►
From YouTube: Kubernetes Office Hours 20190320
Description
Office Hours is a live stream where we answer live questions about Kubernetes from users on the YouTube channel. Office hours are a regularly scheduled meeting where people can bring topics to discuss with the greater community. They are great for answering questions, getting feedback on how you’re using Kubernetes, or to just passively learn by following along.
For more info: https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
C
A
A
A
So
the
way
this
works
is
we
hang
out
office
hours
on
the
kubernetes
slack,
and
then
we
take
all
your
questions
that
you've
been
asking
throughout
the
week
and
we
answer
them
in
as
much
time
as
we
can.
So
with
that
we
have
a
new
guest
panelist
on
everything,
so
everybody
introduce
yourselves.
We
will
go
Jeff,
Bob,
Ilya
and
Chris.
B
C
Hi,
my
name
is
Bob
Dylan
I,
also
work
for
the
University
of
Michigan
and
generally
share
an
office
with
Jeff
potato
were
both
working
from
home.
I
am
a
research
cloud
administer
and
I
get
to
play
with
kubernetes
on-prem
and
do
all
sorts
of
crazy
fun
things
with
Federation,
networking
and
other
crazy
stuff.
D
Hey
folks,
I'm
idea
from
London
Berkley
for
beep
works
and
I've
been
working
on
various
things
back
in
the
day.
Cubed
men,
these
days,
cluster,
API
and
DTS
control
and
the
eks
control
is
kind
of
my
main
project
at
the
moment,
but
happy
to
talk
about
all
the
things,
including
networking
and
adults.
Potentially
thanks.
E
Good
sense,
you
know
so:
I'm
gonna
go
I'm
Chris
from
the
from
the
City
of
Ottawa.
I
am
the
resident
communities
a
min
I'm
CK.
A
my
title
is
intermediate
developer
integrator
I
work
with
team
lead
with
their
tops
and
mops
initiative
here
and
I've,
been
working
with
remedies
professionally
for
the
last
year
and
a
half
and
fiddling
with
it
for
about
the
last
beers
awesome.
So
if
people
have
questions
about
the
CK,
a
happy
to
answer
need.
A
To
ask
them
I
asked
it
all
right.
So,
let's,
let's
go
over
habits,
get
started
before.
We
start,
though,
I
like
to
thank
Giants
warm
stock,
ex
packet,
twitch
or
calm
Red
Hat,
Samsung
SDS,
we've
works,
VMware,
Xing,
Huawei,
the
University
of
Michigan
and
the
City
of
Ottawa
Ontario
Canada
for
allowing
their
engineers
to
answer
user
questions
today.
So
here
the
ground
rules,
you're
gonna,
hang
out
in
hash
office
hours
in
the
kubernetes
slackly.
You
are.
Those
are
you
watching
on
youtube?
The
URL
is
below
here
and
just
ask
whatever
chronic
questions.
A
Remember
this
is
a
judgment-free
zone.
The
code
of
conduct
is
in
effect,
so
please
keep
it
classy.
We
all
had
to
start
from
somewhere.
So
there
are
no
dumb
questions
to
just
ask
them.
We
will
do
our
best
to
answer
your
questions,
but
the
panel
doesn't
have
access
to
your
cluster,
so
logged
about
debugging
questions
are
kind
of
off
topic,
but
we'll
do
our
best
to
like
try
to
get
you
going
in
the
right
direction.
Panelists
you're
encouraged
to
expand
on
your
answers
with
your
experiences
and
pro
tips
and
things
like
that
and
audience.
A
You
can
help
out
by
pasting
URLs
to
like
Doc's
blogs
or
things
on
github
that
you
find
interesting.
One
of
the
best
part
about
this
is
the
stream
of
URLs
that's
happening
while
we're
discussing
a
certain
topic
that
makes
it
really
useful
for
us
and
what
we
started
to
do
is
collecting
those
URLs
and
we
whack
them
in
the
discus
thread
so
that
we
have
that
as
a
resource
for
the
community.
Each
one
of
these
sessions
is
available
on
YouTube.
A
We
have
one
now
and
then
we'll
have
one
in
about
six
hours
for
the
west
coast
of
the
US,
to
kind
of
try
to
give
us
world
coverage,
and
if
you
want
to
sit
in
on
this
panel,
it's
a
great
way
to
get
back
to
the
community.
The
commitment
is
one
hour
a
month.
You
don't
even
have
to
show
up
every
time
you
can
alternate
with
someone.
So
as
you're
available,
we
would
love
to
have
you
we're
always
looking
for
help.
A
So
if
you
see
that
tweet
of
the
office
hours
in
the
channel,
if
you
could
scroll
up
a
little
bit,
help
us
out
by
retweeting
that
sharing
the
word,
that
would
really
help
us
out
and
of
course
my
favorite
is
when
people
bring
co-workers
and
stuff
like
that,
feel
free
to
watch
this
during
your
little
I,
don't
know
stuff
your
manager
makes
you
do
might
as
well
know
you
know.
So,
with
that.
The
final
thanks
is
going
to
go
to
Google
for
sponsoring
our
t-shirt
giveaway.
A
So
what
we
will
do
is,
as
you
ask
questions
the
bots
like
Geoffrey
will
start
to
keep
track
of
who's,
asking
questions
and
at
the
end
we
will
do
a
raffle,
that's
guaranteed
to
be
random
and
you
will
win
a
kubernetes
t-shirt
that
you
can
redeem
at
the
CNC
app
store
and
with
that
chat,
how
are
you
all
feeling
today
say
hello?
How
do
we
sound?
Hopefully
we
sound
good
and
what
is.
A
Know
when
that
is
missing,
you
really
can
tell
yeah.
So
with
that
we're
gonna
get
to
our
first
question.
Those
of
you
who
are
listening,
there's
a
little
bit
of
a
delay,
feel
free
to
just
start
typing
your
questions
and
chat,
and
then
we
will
get
to
them
and
queue
them
up.
I
do
I
do
want
to
mention
the
get
apps
questions.
I
know,
that's
a
westcoast
one
well
well,
I
think
that
one
third
or
something
that'll
give
Ilia
chance
to
drink
more
coffee.
A
So
the
first
question
comes
from
Zanna,
see
I,
hope,
I,
hope,
I,
don't
butcher
that
too
much.
What
is
the
best
practice
to
deal
with
the
auto
sidecar
injection
mess,
for
example,
sidecar
upgrade
downgrade
rename
and
operator
multiple,
auto
sidecar,
injector
handling,
etc.
Any
recommended
article
for
this
would
be
appreciated.
We
have
any
tips.
E
I've
been
dealt
too
much
with
the
sidecar
stuff,
but
there
is
the
article
I'm
from
I
found
it
a
little
earlier
from
the
Dan
woods
who
works
over
at
Target,
and
he
did
a
nice
little
write-up
of
his
there
Casca
installation
and
how
they
dealt
with
sight,
cars
and
clusters.
He
touched
on
that
and
how
he
had
some
reservations
about
side
cars,
but
how
he
thinks
they're
very
beneficial.
So
that
will
be
awesome
like
that.
C
And
we're
not
really
using
any
injector
stuff
right
now,
we've
played
around
with
it
a
little
bit,
but
really
it's
you
know
you
upgrade
the
operator
and
then
you
push
it
out.
We
haven't
had
like
at
least
in
playing
around
with
it.
I
haven't
had
too
many
problems,
mm-hmm.
A
And
then
it
was
just
all
about
his
coffee
right
now,
all
right
next
question
comes
from
max
guy.
Thanks
for
joining
us
says
pulling
large
docker
images
can
be
time-consuming.
Is
there
a
good
way
to
preload
certain
docker
images
and
avoid
the
garbage
collection
to
clean
them
up
to
accelerate
a
pod
start
so.
B
It
kind
of
depends
on
like
the
application.
You're
deploying,
for
example,
like
Jupiter
hub
actually
has
this
pre
polar
process,
that
is
a
daemon
set,
runs
across
your
cluster
and
will
automatically
pre
pull
notebook
images.
So
that
way
when
the
notebook
starts
and
the
image
is
already
there,
but
again
that's
that's
built
into
Jupiter
hubs
deployment
itself,
so
you
would
probably
have
to
like
build
some
sort
of
daemon
set
yourself
that
will
pre
pull
images
that
you
are
going
to
grab
and
then
also
have
some
sort
of
lifecycle
hooks.
C
C
C
E
C
We
have
not
yet
okay
like
oh,
the
other
thing
is:
there's
some
work
being
done
where
you'll?
Well,
hopefully,
you
know
this
year
be
able
to
mount
layers
off
a
shared
file
system.
So
if
you
pre
cache
large
images
to
like
NFS
or
something
like
that,
you
can
then
like
just
grab
this
or
a
dip
on
top
mm-hmm.
A
E
A
A
A
A
D
Seems
like
a
great
idea:
yeah
I
was
like
some
abused
with
myself,
yet
I've
used,
Alpine,
Plenty
and
I,
usually
use
multistage,
builds
and
like
a
built
container
and
then
a
target
container
that
wouldn't
have
like
the
package
manager
in
it
and
then
I
used
from
scratch
and
copy
began
at
the
target
container,
where
I
staged
everything
into
the
actual
final
container.
So
no
show
some
examples,
but
happy
producing
is.
A
Alright,
well,
that's
good
to
know
all
right
anything
else
on
images
before
we
move
on
those
of
you
that
are
just
listening
in
feel
free
to
just
start
asking
questions
in
the
channel
that's
office
hours
on
the
kubernetes
slack.
You
should
see
the
address
below
if
you're
listening
in
on
the
YouTube
thanks
everyone
for
joining
us
today,
we
are
moving
on
to
our
next
question,
and
my
am
I
doing
these.
These
really
simple
ones
here,
Bob.
A
There
we
go.
Thank
you
here
we
go
so
Nick
who's
joined
us
live.
So
let's
take
some
time
here
on
this
one
says
thoughts
on
get
ops.
Anyone
do
it.
Anyone
experience
any
drawbacks.
I
want
to
talk
about
this
a
little
bit
because
he
also
goes
on
to
say
this
essentially
means
having
in
cluster
code
our
echo,
CD,
etc,
which
monitors
for
good
events
and
pulls
in
changes
rather
than
additional
push
approach
from
external
pipelines,
and
then
we
did
get
a
ping
from
the
agro
folks
who
I
think
are
gonna.
A
D
One
pretty
good
blog
post
that
go
down,
so
this
question
is
actually
one
that
I
wrote
a
couple
months
ago.
Pretty
much
answered
that
question
so
I'd
be
from
slightly
different
perspective
right.
So
what
is
it
that
you
get
from
get-ups
that
you
don't
get
if
you
do
what
we
call
CI
ops
right?
So
if
you,
if
you
are
pushing
from
some
kind
of
CI
pipeline
into
a
cluster,
what
are
the
downsides
versus,
usually
loves,
and
obviously
I
mean
you.
The
question
is
the
other
way
around.
What
are
the
downsides?
D
Get
out
and
I
know
very
few.
To
be
honest.
So,
essentially,
if
you
are
to
push
from
like
a
CI
job
into
your
cluster,
what
you'll
get
is
like
I
mean
you'll
need
to
make
sure
that
that's
the
particular
CI
job
has
access
to
a
particular
cluster
that
you
want
to
push
into
right.
So
you
have
to
you
have
to
configure
that
somehow
you
need
to
provision
correct
credentials
for
that
and
I
need
to
maintain
those
credentials.
And
what,
if
you
have
multiple
clusters,
for
example?
D
D
Also,
because
now
you
have
to
kind
of
run,
builds
everywhere
right
and
if
you
do
that,
that's
that's
kind
of
a
magic
challenge,
because
you
can't
quite
roll
out
existing
artifacts
and
all
these
sort
of
artifacts
are
gonna
end
up
slightly
little
just
a
little
bit
different
in
in
every
single
cluster,
because
they're
built
separately-
and
you
know
you
have
to
like
design
that
with
a
lot
of
care,
basically
and
you'd
eventually
arrive
at
something.
That
is
a
bit
like
get-ups.
And
why
don't
you?
A
D
Applause,
customized
I'm
not
familiar
with
our
ago.
To
be
honest,
we
you
know,
we
wrote
our
own
and
get-ups
operator
called
the
flux
and
it
is
somewhat
familiar,
but
it's
quite
different,
and
so
you
could.
You
could
use
flux,
voice
customize,
but
customize
stage
would
have
to
run
before
you
check
what
customized
outputs.
So
you
would
have
to
have
some
kind
of
a
pre-commit
hook
or
something
like
that
and
check
and
generated
code
by
customize
and
pass
that
on
to
flux.
D
D
A
D
D
Well,
it's
not
been
activated,
it
hasn't
been
actively
maintained
for
a
little
while,
so
so
we're
trying
to
figure
out
what
to
do
about
that.
There
are
a
few
alternatives
that
came
out
recently
that
we
are
also
looking
into
so
cigarettes
are
one
of
the
challenges.
So,
if
you're,
if
you
don't
have
a
solution
for
cigarettes
like
if
you
don't
have
vault
or
something
of
that
sort,
you'd
probably
be
looking
to
check
in
secrets
and
get
in
a
secure
way.
D
So
you
will
look
in
to
do
something
like
check
encrypted
secrets
into
guests
and
one
have
something
in
your
Pacific
decrypted
and
that's
good
physical
to
us,
but
yeah
there
are.
There
are
few
challenges
with
the
secrets
project
at
the
moment
and
it
still
still
unclear
to
people
what's
the
best
solution
there
and
there
are
a
few
new
different
style
solutions
on
the
market
such
as
wolf
is
one
of
them.
Right
is,
unfortunately,
a
pretty
large
thing
to
buy
into
so
you
have
to
kind
of
like
have
this
whole
thing.
C
Like
you,
tickle
pops
yep,
thank
you.
So
one
thing
regarding
like
running
vault
and
all
that
one
model
that
we've
seen
in
like
we've
adopted
personally,
is
that
you
wind
up
with
sort
of
the
services
cluster
or
this
other
cluster,
that
sort
of
houses,
those
things
and
you
have
very,
very
restricted
access
to
that.
And
then
your
other
services
can
just
you
know
essentially
talk
to
that.
Although
that
does
sort
of
become
your
single
point
of
failure
for
a
lot
of
things.
C
D
Yeah,
certainly
like
and
there's
no
I
mean
it's
like
it's
hard
to
imagine
the
organization
which
would
be
using
vault
and
just
single
kubernetes
cluster.
They
may
be
using
Walt
and
a
single
kubernetes
cluster,
plus
some
other
things
that
are
not
on
kubernetes,
but
yeah.
Walt
is
kind
of
a
big
thing
where
you'd
be
probably
looking
to
run,
both
in
context
of
like
multiple
clusters
or
multiple
different
environments.
D
D
So
that
is.
That
is
something
you
can
do.
However,
there
is,
you
know
very
low
level,
and
then
how
is
something
that
people
use-
or
you
know,
bundling
things
together
into
packages
charts
and
we
do
support
how
in
flux
or
not,
everybody
is
a
big
fan
of
helm
and
there
are
various
downsides
to
using
it,
such
as
until
hang
three
the
security
of
your
clusters
kind
of
come
from
compromise,
because
home
has
to
have
access
to
everything.
Your
restrict
problems.
Access,
if
you
view,
are
the
challenges
that
detect.
So
you
know
so
you
mentioned
customize.
D
So
that's
that's
one
of
the
thing
and
customized
has
emergence
fairly
recently.
So
for
some
people
is
still
a
learning
challenge
and
there
are
some
things
that
customize
kind
of
do,
for
example,
customize
doesn't
do
arrays
and
such
things,
and
it
has
seven
capabilities
around
some
special
cases
around
arrays.
But
generally
then
quite
let
you
like
do
everything
that
you
could
possibly
imagine
if
you
had
a
full
language
to
your
disposal,
because
it's
a
sort
of
a
a
well,
it's,
not
a
language,
really
right.
It's
just
a
way
of
overlaying
some
configurations.
D
So
there
are
challenges
with
that
and
some
of
us
been
looking
at
using
javascript
and
dark,
squid,
potentially
or
just
general
programming
languages
for
for
dealing
with
configuration,
and
you
know
basically
using
power
of
a
full-blown
language
to
to
generate
configuration
instead
of
somehow
managing
Gamal
and
finding
clever
ways
of
managing
yellow
Jason.
Okay,.
A
So
mix
posted
a
link
to
that
see,
Rd
issue
and
you've
posted
the
blog
post,
so
we're
gonna,
let
let
let
make
you
know,
you're
kind
of
consumed
these
things
and
then
we'll
get
back
to
you.
So
we
can
hit
some
more
questions.
So
the
next
question
is
going
to
be
from
Jose
Luis,
Castellanos,
I,
hope
I
got
that
right.
Any
advice
on
multi-site
kate's
deployment
site
one
is
a
production
site
in
site
to
the
passive
site.
That's
the
way
we
wanted.
I
think
this
is
you
okay,.
C
I,
don't
know
if
Federation
wouldn't
exactly
cover
this,
although
you
can
set
your
your
weights
and
things
like
that
on
for
multiple
clusters.
That
way
it's
just
like
when
you
deploy
something
things
will
deploy
to
your
primary
cluster
or
you
can
have
a
certain
amount
of
them
deployed
between
the
two
clusters.
C
If
you
have
sort
of
an
active/passive
scenario,
that
might
not
be
the
best
thing
if
you
are
like,
are
you
running
you're
sort
of
passive
cluster
as
an
exact
copy
of
your
other
one,
or
is
it
like
sort
of
under
sized
and
we'll
spin
things
up
or
completely
failover
to
it?
If
the
other
cluster
goes
down.
A
Alright,
so
Jose
feel
free
to
this
goes
for
any
of
you
when
you're
asking
questions
feel
free
to
just
respond
back
with
more
details.
If
you
feel
that
the
we
didn't
quite
answer
your
question
so
we'll
give
him
a
quick
minute
to
type
while
we
get
to
th
walkie
asks
how
much
demand
is
there
for
ipv6
in
the
kubernetes
community
how
massive
of
the
changes
that
went
in
lands?
If
I'm
not
mistaken,
it
was
slated
for
1.9
and
is
currently
pushed
back
to
1.14
any
track
of
this
one
honestly.
C
There
really
isn't
that
much
most
of
the
demand
is
coming
from
groups
like
telcos
and
I
know
some
of
the
cloud
providers
themselves
are
interested
in
this,
but
most
users
that
I've
interacted
with
already
been
really
thinking
about
it
and
their
clusters
will
work
just
fine
in
ipv4.
They
aren't
looking
to
you
advertise
sort
of.
You
know
ipv6,
like
externally,
into
the
club
like
that.
Well,
they
don't
want
to
advertise
stuff
I'm
enjoying
a
cluster
outside
of
cluster
via
ipv6.
B
A
A
A
Because
you'll
probably
find
a
bunch
of
people
that
share
your
use
case,
so
that's
always
useful.
So
thanks
for
the
question
moving
on
to
Daniel,
why
is
Alpine?
Consider
not
secure
which
base
image
is
the
first
choice
from
a
security
perspective.
What
are
recommended
security
policies,
eg,
locking
Ducker
docker
hub
access
inside
organizations
to
keep
kubernetes
clusters
secure
and
safe
I
know
that
last
ones
bit
of
a.
A
A
E
C
A
E
E
A
A
A
So
and
then
he
goes
on
to
ask
which
base
image
is
the
first
choice
terms
of
security
perspective,
what
are
recommended
security
policies?
So
let's
just
talk
about
images,
real
quick!
Do
you
do
you
all
have
a
preferred
one
max
guy
says
he
likes
from
scratch
is
amazing,
where
you
can
get
away
with
it.
We
talked
a
little
bit
about
this
troilus
containers
earlier,
which
basically
is
like
from
golang,
and
then
it
just
like
Nick
says
I
would
have
thought
of
generally
secure.
A
E
C
Let's
see
regarding
that
specific
post,
I
think
like
that's
mostly
it
like,
if
you're
using
someone
else's
container
built
off
Alpine
like
for
us
it'd,
be
easy
to
you
like
internally,
and
so,
if
our
base
images
are
based
off,
Alpine
it'd
be
easy
for
us
just
to
increment.
You
know
to
the
next
version,
but
you
might
not
know
what
so
on
upstream,
like
you're,
pulling
like
the
nginx
wonders,
know
that
it's
it's
built
off
of
and.
A
How
many
are
you,
how
many
of
you
are
doing
so
sort
of
left,
egress
filtering
like
in
production,
egress
filtering
yeah,
like
kind
of
disconnected
operation
yeah
that
kind
of
enterprise
style
where
it's
like?
It
makes
it
really
hard
for
anything
to
actually
ever
hit
the
internet,
but
it
was
a
common
practice
in,
like
larger
I
know,.
A
A
Okay
looks
like
the
CRD
discussion.
Hopefully
that
answers
your
question.
Keep
on
asking
follow-up
questions,
I,
think
that
will
make
it
that
will
make
it
easier
to
kind
of
tease
out
the
question
into
a
bunch
of
easier
to
digest
sub
questions.
Other
thing
that
Daniel
did
mention,
though,
an
organization
to
keep
kubernetes
cluster
secure
and
safe
I
do
want
to
mention
that
keeping
up
with
the
upstream
versions
is
important,
because
over
the
last
six
months
now,
as
kubernetes
is
getting
more
battle-tested,
the
amount
of
seed
means
I.
A
Think
this
past
year
has
been
a
lot
more
than
usual,
so
people
are
using
it.
People
are
banging
it
up.
So
it's
probably
not
more
important
to
keep
your
version
up
to
date
and
then
we
we
post
it
in
links
to
Claire
and
harbor
there
for
those
of
you
that
when
I
check
those
out
just
kind
of
paste
it
in
the
link
with
the
sig
networking
status
and
that
should
help
find
out
a
little
bit
more
about
the
ipv6
status.
A
A
C
A
A
C
You
could
you
say,
get
ups
operator
to
sync
clusters
together.
The
hard
part
would
just
be
you
know,
sinking
any
sort
of
stateful
data,
that's
existing
between
the
two
yeah
and
how
like
how
you
manage
the
failover
of
like
cluster
ingress.
You
know
that's
going
to
be
highly
dependent
on
what
you're
doing.
Okay.
A
Okay,
so
we're
caught
up
in
the
live
questions
I'm
going
to
go
back
to
the
queued
up
questions.
If
you
have
more
questions,
keep
on
asking
those
they.
Hopefully
that
answered
your
question.
If
not
keep
keep
on
asking
and
then
we'll
see
what
we
can
do.
As
far
as
giving
more
details,
let's
see,
ipv6
we've.
A
B
A
So
so
everyone
just
says
gets
but
I'm
gonna
need
a
little
bit
more
detail
from
everybody,
so
so
like
how?
How
would
how
would
how
would
he
set
this
up
to
be?
You
know
your
Greenfield,
you
get
to
do
it
over
so.
B
Like
for
what
we
do
right
now,
at
least
for
a
lot
of
the
deployments
at
the
University,
we
have
a
git
repo
for
every,
like
major,
logical
application.
So,
like
Jupiter
hub,
we
have
a
repo
that
has
our
Jupiter
hub
configs,
as
well
as
our
Jupiter
hub
deployment
scripts
and
then,
whenever
we
do
a
good
or
change
something
that
will
actually
push
the
configuration
and
deployments
onto
the
kubernetes
cluster.
B
It's
targeting
now
mind
you
we're
doing
that
in
a
less
than
ideal
way,
because
we're
just
using
a
gate
lab
runner
that
we
grab
cube
cuddlin
to
keep
cuddle
apply
with.
But
that's
that's
what
works
for
us,
because
it's
not
that
complex
of
a
scenario
is
anything
testing.
Something
like
does
it
go
to
like
a
pre.
B
Just
it's:
it's
not
like
a
pre
prod
cluster
it'll,
actually
spin
it
up
locally
and
then
just
make
sure
I
mean
the
this
is
not
ideal
again.
It
makes
sure
that
it
starts
up.
It
successfully
starts
up
and
you
can
get
to
it.
It's
not
running
any
kind
of
integration,
testing
or
anything.
Okay,
but
that's
one.
C
Sort
of
comment
on
that
is
like
so
a
lot
of
our
stuff
is:
we've
carved
up
parts
of
our
clusters
and
give
them
over
to
other
groups.
So
essentially
it's
just
like.
Okay
guys.
This
is
your
responsibility.
Now
it's
sort
of
on
you
and
most
of
them
have
been
pretty
happy
with
just
you
know
they
only
have
access
to
the
git
repo
and
they
make
changes
there
and
it's
it's
also.
Just
you
know
they
understand
gitlab.
They
understand
all
this
stuff.
E
The
pattern
we're
moving
towards
like
we're
just
starting
to
set
up
our
DevOps
initiatives,
so
kind
of
onboarding
everyone
into
cubes,
so
we're
starting
with
a
repo
of
just
your
boilerplate
animal
templates
and
the
idea
would
be
to
use
like
some
form
of
get
ops.
We
haven't
chosen
the
other,
the
tools
quite
yet
for
that,
but
everything
goes
through
get
then
remove
access
to
cubes,
ETL
or
cucumber.
F
A
B
C
A
C
A
C
A
F
A
E
D
C
E
A
All
right
lots
of
great
questions,
I
feel
like
we
brought
up
up
a
policy
agent
like
three
meetings
in
a
row
which
is
fine.
Just
like
that's
interesting.
So
let's
see
here
feel
free
to
keep
on
asking
questions.
We
have
about
20
minutes
left
I'd
like
to
thank
everyone
for
joining
us.
So
far.
Here's
how
it
works.
You
hop
in
a
hash
office,
stash
hours
on
the
slack
kubernetes
on
the
kubernetes
slack.
Sorry,
the
URL
is
below
those
of
you
watching
on
YouTube
and
ask
your
questions.
A
C
B
B
A
Time
to
research
and
come
back,
it
I
see
people
typing
in
the
channel,
so
we'll
give
them
a
chance.
Tommy
ass,
hello,
guys.
What
are
the
effects
of
burning,
controlling
components
on
separated
hosts
with
no
access
to
the
pod
overlay
network?
As
far
as
I
know,
cube
cuddle,
proxy
and
cuddle
port
forward
functionality
could
be
affected
and
probably
health
checks
and
other
master
pod
communications,
but
I
can't
find
any
exact
information
regarding
this
topic.
C
A
E
D
I
mean
yeah,
it's
kind
of
common
to
make
Vanessa's
access
the
the
actual
port
network.
So
I
wonder
what
is
the
motivation
to
this
yeah
I
mean
you
you'd,
probably
be
able
to
get
away
with
something
where
you,
you
know,
only
allow
certain
things
like
full
own
access
to
the
to
the
port
network,
but
yeah
like
it.
For
example,
in
eks.
D
You
have
to
actually
add
your
BBC
subnets
to
the
to
the
EQs
cluster
itself
right,
so
you
really
have
to
have
full
access
between
control,
plane,
ND
and
the
pot,
so
I'm
not
entirely
sure
whether
you'd
be
actually
able
to.
But
there
are
probably
things
you
can
get
away
with.
There
are
certain
things
that
you
could
probe:
you
don't
don't
have
to
make
accessible.
A
And
moving
back
to
our
previous
question
max
guys
talking
about
Oh
off
to
proxy
maintained
by
Joe
speed,
who's
online,
now
welcome
Joel
to
answer
questions
and
FC
says
we
use
a
combination
of
Dex,
Kate's,
Authenticator,
Key
Club
proxy
index
to
get
per
ingress,
often
he's
tossed
some
links
in
there.
Thank
you.
We
appreciate
that.
B
So
the
behavior
is
a
lot
different,
like
the
upgrade
behavior
and
the
naming
behavior
a
deployment
with
Peavey's
is
exactly
that.
It's
going
to
deploy
X
number
of
replicas
per
what
you
say
you
want
deployed
and
it's
gonna
have
persistent
storage,
but
the
names
of
the
pods
are
going
to
be
unique
and
randomized,
whereas
a
stateful
set
will
create
X
number
of
pods
that
you
want,
but
they're
going
to
be
named
in
a
very
precise
manner.
B
Usually
it
is
0
to
n,
or
rather
0,
to
X,
and
if
you
want
to
do
like
a
rolling
upgrade
or
something
depending
on
the
upgrade
policy
that
may
require
manual
intervention
where
you
actually
have
to
go
and
manually
delete
the
pod
yourself.
Likewise,
if
you
create
a
stateful
set
with
Peavey's,
the
PVCs
will
actually
be
named
in
said
a
similar
manner
so
like
it
might
be.
You
know
stateful
set
pod
PVC
0,
so
it's
just
a
way
to
maintain
logical
state
in
kubernetes
when
you're
trying
to
not
maintain
a
state.
A
B
The
the
only
time
where
that
would
happen
is
during
those
rolling
upgrades
that
I
talked
about,
and
usually
that's
actually
in
reverse
order,
so
it
would
go
like
six
and
then
five
four,
three
two
one
until
it
got
back
to
six.
But
no,
if
it's
just
rescheduling
the
pod,
it
should
not
have
to
do
anything
with
the
other
pods
mm-hm.
B
A
Right
we're
coming
down
to
15
minutes.
That's
that's
my
reminder
for
Jeff
to
start
figuring
out
who's,
gonna
win
the
kubernetes
t-shirt.
If
you
have
any
burning
questions,
please
please
feel
free
to
just
whack
them
in
the
channel
there
and
we
will
get
to
that
and
remember.
If
we
read
your
question
online
you'll
automatically
be
entered
into
the
t-shirt
contest.
So
if
you
haven't
asked
a
question
yet
and
you're
listening
to
live
stream,
it
doesn't
hurt
to
ask
a
question.
All
right.
A
All
right
and
that's
NFS,
this
one's
interesting
Daniel
asks.
Does
anybody
know
visualization
for
kubernetes?
That
shows
how
the
different
components
are
connected.
Eg
imagine
I'll,
deploy
a
home
chart
that
has
a
service
endpoints,
pod,
storage
and
I
want
to
see
an
architecture
diagram
I
start
looking
for
like
the
kind
of
cool
manager
view.
I,
guess
I
would
call
it.
You
know
that
kind
of
shows
that
people
checked
out
the
beeps
code.
I
know
we've
discussed
an
option.
A
C
A
D
Depends
so
I
mean,
like
we've
optimized,
a
number
of
things
and,
however,
you
know
the
one
of
the
the
things
that
we
use
to
optimize
performance
was
eb
PF
and
we've
made
that
the
default
way
with
the
default
sort
of
way
to
get
the
metric
connections.
However,
there
is
an
issue
in
gk
e,
where
e
BPF
is
not
available.
There
are
many
things
that
are
not
available
in
gk
out
of
the
box
unless
you
use
Ubuntu.
D
So
that's
one
thing
there
are:
there
are
a
few
issues
with
the
performance
of
leaves
go
pop,
but
if
that's
something
that
bothers
you,
you
could
actually
use.
Well,
you
can
first
of
all,
you
can
scale
down
the
app
to
zero
and
only
scale
it
up
whenever
you
want
to
use
it,
and
so
probes
have
less
performance
issues,
it's
the
the
app
that
actually
does
the
rendering
that
that
often
hits
the
wall
like
I
mean,
as
in
it's
got
a
lot
of
work
to
do
right.
D
A
A
Yep
and
then
we
have,
we
have
two
more
questions:
okay,
first
gonna
be
from
an
array
gasps.
Is
there
any
documentation
for
bare
metal,
kubernetes
cluster
set
up
on
the
azure
cloud
provider,
just
like
this
one
here
for
AWS,
so
it
looks
like
they
are
looking
to
it
up
without
using
like
the
managed
kubernetes
right.
If
it's
anything
I,
don't
know
anything
about
this
you're
just
trying
to
find
the
question
yeah,
9:50
a.m.
A
A
C
Set
up
I
see
not
really.
A
A
And
then
Doosan
has
a
question:
what
are
the
best
practices
for
local
development
with
kubernetes
and
docker
I'm
using
telepresence
so
far
and
I
like
it?
Although
there
are
some
limitations,
Nick
wants
to
add
I.
Think
we'll
end
up
you
looking
at
scaffold.
If
we
go
down
the
route
of
customized
and
scaffold
supports
it.
Any
favorite
tools
here,
I
know
lots
of
people
like
telepresence.
D
D
A
A
B
I'm,
a
little
confused
by
that
so
like
a
container,
is
actually
the
thing
that
is
firing
off
a
job
within
itself,
because
I
wouldn't
do
that.
I
would
definitely
have
all
the
jobs
run
within
kubernetes,
because
that
makes
sure
that
it's
going
to
run
and
complete.
If
something
goes
wrong
with
the
job
within
the
container
chances
are,
that
container
is
actually
gonna
crash
and
fail,
and
then
it's
gonna
get
rescheduled
and
you
may
lose
like
any
deep,
like
debugging,
logs
or
whatnot
yeah.
A
I'm,
so
Jose
will
give
Jose
a
chance
since
he's
been
a
pretty
active
today,
so
we'll
give
him
a
chance
to
follow
up
there
if
he
has
and
then
someone's
asking
do
we
have
a
thread
for
tools
or
a
channel
on
slack.
We
definitely
have
a
thread
here.
It
is
useful,
kubernetes
tools
on
discuss
James
if
you
want
to
go
ahead
and
start
whacking
them
in
there.
That
would
be
great
this.
A
The
story
is
all
they
started
in
November,
but
there's
always
new
tools
that
you
can
share
and
you
can
help
us
revive
that
and
add
a
bunch
of
stuff
I
haven't
heard
of
this
one
come
Iser
looks
pretty
cool
and
James
says
he's
on
it.
Thank
you
all
right,
Daniel
you'll
have
the
last
question
of
the
day
and
oh
wait.
I
think
we
skipped
one
more.
There
is
a.
B
A
B
Done
that
I
would
really
suggest
stick
with
golang
look
up
cubed
builder
I.
Imagine
Bob
is
about
to
link
what
I
am
saying.
Iq
builder
was
developed
out
of
Google.
It
is
one
of
the
quote:
unquote,
sameness,
tways
of
building
an
operator
and
having
built
a
few
of
them
in
there
it's
pretty
nice.
There
are
some
limitations,
but
they
are
like
we're
talking.
Weird
edge
cases
and
the
people
that
are
working
on
queue
builder
are
fairly
receptive
to
set
edge
cases
and
fixing
them.
A
D
C
A
D
D
C
A
A
A
A
C
D
D
A
A
C
B
That's
that
almost
sounds
like
it
would
make
more
sense
to
have
it
be
like
redone
in
Argo,
just
because
I'm
like
if
a
step
in
that
pipeline
fails
are
goes,
the
thing
that's
handling
it
I'd
it
generally
I,
don't
like
building
scheduling
logic
into
an
application.
It
should
be
handled
by
something
outside
of
it.
Yeah.
A
A
Don't
think
think
we're
good
yeah
I
think
we're
good,
if
not
we'll,
we'll
go
ahead
and
answer
during
the
West
Coast.
We're
gonna
go
live
again
in
about
six
hours.
So
who
are
the
t-shirts
on
the
way
it
works
is?
If
you
show
up
live,
would
give
you
we
we
stick
you
in
a
raffle,
so
you
can
win
a
kubernetes
t-shirt.
A
Stick
around
and
I
will
PM
you
on
slack
with
a
code
that
you
can
use
on
the
CNCs
store
I'd
like
to
thank
everyone
for
joining
us
today
and
I'd
like
to
thank
Giants
hornstock
X
packet,
pusher,
comm,
Red,
Hat,
Samsung
SDS,
we've
works,
VMware,
Xing,
Huawei,
University
of
Michigan
and
the
city
of
audio
Ontario
for
letting
Chris
sit
in
with
us,
that
is
in
Canada
and
IO,
as
always.
A
special
thanks
to
Google
for
sponsoring
our
t-shirt.
Giveaways
Jose
says
thanks
guys
thanks
everyone
for
joining
who's,
drumroll
I,
put.
A
Does
Daniel?
Oh
cool
Daniel,
you've
won
the
shirt
so
that
works.
Everyone
congratulate
Daniel.
So
the
way
this
works
is
from
now
on.
What
we're
gonna
be
doing
is
scheduling
these
as
events
in
the
YouTube
channel,
so
you'll
be
able
to
set
a
reminder
for
the
specific
session
and
things
like
that
and
what
we're
gonna
start
to
do
start
tweeting
these
sessions
throughout
the
month,
so
that
it's
more
obvious
when
they
exist,
instead
of
being
so
ad-hoc,
otherwise
Illium
I
oversleep
and
not
make
it
next
week.
A
A
I
hope
you
join
and
those
of
you
listening
if
you
want
to
join
us,
this
is
an
open
panel.
It's
valla.
This
is
all
volunteer,
so
alright,
Daniel
I,
will
follow
up
with
slack
and
everybody
else
panel
stick
around
on
the
zoom
ribbon
and
everybody
else.
We
will
see
you
in
a
few
hours
when
we
go
again
thanks.