►
From YouTube: Kubernetes Office Hours 20220119 (SIG CLI Edition)
Description
Office Hours is a live stream where we answer live questions about Kubernetes from users on the YouTube channel. Office hours are a regularly scheduled meeting where people can bring topics to discuss with the greater community. They are great for answering questions, getting feedback on how you’re using Kubernetes, or to just passively learn by following along.
For more info: https://k8s.dev/events/office-hours
A
Hello,
everyone
and
welcome
to
today's
kubernetes
office
hours.
The
office
hours
is
where
we
answer
your
user
questions
live
on
air
with
our
esteemed
panel
of
experts.
A
You
can
find
us
in
the
office
hours
channel
on
slack
and
remember,
to
check
the
topic
for
the
url
and
more
information
before
we
begin
we're
going
to
start
with
some
run
introductions
and
I'll
learn
to
talk.
I
promise
I'm
joined
by
my
new
co-host
today.
Carlos
santana
welcome
carlos.
Do
you
want
to
say
hello
and
tell
us
a
little
bit
about
you.
A
B
You,
okay,
hey
everyone.
My
name
is
yogi,
I'm
based
out
of
singapore.
I
am
a
volunteer
at
this
kubernetes
community
and
yeah.
I
learned
a
lot
from
the
community,
so
just
here
to
return
the
favor.
Frankly,
I
work
at
a
company
called
db
and
it's
a
distributed
database.
So
yeah
there's
a
lot
of
communities
in
there
as
well.
C
I
I
had
a
lot
of
value
out
of
this
when
I
was
getting
started
in
kubernetes,
so
I'm
really
happy
to
be
part
of
this
initiative
and
and
help
out
those
coming
the
community
and
learning
kubernetes
professionally.
I
I
got
a
new
job.
A
couple
weeks
ago,
I'm
working
as
a
software
engineer
for
a
startup
called
render.com.
D
Hi,
I'm
I'm
eddie
zaneski.
I
help
lead
the
sig
cli
special
interest
group,
which
we'll
talk
about
in
a
little
bit.
I'm
a
developer
advocate
at
amazon
web
services
and
I'm
based
out
of
denver
colorado
in
the
us.
E
Hey
I'm
late
to
the
party,
I
think,
but
hey
my
name
is
arty.
I'm
from
montreal,
canada,
I'm
actually
a
cncf
ambassador
and
working
at
google.
I'm
I'm
actually
also
teaching
kubernetes
in
universities
now
so
happy
to
share
my
university
skills
with
everyone
and
yeah,
I'm
also
organizing
meetup
in
in
canada
for
cncf.
If
you
are
down
in
canada,
please
join
our
meetups
to
be
here.
A
All
right
awesome,
thank
you,
everybody,
okay.
So
before
we
begin
there
are
some
ground
rules.
This
is
a
kubernetes
event
and,
as
such,
the
code
of
conduct
is
an
effect
that
is
the
cncf
code
of
conduct,
so
please
be
excellent
to
each
other.
This
is
also
a
judgment-free
zone.
Everyone
has
to
start
from
somewhere.
So
please
help
out
your
fellow
buddy
by
providing
and
having
a
supportive
environment
in
the
channel.
A
A
A
A
D
Awesome,
so
if
you
aren't
familiar
with
the
how
the
kubernetes
project
is
organized,
the
kubernetes
project
is
broken
up
into
different
special
interest
groups
that
own
different
parts
of
the
code
base
and
work
on
different
aspects
of
the
project.
So
we
have
a
special
interest
group
for
networking.
D
D
The
best
way
to
get
involved
is
to
join
us
on
our
mailing
list
on
slack
and
we
have
weekly
meetings
every
wednesday
at
9
a.m.
Pacific
time
this
week
the
meeting
is
a
bug
scrub
for
customize.
I
believe
so.
If
you
have
any
interest
in
customize
and
getting
involved
and
maybe
finding
a
good
first
issue
to
work
on,
you
should
absolutely
join
us
for
the
bug
scrub.
It's
super
super
approachable.
We
walk
through
issue
by
issue
and
kind
of
talk
through
it.
So
it's
a
great
time
for
newcomers
to
come
and
introduce
themselves.
D
We
have
a
couple
different
leads
for
the
sig,
so
we
have
different
chairs
that
kind
of
oversee
sig
operations,
so
I'm
joined
by
three
awesome
other
folks
from
some
other
awesome
companies,
and
we
also
have
some
a
technical
neat
lead
type
role
where
they
are
in
charge
of
project
steering
and
establishing
new
sub-projects,
really
like
serving
as
a
technical
lead.
A
handful
of
awesome
emeritus
leads
that
have
since
moved
on
to
other
awesome
things
in
kubernetes,
and
I
think
that's
probably
my
favorite
thing
about
the
project.
D
Is
you
know
if
you
work
for
a
larger
company,
you
can
bounce
between
teams,
and
you
know,
work
on
something
completely
different
when
you
join
a
new
org
or
team,
and
I
feel
like
the
kubernetes
project
is
the
same
way
where
we
have
folks
who
are
just,
they
start
getting
interested
in
storage
one
day
and
they
can
go
work
on
the
storage
team.
So
if
you
have
any
interest
in
working
with
the
cli
tools,
you
should
absolutely
come
check
us
out.
D
We
have
a
handful
of
sub
projects
that
you
may
or
may
not
have
heard
of
directly
before.
A
lot
of
these
are
libraries
that
all
of
the
other
cli
tools
are
based
off
of
so
something
like
cube,
control
or
cube,
adm
kind
of
like
a
shared
cli
runtime,
that's
used
throughout
the
project,
along
with
the
crew,
which
is
the
package
manager
for
cubectl
plugins.
D
We
actually
just
spun
up
a
new
sub
project
for
krm
functions.
This
is
going
to
have
a
krm
registry,
so
krm
functions
are
kind
of
it's
a
specification
for
a
function
that
you
can
write
for
customize.
That
is
basically
a
transform
on
your
incoming
and
outcoming
stream
of
kubernetes
resources.
So
you
can
write
a
quick
function
using
a
language,
that's
standard
in
standard
out,
and
it's
a
specification
for
how
you
can
mutate
those
resources,
or
maybe
you
want
to
add
a
annotation,
so
brand
new
sub
project.
D
I
think
the
first
meeting
just
kicked
off
last
week
at
the
same
time
on
wednesday,
so
if
you're
interested
in
that
absolutely
come
check
us
out
and
then
one
that's
kind
of
near
and
dear
to
my
heart,
the
awesome
folks
at
ibm,
nick
and
his
team
started
a
project
called
kui.
D
D
If
you
say
like
show
me
the
deployments,
you
can
click
through
them
on
the
right
side,
here
completely
interactable,
with
different
components
that
you
can
write
and
customize,
and
this
is
a
project
I
think
got
kicked
off
a
bit
ago,
but
it
became
an
official
6cli
subproject
in
the
last
year
when
ibm
donated
it
to
the
cncf,
so
big
shout
out
to
them
cool.
So
that's
a
quick
overview
of
the
sig
any
questions
on
that
before
I
dive
into
kind
of
our
road
map
and
what
we're
working
on.
E
All
right,
let's
go
archie
chris
carlos
now,
I'm
just
asking
what
type
of
skills
you
you
need
to
to
join
like
go,
go
bash!
What
type
of
languages
people
need
to
be
familiar
with.
D
All
the
things,
absolutely
all
the
things
I
think-
and
this
goes
true
for
a
lot
of
the
kubernetes
sub
project
is
there-
is
just
such
a
need
for
people
to
come
in
and
triage
open
issues
and
help
organize
and
prioritize
work,
and
that
was
the
first
thing
that
I
came
into
the
project.
Doing
was
like
hey.
D
We
have
like
600
open
issues
on
cubecontrol's
github,
like
is
anyone
going
through
these
like
these
are
open
for
like
four
years
at
this
point
and
they're
like
oh,
we
go
through
them
every
now
and
then
I'm
like
okay,
well,
there's
some
from
like
four
or
five
years
ago
that
are
still
open,
and
so
that's
kind
of
the
gap
that
I
saw
in
the
project
and
what
I
jumped
into
doing
was
just
kind
of
going
through
triaging
issues
finding
duplicates.
D
D
If
you,
if
you
write,
go,
that's
awesome,
we
always
need
people
to
write,
features
and
fix
bugs,
but
there's
tons
of
room
for
people
to
just
come
in,
and
I
can
reproduce
this
issue
that
this
user
is
having
that's
one
of
the
things
that
most
users
don't
do
when
they're
filling
out
an
issue
template.
Is
they
kind
of
skip
through
the
the
brief
reproducible
case
that
we
asked
for
in
there?
D
So
if
someone
shows
up
and
like
here's,
how
you
can
reproduce
this
easily,
that
is
immensely
helpful
for
the
project,
so
yeah
people
of
all
types
of
backgrounds
and
skills
for
sure.
G
Yeah,
just
a
hopefully
a
small
question
around
the
krm
functions,
I've
been
going
down
a
hole
with
that
kept
as
of
late.
They
have
a
similar
kind
of
concept
of
a
function.
I
was
just
wondering
if
those
two
are
related
or
are
they
separate
streams?
If
you
knew.
D
I'm
not
too
familiar
with
kept
the
krm
functions,
I'll
drop
the
kept
links
for
them
yep-
and
this
is
we
really
just
kicked
this
off
like
last
week.
The
cap
is
still
open,
I
think
approved
and
merged.
Very
recently,
cool
yeah
there's
there's
tons
of
room,
it's
a
brand
new
frontier
for
folks
to
jump
into.
D
F
G
H
So
if
somebody
wants
to
know
a
little
bit
of
details,
there's
a
good
presentation
that
was
given
in
kubecon
that
goes
over
what
what
it
means
and
for
people
that
do
devops
with
kubernetes
is
is
it
covers,
I'm
very
interesting
because
it
covers
things
that
you
can
do
on
the
client
side,
where
this
is
not
on
the
on
the
server
side
and
in
some
situations,
platform,
teams
or
even
vendors-
don't
allow
you
to
do
certain
things
and
for
risk.
You
don't
you're
allowed
to
do
that
in
the
server
side.
H
So
this
is
like
mutating
on
the
client
side
that
that
is
done,
and
some
people
miss
that
point.
So
it's
a
cli
thing
only
so
I'm
excited
about
that.
We
just
customize
a
lot.
H
Oh
another
question
was
chris
mentioned
the
skills
right
go.
You
mentioned,
cui
kui,
I'm
familiar
with
that
because
I,
this
is
a,
I
think,
it's
2016
when
I
was
working
on
openwhisk
with
rick
nick
me
myself
and
others.
We
we
created
openwhisk,
which
is
like
a
functions
as
a
service.
H
A
fast
system
and
and
cooley
came
out
of
that
work
up
at
the
user
experience.
So
I
was
the
lead
for
the
user
experience
and,
and
that
has
html
code
html
css
javascript
node.js.
So
if
you
have
those
skills,
you
can
contribute
to
cui
right
and
that's
part
of
the
60
alive.
You
don't
have
to
be
everything
go
and
it's
a
hybrid
like
I
said,
though
it's
in
it,
it's
coming
along
a
long
way
started
from
up
with
then
kubernetes.
We
did
some
work.
So
nick
is
a
great
guy.
A
All
right,
thank
you
very
much.
Do
you
want
to
I'll
get
your
screenshot
back
up
and
we
can
do
a
quick
overview
of
the
roadmap?
Is
that
right.
D
D
We
have
a
couple:
we
have
a
couple
caps
open.
These
are
our
meeting
notes.
These
are
public,
so
we've
talked
through
and
we
recently
just
did
our
planning,
which
was
right
here.
So
this
is
our
124
planning
again,
this
I'll
drop
this
in
chat.
D
This
is
linked
a
bunch
of
places,
so
this
should
be
just
a
public
document
that
anyone
could
check
out.
One
of
the
big
things
we're
working
through
is
right.
Now,
cube
control
is
part
of
the
main
kubernetes
repo.
So
we
do
have
a
cube
control
repo.
By
itself.
We
don't
actually
take
pull
requests
there.
We
kind
of
just
use
it
for
issue
tracking.
All
pull
requests
to
the
cube
ctl
code
has
to
be
made
to
the
main
kubernetes
kubernetes
repo.
D
We
call
that
kk
for
short,
and
so
there's
been
a
multi-year
initiative
to
move
cube
cuddle
out
of
tree,
so
we
can
build
and
release
it
and
version
it
independently.
So
this
is
a
massive
undertaking
that
a
lot
of
people
have
put
some
work
into.
D
We
have
been
targeting
124
for
it,
I'm
not
quite
sure
if
we'll
make
it
but
yeah
that's.
The
main
idea
is:
is
we
want
to
be
able
to
build
cube,
ctl,
independently
and
ship
independent
releases?
At
some
point,
we
haven't
quite
nailed
down
what
a
versioning
schema
would
look
like
and
how
we
maintain
that
compatibility,
but
yeah
that's
one
of
the
major
goals
that
we've
been
doing,
so
we
can
get
updates
to
people
faster
for
those
tools
and
bug
fixes.
D
Next
thing
we
were
talking
about
doing,
making
server
side
apply
the
default,
so
this
has
gone
back
and
forth
a
bit.
I'm
actually
not
sure
if
this
one
is
going
to
make
it
right
now,
but
if
you're
not
familiar,
we
have
another
big
effort
that
we've
been
doing
over
the
past
couple
years
is
trying
to
make
the
clients
as
dumb
as
possible.
D
So
we
want
to
push
all
the
logic
and
all
the
decision
making
and
diff
calculating
to
the
server
it
just
makes
sense,
since
that's
where
fcd
is
with
all
the
data,
so
we're
trying
to
offload
as
much
of
the
logic
and
decision
making
from
the
clients
as
possible,
so
cube
control,
apply
the
server
side,
apply
diff
control
diff
on
the
server
side.
D
All
of
that
we're
trying
to
really
push
to
the
server
side,
so
the
clients
can
just
be
a
very
thin
client
that
wraps
the
api
open
api
validations
was
another
one
right
now
we
use
the
swagger
2.0,
the
open
api
schema
or
whatever
it's
been
renamed
to
now,
we're
trying
to
move
from
validation
from
v2
to
v3.
D
There's
a
lot
of
work
from
that
from
the
working
group
for
api
expression,
one
of
the
big
things
that
I
have
been
working
on
along
with
mo
over
from
sig
auth
is
we
want
to
separate
your
cube
control
preferences
in
your
user-specific
configurations
from
your
cluster-specific
configurations
right,
because,
if
you
think
about
your
actual
cubeconfig
now
it
is
your
credentials.
It
is
your
username
password,
some
kind
of
auth
keys,
some
search
to
talk
to
your
cluster
and
to
merge
those
cube
control,
cube
configs
is
pretty
challenging
and
difficult.
It's
not
easy
to
do.
D
The
problem
is
any
of
those
breaking
changes
are
going
to
have
a
huge
impact
on
the
ecosystem
right,
because
any
tool
that
was
built
with
an
older
version
of
clientgo
isn't
going
to
know
to
look
into
a
cubeconfig.d
folder
and
merge
all
those
cube
configs.
So
we
ultimately
decided
against
pushing
forward
with
that
that
cap
we
can
always
reopen
if
there's
a
ton
of
community
interest
but
yeah
it
just.
D
It
would
have
a
really
negative
impact
on
the
community
tooling,
for
tools
that
don't
update
to
client
go,
and
so
out
of
all
this,
we
want
to
separate
out
the
config
and
preferences
one
of
the
opportunities
we
realized
is
since
we're
doing
this.
We
can
version
out
this
qrc
as
its
own
file
and
we
can
introduce
different
changes
to
behaviors.
D
That
we
all
agree
are
something
that
we
would
do
differently
right.
For
example,
if
cube
control
delete
is
one
of
my
like
babies
that
I've
been
working
on.
It
is
super
easy
for
you
to
accidentally
delete
everything
in
your
cluster
right.
If
you
delete
a
namespace,
it
deletes
everything
in
the
namespace.
If
you
delete
all
namespaces,
it
wipes
your
cluster.
There's
no
confirmation,
there's
no
like
hey!
Is
this
sure
what
you
are
you
sure
you
want
to
do
this
you're
about
to?
You
know
rmrf
root
of
your
cluster.
D
Mo
has
a
couple
that
he
wants
to
do
for
your
your
cube,
config
exec,
your
auth
exec
things
right.
So
your
your
binaries
that
talk
you're
like
aws,
I
am
authenticator
or
your
g
cloud.
That's
in
your
cube,
config
that
goes
out
and
fetches
credentials
right.
Those
like
auth
plugins
right
now,
there's
nothing
to
stop
a
rogue
actor
from
sending
you
a
a
cube
config
with
a
whatever
binary
they
want
embedded
in
that
cube
config.
D
They
can
call
any
binary
on
your
system,
and
so
mo
wants
to
be
able
to
allow
list
certain
auth
plugins
inside
of
this
qrc
file
right
so
cube
control
can
only
ever
call
these
binaries
for
authentication
that
you,
as
a
user,
has
to
allow
list.
So
that's
kind
of
just
a
handful
of
things.
This
one
is
like
there's
a
lot
and
the
more
we
talk
about
it,
the
more
we
realize
that
there's
a
lot
here,
I'm
really
hoping
this
is
going
to
make
124.
the
cap's
not
actually
written.
D
Yet
we're
still
in
lots
of
conversations,
but
yeah
look
out
for
this
one
and
be
ready
to
give
feedback.
Please
keep
control
delete.
We
can
roll
up
into
the
top
one
there
last
couple
the
exit
codes
here,
if
you
haven't
noticed
the
exit
codes,
are
not
standardized
at
all
against
cube
control.
I
think,
if
you
diff,
if
you
do
a
regular
diff
you're
supposed
to
get
back
and
a
one
or
a
zero,
if
there's
changes
or
not
changes,
there's
different
exit
codes
for
different
things
in
diff
cube
control
doesn't
follow
any
of
those.
D
I
think
your
control
will
just
happily
tell
you
that
nothing
was
changed
with
a
zero,
I'm
not
quite
sure
of
every
single
case,
but
this
is
probably
the
most
common
issue
we
get
reported
is
like.
Why
does
this
give
me
this
exit
code?
It's
like!
Well,
that's
the
way
it
was
built
originally.
If
we
could
do
it
differently,
we
would
so
that's
what
this
cap
is
for
is
to
kind
of
refactor
all
the
exit
codes
in
cube
control
and
bring
it
into
line
with
the
like
posix
and
unix
standard.
D
A
Great
updates
there
and
and
nice
to
see
some
of
the
things
that's
being
worked
on
as
well
as
some
of
the
things
that's
delivered,
I'm
looking
forward
to
trying
out
curry.
I
didn't
know
that
existed
carlos
hadn't
shared
that
with
me,
so
for
shane
carlos,
but
it
looks
like
a
pretty
cool
tool
and
I
want
to.
I
want
to
check
that
out.
H
You're
alive:
well,
I
have
one
question
eddie,
I
think
in
the
in
the
last
kubernetes
contribution
contributor
celebration,
there
was
a
presentation.
Somebody
was
giving
a
presentation.
G
C
H
And
and
people
called
it
control
at
diversity
right,
we're
inclusive.
It
says
they
were
mentioning
that
the
the
sig
wants
to
take.
I
wasn't
sure
it
was
keep
ctl
or
or
the
client
go
outside
the
kk
repo,
the
kubernetes
main
repo.
It
has
something
still
going
on
that
you're
looking
for
for
efforts,
it's
something
that
would
take
a
while
right
to
to
kind
of
like
separate.
That
is
that
one
of
the
like
big
things
ongoing.
D
So
that
would
have
been
mache
he's
one
of
the
the
leads
and
tech
leads
for
six
cli
and
sig
apps.
For
that
matter,
mate
is
awesome.
If
anyone
doesn't
know
him,
I'm
not
quite
sure
exactly
what
he
talked
about,
but
yeah
there
has
been
so
if
you
haven't
walked
through
the
kubernetes.
Am
I
still
sharing
my
screen.
D
F
F
D
Oh
one
last
note:
you
brought
up
the
pronunciation
if
you
hadn't
noticed.
I
have
said
it
all
of
the
possible
ways.
While
I
speak,
I
do
that
on
purpose
to
confuse
people.
Thank
you.
A
D
Hang
out
for
sure,
please,
if
any
of
this
interests
you
come
hang
out
with
us
swing
by
our
slack
channel
emailing
us
we're
looking
for
new
contributors,
all
the
time.
H
Oh
and
and
to
block
something
from
eddie
eddie,
did
a
great
talk
on
raspberry,
pies
and
embedded
systems
in
kipcon.
So
one
of
the
my
top
favorite
talks
of
kipcon
I've
been
that
one.
You
did
it
with
some
somebody
else,
but
it
was
very,
very,
very
good.
I
impressed
it.
H
Yeah,
so
we
have
question
number
one:
it's
it's
from
discussions,
there's
a
person
asking
do
I
share
my
screen
or
how
do
we
do
this?
No,
you
can.
H
Yeah,
so
the
person
is
asking:
is
there
any
any
way
better
to
inject
an
image
to
a
cluster?
It
looks
like
for
a
local
computer,
so
this
is
mini
cube.
A
mini
mini
cube
question,
so
the
person
is
saying.
H
H
So
he's
saying
that
if
there's
a
better
way
for
that
and
a
lot
of
people
have
used,
the
docker
mini
cube,
docker
emv,
I
had
been
using
it
a
lot,
and
that
would
give
you
the
environment
variables
to
not
to
skip
the
mini
cube
ssh,
and
that
will
give
you
the
variables
that
you
can
pass
to
your
dr
cli
client
to
talk
to
the
docker,
the
docker
demon
inside
the
vm
over
tcp,
and
then
you
can
do
docker
pool
from
there.
The
other.
H
The
other
way
that
I'll
drop,
the
link
to
the
documentation
is
mini,
cube
image.
There
used
to
be
a
mini,
cube
cache,
but
that
one
is
deprecated
like
cache
ad,
and
these
are
images
that,
if
you
use
the
vm,
you
don't
destroy
the
vm
but
create
a
new
cluster.
Every
time
you
come
up
the
cluster.
The
images
are
stored,
but
there's
one
called
mini
cube
image.
An
image
load
will
be
the
one
that
you
can
load
something
from
a
dgz
or
an
image,
or
you
can
do.
You
can
also
do
image
build.
H
You
can
do
image,
pull
and
there's
a
little
a
little
nice
table
in
the
dock
at
the
top.
That
says,
which
are
the
supported,
runtimes
right,
like
trial
versus
container
d
image
build.
If
you
want
to
build
the
image
you
don't
want
to
beat
it
but
I'll
post
the
link,
and
that
has
at
the
top
a
nice
table
that
says
even
performance
if
the
performance
is
good
or
okay
but
yeah
instead
of
mini
cube,
you're
going
to
minikip
ssh,
you
can
do
it
from
outside
and
mini
cube.
A
H
I
I
have
a
some
code:
it's
from
matt
moore
for
k
native.
It's
it's
a
demo
set.
Basically,
we
have
included
it.
We
have
an
api,
we
don't
have
implementation,
but
we
have
an
api
that
says
to
lower
the
code,
starts
of
images
by
putting
an
image
and
you
can
pre
precede
the
notes.
You're
saying
the
the
little.
B
H
Is
you
don't
need
a
controller?
You
need
a
demon
set
that
basically
runs
a
run.
Something
pulls
the
image
and
complete
it
right
and
and
be
done
with
that.
So
you
can
write
a
little
controller
that
creates
that
demon
set
and
catches
the
images
so
that,
from
that
building
concept
you
can
you
can
build
on
top
of
that
right.
H
The
demonstration
is
something
that
runs
on
every
image
and
then
you
can
run
a
little
script
that
can
just
download
the
image,
but
it
doesn't
download
the
image
and
the
script,
because
the
pod
it
has
the
image
so
you're
running
an
image
without
running
the
command
right.
That's
kind
of
a
hacky,
slash
way
of
doing
it.
H
This
one
is
the
pushing
has,
at
the
top
a
nice
little
table
that
I
really
like.
H
One
one
tip
of
a
mini
cube
that
I
think
people
don't
realize.
I
think
I
have
two
I'm
a
fan
of
mini
cube,
one
is
mini,
cube,
can
have
more
than
one
node
a
lot
of
people
like.
Oh,
my
god,
you
can
do
mini
cube.
That
should
note
three
notes
and
you
can
have
a
mini
cube
of
three
nodes.
You
don't
need
to
use
kind
and
I'll
use
time
for
that,
and
then
the
second
tip
is
you
can
have
mini
cube,
does
touch
no
kubernetes,
so
that's
the
one
that
I
use
for
docker
desktop
replacement.
H
So
it's
a
mini
cube
just
with
the
vm
with
docker
demo
inside
no
carbon
net
is
running,
so
my
my
laptop
you
know,
doesn't
have
to
run
many
gigs
of
memory
and
cpu.
A
All
right
great
tip.
Well,
I
think
that
actually
leads
really
nicely
onto
the
next
question
carlos.
So
we
got
a
question
also
from
discuss.kubernetes
to
io
from
planet
f1,
and
I
just
paraphrased
this,
but
essentially
I
feel
like
they're
asking
what
are
my
options
to
get
a
local
kubernetes
on
an
m1
mac.
This
is
an
arm
based
mac.
Computer
they've
told
us
that
they've
considered
rancher
desktop,
but
they
don't
think
it
supports
m1
and
they're.
A
B
Myself,
so
back
in
the
day,
like
probably
four
years
five
years
ago,
I
was
messing
around
with
vagrant
to
actually
get
a
proper
kubernetes
cluster
through
cube,
adm
running.
I
I
have
that
project
still
around,
but
the
problem
is
getting
base
images
for
vagrant
for
m1,
because
things
like
virtualbox
won't
work
on
m1.
B
The
only
thing
that
I've
tried
utm,
that's
a
free
hypervisor,
but
I've
even
tried
fusion,
but
the
only
thing
that
really
works
well
on
a
m1
from
a
hypervisor
perspective.
If
you
are
going
to
go
that
route
is
parallels,
it
does
cost
money,
it's
like
almost
100
usd,
but
I
mean
frankly
with
the
performance
that
it
gives
and
the
like
options:
windows,
mac
and
linux.
It's
worth
it
and
once
you
have
that
and
using
parallels
and
vagrant
together,
you
can
actually
build
out
the
kubernetes.
B
That's
like
really
from
scratch.
I
I
saw
in
that
thread
somebody
actually
answered
microcase,
that's
also
something
that
I've
actually
seen
work
quite
well.
Microkits.
B
A
B
Other
thing
that
worked
well
is
was
docker
desktop.
If
you
enable
the
kubernetes
api
on
docker
desktop
that
actually
works
well,
you
can
also
try
the
kind
or
the
the
mini
cube
with
the
docker
driver,
which
is
docker
desktop
driver
that
works,
but
all
of
that
basically
puts
you
in
that
docker
desktop
arena,
which
some
people
are
not
very
comfortable
with
actually.
H
H
From
this
cause
not
opening
the
link,
I
lost
it,
so
it
looks
like
they
have
a
an
endpoint
via
servicenow
port.
If
I
do
a
simple
curl
on
port
310,
I
can
see
everything
like
still
until
this
point.
It
works
fine.
Now
I
can,
how
can
I
restrict
access
to
this
api
endpoint
using
connected
resources
so
that
only
a
particular
user
can
create
these
and
not
every
everybody?
So
who
wants
to
take
that
one?
E
I
can
take
the
first
maybe
hit.
H
Yeah
opening
a
noteport
ip
address
or
my
kubernetes
question:
how
do
I
now
avoid
everyone
from
eating
that
one.
E
Yeah
well,
I
would
actually
not
recommend
in
general
use
not
port
if
possible,
like
for
production.
It's
it's
a
good
way
to
play
on
your.
You
know,
dev
environment,
maybe
to
to
to
just
learn
how
to
kubernetes
works
but
like,
if
you're
trying
to
restrict,
I
assume,
you're
running
this
in
production
and
if
you're
running
in
production.
I
would
look.
You
know
to
use
something
like
load,
balancer
or
maybe
ingress
resources
that
potentially
you
know
more
secure
way
of
accessing
your
api
endpoint.
E
Obviously
you
know
if
you're
running,
not
in
the
cloud,
you
have
less
options.
Maybe
if
you're
running
on
prem,
you
probably
can
use
something
like
metal
lb
for
the
load
balancer,
you
can
install
ingress
controller
like
nginx
or
istio
gateway.
Something
like
that
to
enable
you
to
do
that
now.
E
Even
those
features,
I
don't
think
they
allow
you
to
restrict
access
to
that
endpoint
specifically,
but
you
can
actually
put
some
kind
of
authorization
rules,
maybe
kind
of
a
you
know
password
or
something
like
that
that
you
can
restrict
if
you're
running
on
cloud
providers,
there's
like
tons
of
different
services
around
protecting
the
apis.
Like
I
don't
know,
I'm
from
google,
so
I
can
give
an
example
of
cloud
armor
that
you
can
restrict
to
the
certain
specific
range
of
ip
addresses.
E
A
H
And
in
this
case,
I
think
that
you,
the
the
person,
is
saying
a
user
can
query.
So
when
you
talk
about
user,
we're
talking
about
authentication
right,
you
want
to
authenticate
carlos
can
do
it,
but
not,
but
not
david
right,
for
example.
So
in
that
case,
you're
talking
about
seeing
authenticating
that
that
user
to
make
sure
scarlett
is
not
dated.
H
If
he's
talking
about
talking
about
networking,
then
we
go
into
like
you
actually
want
to
have
access,
so
we
pc
or
our
net
like
who
can
access
that
that
idea,
that's
like
well
david,
said
so,
yeah,
good
question
and
and
and
don't
do
it
in
a
production
cluster
or
thinking
that
you
would
do
that.
You
know
close
it
down
tomorrow
in
a
few
minutes
right,
the
minute,
the
second
you
open
that
port
in
a
public
ip
address
from
the
rest,
I've
been
cloud
any
cloud
provider.
There's
people
snooping
all
those
cip
addresses.
A
A
So
basically
I
can
set
up
the
angers
on
kubernetes,
but
I
can't
find
the
entrance
on
which
object
or
host
binds
to
angular
as
port.
So
does
anyone
here
want
to
take
a
quick
tack,
a
quick
shot
at
describing
how
angus
controllers
work
on
kubernetes.
B
Yeah,
so
typically,
an
ingress
controller
would
have
a
set
of
pods
a
service
associated
with
it.
Some
of
some
of
them
actually
use
host
ports.
The
service
might
end
up
using
host
port
or
the
pods
might
end
up
using
host
ports.
That
is
one
option
the
other
one
is.
They
may
actually
choose
to
use
a
load
balancer
option.
So
if
you're
running
in
a
cloud
provider
on
aws
an
elb
on
on
gcp,
there's
a
load
balancer.
B
So
when
you
create
a
service
of
type
load
balancer,
there
is
a
corresponding
load
balancer
getting
created
in
your
cloud
environment.
Now
I'm
assuming
based
on
the
question
that
this
is
not
on
a
cloud
and
you're
running
it
in
your
own
sort
of
environment,
and
you
have
some
api
based
load
balancers
that
you
could
use.
You
could
use
metal
lb.
In
that
scenario,
let's
say
you
don't
want
to
invest
time
in
metal
lb
most
likely,
your
ingress
controller
would
be
creating
a
service
that
would
be
binding
to
a
node
port.
B
You
can
customize
or
fix
that
node
ports.
You
can
say
you
know,
I
want
a
fixed,
node
port
on
or
maybe
take
the
first
one
or
take
like
normally,
I
end
up
taking
31
000
port
number
for
say,
http
and
31443
for
https,
so
any
resource
any
ingress
resource
that
you
associate
with
it
would
actually
be
accessible
on
that
port.
If
it
is
http
that
you
want
to
access,
then
you
go
for
the
http
port.
If
you
want
to
access
the
tls
version,
you
go
for
the
tls
port,
so
net
net.
B
G
H
For
it,
I
think
they
also.
The
person
was
confused
on
like
if
this,
if
this
ingress
runs
on
the
control
plane
right
so
usually,
the
ingress
is
something
that
it's
another
workload
in
your
in
the
cluster
like
any
other
workload,
so
it
will
be
a
demon
set
or
and
sometimes
they're
bound
to
port,
80
and
443,
which
are
those
like
ports
that
are
not
should
not
be
used
for
anything
else
and
you're
giving
permissions
to
to
bind
to
those
to
those
port.
H
But
but
the
ingress
will
be
located
in
the
in
the
in
your
in
your
worker
notes,
not
control
plates,
and
I
guess
somebody
said
you
can
do
a
tipsy
tail
dash
o
wide,
and
that
will
give
you
the
node
name
where
that
is
located.
So
if
you
have
the
nginx
ingress
controller
or
something
you
can
do,
keep
still
get
pod
touch
capital,
a
that's
all
white,
and
that
will
give
you
like
all
the
parts
and
then
grab
for
for
engine
x,
right
or
ingress,
and
you
will
be
able
to
find
find
them.
H
A
Yeah,
thank
you.
Everyone
very
much
and
great
timing
because
I
just
got
a
text
saying
I
have
to
go
pick
up
my
kid,
so
we
will
say
goodbye
and
thank
you
now.
Let's
see,
let's
see
if
I
can
get
all
the
companies
right,
I'm
really
bad
at
this,
but
I
want
to
sign
ibm,
google
gigabyte
db,
barco
enterprises,
amazon
and
google.
Again
there
we
go
right.
I
got
that
right.
A
I
did
yes,
yeah,
okay,
cool!
Thank
you
all.
So
this
is
all
volunteers.
Your
companies
are
supporting
your
time
here.
We
really
appreciate
it
if
anyone
wants
to
join
us
in
future.
Episodes
please
get
in
touch.
Lastly,
feel
free
to
hang
out
in
the
officers
channel
afterwards
continue
to
ask
your
questions.
We
know
this
is
january,
you're,
probably
all
still
on
holiday,
but
we
want
to
get
more
questions.
We
want
to
be
able
to
help
you
out.
So
please
join
us
next
month
and
we'll
be
back
then
so
have
a
wonderful
day.