►
From YouTube: Kubernetes Office Hours (EU Edition) 20180718
Description
This is our monthly EU edition of Kubernetes Office Hours!
Session starts at 4:45
For more information check this page:
https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
B
I'm
Bob
Dylan
I
work
with
Jeff
is
just
the
like
left
of
me
for
the
both
of
us
work
for
the
University
of
Michigan
in
the
advanced
research
computing
entangle
Services
Department.
Our
experience
is
pretty
much
in
kubernetes
on-prem
he's
been
more
experienced
in
jobs,
I'm
a
bit
more
than
networking
another
guy.
C
C
A
Well,
Ilya
can
introduce
himself
when
he
gets
back
all
right
so
before
we
start
here
the
ground
rules.
This
is
a
judgment-free
zone.
Everyone
had
to
start
from
somewhere.
So
please
help
everyone
out
by
having
a
supportive
environment
in
the
channel.
Oh
yeah,
oh
yeah,
I'm
gonna
go
through
the
ground
rules
and
then
you
can
do
your
introductions.
A
While
we
do
our
best
to
answer
your
questions,
the
panel
doesn't
have
access
to
your
cluster.
So
live
debugging
is
off
topic,
but
we
will
do
our
best
to
get
you
moving
down
the
next
step
of
debugging
audience.
You
can
help
out
by
pasting,
URLs
to
official,
Docs
or
blogs,
or
anything
that
might
be
relevant
to
the
topic
at
hand
in
the
slack
Channel
post.
Your
questions
to
discuss
or
stackoverflow,
especially
if
it
has
like
large
logs
that
you
want
us
to
look
at.
A
You
can
also
help
out
by
tweeting
and
spreading
the
word
and
paying
it
forward,
letting
everyone
know
that
this
is
going
on
and
we're
here
to
help
each
session
is
recorded
and
available
on
youtube.
So,
if
you're
using
this
as
a
work
resource,
please
let
us
know
how
we're
doing
so.
We
can
try
and
make
it
better.
If
you
want
to
sit
on
this
panel
and
spread
your
knowledge,
you
are
more
than
welcome
to
and
you
can
earn
a
famous
water
bottle
which
I
don't
have
because
I'm
not
George,
you
can
help
us
take
notes.
A
A
We
will
also
be
holding
a
raffle
for
the
audience,
with
a
t-shirt,
eventually
kubernetes,
fidgets,
spinners
and
all
sorts
of
cool
stuff.
So
it
pays
to
come
back
at
the
end
of
this.
I
will
pick
someone
at
random
who's,
asked
a
question
in
chat
and
they
will
once
George
gets
back
and
get
a
coupon
code
to
the
CN
CF
store,
so
they
can
get
at
kubernetes
shirt
and,
lastly,
feel
free
to
hang
out
in
hash
tag
office
hours
afterwards.
A
D
Say,
oh
yeah
I'm,
mainly
a
bromine
works
I've
been
involved
with
across
the
life
cycle
in
the
past
and
virtually
what
they're
wrote,
cubed
men
and
but
more
recently,
I've
been
focusing
on
the
developer,
use
cases
application
develop
the
use
cases
for
from
working
a
set
their.
You
know
how
to
develop
their
tools
and
a
particular
use
of
whether
there
are
some
go
into
paint
tools
for
for
making
tea
break,
it's
usually
easier
to
use
those
IDs
and
CI
systems,
etc.
D
A
Thank
you
alright.
So
we
have
so
far.
Have
one
question:
that's
from
the
office
hours
chat
and
the
rest
we've
scraped
from
novice
and
users,
so
Surya
Prakash,
I'm
bad
with
names,
asked
hello
all
we
have
only
one
name
space
in
our
kubernetes
cluster.
We
have
all
the
firewalls
NS
G's
set
up
at
vm
level
to
allow
deny
connections.
We
have
five
different
pods
deployed
to
this
namespace.
Do
you
think
creating
kubernetes
Network
policies
will
have
additional
security
on
top
of
the
existing
firewalls
NS
G's
applied
at
the
infrastructure
level,
I.
C
Can
take
that
I
definitely
say
there
is
a
benefit
because,
like
like
this,
like
you
have
right
now,
you
have
trust
inside
your
network,
but
no
trust
outside
that's
kind
of
the
the
first
level
of
defense.
However,
at
some
point,
if
you
have
someone
breaking
out
from
the
inside
from
like
a
pod,
then
they
have
full
control
over
everything
at
least
network
wise,
so
adding
network
policies
on
that
layer
would
at
least
limits
the
the
pod
outbreak
to
a
single
route
that
is
allowed
or
single
routes
that
are
allowed
instead
of
the
whole
network.
B
A
Awesome
so
next
question
we're
gonna
move
on
to
some
questions
from
the
novice
channel
Edie
and
novice
asked
when
I
do
mini
cubes
start
I
get
this
error
error
starting
host;
temporary
err;
err,
configuring
auth
on
host
OS
type,
not
recognized
with
some
other
info
of
the
mini
cube
version
in
the
system
version
which
is
Mac
OS.
Anyone
know
what
could
have
possibly
gone
wrong.
C
C
The
first
question
would
be
kind
of
what
kind
of
driver
he
uses
and
I
could,
in
my
best
experience
with
hyper
kit,
so
the
I
became
driver
would
be
what
also
docker
for
Mac
would
use
and
the
coronate
is
in
there.
So
that's
for
me.
It
was
usually
the
most
stable
and
best
working
driver
other
than
that
I
would
basically
file
an
issue.
Maybe
tried
a
new
version.
There's
zero
28.1
out
I,
remember
correctly,
and
otherwise.
I
would
file
an
issue
in
the
mini
cube,
reptile.
B
Awesome
yeah,
it
looks
like
there's
actually
an
issue
already
for
that.
I'll
link
it
here
there
you
go
though
they're
like.
If
we
keep
us
having
a
lot
of
problems,
you
can
nuke
your
you
know:
mini
cube
directory
dot
touch
me
your
home
directory
dot,
mini
cube,
and
that
can
sometimes
clear
up
issues
right.
A
Awesome
alright.
Moving
on
to
the
next
question
from
kubernetes
novice
so
held,
20/20
asked
my
organization
is
heavily
using
kubernetes,
but
we're
currently
using
demised
tools
using
ansible
and
horizon
to
provision
kubernetes,
but
we've
decided
to
move
to
cops,
managed
cluster,
but
no
one
is
concerned
of
how
we
migrate
our
existing
cluster
in
workload
or
migrate.
Our
existing
cluster
into
cops.
It
would
be
really
helpful
if
you
can
give
us
any
ideas
or
share
any
blog
posts.
C
I'm
not
sure
where
they
setting
up
the
cluster,
but
for
kind
of
the
lift
and
shift
from
one
tooth
to
another
class
of
being
a
lot
of
our
views
of
hefty
Oh
arc.
Ar
K
song
can
paste
that
in
the
chat
that
works
really
nice,
if
there
is
data
involved,
it
works
even
on
I.
Think
AWS
and
measure
can
snapshot
your
volumes
and,
and
we
constructed
if
you're
on
some
other
cloud
or
on-premise
that
might
not
be
possible.
D
Yeah
I,
could
you
start
to
that
that
you
know
essentially,
could
you
could
consider
using
cube
coral,
get
export
on
each
of
your
workloads
and
then
dumping
that
file
and
now
would
rather
dump
it
to
Reaper
and
deploy
that
using
either
capital
apply
from
a
Reaper
or
using
potentially
get
ops
kind
of
approach
where
it
was
an
operator,
but
the
the
limitation
of
that
is
that
it
wouldn't
pick
up
your
volumes
right.
So
if
you
do
have
volumes,
HR
comes
quite
handy,
but
broadly.
B
A
A
Alright
next
question
is
from
Edie
I've
just
entered
the
kubernetes
world.
Welcome
and
I
have
some
docker
vagrant
experience
so
is
running
the
command
below
similar
to
starting
a
container
and
docker.
In
its
cube,
cuddle
run,
hello,
mini
cube,
specifies
an
image
flag
and
then
specifies
a
port.
What
would
be
a
close
analogy
to
a
vagrant
docker
use
case.
C
Not
sure
about
the
analogy
there
but
run
the
cube
cutter
run
command.
It's
definitely
something
that
was
kind
of
meant
to
be
similar
to
to
docker
run.
However,
as
far
as
I
know,
it
creates
the
deployments.
So
it's
not
an
ephemeral
container.
What
you
get
like
if
the
container
dies,
it
will
be
restarted
because
you
get
what
I
think
would
be
a
deployment.
It.
E
D
Kind
of
vagrant
three
days
much
of
kubernetes
in
a
lot
of
ways
and
predates
docker.
He
just
happened
to
be
around
early
on.
When
you
know
there
were
any
good
solutions
for
dopper
and
desktop.
So
people
used
to
a
current
a
lot
but
I
think
Regan
can
it
becomes
mostly
Rivlin
such
he
fill
the
gap
at
the
time.
But
now
it's
kind
of
pretty
much
a
revelant.
It's
I
mean
and
if
you
say
doc,
a
vagrant
is
kind
of
like.
Basically
you
can
really
go
wild
there.
There's
just
about.
B
One
little
cone,
the
difference
between
like
queue
run
and
what
you
can
do
it
like
docker
run
is
with
dr.
on.
You
can
actually
like
expose
the
service
directly
just
by
mapping
through
the
port
and
kubernetes.
You
actually
have
to
run
a
second
command.
That's
either
creating
your
manifest
and
applying
it
or
using
I.
Think
it's
a
cubicle
expose,
and
then
you
give
it
the
name
that
at
the
deployment
that
you
specified
and
supply
the
port
and
it'll.
A
All
right,
moving
on
Marco
Marco,
a
Morales
asks:
I'm
have
I'm
trying
to
have
a
peered
VPC
in
AWS,
be
able
to
reach
the
cube
API
in
the
kubernetes
VPC
I
was
thinking
of
setting
up
an
internal
ELB
that
has
all
the
master
nodes
in
it.
Does
that
sound
like
a
good
idea?
What
would
be
the
best
way
to
do
this
should
I
do
this
with
a
simple
service
object,
or
maybe
this
is
something
that
I
should
tackle
from
cops.
C
C
B
D
C
Alright,
so
in
most
classes
you
should
have
DNS
running
I
really
have
seen
a
cluster
that
doesn't
have
DNS
and
usually
the
DNS
is
bootstrap
by
the
communities
API.
So
any
service
that
you
create
will
have
an
internally
service
name
and
what
you
see
there
is
usually
how
this
kind
of
service
looks
like
so
it's
service,
name,
dot,
SVC,
dot,
namespace
and
then
the
base
domain
of
your
cluster,
which
is
usually
clustered
up
local.
It
could
be
different.
C
C
Yeah
I
think
what
you
would
want,
if
you,
if
you
want
to
put
a
quota
on
a
note,
would
be
create
a
namespace
that
has
that
node
exclusively
and
then
you
could
put
a
quota
on
that
namespace,
but
I.
Don't
really
see
why
you
would
want
to
have
less
than
note
resources
available
for
for
stuff
that
gets
scheduled
to
that
node.
Usually,
you
would
just
limit
based
on
namespaces,
both
resources
and
number
of
parts
and
I.
Think
by
now
you
can
limit.
D
C
C
A
Awesome
next
question
is
cloves
cloths
and
I
can't
start
new
pods,
core
DNS
and
cube
system
or
just
a
busy
box.
Creating
them
fails
with
Network
plug-in
C
and
I
failed
to
set
up
pod
network
unauthorized
and
in
the
access
log
on
the
cube,
API
server
I
see
authentication,
go
unable
to
authenticate
the
request
due
to
an
error
invalid
bearer
token
and
valid
bearer
token
token
has
been
invalidated.
A
B
C
C
A
B
C
E
C
A
B
A
So
if
you
do
that,
that
will
give
you
all
the
logs
that
you
should
be
able
to
see
another
weird
hacky
thing
that
I
do
is
just
run
journal
CTL
and
then
like
piping,
it
to
grep
and
looking
for
cube
and
then
seeing
everything
that's
happening
because
there's
some
times
or
that'll
actually
give
you
a
like
more
information
on
the
air
or
you'll,
see
more
effects
of.
What's
going
on,
Vince
MD
asks
there
is
a
log
dump
that
I'm
going
to
paste
in
the
chat.
Quick.
A
Can
someone
help
me
with
the
above
of
the
kubernetes
dock
on
image?
Fs
based
eviction
is
not
clear.
For
me.
I
would
be
interested
to
know
how
image
FS
is
defined.
Does
it
have
a
specific
size?
My
pods
get
evicted,
unfortunately,
we're
using
roughly
30%
of
the
node
disk
space,
but
it
looks
like
the
node
file
system
is
not
the
issue
and
the
image
file
system
is
the
problem.
I
have
no
idea
where
image
FS
is
defined
and
mounted
and
used.
A
D
C
C
It
depends
on
how
big
varlet
docker
is,
and
if
you
have
like
an
extra
volume
with
it
oftentimes
if
you're
on
a
cloud,
you
have
like
an
extra
EBS
volume
for
varlet
docker,
and
you
also
get
locks
into
that,
so
that
volume
might
fill
up
based
on
on
different
things.
So
if
you
have
something
logging
erroneously
into
into
the
docker
file
system,
then
that
might
influence
your
your
image
image
file
system
elements.
A
C
D
You
know
under
I
mean
it
seems
like
the
right
thing
to
do
and
using
telepresence
isn't
something
that
I
really
recommend
to
a
beginner
mistake.
I
think
telepresence
is
pretty
useful
if
you
know
what
you
use
it
for
and
I'll
use
it
and
working
this
stuff,
and
otherwise
it's
cannot.
It
can
be
tricky
like
in
case,
if
you
give
any
error
conditions
or
whatever
like
you'd,
be
probably
to
get
lost
and
mr.
D
burns
you
an
option
to
actually
move
your
Telep
move
your
MongoDB
into
into
another
process,
so
you
can
be
able
to
just
use
the
divining
process
there.
Otherwise
he
exposed
to
the
Internet
or
the
local
network.
Then
yeah
he'd
be
sziasztok,
he's
surrounded
in
the
content
area.
There
is,
there
is
a
MongoDB
image
which
should
be
should
be
doable
to
achieve
restore
the
database
into
you
into
a
container.
You
don't
even
need
to
set
up
all
in
for
local
development,
nope.
A
All
right,
we
are
starting
to
run
out
of
questions
or
doing
too
well.
David
Rama
asks
hi,
I,
have
a
kubernetes
cluster
running
on
bare
metal.
I
can't
get
access
to
the
dashboard
event,
using
even
using
the
cube
cuddle
proxy
command.
It
seems
to
be
a
networking
issue,
running
Calico.
Where
do
you
recommend
I?
Look
to
track
my
problem?
I
get
a
get
sock,
opt
connection
timed
out
air
each
time.
I
did
try
to
run
another
service
to
see
and
had
the
same
issue
while
trying
to
access
the
cluster
IP
port
URL.
B
A
All
right,
we
are
believe
it
or
not
out
of
questions.
So
if
you
have
any
questions
in
your
listening,
please
hop
into
slack
or
even
pop
them
into
the
YouTube
live
stream
chat,
and
we
will
try
and
answer
them
in
the
meantime.
Has
anyone
here
heard
about
the
problems
trying
to
pull
one
and
1.11
images?
A
D
A
A
Want
to
touch
on
this
since
I've
been
working
in
dashboard
a
lot
so
dashboard
already
publishes
different
containers
depending
on
the
architecture,
but
they
weren't
publishing
manifests
so
hopefully
in
the
next
release.
If
not
the
next
release
the
release
after
that
you'll
just
be
able
to
pull
kubernetes
dashboard,
and
then
it
will
work
regardless
of
your
architecture,
conceivably.
That
would
also
work
for
other
containers
within
kubernetes
I.
Just
don't
know
if
they're
actually
publishing
manifests
for
them
all
and
then
yeah
did
somebody
else.
No.
A
So
critical
pieces
again
I,
don't
know
if
other
aspects
of
the
project
are
publishing
manifests
that
you
know
create
multi
architecture.
Images.
Part
of
the
problem
is
in
order
to
push
multi
architecture
images
you
have
to
if
you're
using
docker,
run
docker
manifest
and
that
still
considered
an
experimental
CLI
feature.
A
However,
the
older
versions
of
the
docker
client
can
pull
them
without
a
problem.
It's
just
pushing
them.
That's
an
experimental
feature
which
is
kind
of
weird
I.
Do
know
that
GCR
and
docker
hub
and
a
lot
of
the
big
public
registries
support
the
two
point.
Two
manifests
which
support
multi
architecture.
A
A
And
the
key
thing
with
multi
arch
images
is,
if
you're
already
building
like
Amy's,
let's
just
say,
amd64
in
AR
64,
if
you're
just
building
those
two
containers,
the
building
the
multi
arch
container,
is
just
building
a
giant
JSON
file
and
pushing
that
up
to
the
hub,
because
all
all
it
is
is
a
manifest
that
says:
oh
you're,
looking
for
this
architecture
go
over
here
pointer,
it
is
literally
a
pointer.
It's
a
symlink!
Hey!
Go
to
this
this
thing,
so
I
can't
imagine
that
we're
not
that
far
away
from
it.
A
A
One
thing
is:
it
removes
defaulting
of
the
CSI
file
system
to
ext
for
all
the
production
drivers
listed
under
the
CSI
drivers
were
inspected
and
should
not
be
impacted
after
this
change,
if
you're
using
a
driver
not
in
the
list,
please
test
the
driver
on
an
updated
test.
Cluster
first
next
cube
API
server.
A
The
priority
admission
plugin
is
now
enabled
by
default
when
using
enable
admission
plugins,
if
using
the
admission
control
flag
to
fully
specify
the
set
of
admission
plugins,
the
priority
admission
plug-in
should
be
added
if
using
the
pod
priority
feature,
which
is
enabled
by
default
and
1.11.
That
was
a
mouthful
and
the
last
big
action
required
is
the
system
node
critical
and
the
system.
Cluster
critical
priority
classes
are
now
limited
to
the
keep
system
namespace
by
the
pod
priority
admission
plugin.
So
it
seems
like
a
lot
of
cleanup
around
admission
controls.
C
E
B
B
E
C
It
they
say
it
scales
a
lot
better.
So
if
you
have
tons
of
services
and
I
absolutely
one
or
two
customer
clusters
that
have
like
huge
amounts
of
services,
they
run
like
tons
of
CI
in
there.
Those
I
think
are
sped
up.
Quite
quite
nicely
depends
on
on
the
networking
you're
using
I.
Guess,
if
you're
using
psyllium
anyway
you're,
not
using
Q
proxy
in
that
way
and
you're
you,
you
don't
need
a
PVS
anyway,
so
I
might
just
skip
it
in
the
move
to
sit
in.
B
A
A
A
Perfect
the
procedure
appears
to
work.
However,
I
noticed
that
all
the
etsy
D
nodes
are
only
listening
on
localhost.
The
procedure
says
to
verify
cluster
health
using
the
IP
address
of
host
0,
which
fails
because
it's
not
listening
on
the
public
address
if
I
replaced
host
0
host
0
with
localhost
the
health
check,
completes
and
shows
the
cluster
is
healthy.
So
is
the
procedure
bugged?
How
would
a
kubernetes
cluster
communicate
with
the
set
CD
cluster?
Only
listening
on
localhost.
C
A
C
A
Sir
Roth
posted
in
disgust
non-persistent
mount
hello,
I
have
many
crown
jobs,
which
includes
a
tests
now
I
have
a
production
and
a
test
in
assuming
environment,
so
I
created
a
little
tool
that
replaces
all
variables
and
code
with
the
right
string
so
that
I
can
change
the
URLs
and
so
on.
The
problem
is:
when
I
change
it,
it
will
stay.
Is
there
any
possible
solution
to
do
it
with
a
non
consistent
volume?
A
A
A
C
You
should
try
not
to
keep
configuration
inside
the
code,
but
have
it
as
variables
may
be
populated
through
a
config
file
or
environment
variable,
and
then
you
could
use
conflict
maps
to
configure
that
in
your
different
environments,
not
sure
about
the
specific
use
case
here,
because
there
is
some
interaction
between
the
host
container
level.
Yeah.
A
All
right,
let's
move
on
bln
r102
asked
the
title:
is:
shut
down
and
restore
cluster
automatically
Ohio,
as
we
want
to
save
money
as
we
want
to
save
money
for
a
test
cluster.
We
want
to
be
able
to
shut
down
the
cluster
when
we
go
home
and
restore
it
again
on
the
next
day.
Do
you
know
any
best
practices
on
how
to
do
that?
More
automatic?
The
solution
is
of
better.
It
is,
of
course,
currently
we
use
cops
to
provision
the
cluster
and
deploy
the
applications
manually.
A
My
first
thought
is
to
continue
using
cops
for
provisioning
and
maybe
helm
for
deploying
everything
in
one
chart.
My
second
thought
is
to
create
a
snapshot
of
the
cluster
state
from
that
CD
cluster,
persisted
on
an
object,
storage
and
then,
when
I
create
the
cluster
again,
the
master
should
take.
The
snap
sure
can
take
the
snapshot
and
load
it
into
the
new
sed
cluster.
Do
you
have
any
other
ideas,
I.
C
Actually
had
a
feature
request
like
this
recently
yeah
there
is.
There
is
a
few
ways
you
would
do,
that
I
mean
you
could
scale
down
a
cluster
to
zero
or
a
single
node
to
save
some
money
about
saving
the
state.
If
you
just
want
data,
that's
it's
in
at
CD
and
may
be
similar
to
what
I
said
to
the
question
before
keeping
your
manifests
in
a
naked
and
applying
it
just
to
the
new
cluster
every
morning
would
be,
will
be
more
efficient
than
trying
to
get
like
a
backup
and
restore
it
to
the
cluster.
C
Next
morning
you
might
want
to
have
just
some
automation
around
it.
So
if
you
really
tear
down
the
whole
cluster
and
don't
want
to
keep
kind
of
the
the
control
plane
alive,
then
you
want
to
have
some
automation
that
the
cluster
comes
up.
I,
don't
know,
I
certainly
am
bootstraps
at
7:30
and
then
at
8:00
a.m.
your
workers
can
can
use
it
again.
Seen
some
some
people
automated
stuff
stuff.
Is
that,
like
terraform
know
what
you
want
to
use
there.
D
D
A
Next
question
is
titled
kubernetes
secrets
versus
Hoshi
Corp,
as
your
vault
by
rehan
side,
yeah,
I'm
migrating
from
docker
swarm
where
secrets
were
immutable
and
could
not
be
updated.
This
made
them
a
pain
to
deploy.
Is
that
also
the
case
with
kubernetes?
Ideally,
I
just
want
an
indented
and
two-ply
script.
I've
also
read
the
kubernetes
secrets
are
just
a
minimum
bar
for
security.
A
In
that,
ideally,
you
should
use
a
dedicated
secret
store
like
a
jerky,
vault
or
Hashi
court
fault,
but
you
need
a
secret
to
access
those
services,
so
presumably
that
secret
would
be
stored
in
a
coup
brunetti
secret.
Finally,
I'd
also
like
to
know
whether
it's
recommended
to
you
secrets
exposed
as
volumes
or
environment
variables,.
C
That's
a
that's
a
really
nice
topic.
Actually,
I,
don't
think
secrets
are
that
insecure
anymore,
at
least
when
we
rewrote
the
CIS
benchmark,
I!
Think
since
1:9
you
can
use
by
back.
Then
there
was
an
alpha
feature,
encryption
at
rest
to
encrypt
secrets,
also
in
ED
CD,
on
the
notes
they
kept
in
Tabitha's
anyway.
So
they're
pretty
much
secure
enough
to
run.
If
you
really
want
to
go
further,
you
could
go
with
some
something
like
a
Shi,
Corp
and
yeah
you.
C
You
still
need
to
somehow
keep
either
the
token
you
you're
used
for
higher
court
in
revolt
in
in
in
a
secret,
or
you
use
a
different
authentication
wristlet
like
if
you're
measure
you
can
use
the
machine
Oz
if
you're
on
AWS
there's
also
an
ec2
Oz
mechanism
used
at
some
times
or
you
would
use
I
think
there
is
a
kubernetes
Oz
back
end
or
engine
not
sure
what
the
terminology
and
involved
is
again,
but
it's
it's
not
very
nicely
documented.
Yet
at
least
last
time,
I
checked.
D
No
I
I,
just
thought
I
mean
the
I,
would
I
don't
think
twice
before
introducing
wall.
Definitely
it
is
a
nice
system,
but
it's
probably
as
complex
as
kubernetes
itself.
So
if
you
want
to
double
up
on
the
complexity,
sure
thing
and
now,
they're
all
like
hosted
options
for
storage,
and
maybe
that
makes
things
easier.
D
Walt
was
like
GCD
back-end
and
there
are
other
backends
that
you
don't
have
to
run
the
underlying
data
store,
but
I
still
think
yet.
Please
do
think
twice
when
you
do
that
and
they
can
bring
his
secrets
had
become
much
more
secure
in
their
recent
releases.
It's
like
up
until
I,
don't
know
a
year
ago.
So
before
they
introduced
encryption
address
and
a
CD
that
you
know
there.
D
There
was
some
debates
about
your
burning,
the
secrets,
not
being
real
secrets,
but
that
that
means
you
had
been
fixed
and
then
you
know
there
are
some
specific
use
cases
where
a
system
like
vault
is
very
handy.
But
if
you're,
if
you're,
not
a
very
large
enterprise,
and
you
you-
you
see
that
both
complexity
isn't
something
that
you
really
have
to
have.
Then
then
I
wouldn't
recommend
it
and
there
are
ways
to
store
secrets
and
integrate
to
form
in
a
git
repository
and
use
that
as
a
box,
there's
a
enumerator
by.
D
D
C
C
Maybe
in
the
next
cube
cons
or
some
blocks
in
the
next
six
to
12
months
will
shed
some
light
on
how
to
use
that
I
haven't
looked
into
it
yet
that
much,
but
that's
kind
of
like
on
a
road
map
for
secrets
in
the
future.
You
know
to
have
like
automatic
rotation
there
and
support
different
backends,
like
walls,
vault
or
something
like
kms
in
a
Tobias
or
key
vault
in
Azure.
I
would
be
careful.
A
A
Anything
else
to
add
all
right,
I
think
that's
gonna,
do
it
for
us
for
the
EU
version
of
kubernetes
office
hours
thanks
to
the
following
companies
for
supporting
the
community
with
developer
volunteers,
giant
swarm,
hep
do
liqui
web
Red,
Hat
weave
works,
the
University
of
Michigan
and
packet
net
and
the
CNC
f
thanks
to
Google
for
sponsoring
the
shirts
that
I
will
get
to
in
a
second
we're.
Gonna
hold
a
raffle
for
the
audience
with
shirts
and
other
cool
stuff.
A
Unfortunately,
I
can't
pick
one
because
I'm
on
my
Windows
machine
and
my
Windows
machine
just
does
gaming,
so
it
doesn't
have
Python
so
right
after
I
finished
streaming,
I
will
go
through
and
run
a
Python
script
to
figure
out
who
got
the
shirt
that
George
will
send
a
code
for
once
he
gets
back
so
please
keep
coming
back.
You
may
have
a
chance
to
get
a
shirt,
lastly
feel
free
to
hang
out
in
hashtag
office
hours
afterwards,
if
the
other
channels
are
too
busy
for
you
and
you're.
D
If
you
don't
mind,
I
could
beach
my
blog
post
really
briefly,
but
people
been
asking
me
about:
let's
do
it
and
you
know
how
is
good.
I
was
different
from
what
everyone
else
does
and
I
wrote
this
blog
post.
That
talks
way
specifically
about
how
give
ups
is
a
better
way
to
deploy
to
Copernicus,
then
comparing
to
a
kind
of
standard
way
where
CI
job
runs
like
cute
little
sake,
which
is
something
similar
so
I'll
describe
that
in
detail,
and
you
might
love
first,
which
happening
for
us
already,
but
I
most
excuse
me.
D
/,
thank
you
yeah.
So
it's
it's
going
to
be
the
latest
article
in
our
blog
and
yet
essentially
you're
talking
about
how
deploying
directly
from
CI
in
the
Nazi
Party
and
all
the
the
downsides
of
that
and
along
with
some
examples
and
diagrams.
So
do
you
take
a
look,
and
you
know,
keep
me
up
on
slack.
If
you
have
any
thoughts
on
this
topic,
yeah
I
mean
there's.
D
There
is
an
order
and
for
that
I
would
say
like
there
are
some
few
limitations
that
you
work
around
by
putting
CI
directly
to
cluster,
but
there
are
still
number
of
issues
with
that
and
what
was
discussed
and
it's
it's
fairly
short
and
straightforward
really.
So,
if
you
have
any,
if
you
agree,
disagree
just
give
me
that
ones
like
awesome.