►
From YouTube: Kubernetes Office Hours 20200318 (EU Edition)
Description
Office Hours is a live stream where we answer live questions about Kubernetes from users on the YouTube channel. Office hours are a regularly scheduled meeting where people can bring topics to discuss with the greater community. They are great for answering questions, getting feedback on how you’re using Kubernetes, or to just passively learn by following along.
For more info: https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
All
right
welcome
everybody.
It
is
the
third
Wednesday
of
the
month.
That
means
it's
time
for
kubernetes
office
hours,
the
monthly
livestream,
where
we
go
on
the
internet
with
a
bunch
of
esteemed
panel
of
kubernetes
experts,
and
we
try
to
answer
as
many
kubernetes
questions
for
you
as
we
can
before
we
get
started.
Let's
do
some
intros,
let's
go
Jeff
here,
Chris
and
sam'l
drama.
Is
that
everyone?
Yes.
B
C
I'm
up
so
I'm
Chris
I'm,
a
kubernetes
administrator
I'm,
a
CKA
as
well
as
I,
have
the
CK
ad.
So
if
anyone
has
questions
on
that
process,
I'm
happy
to
help
there
otherwise
I'm
a
bit
of
a
kubernetes
generalist,
my
admin
work.
It
takes
me
into
many
weird
corners
of
the
universe,
so
bit
of
a
jack-of-all-trades
happy
to
answer
as
much
as
I
can.
D
A
And
that
leaves
me,
my
name
is
Jorge
Castro
I
work
at
VMware
as
one
of
the
many
kubernetes
community
managers
and
I
am
really
glad
to
be
here
all
right.
So
here's
how
it
works.
First
of
all,
if
you
have
a
question
about
kubernetes,
go
ahead
and
start
typing
it
up
in
the
sock
channel,
if
you're
joining
us
from
youtube
check
out
the
link
below
for
information
on
how
to
join
the
kubernetes
slack
channel,
it's
an
invite
thing
where
you
gotta
click
and
you
get
an
email
that
sort
of
thing.
A
So
before
we
get
started,
though,
let's
get
the
house
rules
in
effect.
So
first
of
all,
this
is
a
kubernetes
event,
so
the
code
of
conduct
is
in
effect,
so
please
be
excellent
to
each
other.
We
like
to
welcome
all
skill
levels
to
this
event,
so
there's
no
new.
You
know
you
should
feel
welcome,
even
if
you
have
no
idea
what
you're
doing
like
me.
A
So
while
we
go
over
the
rules,
please
introduce
yourself
in
the
channel.
Let
us
know
where
you're
from
we
like
to
have
like
a
nice
buzzing
chat
during
the
show.
We
actually
have
it
here
on
the
sidebar
there.
It
goes.
We
have
it
here
on
the
sidebar,
so
people
will
watch
it
in
the
stream,
so
you
can
help
us
out
there
and,
like
I
said
this
is
a
judgment-free
zone.
So
what
we
will
do
our
best
to
answer
all
as
many
kubernetes
questions
today.
A
A
So
panelists
you're
encouraged
to
expand
on
your
answers
with
your
experiences
and
your
pro
tips
and
your
expertise
audience
you
can
help
us
out
by
pacing
URLs
to
the
official
docs
blogs
or
anything
that
might
be
relevant
to
the
topic
at
hand.
Every
single
time
we've
done
one
of
these
and
we
have
audience
participation
and
we
start
talking
about
tools
or
a
certain
part
of
the
project
and
things
to
work
with
things
like
that,
we
always
find
a
new
tool
that
we
hadn't
heard
of
before.
A
So
that's
always
useful,
so
feel
free
to
stick
as
many
URLs
and
references
in
the
chat
as
as
possible
and
then
at
the
end
of
the
show
in
the
forum
thread,
I
publish
all
of
the
URLs
as
kind
of
show
notes.
So
we
have
that
for
future
use,
so
feel
free
to
start
posting.
Your
questions
in
the
slack
try
to
preface
it
with
a
cue
or
question
and
bolt
you
know
something
that
makes
it
easy
for
us
to
do.
A
What
we
do
is
we
copy
those
into
a
little
and
then
I
read
off
of
that,
and
then
we
go
and
then
what
we
will
do
is
we
will
give
out
to
kubernetes
t-shirts
at
the
end.
If
we've
read
your
question
on
the
air
and
then
we
have
a
lot
of
fun.
If
you
see
someone
really
awesome
in
the
audience
helping
you
out,
and
things
like
that,
let
me
know
I
like
to
give
out
the
occasional
t-shirt
and
beyond
so
and
lastly,
we're
DevOps
people
too.
A
So
we
like
to
measure
our
metrics
to
see
how
we're
doing
so
subscribe
like
do
all
that
good
stuff.
So
we
can
see
what
users
need
from
the
project,
so
we
can
like
help,
tailor
stuff
for
you
and,
as
always,
this
panel
is
all
volunteers.
A
great
way
to
get
started
contributing
to
the
project
is
just
hanging
out
and
helping
to
answer
questions
and
it's
a
lot
of
fun
and
I,
give
you
special
swag
and
stuff,
and
it
is
awesome.
A
And
lastly,
we
like
to
thank
the
following
companies
for
supporting
the
community
with
these
developer
volunteers,
Giants,
hornstock,
X,
pivotal,
who
doesn't
exist
anymore,
one
second,
pusher
com,
we've
works,
VMware,
the
University
of
Michigan,
Red,
Hat
spectrum,
IO,
American,
Airlines
and
utility
warehouse.
Fortunately,
Bob
is
on
holiday
somewhere
warm
I
hope,
so
he
will
not
be
joining
us
today.
All
right
is
everybody
ready?
How
do
we
sound
there
audience
looks
like
people
are
typing
questions
keep
them
coming.
That's
awesome
all
right!
The
first
question
comes
from
a
mirror.
A
This
is
a
long
one,
so
stand
by
here
panel.
My
queries
about
how
to
achieve
connectivity
across
kubernetes
clusters.
In
a
cloud
my
understanding
is
I.
Cades
out-of-the-box
doesn't
provide
very
good
solutions
for
cross
cluster
connectivity,
at
least
not
as
a
scenario
but
er
low
requires
ok
and
then
they
give
us
a
little
information
about
their
scenario
here.
So
our
priority
is
the
cloud
deployment
of
multiple
services
deployed
across
multiple
clusters.
Let's
say
there
are
two
services
G
for
generator.
Our
product
is
a
cloud
deployment
of
multiple
services
deployed
across
multiple
kubernetes
cluster.
A
We,
this
question
is
so
long
I'm
reading
the
alright,
typically
single
instance
of
G,
is
deployed
on
one
cluster
and
multiple
instances
of
C's
are
deployed
on
other
clusters.
All
C's
need
to
communicate
to
G
communication
is
a
mix
of
SCTP
and
UDP
packets,
also
during
the
startup
of
the
C's
they're
supposed
to
propagate
their
own
IP
s
to
G,
so
the
G
can
initiate
the
communication.
A
Another
constraint
is
that
the
application
running
inside
si
pods
can
only
receive
packets
destined
to
IP
is
visible
within
the
pods
net
namespace
now,
assuming
I
could
achieve
connectivity
across
clusters
using
service.
Ips
G
could
use
Service
IPS
of
C's
to
start
communication,
but
yet
another
constraint
is
that
we
can't
let
kubernetes
takeover
load-balancing,
because
each
communication
stream
between
c
and
g
is
unique.
So
we
can't
aggregate
all
C's
under
one
service
endpoint.
So
question
is
what
possible
option
do.
A
A
Question
ahead
of
time
here,
a
little
bit
so
have
we
put
any
thought
into
this
one
panel.
B
So
the
first
thing
that
I
was
thinking
of
lake
there's
a
lot
to
unpack
here.
The
first
one
was
cross
cloud.
Communication.
Submariner
was
the
first
thing
that
I
was
going
to
suggest
looking
into
because
that's
purpose-built
for
it,
but
there's
a
lot
of
other
stuff.
That's
that's!
In
there.
You
know.
C
A
C
B
C
A
B
Is
the
multi
cluster
person
I
dunno,
it's
not
really
GA
yet
and
they're
also
there's
a
lot
of
going
on
in
the
space,
so
it's
kind
of
hard
to
pinpoint
okay.
So
if
you
really
need
like
a
specific
pod
to
talk
to
a
specific
pod,
that
is
kind
of
the
opposite
of
how
kubernetes
was
built,
that
being
said,
it
is
pot
Lake.
You
can
do
weird
pod
labeling
rules
to
have
specific
services
mapped
to
a
single
pod.
It's
just
not
ideal
I
wouldn't
do
it.
Yeah.
A
A
So
have
a
think.
Actually,
let's
do
this
if
a
question
gets
long
and
we
have
to
think
about
it
for
a
while.
What
we'll
do
is
we'll
pause
on
this
first.
Second
move
on
to
the
next
one,
we'll
see
if
Bob
drops
by
Lee
I,
don't
think
Bob's
dropping.
A
Be
yeah
so,
let's,
let's
see
there
and
then,
like
worst
case,
the
actual
sig
for
the
multi
cluster
I.
Think
in
your
case,
with
the
specific
constraints
that
you
have
would
be
an
interesting
use
case
to
see
if
they
have
a
solution
for
you,
so
we
will
an
audience
if
you
have
multi
cluster
expertise
feel
free
to
chime
in.
But
let's,
let's
get
moving
here
yeah.
That
was
a
big
one
we
should
have.
We
should
have
split
that
one
up
and
done
it
in
between
other
questions.
A
All
right
max
at
welcome
says
kubernetes
one
that
16.7
cubelet
absolutely
ignores
the
no
labels
flag,
but
in
the
documentation
says
that
this
is
okay
and
then
they
put
their
syntax
there.
I
don't
get
any
error,
even
though
at
log
level,
10
but
nodes
do
not
get
labeled
as
masters
and
workers.
What
is
the
problem.
A
A
D
C
A
Wow
all
right:
well,
we
wrote
four
so
we'll
keep
this
one
than
the
key
will
I
will
try
to
address
it.
Then,
in
with
the
afternoon
panel,
see
if
we
have
any
luck
through
there
wali
good
to
see
you
asks.
I
have
lots
of
users
whose
date
has
earned
several
NFS
volumes.
We
usually
provide
them
access
via
auto
af-s,
to
reduce
maintenance,
/
management
overhead.
What
would
be
the
Westway
to
enable
them
access
to
their
files,
data
from
kubernetes
pods?
That
is
not
a
host
path
or
local
volume.
Correct,
because
I
need
to
access
the.
A
B
E
E
A
That
is
all
so
I'm
just
I
used
to
work
at
a
university
and
I
just
realized
how
much
that
would
have
saved
my
entire
life
up
there
all
right!
Well,
that's
Oh!
Does
that
answer
your
question
feel
free
feel
free
to
type
in.
If
you
have
follow-up
questions,
I
know
a
mere
had
a
follow-up
question
on
why's.
Is
there
a
reason
why
there's
so
little
information
about
multi
cluster
connectivity
on
the
web?
Anyone
have
comments
for
that.
It
just
feels
like
a
space.
It's
still
very
difficult,
subspace
and
so.
B
B
The
reason
why
it's
an
interesting
space
is
there
are
a
lot
of
different
unique
problems
to
solve,
and
people
are
trying
to
solve
them
in
a
single
solution
and
that's
not
actually
helpful.
Sig
multi
cluster
had
this
idea
of
kubernetes
Federation,
v1
and
they're
now
working
on
Federation
v2,
but
a
lot
of
large
institutions
like
CERN,
actually
need
v1
and
prefer
v1.
On
top
of
all
of
this,
you
have
large-scale
companies
like
Red,
Hat
or
Google.
We're
having
these
multi
cluster
setups
is
their
differentiator
to
make
money.
A
B
This
is
a
question
for
the
question:
does
a
Samba
service
require
a
unique
but
persistent
machine
ID
to
join
into
Active
Directory
cuz
I
was
running
into
this
a
similar
problem
with
having
a
pod
be
a
Kerberos
server,
because
anytime
the
pod
would
die
and
spin
back
up.
The
machine
ID
would
be
different.
B
A
E
A
A
A
Yeah,
sorry,
we
we
just
historically
not
good
at
Windows
questions
and
then
last
time
we
had
someone
from
Microsoft
and
they
didn't
work
on
Windows.
So
it
didn't
really
help.
But
I
do
have
this
link
here
to
say:
Windows
they
do
have
a
channel
on
here.
I
would
I
would
run.
I
would
run
Jeff's
answer
by
them,
see
if
that
makes
sense
and
I
do
remember,
seeing
a
lot
of
Active
Directory
work
in
the
last
few
releases.
A
So
I
am
kind
of
you
know
in
particular
with
Active
Directory,
so
I
know,
there's
some
work
going
in
that
area,
so
hopefully
that
will
get
you
at
least
going
in
the
right
direction.
Okay,
next
question
comes
from
Aaron
Eaton
welcome
says:
could
anyone
recommend
any
tools
to
bind
AWS
security
groups
directly
to
pot
ip's
when
using
Amazon,
V,
PC
CNI
and
s
Kate's
with
eks
any
opinions
here?
I.
A
Anybody,
alright,
okay,
so
the
good
news
is,
while
I
plenty
of
questions
for
the
session
in
a
few
hours
to
kick
that
off.
Alright,
so
sorry
about
that
Aaron,
we
will
keep
you
in
the
queue
and
I
will
mention
it
again.
We,
when
we
run
this
in
the
West
Coast
Edition
cloud
grim
ass.
Oh
thank
you.
Someone
says
my
microphone
sounds
good.
Someone
complained
about
them,
the
audio
quality,
so
that
was
my
excuse
to
buy
a
new
microphone
cloud.
A
Gram
ass,
welcome
cloud
gram,
hi,
so
I've
had
a
recent
rogue
behavior
from
tiller,
yes,
I'm
still
using
helm
to
where,
after
a
hum
upgrade
of
a
release,
it
decides
to
delete
the
PV
even
after
referencing.
The
relevant
PVC
does
tiller
sometimes
behave
like
this,
or
is
it
high
time
to
do
helm,
2
to
Hound,
3
migration
question
for
the
group
or
I
know
Humphrey
just
came
out,
but
like
I.
F
E
Think
with
the
helm
to
when
you're
operating
to
hell
3,
I
I
saw
previous
some
questions
regarding
this
when
you're
upgrading
it
may
be
due
to
the
retain
policy
that
you
keep
it
on
the
PVC
that
might
get
deleted.
The
only
thing
which
you
might
do
is
do
the
do.
The
retain
pol
take
the
retain
policies
on
your
PVC
or
on
your
resource
policy.
You
can
keep
it
as
keep.
You
can
apply
an
annotation
there
on
your
script,
saying
that
I
helped
out
as
such.
E
The
resource
policy
is
a
peep
so
that
that
will
not
delete
the
PVC
when
you
have
graded
from
helm,
one
or
heaven
click
the
lower
version
of
helm
from
2
dot,
X
2
dot,
something,
but
in
hell,
3
I
think
it
was
addressed
him
to
I.
Think
that's
nothing!
There's
any
suggestions.
Go
ahead
in
the
power
yeah.
C
B
Another
thing
that
came
to
mind,
though
this
would
be
very
weird,
is
if
the
PV
has
some
sort
of
owner
reference
to
something
else
in
the
chart
that
is
getting
removed.
This
like
this
would
be
so
weird
and
out
of
place
if
that
PV
happens,
to
have
an
owner
reference
to
something
else.
That's
getting
deleted
like
that,
would
be
bad,
but
it's
something
else
to
look
at.
A
B
A
F
Mario
Lauria
I
am
a
senior
DevOps
engineer
at
stock
X
in
downtown
Detroit
Michigan.
We
are
currently
all
working
from
home
and
kind
of
loving
it
and
we
don't
really
use
a
VPN.
So
it's
not
an
issue.
I
also
am
running
out
of
toilet
paper,
so
this
is
a
public
hall.
If
anyone
can
help
me,
we
are
still
on
home
2.14.
F
We
actually
can't
even
use
to
that
16.
That
is
mainly
because
we
aren't
really
seeing
anything
in
home
3.
Well,
we
haven't
sat
down
really
reviewed
it.
What
we
really
wanted,
the
time
either
we're
such
a
small
team
and
the
needs
that
we
had
four
deployments
helm
two
is,
for
the
most
part,
done:
we've
been
able
to
knit
with
environment
variables,
one
of
those
being
like
helm,
timeouts
to
kind
of
wait
for
deployments
to
to
fully
finish
so.
F
We
know
that
one,
a
circle
job
runs
that
when
it
actually
does
turn
green,
that
the
deployment
did
completely
finish
so
little
things
like
that
to
Nobles
have
been
pretty
pretty
well
instituted,
but
no,
we
have
not
sat
down
and
looked
at
it.
It's
something
on
our
list
to
do,
but
that
only
means
that
at
some
point
in
the
next
two
years,
we'll
we'll
take
it
seriously.
F
A
All
right
good
to
know
all
right.
Next
question
comes
from
linen.
Keep
the
questions
coming.
Everybody
and
I
appreciate
everybody.
Finding
information
about
the
previous
questions
to
pay
in
those
URLs.
That's
always
useful.
Thank
you.
All
right
linen
asks.
What's
the
best
option
to
achieve
em
TLS
for
your
metrics
collection,
currently
trying
to
get
Prometheus
running
in
our
SEO
mesh,
but
it
has
been
an
uphill
battle.
Our
metrics
contain
sensitive
stuff,
so
M
TLS
is
a
requirement,
is
Co
1.4
and
stable,
/
prometheus
operators?
What
they're
using
that's
on
this.
A
All
right,
we
see
several
people
typing
any
other
opinions
on
this.
One
Mario
gets
a
silent
thumbs-up,
that's
a
good
way
to
agree,
but
not
like
you
know,
be
totally
responsible.
Alright,
let
us
know
how
that
goes.
Igs
too
many
HTTP
499
errors
through
nginx
ingress
controller,
any
clue
how
to
overcome
it.
E
E
For
example,
if
you
are,
if
you
are
on
using
an
as
you
load
balancer,
if
you
know
as
your
and
using
a
standard
load
bands
are
in
for
the
front
board
connections,
there's
a
time
owed
that
is
being
defined
there,
that
time
owed
can
define,
and
that
can
result
in
that
for
entry
errors.
So
there
might
be
there
some
timeouts
and
your
connections
where,
for
the
ingress
is
we
just
saw
or
the
ingress
so
check
out
for
the
check
for
the
timeouts,
most
probably
yeah,.
F
I
was
gonna,
say
your
application
could
also
have
a
client
side.
Your
application,
contacting
in
genetics,
could
have
a
shorter
time
out
than
enginex
itself
does
so
and
$4.99
is
when
the
client
closes
that
connection
early,
so
the
clients
expecting
the
data,
but
it
hasn't
come
yet
so
it
just
closes
the
connection
and
that's
where
nginx
is
like:
oh,
okay,
$4.99,
so
I'm.
Definitely
looking
the
semantics
there.
Those
connections.
A
All
right
keep
it.
Can
everyone
hear
my
kid
cuz
like
daycares
close,
so
everyone's
home?
Alright,
alright,
Matthew
well
welcome
ass.
Do
you
have
any
experience
with
Gluster?
Is
storage
back-end
used
with
hi
Katie?
Oh
right,
I
could
figure
Guster
and
hi
Katie
on
my
three
nodes:
Q
cluster
and
I'm,
able
to
dynamically
create
persistent
volume
what's
like,
but
the
thing
I
saw
is
that
the
pods
on
the
cluster
that
used
the
Gloucester
PV
they
mounted
from
only
a
single
machine
of
the
Gloucester
storage
pool.
This
means
there's
a
bottleneck.
A
And
then
they
have
a
follow-up
question.
A
colleague
in
my
company
has
raised
concerns
about
Gloucester
FS
stability
risk
of
losing
data
if
nodes
fail,
I
feel
that
Gloucester
has
improved
greatly
in
the
last
year's,
but
I
don't
have
data
to
back
this
up.
Also,
I
don't
feel
that
storage
alternatives
are
significantly
better.
Can
you
recommend
a
storage
product
that
can
provide
distributed
replication
and
is
safer,
I'm,
not
quite
familiar
with
people
running
cluster
on
Kate's
any
opinions
there
I.
F
Really
am
NOT
either
I
know
from
experience
that
Gloucester
can
it's
relatively
reliable,
but
it's
performance
is
where
it
kind
of
suffered.
I
know
nothing
about
running
it
on
Kate's.
Luckily,
we
haven't
had
to
really
do
that,
but
I've
heard
that
people
are
doing
it
with
Kate's
and
it
should
work
just
fine
and
then
I
know
this
person
was
asking
about
other
options.
Obviously
there's
rook,
which
is
modified
self-set,
which
is
very
promising.
F
F
A
A
F
B
Long
horn,
long
hard
justin
sells
damon
sets
across
your
cluster
and
then
uses
whatever
storage
is
on
your
nodes.
You
can
configure
it.
You
can
also
do
things
like
label
specific
discs.
If
you
have
SSDs
that
you
want
to
use
so,
and
you
can
chop
them
up,
you
can
specify
what
I
mean
is
like
you
can
chop
up
like
disks
to
be
multiple
different
volumes.
It's
not.
B
Disc
equals
one
volume.
On
top
of
that,
you
can
specify
replication
across
all
these
different
discs.
It's
not
going
to
do
like
raid
type
replication,
but
like
you
can
have
between
one
and
like
and
number
of
copies
across
everything,
and
you
can
also
back
things
up
to
either
an
NFS
volume
or
an
s3
bucket.
But
if
you're
doing
stuff
at
your
home
lab,
you
might
not
want
us.
You
know
backup,
8
terabytes
of
data
personally,
professionally,
probably
a
good
idea.
The.
B
C
A
A
Doing
much
distributed,
we
haven't
had
a
lot
of
Sorge
questions
lately
actually
come
to
think
about
it.
We
were
getting
lucky,
but
hopefully
that'll
give
you
some
links
to
stuff
thanks,
Sami
and
well
lead
for
your
expertise.
There,
okay,
I,
don't
know
who
wrote
this
one,
let's
find
out
here.
What
are
the
best
and
reliable
practices
tools
from
rollbacks
of
for
a
kubernetes
cluster
managed
with
IC?
A
So,
how
can
we
properly
roll
back
changes
or
even
delete
resources
that
are
not
anymore
part
of
the
newest
version
of
whatever
your
infrastructure
code
solution
is
not
only
deployments
but
also
config
map
changes
deleting
a
service
and
so
on,
grig
or
welcome
to
the
show
alright?
What
do
we
think
about
this.
F
C
D
C
Flux
right
now,
it's
been
great
I.
Just
can't
remember
how
its
handling
the
the
cleanup
so
for
anyone
who
doesn't
know
how
agro
or
flux
work,
basically
just
they
sync
with
the
get
repository.
So
you
can
keep
your
current
state
of
code
in
the
specific
branch
and
their
job
is
just
to
make
sure
that
what
is
deployed
in
kubernetes
is
what's
represented
and
get
so
a
rollback
would
just
be
commit.
Your
new
chair
commit
the
old
change,
or
do
it.
C
A
A
Right,
have
you
have
you
seen
our
gold
flecks
yet
and
then
I've
seen
what
says
with
flux
you
might
need
to
enable
the
garbage
collection
for
clean
it
to
happen,
but
after
that,
it'll
be
pretty
straight
forward,
so
it
feels
like
that
is
a
pretty
solid,
solid
answer.
Thanks
for
your
input,
FC
all
right
moving
on
froggie
asks,
what's
the
most
sensible
way
to
manage
weight.
This
is
the
right
one.
A
F
F
There's
a
little
bit
of
you'll
have
to
learn
the
hacci
core
world
a
little
bit,
because
you'll
need
the
storage
for
those
keys
and
the
best
option
for
that
is
console
and-
and
they
kind
of
lock
you
into
it,
but
also
console
is
pretty
great,
so
yeah
I
definitely
forward
to
bringing
more
to
the
table
when
we're
actually
running
it
live.
But
there
are
a
lot
of
things
you
can
do,
especially
you
don't
have
to
actually
run
the
libraries
in
your
application.
F
I
think
someone
didn't
link
here,
the
sidecar
model,
where
you
can
actually
have
a
sidecar
that
subs
and
variables
and
kind
of
handles
the
it's
kind
of
like
a
proxy,
a
client
proxy
for
obtaining
the
secrets
and
they're
providing
them
to
your.
Maybe
legacy
app
and
app.
You
just
don't
want
to
have
to
deal
with
the
libraries,
so
that
makes
it
a
lot
easier,
but
yeah.
We
are
really
excited
for
what
we
get
there
and
we
finalize
that
so.
C
Yeah
and
we've
been
looking
into
vault
at
recently
and
they've.
Their
kubernetes
implementation
has
really
picked
off
the
last
last
year.
So
there's
a
native
installer
with
helm
charge.
You
can
install
vault
agents.
So
if
you
want
to
manage
a
multiple
clusters
and
have
a
central
vault,
eight
fault
fault,
you
can
do
that
and
it's
it's
pretty
spiffy.
A
Yeah
NFC
says
for
secret:
we
use
a
combination
of
sealed
bitNami,
sealed
secrets
which
I
dropped
a
link
in
the
notes
and
vault,
and
you
can
use
a
web
hook
at
something
like
vault
m
to
live,
subs
and
environments
and
then
drops
a
link
to
have
bands.
I
clouds,
bank,
vaults,
cool
froggy,
says
I've
worked
with
council
good
to
hear
figured
vault
with
sidecar
was
likely
to
be
the
answer.
A
F
Yeah
I
mean
even
if
it's
just
the
cases
like
there
hasn't
been
something
that's
better.
That's
really
come
out,
I
mean
vault,
just
seems
like
a
managed
service.
That
is
meant
to
be
completely
reliable
kind
of
spread,
work
in
a
distributed
model
and
be
fairly
flexible
and
obviously
secure,
and
it's
balanced
those
all
really
well
I
think
even
still
you
know
even
I,
remember
back
and
when
they
came
out
in
2016-2017
it
was
like.
Oh
what's
that
no
one
was
actually
using
it
even
still
we're
kind
of
in
this,
like.
F
Oh,
it's,
this
magical
unicorn,
but
there
are
some
people
that
are
actually
using
it
really
successfully.
It's
it's
going
to
take
effort
and
you're
going
to
have
to
stay
security
as
a
priority
in
my
organization,
and
you
know,
you
know,
put
forth
a
ton
of
effort
and
research
and
testing
and
making
sure
it
does
what
you
want
to
do,
because
you
also
don't
want
to
lose
those
secrets
or
strop
your
applications
or
screw
up.
A
And
they
just
had
a
follow
up
here.
I
just
wanted
to
read
it
for
the
for
the
videos.
What
is
the
sensible
way
of
having
some
environment
variable
shared
by
different
services
think
involve
might
be
the
way
to
go
there
and
just
inject
him
the
same
value
into
different
per
service
secrets,
so
that
makes
fc's
answer,
make
more
sense.
A
A
But
I
I,
don't
know
I
feel
like
usually
it's
either
vault
or
sealed
secrets,
or
some
combination
of
both
they're,
usually
alright.
Hopefully
that
answers
your
question
froggy
and
at
least
gives
you
confidence
that
you
chose
the
right
thing.
Keep
the
questions
coming,
let's
see
just
looking
through
the
links
here,
we
don't
have
any
I
think
we
just
reached
the
end
of
the
queue
right,
just
double
check.
A
A
Yeah
bring
okay,
so
everybody
bringing
your
new
questions.
Wally's
dropping
a
link
for
Volta
has
a
kubernetes
ESI
driver
which
would
be
useful
and
I
see
people
typing.
So,
while
we're
waiting
for
questions
1.18
is
getting
baked
finishing
touches,
anyone
have
a
favorite
feature
that
you're
looking
for.
A
Missed
a
question
by
Matt
yep
continue:
go
ahead,
good,
good,
good,
yeah,
alright,
Matt!
Welcome
to
this
show
sorry
I
missed
your
question.
If
we
miss
your
question,
please
just
repeat
it
again
and
also
if
you
have
follow-up
information,
we
are
watching
the
chat
while
we're
typing.
So
if
you
have
more
information
about
your
question,
always
helps.
We've
got
time
in
about
10-15
minutes,
so
keep
them
coming
so
Matt
says:
I
need
to
introduce
10g
networking
connections
between
my
storage
system
and
my
containers,
adding
that
can
fix
the
yeah
Mo's
on
a
problem.
F
So
I
was
just
gonna
say:
yeah
I.
This
is
a
definitely
a
bad
question.
I
haven't
done
bare
metal
and
multiple
network
interfaces
etc,
but
yes,
ice
cozy
as
well
interesting,
so
I
think.
My
big
thing
here
is
like
you're
gonna
need
to
I,
don't
know,
probably
cube
a
DM
and
kind
of
get
everything
running
on
the
10
G
Network.
F
For
that,
like
maybe
making
that
the
default
is
your
easiest
option
and
ensuring
that
everything
is
using
addresses
on
those
interfaces
right.
So
it's
really
a
make
sure
by
default
I'm
using
these
new
interfaces
on
these
hosts
to
communicate
so
I,
don't
know
that
I
mean
that
it's
going
to
probably
go
foundationally
to
how
you
set
up
the
cluster,
etc.
I,
don't
know
what
that
looks
like
doing
it
after
the
fact
very
Fe
of
a
cluster
up
and
just
installing
the
interfaces,
and
then
you
know
you're
not
gonna,
get
magic,
I,
don't
think
so.
F
F
And
I'm
gonna,
let
Jeff
talk,
isn't
sir
Jeff
might
even
have
a
better
idea,
but
yeah
it
might
be
tricky.
B
Hey
helps
when
I
double
meet
myself.
It's
like
double
matting.
Only
worse
so
I
do
have
strong
opinions.
It's
just
I
need
a
couple
questions
answered.
First,
the
first
thing
is
I'm,
assuming
this
is
bare
metal,
so
yes
or
no.
The
second
thing
is:
are
you
managing
the
entire
lifecycle
of
the
host
like?
How
are
you
provisioning
the
house
because
I
honestly,
the
best
what
we
have
done
in
the
past?
This
is
not
a
kubernetes
solution.
B
A
B
F
B
B
A
F
F
A
F
A
A
A
And
they
have
a
channel
on
the
slack
as
well,
but
to
at
least
get
you
people
that
know
more
about
storage
than
we
do.
So
sorry,
sorry,
that's
the
that's
the
best
we
can
do
today.
We,
it
is
not
a
good
day
for
our
success
rate
and
you
want
to
have
any
other
questions,
we're
about
to
start
wrapping
it
up
here.
So,
let's
see
so
we
have
a.
We
have
a
few
that
we
weren't
able
to
answer
today
and
I
meet.
Let
me
go
through.
The
first
is
think
about
the.
E
A
F
F
I'm
actually
using
an
embedded
label
for
our
clusters,
but
we're
on
114.
It
still
accepts
like
no
no
rule
or
something,
and
that's
actually
invalid
in
116,
so
but
there's
a
thread
that
he
posted
a
little
bit
further
up.
But
people
should
be
able
to
find
decently
easily
and
I'll
post
a
post.
A
link
to
that
here,
fresh
so.
A
F
A
Find
it,
oh
that
looks
like
Maxo
is
typing
as
well.
Please
read
the
thread.
Oh
no,
oh
he's
not
fixed,
yet
he's
not
fixed.
Yet
it
looks
like
they're
still
in
progress.
Mario.
Do
you
want
to
hop
into
that
one
and
see?
What's
going
on?
Oh
yeah,
he
tried
Joel's
Joel's
solution.
It
did
not
work
Oh,
interesting,
okay,
so
that
one
is
still
open,
so
we'll
keep
that
one
open
for
the
next
session.
So
we're
gonna
have
a
session
of
you
know
about
three
hours
after
this,
so
we'll
be
able
to
do
that.
A
The
summer
question
was
okay
issue.
I,
think
we
got
something
there:
how
to
configure
Samba
as
an
active
directory
client
running
inside
kubernetes.
This
one
we
weren't
able
to
do
the
AWS
security
groups.
One
have
you
seen
this
one
I
know
Mario's
new,
since
we
asked
this
one,
anyone
recommended
any
tools
to
bind
AWS
security
groups
directly
to
pata
peas,
when
using
Amazon,
BBC
CNI
Kate's
with
eks
I.
F
Don't
think
that's
I,
don't
think.
That's
possible
I
mean
technically
technically,
if
you're
using
the
8
OS
CNI,
which
you
are
because
you're
in
eks
you're
all
be
PC
right
for
all
of
your
containers.
But
oh
I,
don't
think
you
can
actually
like
bind
spirits
right
to
those
individual
containers.
So
that's
a
really
good
question.
I
would
open
up
your
an
Adobe,
a
support
ticket
and
ask
because
they
actually
have
some
some
pretty
good
support
around
the
ETS
things
and
what
you
can
do.
F
Vpc
wise,
especially
when
it
comes
to
CNI
they've,
had
a
lot
of
issues
with
it
in
the
past.
So
we've
got
some
pretty
good
response
from
them
as
well
and
suggestions,
so
they
might
have
some
new
service
that
you
can
run
to
do
something
like
that.
But
I
don't
think
so
now
what
you
can
do
is
there's
with
eks
CTL
you've
got
security
groups
that
were
made
around
your
hosts,
so
you
could,
for
those
hosts,
put
something
in
place
and
and
tune
those
to
your
liking,
but
I.
A
Aaron's
still
around
thanks
for
sticking
around
there
and
says
that
AWS,
it's
a
feature
request
being
developed
for
the
next
release
of
eks.
So
that's
good
to
know
there
you
go
yeah,
that's
handy
thanks
for
sharing
that.
That's
always
useful,
ok
and
with
that
I
think
we
have
time,
for
anybody.
Have
a
nagging
question
last
chance:
give
us
a
chance
to
increase
our
success
ratio
today.
A
Anybody
can
someone
asked
me
what
a
pot
is
so
I
can
get
a
one-for-one,
Bob
or
sorry
Jeff
I
need
you
to
roll
a
die
for
the
okay.
So
here's
what's
gonna
happen.
If
you
asked
a
question
today,
we've
put
you
in
the
raffle
to
give
you
two
kubernetes
t-shirts,
so
we're
gonna
pick
two
people
randomly
so
Jeff
you're
gonna
roll
a
one,
two
three.
B
B
A
A
Yeah,
so
it's
so
Enterprise
calico
has
the
feature:
okay,
yeah,
all
right
standby,
so
IG
and
Emmanuel
there
were
two
manuals
right.
One
had
double
lumps
I
might
be
mixed
up
with
someone
else,
so
I
will
PM
you
and
get
you
a
t-shirt
as
always
thanks
everyone
for
listening.
We
will
be
going
live
again
in
about
three
hours,
and
so,
if
you
have
more
questions,
we'll
have
a
totally
separate
panel,
so
fresh
fresh
set
of
eyes
to
look
at
our
problems,
but
please
do
stick
around
in
the
chat
and
continue
to
help
each
other.
A
F
Said
there
was
an
sorry:
I
have
a
quick
thing
on
the
samel
question
from
before
they
were
trying
to
actor
drug
free,
which
is
way
beyond
what
I
have
really
ever
done.
But
I
do
have
a
dr.
Taylor
I
made
a
few
years
ago,
actually
for
my
Raspberry
Pi.
That
just
is
a
simple
Samba
share,
so
you
just
feed
it
in
a
directory
that
you
want
to
share
you
host
map
it
and
then
it
shares
out
as
standard
Samba
share.