►
From YouTube: Kubernetes Office Hours 20170823
Description
Welcome to our first office hours!
Slack log: https://kubernetes.slack.com/messages/C6RFQ3T5H/
Notes/Get Involved: http://bit.ly/k8s-office-hours-notes
B
A
C
D
A
F
A
All
right,
let's
get
started
so
first
things.
First,
let
me
give
you
the
quick
mission
statement
of
what
we're
trying
to
do
here.
So
the
idea
is
is
that
we
would
make
a
monthly
starting
monthly
and
we'll
do
more
depending
on
what
the
demand
is.
So
the
idea
is
to
give
users
a
place
where
they
can
talk
to
developers
and
ask
them
questions
right
and
on
the
other
hand,
it's
a
place
to
give
developers
to
get
more
feedback
from
users
that
are
using
their
code.
A
A
The
idea
here
is
to
help
introduce
you
to
each
other.
First
of
all,
which
is
always
a
lot
of
fun,
we
know,
kubernetes
users
is,
is
has
a
lot
of
people
in
it
right
and
sometimes
you
just
need
to
find
a
person.
That's
stuck
in
the
same
way.
You
are
so
the
idea
there
is
to
make
this
useful
for
you
for
you
to
learn
things
like
that.
Right
like
we
want
it,
so
that
if
you're
sitting
at
work
and
your
boss
is
like
hey,
let's
have
a
fun
activity.
A
B
A
One
of
these
locally
or
regionally
for
this
first
one
we
chose
the
European
time
zone
the
next
one.
We
want
to
do
something
closer
to
the
west
coast
of
the
US.
We
want
to
equip
the
community
with
the
tools
that
they
need
in
order
to
pull
this
off,
and
these
first
few
ones
are
gonna,
be
a
little
bit
rough
like
with
YouTube
URLs,
and
things
like
that.
So
the
idea
is
for
us
to
kind
of
shake
out
the
methodology
that
we're
using
just
you
know,
figure
out
what
it
takes
to
run.
A
One
of
these
well
and
then
kind
of
go
from
there.
There
are
gonna
be
a
few
ground
rules,
though,
before
we
start
those
of
you
in
the
channel
and
hash
office
hours.
We
do
have
a
few
rules.
The
first
is
no
judgement
zone,
so
I'm
learning
how
to
use
cue,
Burnett
ease
myself
and
there's
nothing
more
frustrating
than
when
you
get
starting
working
on
something,
and
you
ask
a
question
and
then
somebody
makes
fun
of
you
for
using
it
wrong
or
whatever.
So,
let's,
let's
keep
things
positive.
A
There
are
certainly
a
lot
of
things
that
can
go
wrong
when
doing
distributed
systems,
so
we
need
to
kind
of
understand
where
people
are
coming
from
some
people.
Don't
have
you
know
they
might
have
different
networking
restrictions
at
work.
Then
you
might
have
things
like
that.
So,
let's,
let's
try
to
keep
it
constructive
and
try
to
help
people
as
as
much
as
we
can
what's
on
topic
and
what's
off
topic
so
with
the
complexity
of
these
systems.
A
Some
of
these
questions
will
just
be
unanswerable
right,
like
Clayton,
can't
just
ssh
to
your
work,
machine
and
figure
it
out
for
you.
So
for
a
lot
of
these
questions,
appending
on
how
complex
they
are,
we
might
end
up
just
having
to
explain
to
you
how
to
start
the
debugging
process
to
help
you
get
to
where
you
need
to
be
so.
For
example,
networking
I
know
networking
questions
are
just
going
to
end
up
being
complicated
due
to
their
nature.
So
what
we?
A
What
we're
going
to
try
to
do
there
is
is,
if
it's
something
is
too
complex
too
local
to
your
specific
installation
is
to
kind
of
help
you
find
the
place
in
the
docs
where
you
need
to
go
or
what's
it
you
need
to
join,
to
follow
along
or
to
kind
of
figure
out
the
process
of
of
how
you
need
to
get
started,
to
figure
out.
What
exactly
is
the
problem
right
and
that
might
be
things
from
hey?
Have
you
checked
this
log?
A
A
A
A
A
A
Okay,
so,
tomorrow
ask
question:
I'm
trying
to
use
my
custom
out
of
tree
cloud
provider
with
kubernetes
I'm
able
to
run
it
that's
to
help
robb
Lucas,
but
I
notice.
A
cubelet
calls
api's,
like
node
address
by
provider
with
empty
provider
ID
for
external
cloud
provider.
Digging
in
the
code
for
the
1.7
branch
I
see
that
the
cubelet
cloud
is
null
for
external
cloud
providers.
As
a
result,
get
instance,
provider
ID
returns
an
empty
string.
A
His
questions
are,
and
that's
in
the
slack
Channel,
if
you,
if
you
could
repost
that
again
tomorrow,
that'd
be
great,
so
people
can
can
actually
read
the
functions.
You're
calling
his
questions
are.
What
features
are
lacking
from
out
of
tree
cloud
providers
as
a
result
of
this,
and
is
this
intentional
or
a
temporary
thing
that
will
fixed
in
the
future.
D
So
I
took
a
look
at
the
code.
Real
quick
I
will
say:
I
have
not
looked
at
this
before
so
take
this
kind
of
with
a
little
bit
of
a
grain
of
salt,
but
I
believe
that
there
are
some
things
like
labeling.
The
notes
instance
type
won't
happen
and
it
looks
like
the
nodes
addresses
which
go
into
the
status,
so
node
dot
status
on
addresses
would
not
be
updated
as
well
so
I.
Imagine
we
probably
need
that
and
I
would
say,
use
a
little
bit
more
investigation
Clayton.
What
do
you
think
yeah.
B
There's
actually
been
some
security
discussions
about
how,
in
general,
that's
something
that's
better
to
move
to
the
central
controller,
because
the
central
controller
has
access
to
most
of
the
same
information
that
the
node
would
on
almost
all
cloud
providers
anyway,
and
it
means
that,
for
instance,
a
node
couldn't
lie
about
what
labels
it
has
so
I
wouldn't
be
surprised
to
see
that
one
moved
that
responsibility
move
to
the
cloud
provider
and
the
next
release,
or
so
the
second
one,
definitely
is
going
to
be
much
harder.
I
actually
don't
know
that
someone's
considered
that
yet.
A
B
And
this
is,
you
know
this
is
definitely
a
great
example
of
not
everything
that
happens
in
a
sig
in
the
SIG's
working
on
things
like
moving
external
cloud
provider
out
makes
it
to
the
rest
of
the
team
of
the
docs,
but
talking
with
the
sig
responsible
for
cloud
controller
and
opening
a
bug,
you
know
doctor
documenting
your
experiences.
This
is
actually
an
example
of
something
where
it's
possible
that
someone
building
their
own
custom
cloud
controller
has
a
fair
amount
of
experience,
that's
relevant
to
the
sig.
That's
doing
the
design
for
this.
D
F
D
So
we've
been
having
a
discussion
on
the
developer
mailing
list.
It
hasn't
been
active
in
a
couple
of
weeks,
but
there
was
a
question
as
to
whether
we
should
have
something
like
sig
cloud
that
was
would
have
cross-cutting
concerns
that
applied
to
any
anybody
who
wanted
to
implement
a
cloud
provider
for
kubernetes
and
I
believe
there
was
lazy
consensus
to
go
ahead
and
do
that,
but
I'd
have
to
go
back
and
check
what
the
final
state
or
what
the
last
state
was
there.
D
A
A
So
generally
speaking,
all
SIG's
have
public
open
meetings
that
are
just
like
this,
except
anyone
could
just
come,
hang
out.
So
usually
what
I
find
is
the
hard
part
finding
out
when
I
have
a
problem?
Is
what
sig
covers
it
exactly
unless
you
know
it
for
sure
what
tool
you're
using
so
I
use
this
list
a
lot
of
SIG's
to
kind
of
figure
out?
Okay,
if
I'm
when's
the
next
time
sig
net
work
is
meeting
and
sometimes
I'll
just
show
up
and
listen
in
and
just
about
all
of
those.
A
G
Hello
quickly
introduce
myself
I'm
Elyse
rice
I
am
a
technology
evangelist
with
active
security
and
yeah
I'm,
not
somebody
who
has
dug
a
whole
lot
into
the
inner
workings
of
kubernetes,
but
maybe
somebody
come
from
there
outside
of
someone
who's
trying
to
use
it
to
demonstrate
those
things
and
I
know
a
reasonable
amount
about
containers
and
runtimes,
and
that
side
of
things
and
I
think
this.
This
I
was
thinking.
G
This
list
of
SIG's
is
a
really
good
point,
as
somebody
who's
just
trying
to
get
involved
more
with
kubernetes
I'm
gonna,
just
echo
that
it
is
quite
hard
to
know
where
to
ask.
You
know
figure
out
whether
your
question
even
relates
to
apps
or
auto
scaling,
or
you
know
some
of
those
even
the
concepts
are
quite
hard.
So
if
people
out
there
I
think
you
but
I
don't
even
know.
A
Where
to
start,
you
are
not
alone,
yeah
I
think
my
first
six
months,
I
just
put
it
as
like
right
on
my
bookmarks
toolbar
and
I,
hit
it
three
or
four
times
a
day,
I'm
constantly
going
in
there.
Okay,
who
do
I,
who
do
I
need
to
talk
to
over
here
and
then
they
all
keep
very,
very
copious
notes.
So
you
know
when
once
you
get
in
there
and
you
click
on
their
respective
page,
they
all
maintain.
A
Who
runs
that
cig
who,
where
the
notes
are
so
all
the
notes,
are
public
and
usually
I
can
be
like.
Okay,
I,
don't
know
what
API
machine
users
being
up
to
you,
but
I
can
click
on
their
link
and
see
their
last
three
meetings
and
kind
of
glom.
You
know
get
a
tldr
executive
version
of
what
I
need.
So
that's
very,
very
handy.
For
me,
awesome
are
we
ready
for
another
question
here.
A
D
C
C
Okay,
so
I
can
see
that
they
are
using
one
home
and
thus
far
roldy
involved.
They
disabled,
firewall
young
master,
since
a
5v
and
cluster1
must
enforce
late
running
into
a
race.
The
school
petition
followed
me:
that's
what
the
whole
dissenters
thing.
I
guess,
maybe
because
I've
been
exposed
when
you
change
from.
C
As
I
understood,
one
case
service
law,
the
type
of
notebook
exposes
the
service
or
known
nodes
in
the
cluster.
However,
when
I
created
it,
the
service
was
exposed
only
on
the
two
nodes
out
of
four
in
the
cluster
I
am
guessing.
That's
not
expected
behavior
right,
troubleshoot,
saying,
okay,
let
me
see
they
got
so.
It
sounds
like
yeah.
It
is
possible
that
this
is
as
simple
as
proxies
and
running
out.
The
net
I
mean
that's
like.
D
They
need
to
have
cute
proxy
running
on
all
the
nodes
and
IT
iptables
needs
to
be
set
up
identically,
and
the
comment
did
mention
that
IP
tables
L,
look
the
same
but
I
think
what's
critical
to
look
at
is
IP
tables
team,
NAT
yeah.
Let's
a
look
at
the
NAT
table
inside
of
IP
tables,
because
that's
where
you'll
find
all
the
routing
for
services
yeah,
that's
right.
F
C
Yeah,
there's
it's
not
quite
clear
from
from
this
it's
in
like
so,
if
I,
if
I
search
for
cube
proxy
in
this
question,
it
seems
like
they
use
netstat
and
that's
that
sort
of
bubbles
up
that
keep
proxy
is
running
in
all
those
nodes
and
then
they
are
when
they
trying
to
tell
that
a
corpse,
okay
and
and
that's
not
working
on
from
the
two
nodes
at
one
welcome
proxy,
possibly
listening.
Okay,.
A
At
least,
maybe
grab
all
the
expertise
of
the
people
that
are
listening
and
then
I'll
toss
it
in
the
show
notes
and
see
if
we
can
get
this
person
somehow,
because
it
seems
to
be
strange
that
cube
admin
would
have
nodes
coming
up
that
work
and
ones
that
don't
work
like
assuming
you
don't
touch
them.
It's
by
hand
right.
C
D
C
F
C
It
may
be
not
the
complete
solutions
to
the
particular
problem
in
mind,
but
additionally,
I
think
if
we
are
considering
you
know
response
times
and
such
things
perhaps
instrumenting
your
apps
with
Prometheus
for
actually
for
the
export,
as
Frankie's
exporters
in
front
of
your
apps
they'll
be
able
to
do
that.
He
would
be
one
way
to
do
it.
I.
A
C
Because
it's
really
it
becomes
really
hard.
When
you,
for
example,
consider
you
know
HTTP
traffic,
you
can
have
all
sorts
of
fancy
DPI
here,
but
dpi
well,
I
mean
there's
probably
a
way
to
get
TPI
into
your
page
TLS
channels,
but
that
may
be
still
quite
quite
hard
and
a
lot
to
ask
right.
It
actually
becomes
much
easier
to
consider
instrumenting
apps
with
previous
or
adding
it
implementing
provisions.
Explorer
30-pound
instrument,
not
the
way.
A
B
So
I
can
talk
a
little
dates
to
this.
The
there's
been
a
long
art
being
worked
on
through
stick
instrumentation,
and
they
got
a
scaling
to
a
stream
line
heap
stir
to
slim
it
down
into
what
you
may
have
heard
called
the
metric
server
to
offer
a
limited
set
of
metrics
for
the
the
metrics
that
the
cluster
need
and
a
very
simple
form
the
things
that
the
scheduler
could
use
to
make
better
decisions
about
where
to
place
pods.
B
So
if
you
search
for
metric
server
and
the
coronated
incubator
or
follow
along
with
the
instrumentation
there's
work
ongoing
for
that,
the
goal
is
to
also
be
able
to
integrate
Prometheus
and
other
metric
solution
to
get
additional
data.
I
think
the
initial
plan
for
the
dashboard
was
to
take
their
existing
heap,
stir
integration
and
they're
still
looking
at
a
number
of
options
with
the
dashboard
to
the
best
of
my
knowledge.
A
F
B
Many
things
do
care
many
six
do
carry
roadmaps
of
their
own
they're,
not
quite
standardized
I.
Think
to
the
level
that
would
be
useful
and
there's
been
a
lot
of
discussion
recently
about
getting
a
little
bit
more
formal
with
how
we
propose
and
track
the
deeper
details
of
how
these
things
should
work
across
multiple
releases.
So
it's
getting
better
about
to
do
that.
A
Yeah
that
gives
me
an
opportunity
to
mention
that
on
every
Thursday,
there's
a
community
meeting
where
SIG's
kind
of
rotate
in
and
out
giving
us
a
status
report
of
what's
happening
and
sig
p.m.
and
sig
architecture
also
usually
have
status
reports
to
kind
of.
Tell
you
what's
going
on
holistically
across
the
project,
so
I'll
make
sure
I
paste
a
link
to
that
in
the
show
notes
of
when
that
is
that's
on
every
every
Thursday.
So
moving
on
to
our
next
question,
we
have
sellers
chris
sellers
awesome
thanks
for
coming
Chris
question.
A
We
are
using
cops
for
deployment
management
into
AWS
and
are
trying
to
leverage
ooofff
from
our
Google
suite
to
grant
roles
and
bindings
to
users
of
keep
control
and
eventually
to
an
ingress
controller
to
the
dashboard
via
the
API
server.
We
have
email
claims
working
well
for
authorization,
but
are
trying
to
do
division
of
privilege
to
assign
roles
based
on
group
memberships.
My
specific
question
is:
does
Google
OAuth
support
passing
group
as
part
of
the
claim?
A
B
So
I
can
at
least
answer
the
last
part,
so
the
API
server
does
support
groups
being
passed
along
at
authorization.
Time
I
believe
the
current
mechanisms
for
Google
ops
I'm
a
little
bit
less
familiar
with,
and
so
I'd
have
to
defer
that
part
of
the
question
should
be
easy
to
find,
but
the
intent
would
always
be
that
if
the
authorization
or
the
authentication
provider
for
kubernetes
has
the
ability
to
pass
groups
along,
our
back
is
already
ready
for
that
in
the
fur.
A
A
Next
question
from
a
BD
for
lla.
Sorry,
I
can't
print
I
can't
pronounce
that
if
that's
supposed
to
be
pronounced,
what
is
a
recommended
way
for
exposing
an
edge
service
when
you
have
an
edge
service,
such
as
Netflix
ooh?
That
is
the
entry
point
to
a
set
of
services.
I
find
it
confusing
whether
to
expose
that
edge
service
via
a
service
object
with
a
load,
balancer
you'll,
be
in
this
case
or
via
an
ingress
specifically
that
I
don't
need
the
URL
based
reverse
proxy
capabilities
of
ingress.
Since
that
is
done
in
the
edge
service
itself.
A
F
Take
that,
maybe
if
you,
if
you
go
with
very
few
edge
services
and
zoo,
lets
us
point
to
that,
then
I
would
most
probably
go
with
me.
I'll,
be
because
ingress
just
at
some
another
point
of
failure
that
you
could
that
you
need
to
manage
and,
as
you
said,
you
don't
need
the
functionality
that
ingress
gives
you.
A
Okay
and
please
do
a
follow-up
if
your
question
has
changed
based
on
his
response
or
not,
and
then
we'll
get
to
it
in
the
meantime,
keep
keep
the
questions
coming
guys.
These
are
great.
Let's
see
who's
next
question
from
tomorrow
in
a
mixed
product,
gke
cluster,
with
prod
services
exposed
publicly
using
GL
GCL
be
ingress.
How
can
you
make
dev
services,
both
HTTP
and
non-http,
accessible
to
developers
from
our
laptops
outside
the
cluster,
without
exposing
such
services
that
sternly
I.
B
There's
also
there's
also
the
possibility
to
that.
You
know
like
just
like
you
can
draw
proxy
and
cube
control
port
for
it,
but
you
might
also
want
to
run
a
proxy
inside
of
kubernetes
and
have
that
be
the
only
thing
you
expose
I
mean
ultimately,
at
the
end
of
the
day,
there's
something
that
does
have
to
be
exposed.
But,
for
instance,
I've
seen
people
exposed
as
a
stage
servers
that
offered
the
ability
to
port
forward
a
little
bit
more
at
a
lower
grain
or
a
more
fine-grained
level
than
what
the
API
server
allows.
So.
A
H
A
D
C
Yeah-
and
there
is
also
a
thing
that
the
faults
of
Intel
worked
on
right,
node
feature
discovery,
add-on,
that
sort
of
like
adds
extra
levels
for
various
features
of
Intel
CPUs,
and
we
talking
about
CPU
flags
or
kernel
flags
right.
Okay,
so
you
can
get
probably
a
probably
wants
you
to
monitor
the
others.
I,
don't
know
if
the
node
feature
discovery,
he
is
actually
going
to
do.
This
I
thought
it
was
more
about
CPU
features.
However,
on.
C
E
Also
paints
give
you
a
little
bit
more
control,
so
if
you
want
the
option
to
prefer
to
schedule
on
to
that
or
to
halt,
if
no
Colonel
Flagg
is
available,
some
of
these
things
are
things
that
paints
are
explicitly
designed
to
give
you
more
flexibility
on.
Even
if
they're,
not
always
the
you
may
not
always
need
that
complexity,
as
Lily
was
saying
right.
C
B
A
C
A
C
A
D
So
there
are
cron
jobs
and
creati
teas,
but
the
API
only
recently
I
think
within
the
past
week,
graduated
from
alpha
to
beta.
So
if
you
were
looking
to
use
it
on
something
like
gke
I,
don't
believe
that
that
would
be
enabled,
given
that
the
most
recent
stable
release
running
on
gke
would
have
it
an
alpha
and
they
don't
enable
alpha
api's.
D
But
if
you
do
have
access
or
the
ability
to
control
which
API
is
running
or
you're
running
on
master,
the
API
is,
is
beta
now
or
you
could
enable
the
alpha
1
and
then
use
it
and
it
uses
a
standard,
cron
selector,
and
you
would
specify
basically
what
what
you'd
want
it
to
run.
Just
like
you're
running
a
pod,
but
it
ends
up
being
a
scheduled,
be
a
crime
or.
A
D
F
A
C
F
B
There's
definitely
been
things
like
demon
sect,
cron
jobs
suggested
I.
Think
if
somebody,
if
most
of
the
challenges
have
been
coming
up
with
use
cases
that
really
require
it
and
most
people
have
been
able
to
work
around
it
in
other
ways.
So
I
would
say
if,
if
you've
tried
to
use
crown
jobs
to
accomplish
the
task-
and
you
don't
feel
they
quite
fit,
please
do
give
that
feedback.
I.
B
I
D
D
Call
api's
alpha
beta
and
GA
or
stable
whatever
you
want
to
call
it
based
on
how
we
feel
they
are
about
their
quality
and
also
in
terms
of
their
stability.
So
an
alpha
api
is
something
that
is
proposed
and
we
reserve
the
right
to
rename
fields,
rename
types
and
there's
no
forwards
or
backwards
compatibility
guarantees
with
an
alpha
api.
So
they're
out
there
alpha
to
allow
the
development
team
to
hit
rate
on
their
implementation,
and
they
may
change
over
time
when
an
API
graduates
to
beta.
D
That
means
that
we're
going
to
do
everything
in
our
power
to
retain
compatibility
as
you
would
go
forward
with
newer
versions
of
kubernetes
and
and
we
don't
want
to
rename
fields
and
rename
types
and
things
like
that.
And
then,
when
you
get
to
something
that's
v1
or
v2
or
any
of
the
stable
versions,
then
we
are
not
allowed
to
make
breaking
changes
and
there
is
not
a
direct
correlation
between
an
alpha
API
or
a
beta
API
and
a
kubernetes
version
other
than
within
a
given
kubernetes
release
like
1.7.
D
A
A
G
B
Acute
control
convert
command
if
you
have
to.
If
you
have
an
object
in
one
version
of
the
API
cube,
control,
convert
will
convert
it
to
another
and,
as
we're
saying
not
all
objects
always
go
from
alpha
to
beta
and
have
a
conversion
path,
but
we
generally
try
to
do
so
in
order
to
get
that
feedback
of
ensuring
people
are
trying
cron
jobs
as
much
as
possible.
We
just
can't
promise
it.
D
And
we
actually
have
been
having
a
big
discussion
about
how
we're
going
to
do
alpha
fields
and
alpha
features,
and
if
they're
going
to
be
annotations
going
forward
or
not
and
I
believe
the
latest
guidance
and
I'll
go,
find
a
link
and
drop
it
into
slack,
but
I
believe
the
latest
guidance
is.
We
are
not
going
to
be
doing
imitations
anymore
because
it
just
makes
too
many
issues
for
moving
forward.
As
you
progress
to
different
API
versions.
So,
rather
than
doing
annotations,
will
be
just
doing
field
names
like
you
would
expect
to
see.
Okay.
D
B
D
C
Meaningful
also,
you
know
because,
like
annotation,
some
some
JSON
and
an
annotation,
it's
something
that
that
is
like
pretty
hard
to
to
to
validate
right.
It's
kind
of
like
it's
a
user
to
to
get
to
see
whether
whether
what
you've
done
is
like
meaningful
at
all
or
not
it's
kind
of
hard,
because
you
may
have
misspelled
the
key
and
you
can
even
spell
the
key.
Just
ignore
it
and
the
keys
are
pretty
long
time.
A
So
hopefully,
that
answers
your
question
post
a
follow-up
this
next
one
from
Ovid
Joe
I'm
trying
to
get
through
as
many
of
these
as
possible.
I,
don't
know
what
anybody
here
has
any
hard
time
limits
at
the
top
of
the
hour,
but
trying
to
get
in
as
many
of
these
as
we
can
I'm
currently
using
the
standard
nginx
ingress
resource
with
queue
Blago
to
handle.
Let's
encrypt
certificates,
the
ingress
is
backed
by
a
load
balance
service.
Specifically
Azure.
A
Is
it
at
all
possible
to
get
the
external
client
IP
through
to
the
internal
application
ingress
plus
pod
in
such
a
configuration
I
can't
currently
seem
to
even
get
it
through
the
nginx
nginx
ingress
itself.
The
source
IP
is
listed
as
27
0,
one
attempted
to
run
with
a
service
beta
kubernetes,
slash
external
traffic,
only
local
annotation
on
the
LB
service
to
no
avail.
Sorry
I
kind
of
butchered
that,
but
it's
pasted
in
the
in
the
slack
jus
so.
C
Right,
that's
basically
cube
like
I
mean
connects
Congrats
I,
see
well
from
one
thing.
That
I
know
for
sure
is
that
you
know
chocolate
kind
of
provides
very
much
the
same
functionality
except
it's
bacon
to
a
single
ingress
controller,
and
it
does
these
because
for
you
on
stuff,
so
that
may
be
worth
trying
as
a
test
whether
where
they
support
was
dropping
an
additional
piece
of
things
but
I,
don't
think
the
Jets
tech
folks
are
here
today,
but
I
thought
James
was
about
to
join,
but
he
didn't
make
it
and
yeah
a
century.
C
B
So
I'll
say
that
this
is
one
of
the
hardest
problems
in
computing
is
trying
to
figure
out
trying
to
keep
an
IP
e
flowing
through
a
whole
layer
of
proxies.
So
it's
possible
to
that.
This
was
just
an
unintentional
bug
at
some
layer
because
something
is
proxying
something
else
without
passing
that
forward
the
beach
step
in
the
chain,
each
proxy
in
the
chain
is
going
to
need
to
do
something
a
little
bit
different
to
ensure
that
that
value
gets
propagated.
B
F
C
C
C
A
Alright,
let's
try
to
get
more
in
here
when
using
a
PVC
for
dynamic
provisioning
of
volumes
in
a
cloud
providers,
ie,
EBS
and
AWS
such
volumes
become
owned
by
the
current
cluster,
which
means
the
volume
lifecycle
is
tied
to
the
cluster
lifecycle.
Now,
if
I
need
to
create
a
new
cluster
for
some
reason,
is
there
a
supportive
way
to
migrate
these
volumes
to
the
new
cluster?
A
C
Is
my
favorite
problem
I
think
this
actually
is
one
of
the
reasons
why
I
created
the
issue
about
the
this.
This
one
in
particular
right.
The
same
same
applies
to
the
elby's
right
Oh
mentioned
they'll
be
is
already
in
it
yeah,
so
yeah,
so
quad
providers
resources
are
kind
of
like
attached
across
the
lifecycle
and
a
feat
I
think
it's
pretty
legit
that
you
you
want
to
manage
some
of
those
externally,
so
the
external
cloud
provider
work
should
hopefully
catabolism
I'm
spending
like
I
taste
this
stuff.
C
That's
why
I
raised
the
issue
initially
and
that
then
that's
when
the
external
clock,
a
lot
of
cloud
providing
work
started
I
donated
caters
for
it
yet
well,
essentially,
I
don't
know
the
specifics
of
wheel
of
PVC
well
like
within
the
LB.
You've
been
obviously
managed.
That
was
clogged
formational
terraform,
or
something
like
that
and
then
essentially
pointed
at
your
cluster
right.
So
who's
the
PVC
I'm
not
quite
sure
how
you'd
manage
that
I
hope
you've
had
experiences.
You.
D
Thing
real
quick,
so
we
have
been
working
on
something
that
we
open
sourced
a
couple
weeks
ago
called
arc
from
hep
Co.
That
will
allow
you
to
backup
and
restore
your
cluster
data,
including
taking
snapshots
of
persistent
volumes,
and
so
you
can
move
them
from
one
cluster
to
another.
It's
it's
alpha
at
this
point
and
maybe
would
help
you
out
so
we'd
appreciate
it.
If
you
take
a
look
and
give
us
some
feedback,
yeah.
A
A
A
So
next
question:
is
there
a
KA,
kubernetes
native
pattern
for
shared
replication
services,
a
deployment
with
n
shards,
each
shards
nodes,
its
ID
and
with
the
earth
shard
with
K
underscore
I
replicas,
possibly
depending
on
load?
How
can
I
achieve
something
that
behaves
like
that
with
consuming
services,
dynamically
discovering
all
available
shards?
Sorry,
that
question
is
definitely
not
easy
to
read
that.
B
Yeah
I
mean
I
would
say
in
general.
Staple
sets
are
intended
to
do
part
of
that,
because
most
of
the
things
that
need
deep,
charting
or
stateful.
If
you
need
much
more
flexibility
and
you're
willing
to
open
over
provision
a
lot,
you
could
certainly
set
up.
Multiple
stateful
sets
treating
each
as
a
shard,
but
it's
going
to
require
a
little
bit
of
automation
on
your
part.
It's.
C
F
B
A
B
Yeah,
so
cute
control
top
pods
was
always
kind
of
an
alpha.
It's
an
alpha
command.
You
want
to
call
it
that
right
now,
you'd
have
to
look
at
three
different
places
when,
when
things
are
evicted,
there
is
a
record
kept
of
that.
If
you're
using
a
disruption,
budget
you'll
actually
get
a
count
of
how
many
things
have
been
evicted
under
that.
So
that's
one
way
disruption
budgets,
one
of
those
lesser
known
features.
It
actually
provides
a
lot
of
value.
If
you
want
to
control
how.
B
A
C
What's
this
being
talked
like,
we
have
a
graphical
equivalent
of
people,
don't
get
their
top
parts
even
bespoke.
Also
I,
don't
think
it
has
the
functionality
you're
asking
right
now,
but
does
offer
a
little
more
than
what
you
keep
it
all
get.
The
top
parts
offers
right
now
and
the
you.
If
you
think
that
disk
and
punctuality
you
know
is
his
high
level
thing.
Perhaps.
A
And
probably
the
last
question:
for
the
day
we've
had
some
people
drop
and
everyone
kind
of
has
to
get
back
to
work.
So
I'll
go
ahead
and
ask
this
one
final
question:
havi
asks:
we've
got
two
nodes
production
cluster
in
gke
173
and
we're
suffering
random
restarts
of
the
cubelet
every
day.
We've
had
that.
Look
at
D
message
and
they've
looked
at
Journal
control
for
the
cubelet,
but
we
can't
see
any
team
reveling,
just
a
cubelet
service
being
restarted.
A
10
minutes
ago
we
saw
one
of
the
notes
was
restarted
and
all
they
see
is
the
up.
Time
has
changed
when
the
a
cessation
to
the
node,
how
can
they
be
bugged?
The
situation
is
there
any
other
log
that
they
can
look
at
other
than
D
message
and
Journal
control
to
figure
out
how
the
cubelet
is
being
restarted.
I
feel
like
we're
in
the
dark
and
we
can't
keep
our
production
app
running
with
constant
down
times
so.
C
I
can
try
and
take
that
just
just
a
quick
spell
on
that.
You
know
I.
Think
essentially
you
want
to
monitor.
Yes,
I
can
then
identify
whether
whether
this
problem
actually
cures.
It's
very
regular
interval
right.
So
if
it
doesn't
hear
it
very
regularly
intervals,
then
they
use
debugging
a
certain
way,
try
to
correlate
to
12
events
and
one
way
to
solve
that.
It
could
be
this.
For
me,
please
Prometheus,
as
a
generic
optometric
and
you'll
be
able
to
figure
it
out
from
there.
C
You
would
be
infinitely
the
a
particular
job
you
in
prometheus
mean
I.
Can
I
can
happen
to
explain
that
if
you
want
to
go
down
this
path
and
and
I
couldn't
so
offline
and
yeah,
if
it's,
if
it's
not
that
yeah
trying
to
relate
all
the
logs,
you've
got
he's
probably
a
good
thing,
but
maybe
what
difficult?
So
if
you
can
isolate
the
problem
into?
Oh,
that's,
actually,
GK,
the
chicken
is
a.
A
C
Right
so
I
mean
if
it's
GE
I
guess
then
today
from
13
some
of
the
folks,
there
would
be
a
good
idea.
You
know
indicating
it's
not
like
your
own
system
me
one
reading,
apfel
access
to
do
you
think
it's
been
set
up,
but
I
play
the
G
key
provisioning
system
right
so
I'm
I'm
on
data
sure,
if
it's
worth
digging
into
unless
you
know,
unless
unless
Google
help
with
this
yeah.
C
J
A
C
A
A
C
F
A
F
A
Ya,
sorry,
that's
very,
very
broad
names,
but
we
do
all
figure.
This
out.
We've
had
a
consistent
about
50
people
watching
the
stream
the
whole
time.
So
not
a
bad
start.
I
like
to
apologize
again
for
the
mix-up
with
the
URL,
we'll
definitely
get
that
I
have
been
consistently
writing
notes
on
how
to
make
this
smoother.
So
those
of
you
listening
I'm
at
castro,
jo
on
twitter
or
you
can
just
ping
me
on
slack
I'm,
just
Jo
rge
on
slack
any
feedback
that
you
had
to
make
this
smoother.
A
What
would
really
help
I
know
for
sure
that
the
spreadsheet
of
questions
isn't
gonna
work,
as
only
one
person
used
it.
So
what
we're
thinking
about
doing
is
adding
in
something
in
the
bot
on
the
kubernetes
slack
that
will
allow
you
to
when
someone
gets
stuck.
They
can
just
queue
it
up
for
the
next
office
hours
and
then
we
can.
We
can
do
that
so
thanks
again
for
participating.
A
If
you
are
interested
in
helping
those
of
you
that
are
listening,
we
need
help
gathering
all
the
slack
URLs
and
putting
them
in
the
notes,
maybe
perhaps
doing
some
investigations.
When
someone
mentioned
a
project,
you
know
grabbing
what
the
URL
is.
So
if
you
want
to
help
me
with
that,
I've
got
the
document
is
open
to
everybody
and
we
can
always
use
more
help
with
your
retweeting
things
like
that.
A
So
thanks,
everybody
I
hope.
Some
of
you
come
back.
If
we
didn't
get
to
your
question
or
you
need
more
help,
please
a
construct.
This
you
know
or
if
you're
doing
a
follow-up
for
something
to
help
to
you.
Please
do
for
you
to
come
back,
then
some
will
do
these
I'll
go
ahead
and
announce
these
on
all
the
typical
kubernetes
health
channels
and
everything.
So
thank
you
very
much
for
coming
our
wonderful
hosts.
Do
you
have
anything
else
to
say
thank.