes
or
so
alright
panel.
What
do
we
think.
F
Definitely
see
scheduler
scheduled
it
at
five
minutes
back
in
55
seconds
within
a
minute,
cubelet
has
got
the
information,
pull
the
image
and
start
at
the
container.
So
it's
a
question
of
when,
when
the
cube
applied,
the
command
was
started
and
when,
when
actually
the
container,
as
the
body
showed
up
right
from
from
the
event,
it
is
clear
that
within
a
minute
the
pod
has
come
up.
It
is
a
question
of
how
long
did
it
take
for
the
scheduled
scheduler
to
actually
schedule
it
in
a
certain
node?
E
Yeah
like
looking
at
the
logs
and
events,
it
doesn't
seem
that
anything
is
really
like
out
of
like
not
working.
So
basically
something
is
slow
and
I
would
actually
investigate,
basically
kubernetes
behavior,
either
scheduler
or
looking
at,
like
metrics
figuring
out
how
long
it
actually
takes
on
average
to
like
scheduled
pods
and
things
like
that.
I.
F
Yeah
I
mean
mark
Marcius
mentioned
that
one
of
the
other
thing
is
the
number
of
API
requests
that
you
send
it
to.
The
system
is
also
matters.
Maybe
you
have
to
peek
around
to
me
on
that
aspect
of
kubernetes
and
see
if
it
comes
faster,
you
know,
if
you
run
so
many
jobs,
then
it
might
be
slower
in
that
aspect.
B
A
A
Oh,
hey
Mario's
here
introduce
yourself
after
the
question.
This
is
one
of
my
private
projects,
but
has
the
same
logic,
and
then
they
put
a
github
link
there
to
their
terraform.
The
contents
of
this
I
would
like
to
move
into
the
application
repo,
instead
of
having
it
in
my
infrastructure
of
code
repo.
If
you
have
talks,
video,
slides
or
blog
post
on
this
topic,
please
let
me
know
I
would
really
like
to
explore
this
some
more
thanks
and
advance
any
tips
for
them.
B
C
A
E
C
H
I
actually
want
to
agree
with
that
4,000
percent.
We
actually
ran
this.
We
build
our
circle
pipelines
for
all
of
our
services
like
40
of
them,
and
we
decided
that
we
put
terraform
in
that
as
well
part
of
that
as
part
of
that
pipeline.
So
a
given
service
would,
for
each
pipeline
run
actually
terraform.
That
would
verify
the
current
state
of
the
database
for
that
service
right.
H
However,
we
had
this
whole
big
thing
where
we
put
an
approval
step
on
in
the
gate
and
developers
actually
started
hating
us,
because
they
didn't
understand
the
terraform
that
we
were
putting
in
their
repos
and
they
didn't
understand
why
they
had
to
click
an
extra
approval
step
and
they
didn't
really
look
at
what
terraform
was
saying.
So
we
actually
had
a
lot
of
issues
where
the
database
someone
went
into
the
manual
change
that
was
actually
for
the
better.
Maybe
they
shouldn't
have
done
that,
but
they
didn't
update
the
tariff.
H
There
was
just
kind
of
delay
before
the
pipeline
would
run
in
the
and
then
it
runs,
and
then
it
says
oh
wait.
A
second
I'm
gonna
revert
it
back
to
what
I
know
it
should
be
good
State
and
then
something
breaks,
and
so
what
we're
now
working
on
is
ensuring
that
all
that
is
kind
of
isolated
from
the
application
itself.
So
it's
you
know
it's
it's
fine
to
do
separate,
database
or
Redis
instances,
let's
say
for
your
services,
but
they
don't
necessarily
need
to
be
managed
in
the
repo
that
your
service
lives
out
of.
H
So
if
you
have
an
infrastructure
repo
that
most
of
that
loads
out
of
it,
in
addition
to
cluster
configurations
like
es
CTL
y
amell's
and
helm,
chart
services,
and
things
like
that,
they're
more
core
that
you
know
how
the
platform's
getting
cuter
cares
about
so
yeah.
Definitely
every
structure
code
is
great,
I.
H
Think,
like
we've
recently
and
others,
are
doing
this
thing
where
they
there's
a
pipeline
for
your
infrastructure,
repo,
which
verifies
your
actual
infrastructures,
where
it
should
be
and
I
think
that's
where
we're
definitely
what
Bob
and
and
burkas,
and
things
like
that
are
saying
of
your
core
services,
our
core
to
the
operation
of
your
platform,
be
very
careful
when
you're
trusting
an
automated
pipeline
to
make
changes
in
that
run.
We're
tiptoeing
into
that.
You
know
possibly,
but
and
I
know
they
care
from
enterprise
and
Atlantis.
H
There's
tools
that
do
this
on
the
terraform
side
of
things,
but
yeah.
That's
it's
exciting
and
it's
kind
of
all
the
rage,
but
also
sometimes
you
just
need
to
jump
in
a
shell
and
verify
some
things
yourself
or
run
your
ETS
detail
commands
yourself
against
environments,
so
I
will
end
with
I'm
Mario
Lauria
I
work
in
sockets
I
of
Z
do
SOE
gymnastics
and
make
sure
things
are
alive.
My
focus
is
kind
of
on
ingress
networking
some
service
mesh
lately
mary
deploys
and
auto-scaling,
and
also
data
dog.
A
Yeah
and
I
do
have
the
blog
posts
from
Josh
burkas
linked
to
somewhere
in
the
kubernetes
forums,
but
I
currently
can't
find
it
so
someone
remembers.
I
should
actually
bookmark
that,
because
I
think
we
use,
let's
say
every
other
time,
yeah,
it's
you
know
other
than
psyllium.
This
is
probably
the
second
most
popular
link
that
we,
let
me
mention
every
week,
so
someone
can
help
that.
A
D
That's
a
topic
currently
I
would
say
there
is
most
probably
no
best
practice,
because
not
many
people
are
actually
doing
it
CR
these
are
quite
fresh
and
people
working
with
theories
are
quite
fresh.
The
current
practice
at
all
is
having
a
vet
book
that
migrates
between
your
versions
that
you
implement.
D
Usually
yourself.
I,
talked
to
James
one
of
the
maintainer
of
certain
manager,
product,
which
is
also
CRT
controller
project,
and
they
have
a
quite
generic
package
for
migrating
CDs,
even
if
they're
not
using
them
yet
I
would
just
check
out
the
cert
manager
and
github
repo
in
the
packages.
They
have
a
migration
yeah,
some
migration
code
that
works
against
two
different
versions
of
your
of
your
types
as
I.
As
far
as
I,
remember,
I
haven't
looked
in
it
into
it
since
San
Diego,
but
that's
very
very
pointed
me
to
it
one
one
other.
D
B
Then,
okay,
if
you
can
run
your
clusters
at
117
or
if
you
can
set
us
a
minimum
requirement,
both
defaulting
and
burdening,
are
now
GA
it
pretty
was
GA
and
116
in
defaulting
as
how
their
1:17
I
know.
It's
been
a
big
request
for
a
long
time
and
that
should
help
more
with
migrations
of
this
stuff.
You're
still
essentially
you're
still
probably
gonna
have
to
wind
up
sitting
like
some
attending
admission
webhook
to
handle
the
upgrade
or
something
like
that.
But
now
you
can
at
least
move
more
of
a
logic
out
of
your
core
application.
D
Yeah,
that's
that's
actually
quite
an
interesting
work
around
to
say:
maybe
you
don't
use
kind
of
the
migration
logic
of
like
actual
C
or
D
versioning,
but
you
use
an
admission
of
that
book
to
just
migrate,
all
incoming
old
versions,
to
a
new
version
that
that
might
be
really
interesting
to
look
into
I.
Think.
C
Would
read
hats
operator
lifecycle
manager
assist
with
that
at
all
I'm
just
vaguely
aware
of
it.
So,
yes,.
B
D
I
would
maybe
try
in
the
beginning
to
not
expose
too
much
your
CID
as
an
API
to
users,
the
value
you
don't
have
it
right
yet
and
and
communicates
the
Alpha
status
of
it.
Similarly,
to
how
commands
does
it,
we
do
it
upstream
good
to
to
not
to
fall
into
like
deprecation
issues
internally,
but
then
internally,
you
might
have
contracts
with
other
teams.
Anyways
might
not
be
even
be
able
to
deprecated
anything
and.
A
Some
Jeeves
to
sense,
if
you're
running
a
new
Sierra
to
yourself,
you
should
think
about
writing
an
upgrade
function
in
that
controller.
If
you're
picking
up
someone
CRD,
you
may
not
get
enough
great
function.
Built-In
ouch,
a
related
concept
is
operator,
lifecycle
manager
which
handle
this.
If
your
CRE
is
within
an
operator
and
Bell,
says
I
see
Thanks,
and
then
we
got
more
information
from
Pierre,
so
we're
gonna
go
back
to
that
and
then
Sammy
your
question
will
be
next
and
then
we'll
get
to
the
raffle
which
Bob
will
be
rolling.
A
Our
dice
Flores,
just
gonna,
give
you
the
heads
up
there
and
I
was
able
to
find
the
links
to
Josh
purchases
database
links
so
two
links
there
there's
a
two
part
blog
series
and
then
a
discussion
on
the
forums
about
that
two-part
blog
series.
I
will
strongly
consider
pinning
that
topic
in
the
general
discussions,
so
as
it
comes
up
buck
here,
gives
us
some
more
background
on
his
question.
Just
to
clarify
our
database
is
still
kubernetes
external
and
that
it's
of
Kerber
Nettie's
we're
looking
to
provision
only
databases
inside
our
Azure
database
clusters
and
provision.
A
H
I
I
think
is
a
society.
This
is
the
same
guy
that
yep,
okay,
yeah
and
yeah.
Looking
at
provision
databases
insider
is
their
database
clusters,
so
yeah
those
are
external
the
clusters,
so
that's
terraform
or
whatever
they're
using
for
that
which
definitely
yet
we
want
that
in
a
repo.
Actually,
you
you
want
everything
to
be
a
PR
right.
You
want
any
change
to
be
a
PR
and
I.
Think
that's
that's
nice.
However.
H
Getting
there
can
be
tricky
depending
on
where
you're
at
you're
you're,
starting
from
and
then
sequence
inside
of
case
as
part
of
CSD
yeah
right
there
I
think
the
big
thing
is
handling
secrets.
So
you
don't
want
to
consume
your
repositories,
and
you
want
to
be
careful
with
your
UI
of
your
CI
CD
pipeline.
You
don't
want
somebody
going
and
say
rerun
job
with
SSH,
and
then
they
can
jump
in
and
look
at
environment
variables
and
get
those
secrets
relatively
easily
I've
heard
of
people
within
the
head
security
incidents.
H
Where
that's
happened
before
so
you
definitely
want
to
make
sure
that
those
are
handled
appropriately
and
yeah
and
then
giving
you
them
in
a
pipeline
is.
Is
really
nice
I
think
the
big
thing
with
a
pipeline
is
putting
gates
in
place
at
first
to
be
safer
and
then
understanding
the
nature
and
lifecycle
how
people
are
gonna
interact
with
it
and
where
it's
you
know
where
your
needs
are
gonna
be,
and
then
maybe
you
can
pull
some
off
later
on
or
make
more
dense
decisions,
so
hopefully
that
helps
I
just.
D
Had
to
look
at
that
private
project,
they
posted
and
like
I,
do
think.
Creating
the
secret
where
you
create
the
database
is
not
a
bad
idea,
doing
it
at
terraform,
moving
it
to
the
app
and
or
to
a
chart,
or
so
not
sure
what
it
is
actually
solving.
Do
you
have
issues
syncing
the
two
or
I
mean
if
there
is
issues,
maybe
you
also
think
about
what
you
want
to
use.
As
you
know,
secret
management
secret
holding
place
I
mean
you
could
use.
D
A
A
A
A
A
C
A
B
A
B
A
And
we
are
out
of
time
I'm
sorry
Sanjeev
on
that
one.
So
what
we
are
gonna
do
here
is
queue
up
your
questions
and
then
we
could
start
addressing
them
next
month
and
what
I
do
is
I.
Keep
it
a
real
little
running
tab
of
major
issues
that
people
bring
up.
So
that's
how
we
usually
get
up
to
the
database,
things
and
best
practices
and
then
I
do
try
to
communicate
that
to
the
proper
sig
inside
of
kubernetes
itself.
A
So
this
is
a
way
for
us
to
actually
see
what
problems
people
are
running
to
in
real
life
and
communicate
that
information
back
to
the
developers
to
hopefully
figure
that
out
so
off.
I
think
is
a
spot
where
we
could
definitely
use
a
little
help
on
that.
So
that
will
be
our
2019
huggles
I.
Think
for
the
group
and
with
that
we're
gonna
close
it
up
thanks.
A
Everyone
in
chat
for
hanging
out,
we
will
be
back,
I,
always
put
the
top
the
date
and
the
YouTube
URL
to
our
next
stream
at
the
top
of
the
slack
channel,
and
as
always,
you
could
just
subscribe
to
the
YouTube
channel
and
get
all
the
kubernetes
content
that
we
do.
We
do
have
a
sister
program,
the
first
Wednesday
of
every
month,
which
is
meet
our
contributors
with
Parrish
Pittman.
That
is
basically
a
similar
format
to
this,
except
people
that
want
to
get
involved
in
contributing
to
kubernetes
itself.
A
So
the
show
mostly
is
how
to
get
you
how
to
get
your
kubernetes
up
and
working,
and
then
that
show
is
like
how
do
I
contribute
to
kubernetes
and
has
a
similar
format
and
with
that
I
think
that
is
a
wrap
for
today.
Any
last
comments,
last
chance
panel
type
audience
to
type
panel.
Any
last
comments
all
right,
happy,
deploying
everyone
and
we'll
see
everyone
in
a
month
Thanks
later
and
stay.
My
first.