►
From YouTube: Kubernetes Office Hours 20180418
Description
Join us on the third Wednesday of every month! All experience levels: https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
Action,
yes,
so
some
combination
of
an
OBS
update,
but
it's
okay,
we're
good
we're
good
thanks
everyone
for
sticking
around.
Let's
do
this!
So
let's
welcome
to
the
monthly
kubernetes
office
hours
where
a
third
Wednesday
of
every
month.
We
take
a
bunch
of
user
questions
from
you
and
slack
and
we
answer
them
as
best
we
can.
So,
let's
go
into
intros
real
quick
whoo
yeah
go
ahead,
go
ahead!
Hi.
B
A
I'm
Jorge
Castro
I
work
a
hefty,
oh
and
I
will
be
your
host
for
today,
thanks
for
everyone
for
sticking
around.
Despite
our
technical
problems,
you
can
help
us
out
by
reading
the
word
or
thinking,
questions
or
things
that
you've
always
wondered
about
kubernetes.
So
before
we
start,
we
have
a
few
ground
rules
here.
This
is
a
judgment-free
zone.
A
So
if
someone
asks
a
question
that
you
feel
is
a
little
bit
too
easy
or
something
like
that,
remember,
we
all
had
to
start
from
somewhere,
so
we're
trying
to
build
like
a
very
supportive
environment
here,
the
office
iris
channel.
So
please
help
us
out
in
that
regard,
we
will
do
our
best
to
answer
your
questions,
but
do
remember
that
it's
you
know,
Bob
can't
necessarily
ssh
to
your
cluster
and
things
like
that.
A
So
there
are
some
things
that
are
just
plain
unanswerable,
so
in
that
cases
will
give
you
either
generic
advice
or
links
to
documentation
or
a
sig
where
you
can
go
get
help
so
hopefully,
even
if
we
can't
fix
your
very
specific
problem,
we
can
at
least
give
you
a
place
to
go
audience.
You
can
help
us
out
by
tossing
in
URLs
to
documentation
or
interesting
blog
post.
So
someone
else
asks
a
question.
You
can
always
help
us
out
by
using
your
Google
skills
to
help
bring
as
much
information
into
the
channel
as
possible.
A
All
of
these
sessions
are
recorded
and
available
on
YouTube,
so
if
you're
using
this
for
work
or
for
your
team
or
something
like
that,
let
us
know
because
we're
always
striving
to
make
the
live
stream
better,
like
by
maybe
testing
the
audio
of
the
day.
Before.
There's
this,
whether
there's
a
software
update,
I,
don't
know,
maybe.
A
If
you
want
to
sit
on
this
panel,
if
you're
an
expert
and
want
to
come
in
and
contribute,
it's
a
great
way
to
get
started,
contributing
to
kubernetes
as
well
as
is
helping
other
people's
always
a
lot
of
fun.
We
tossed
in
the
bit
to
the
notes
int
into
the
channel
itself,
so
you
want
to
help
write
stuff
down,
feel
free
and
we're
always
looking
for
marketing
help.
A
So
if
you
can
help
tweet
this
or
tell
a
friend
or
post
about
it
on
reddit
or
anything,
any
any
kind
of
useful
thing
that
helps
us
spread
the
word
to
get
more
people
here,
the
better
off
we'll
be
and
soon
we'll
be
holding
raffles
for
t-shirts,
and
things
like
that.
As
soon
as
I
sort
out
my
teacher
code
problem,
so
I
will
be
giving
out
a
lot
of
where's.
My
kubernetes
spinor
I
have
one
here
somewhere,
so
we'll
be
giving
out
a
lot
of
cool
swag
like
that.
A
Lastly,
there's
one
and
lastly
feel
free
to
always
just
hang
out
hache
office
hours
throughout
the
throughout
the
month.
I
know,
Bob
and
Jeff
are
working,
have
been
collating
questions
throughout
the
month.
So,
even
if
even
if
it's
not
a
live
stream,
you
can
still
get
a
get
a
question
in
there
and
you
can
ping
Jeff
about
about
starting
a
slack
bot.
So
we
can
have
a
cool
queue
thing
so
with
that
21
after
let's
get
started.
A
E
A
A
Starting
with
Nick
Nick
asks
question
we're
looking
at
GCE
now,
rather
than
on-prem.
That
means
a
bunch
of
our
internal
services.
A
dashboard,
Prometheus
kevanna
will
all
have
ingress
and
be
available
publicly.
This
is
obviously
bad,
so
looking
into
authentication,
we
can
do
this
via
LDAP
or
also
Google,
both
the
open,
ID
I'm,
looking
at
tools
like
github
comm,
slash,
bitly,
/o
auth,
to
underscore
proxy
to
pikal
suggestions,
or
to
run
this
as
a
sidecar
alongside
the
dashboard,
previous
etc,
and
then
having
guys
talked
to
the
oauth2
proxy,
which
will
bounce
to
Google
for
authentication.
C
So
I
know
in
the
past
one
of
the
ways
that
Bob
and
I
handled
it
was.
You
would
actually
just
set
up
a
VPN
in
the
cluster
and
then
VPN
to
get
to
internal
services.
That
way
so
you're
not
dealing
with
any
like
weird
redirect
stuff
or
auth.
But
that
also
is
a
bunch
more
set
up
and
you're
dealing
with
networking.
So
we
can
keep
CL
proxy
yeah
yeah.
D
E
People
use
like
as
in
sort
of
in
between
the
a
VPN
and
something
else,
could
be
a
socks
proxy,
so
UD
was
like
yeah.
We
did
that
for
a
while
and
I
think
we
sort
of
still
use
it
for
some
cases,
but
we
ended
up
having
a
custom
ingress
controller.
That
essentially
has
this
sort
of
admin
route
which
takes
you
told
me:
you
cost
the
services.
D
Can
do
IP
vite
listing
like
on
a
CIDR
and
again
IP
range,
even
vis,
the
nginx
ingress
controller,
that's
what
we
do
for
some
companies
and
also
for
our
own
VPN.
But
then
you
need
to
have
like
a
fixed
IP
range
where
you
come
from,
you
might
do
like
an
internal
internal
load
balancer
or
something
that
is
just
going
to
some
network
that
you
know
there.
C
Is
I
haven't
used
this,
so
this
is
one
of
those
research
it
more,
but
CN
CF
is
looking
at
sandboxing
project
called
telepresence
and
then
does
allow
remote
access
to
services
within
a
kubernetes
cluster
securely
as
well,
but
that's
more
developer
oriented,
not
necessarily
what
you're
going
to
use
to
get
to
like
Griffin
or
what,
but
it
could
serve
as
the
same
thing.
There.
D
A
And
one
thing
so
check
out
those
resources,
Nick
and
then
feel
free
to
post
follow-up
questions.
We
do
enjoy
coming
back
to
topics
as
we
get
time
for
them.
So
moving
on
Mira,
Lana,
Morales,
I,
don't
know
sorry,
IVA
says:
question
I
have
a
github
repo
with
a
bunch
of
yeah,
moles
and
I
use
a
make
file
to
apply
them
to
my
clusters
or
any
tool
to
help
of
that,
or
is
a
good
ol
make
file
enough?
Do
you
guys
have
any
recommendations
on
how
to
manage
the
files
yeah.
A
E
E
Yeah,
it's
just
saying
it's
one
of
my
favorite
questions
of
the
best
place.
I've
worked
on
the
project,
which
is
you
know,
personal
project
with
this
at
this
point
of
time,
we're
not
using
this
internally,
but
something
you
might
want
to
take
a
look
at
it's
inspired
by
JSON,
oh
by
the
way
JSON.
It
has
probably
another
option.
You
probably
want
to
look
at
actually
don't
look
at
JSON.
It
look
at
case
on
it,
yeah,
so
yeah
and
like
but
I
mean
this
case
on
it.
E
One
of
the
things
that
you
have
to
do
is
the
syntax.
That's
something
you're
unhappy
with
take
a
look
at
the
project
of
mine,
which
is
cute
Jen,
I'll,
post
that
and
slide
from
entirely
they're
used
to
too
much.
You
write
your
configuration
and
Jason's
or
Yama,
whichever
one
is
effect
and
any
people
has
to
to
invent
some
basic
you
reusability
at
this
one
time
it's
a
very
experimental
personal
project.
E
So
this
is,
like
you
know,
a
very
sophisticated
use
case
you
might
want
to
take
them
ahead,
k
sonic
instead,
obviously
another
option
for
a
lot
of
people
had
been
pal.
Sorry
being
right,
but
how
doesn't
simply
introduce
his
way
for
you
to
manage?
You
know,
duplication
in
your
in
your
configuration.
How
introduces
a
whole
bunch
of
other
things
so
hopefully
was
how
three
there
may
be
some
changes
to
how
how
that
happens
right.
This
is
the
moment.
E
E
A
A
Thanks
well
you're
welcome.
Alright.
Moving
on,
let's
see
Bavarian
bidi
asks
question.
We
apply
multiple
pods
with
requests
on
CPUs.
We
also
see
the
reservation
via
cube
state
metrics
when
we
stop
these
pods,
but
the
reserved,
CPUs
and
use
for
around
five
minutes.
When
we
try
to
deploy
new
pods
with
CPU
requests,
we
see
in
the
log
files
insufficient
CPU
available,
which
component
handles
CPU
usage
eviction,
managers
configured
to
handle
memory
and
image
FS.
B
C
D
B
D
C
A
C
A
D
A
A
A
A
A
Okay,
I
get
it
all
right:
I'm,
just
old
all
right,
hi
I've
been
trying
to
run
a
kubernetes
on
arm
set
up
three
raspberry
PI's
raspbian
for
a
while,
but
I'm
having
running
a
lot
of
problems
with
weave.
Whenever
I
launch
the
weave
containers
they
fall
into
crash
loops.
Can
anyone
help
I
know
someone
hi.
C
C
C
So
I
wound
up
writing
an
initializer,
so
first
off
do
like
cube
CTL
get
pods
in
I
think
they
install
in
that
like
cube
system
namespace
and
then
see
what
the
container
images.
If
you
look
on
docker
hub
for
that
container,
there's
gonna
be
a
bunch
of
tags
and
some
of
them
are
gonna,
say
arm
64,
that's
a
quick
way
to
look.
I
wound
up
writing
a
an
initializer
for
my
home
lab
because
I
have
both
x86
and
arm
servers
and
I
set
it
up.
C
So
the
initializer
looks
to
see
if
there
is
an
annotation
on
a
deployment
and
if
there
is
an
annotation
that
says,
use
this
for
arm.
64
use
this
for
x86
it'll
actually
deploy
everything
across
a
cluster
regardless
of
the
architecture.
So
that's
how
I
solve
that
problem,
but
I
know
there.
We've
containers
for.
C
B
A
A
C
F
F
E
A
B
E
E
F
E
Knows
that
those
are
supposed
to
be
synchronized
right,
the
admin
of
that
would
be
potentially
the
same
as
the
other,
so
you
could
simply
call
that
URL.
If
you
I
mean
if
you
substitute
that
cube
kernel
version.
Essentially,
you
could
say
just
version
of
your
like
just
the
dimension
string
in
you
could
do
like
also
evidence
like
curl
that,
because
you
don't
have
to
do
that
whole
thing,
you
could.
A
E
E
Yeah,
maybe
you
could
take
a
look
at
what
what
does
keep
could
all
describe
odds
for
one
of
the
pods
look
like
to
start
with.
That
seems
like
like
a
good
option
to
take
a
look
at
and,
and
maybe
we
would
see
from
there
and
also
we
could
probably
look
at
Lots,
because
what
I
know
happens
sometimes
is
that
some
people
need
to
override
the
people
Somnath
yeah.
So
if
you
could
post
the
output
of
describe
and
if
you
can
grab
a
log
from
one
of
the
parts
of
they'll,
be
very
helpful.
F
A
E
B
A
We'll
move
on
in
the
meantime,
while
he's
well
he's
digging
through
logs
I
cattles,
ask
question:
we
sometimes
see
issues
with
health
checks,
failing
on
pods
for
various
different
reasons,
mainly
connection
refused
that
this
happens
on
our
own
applications,
but
also
our
ingress
controller
and
some
cubes
system
pods.
We
often
think
this
is
due
to
a
lack
of
resources,
but
our
metrics
don't
indicate
this
to
be
a
problem
for
some
context.
We
run
to
dual
CPU
eight
Ram
nodes
that
are
usually
around
75
to
80%
ram
usage
and
very
little
CPU
usage.
A
B
B
D
A
A
D
B
B
D
D
B
B
E
E
D
A
A
D
A
A
D
A
A
D
A
A
A
E
Just
seems
like
one
one
we've
met
pod
has
started,
but
the
other
two
having
issues
looks
like
yeah
and
then
the
company
came
in
first,
the
mostly
capital
get
calls
out
namespaces
with
an
output
equals
wide
as
well,
then
we
could
see
node
names
come
on
as
well.
That
would
help
and
yeah
definitely
looks
like
one
of
the
pods
is
happy.
E
A
D
C
A
Yeah
I
love
learning
about
all
the
little
tools
like
this.
That's
like
part
of
the
reason,
I
started
this
it's
just
people's
github
stuff,
as
always,
is
always
useful
plenty
of
time
for
more
questions.
We
can
officially
end
at
seven
minutes,
but
if
no
one's
timed
on
it,
we
can
go
a
little
bit
longer
depending
on
questions
on
in
people's
try.
A
A
B
A
B
D
Running
peers,
peace
since
1/9
and
also
in
110-
and
he
also
self
hosts
the
components
beside
skip
but
didn't
have
this
issue
yet
I
had
that
had
at
once
that
I
didn't
see
the
the
controller
manage
of
once,
but
there
was
just
for
like
if
it's
restarting
and
between
you,
you
won't
see
it.
Sometimes
some
brace
conditions
really
yeah.
B
D
B
A
So
I
have
a
question
for
the
group.
Looking
at
kubernetes
users
someone's
asking
hello
I'm,
trying
to
understand
the
resource
limits
for
CPU
and
nodes
having
a
limit
CPU
:
one.
You
know
in
the
yamo
what
this
limit
only
nodes
I
have
one
CPU
for
example,
and
then
the
answer
is
one
corpora
source
right.
B
F
A
B
D
A
B
A
A
So,
thanks
to
the
following
companies
for
supporting
the
community
wood
developer
volunteers,
Amazon
bitNami,
Giants
arm
hefty,
a
liquid
web
Northwestern
Mutual
packet,
dotnet,
pivotal
Red
Hat,
we've
works,
University
of
Michigan
and
VMware
soon,
we'll
be
holding
raffles
and
things
like
that
for
sure.
We'll
have
a
raffle
at
cube,
Cod
I
think
during
the
live
office
hours
so
we'll
be
having
a
panel
similar
to
this
during
coop
con.
If
you're
going
to
Copenhagen
it's
on
Friday
I
want
to
say
around
noon,
check
the
schedule
noon.
A
Okay,
so
we'll
be
having
a
similar
thing
with
I
just
have
a
microphone.
You
can
ask
your
question
and
then
wonderful
people
will
will
answer.
Your
questions
also
make
sure
you
check
the
schedule
for
cube
con.
There's
a
lot
of
workshops
of
things
happening
on
the
Monday,
so
I'm
planning
on
being
there
all
week
and
you
can
catch
any
of
us.
Any
of
us
there,
everyone
here
is
going
to
keep
trying,
except
for
Jeff,
so
you
miss
out
on
Jeff,
but
that's
okay,
he'll
be
in
Seattle
for
sure
right,
yep.
Oh
definitely.