►
From YouTube: Kubernetes Office Hours (EU Edition) 20180516
Description
Join our monthly live stream where Kubernetes experts answer user questions, join us on #office-hours on slack or post in our question thread (see below):
Info: https://github.com/kubernetes/community/blob/master/events/office-hours.md
Question thread: https://discuss.kubernetes.io/t/office-hours-coming-up-on-wed-may-16/112
A
A
Let's
talk
a
little
bit
about
what
this
is
so
welcome.
Today's
kubernetes
office
hours
is
where
we
answer
your
user
questions
live
on
the
air,
with
our
panel
of
esteemed
experts
up
here,
you'll
find
us
in
hash
office
hours
on
slack
and
check
the
topic
in
the
URL
for
the
event,
information
that
has
the
stream
information
and
a
link
to
a
markdown
page
that
has
our
times
and
all
that
stuff
and
run
one
session
in
the
for
the
EU.
A
B
C
D
E
I'm
Leah
from
reworks
based
out
of
London
and
recently
refocusing
on
developer
tools,
those
like
scaffold
and
and
other
similar
tools
that
you
use
for
developing
this
Kubrick
is
aside
from
like
mini
cubed
or
kumuk
or
whatever.
So
so
that,
and
you
know
before
that,
I've
been
working
on
some
networking
stuff,
as
well
as
c-class
lifecycle,
stuff.
A
Awesome
awesome
all
right,
so
I'm
gonna,
quick
quickly
go
through
some
ground
rules,
kind
of
show
you
how
it
works.
So
here
the
rules.
First
of
all,
this
is
a
judgment-free
zone.
So
if
you
see
someone
posting
a
question
in
the
office
hours
channel-
and
you
feel
this
too
newbie
or
whatever
we
don't-
we
don't
judge
here-
everyone
had
to
start
somewhere.
The
idea
is
to
give
everyone
a
safe
space
where
they
can
feel
comfortable.
Asking
these
sorts
of
questions
and
you're
always
welcome
to
hang
out
in
office
hours.
A
If
you
want
a
smaller,
tighter
experience
than
going
to
the
main
kubernetes
channel,
which
has
like
30,000
people
in
it.
While
we
will
do
our
best
to
answer
your
questions,
the
panel
doesn't
have
access
to
your
cluster,
so
live
debugging
is
kind
of
off
topic.
What
we
will
try
to
do
instead
is
kind
of
teach
you
how
to
fish
on
or
where
you
can
look
things.
A
So
you
can
help
us
up
by
maybe
showing
us
logs,
but
at
the
end
of
the
day,
especially
if
you're
doing
one
of
those
things
where
you're
on
bare
metal
at
work,
everything's,
firewalled,
there's,
there's
not
much,
we
can
do
there
so
worst
case,
we'll
try
to
at
least
point
you
in
a
direction
that
will
at
least
get
you
one
step
further
to
helping
you
solve
your
problem.
Panelists
you're
encouraged
to
expand
on
your
answers
with
your
experience
in
pro
tips.
A
A
lot
of
this
isn't
just
answering
about
why
something
is,
or
you
know,
just
fix
something,
but
to
understand
the
concepts
so
that
we
can
all
get
better
at
this
audience.
Y'all
can
help
us
out
by
pasting
the
URLs
to
the
official
Doc's
blogs
or
anything
that
might
be
relevant
to
the
topic
at
hand.
So,
if
you
had
to
be
in
this
information,
absolutely
feel
we
just
feel
free
to
just
whack
it
into
the
slack
Channel.
A
This
also
gives
you
an
opportunity
to
post
your
questions
ahead
of
time
in
a
non
slack
manner.
If
you
want
to
provide
more
detail,
you're
highly
highly
encouraged
to
take
the
question
that
you
post
it
on
slack
overflow
and
then
just
whack
it
in
there,
because
that
gives
us
a
place
to
go
if
you've
already
got
all
the
information
in
stack
overflow,
because
that's
just
a
great
Q&A
platform
and
then
we'll
use
discus
to
kind
of
tie
it
all
together.
A
You
can
also
help
us
out
by
tweeting
spreading
the
word
paying
it
forward
and
helping
people
out.
If
you
can
or
anything
just
telling
them
hey
this
exists,
we
really
appreciate
that
each
one
of
these
sessions
is
recorded
and
available
on
YouTube.
So
if
you're,
using
as
a
work
resource,
please
give
us
feedback
on
how
we
can
make
this
better
for
you
and
your
team
also,
this
panel
is
absolutely
all
volunteer
only
so
if
you've
gone
through
something
really
traumatic
at
work
and
you
figured
something
out
is
really
complicated.
A
You
want
to
sit
on
the
panel
and
help
other
users
you're.
Absolutely
more
than
welcome
just
gonna
get
in
contact
me
we're
looking
for
people
who
could
commit
regularly
it's
a
third
Wednesday
of
every
month,
and
if
you
could
do
that,
we
would
love
your
help.
So
Bob
can
actually
take
a
break
one
of
these
days.
I
posted
the
notes
in
the
slack
channel.
If
you
want
to
help
us,
take
notes,
that'd
be
great
and
we're
always
looking
for
marketing
help.
A
So
if
you're
awesome
at
social
media,
retweeting
and
stuff
all
that
and
then
the
part
of
the
people
I've
been
waiting
for
is
we'll
be
giving
away
a
shirt
some
swag
today,
maybe
more
I,
don't
know
depends
depends
on
how
many
great
questions
we
have
so
the
way
it
works.
If
you
ask
a
question
and
we
read
it
on,
the
air
will
write
your
name
down
and
then,
at
the
end,
just
incredible
guaranteed
to
be
random.
Algorithm
will
choose
a
winner
and
I
will
contact
you
afterwards,
either
in
slack
or
via
p.m.
A
on
discuss
and
give
you
a
code
for
the
CNC
F
store.
So
you
can
get
your
highly
coveted,
kubernetes
t-shirt,
which
we
all
forgot
to
wear
today.
So
I
could
show
it
off,
but
they
are
great
I
guarantee
it,
and
with
that
because
Bjorn
Magnusson
was
a
first
person
to
ask
a
question
six
hours
ago,
he
gets
to
go
first,
so
I'm
gonna
go
ahead
and
read
it
up
question
you
guys
ready.
Are
we
going
everyone
thumbs
up
alright
question
around
ingress?
A
What
happens
at
the
path
of
different
ingress
resources
for
same
ingress,
controller
and,
in
the
same
main,
space
are
partially
overlapping,
each
other
we'll
both
be
functional,
if
not,
which
one
will
be
used?
Example:
first,
ingress
routes,
/hello;
second,
dingus
routes,
/,
hello,
/
message:
what
happens
in
request
for
/,
hello,
/,
hello,
message,
/
low
message,
/
sent.
E
D
B
E
Yeah,
so
yeah
I
think
I
think
it
might
work
as
intended
with
like
traffic,
but
yeah
I'm,
not
sure
how
nginx
or
or
any
proxies
work
I've
used
traffic
most
recently
and
yeah.
It's
unfortunate
that
you
have
to
have
to
split
out
the
the
configuration
as
well
so
and
how
they
split
configurator,
how
different
ingress
objects
are
handled.
There's
also
up
to
the
controller
rights
and
controls
me
may
wish
to
create
a
new
like
external
load
bounce
altogether,
for
that,
given
ingress
object,
it's
kind
of
like
it's
really
up
to
the
controller.
E
E
A
D
B
C
B
C
Guys
this
is
from
Teddy
hi,
guys
I'm,
trying
to
figure
out
a
way
to
gather
kubernetes
events
to
be
able
to
search
through
them
later
on
so
I
understand
what
was
going
on.
Can
anyone
advise
and
the
best
way
to
do
it?
I-
have
cops
one,
seven,
twelve
in
AWS,
the
only
take
away
from
the
official
Docs,
a
stack
driver,
which
is
only
for
GCE
as
I
understood
as
to
do
that's
more
or
less
a
question
than
he
links
to
another.
One
I
have
a
question
about
the
right
way
to
accumulate
a
kubernetes
events.
D
A
Right,
okay,
and
if
you
have
a
follow-up
question,
also
feel
free
to
post
again,
if
you
want
more
detail
on
that,
thanks
for
your
question:
toddy
e:f
agnese!
Next,
how
did
did
I
butcher
that
I
did
hey
folks
I'm
having
trouble
with
PSP
I
want
to
restrict
pods
with
root
user,
to
run
under
one
specific
service
account
and
in
one
namespace
only
I
cannot
make
it
happen,
even
if
I
add
the
service
account
and
the
namespace
specifically
in
rural,
binding,
PSP
block
pods
with
user
on
all
namespaces.
B
D
Did
a
lot
with
pot
security
policies?
It's
basically
you
need
to
see
how
you
are
starting
pots.
So
if,
if
a
user
is
starting
parts
directly,
so
through
karo,
then
PHP
uses
the
like
the
the
PSP
is
used
that
the
user
has
access
to.
So
if
it's
a
cluster
admin,
all
PS
PS
will
apply.
If
you
have
a
deployment
or
daemon
set
or
anything
like
that,
it
will
be
the
service
account
that
is
used
in
that.
D
D
So
you
have
like
a
similar
to
that.
I
could
deny
all,
and
then
you
create
PSP
specifically
for
service
accounts
that
you
want
to
use
and
wouldn't
even
do
it
for
the
default
one
in
the
namespace.
You
could
do
that,
but
basically
I
would
recommend
to
do
it
per
per
app.
So
you
can
just
really
say
this.
App
is
only
allowed
to
do
this
and
that,
like
only
this
specific
host
volume.
D
With
debugging
PSP,
debugging
I
think
the
the
locks
usually
are
a
bit
overloaded.
They
tell
you
like
all
the
PSP
or
all
the
things
that
are
not
working
currently,
maybe
cube,
cuddled
can
I
kick
a
buck
off.
Scan
I
could
help
if
they're
able
to
use
the
PSP
as
the
service
account
or
as
the
user,
something
that
they
can
try
out.
A
Okay
and
if
you
have
a
follow
up,
go
ahead
and
toss
it
in
the
slack
Channel
movie
on
Jan
jackass
hi
I'm
interested
in
pods
naming,
is
it
possible
to
change
the
way
kubernetes
generates
pod
name
at
the
moment,
its
metadata
name,
UID,
hash
and
I
want
to
change
that
to
metadata
that
name,
zero
one,
two
three
four
five
like
stateful
said,
but
I
don't
want
it
to
be
persistent.
Other
pod
can
use
that
name
of
available.
Also,
is
it
possible
to
append
VM
fqd
ends?
A
B
B
Well,
when
you
start
appending
like
host
information
to
a
pod,
that's
being
deployed,
you
sort
of
created
this
binding
and
sort
of
the
entire
idea
of
Corrine
ease
that
you.
You
know
when
you
set
up
a
pot
or
something
if
no
dies
or
whatever
you
can
just
schedule
on
another
node.
It
should
not
have
to
be
tied
to
the
node.
If
you
do
have
something
that
does
have
to
be
tied
to
a
note,
specifically,
you
should
use
daemon
sets
or
you
can
at
least
use
a
node
selector
to
you
know,
target
what
you
want.
C
A
A
D
D
A
A
A
See
hyphens
here
welcome.
Mike
Ortiz
is
next
hi
I'm
interested
in
the
mechanics
behind
kubernetes
secrets.
Specifically
an
encryption
config
I
understand
that
if
I'm
using
the
kms
provider,
the
key
slash
rotation
are
handled
by
AWS,
/
g
CP,
whatever.
How
does
this
key
rotation
work?
If
there's,
if
I
were
to
use
the
AES
star
providers.
D
I
think
this
is
about
encrypting
secrets
or
any
other
kind
of
@cd
data
addressed
right.
Basically,
if
you
use
a
provider
like
AES,
you
provide
the
key.
So
you
also
need
to
take
care
of
the
key
rotation.
Then
I'm,
not
sure
if
there
is
any
specific
functionality
built
in
to
help
you
with
the
key
rotation.
If
you
are
managing
keys
yourself.
A
A
Let's
move
on
Eve
C
Eve
se
has
two
fairly
general
questions
number
one:
what
are
the
best
steps
of
diagnosing
pods
that
can't
be
scheduled
due
to
CPU
node
Fennelly
rules,
volume
zone
conflicts
describing
the
pod
gives
information,
how
many
nodes
it
couldn't
fit
for
X
reasons,
but
not
which
nodes
I
find
it
quite
difficult
to
find
the
path
of
least
resistance
to
get
the
pod
scheduled
ie.
Deleting
this
one,
high
CPU
pod
from
this
one,
node
will
sort
it
out,
for
example,.
D
Yeah,
it
is
like
an
issue
because
you
get
sometimes
you
get
sighs
like
three
reasons
why
it
didn't
work
and
which
reason
is
the
the
highest-ranking
one
or
your
biggest
issue.
Sometimes
I
try
to
to
go
from
like
the
hardest
ante
rule
towards
the
softest.
So
if
it's
like
how
sports
that,
then,
then
you
you
basically
have
a
demon
set
so
or
like.
So
you
can't
schedule
on
notes
that
are
already
have
a
pod
and.
A
D
A
When,
when
a
pot
can't
be
scheduled,
it's
stuck
in
pending
right,
yep,
okay,
cuz
I
did
find
a
whole
section
in
the
docs
about
debugging
pending
pending
pods,
and
it's
cute
cuddle,
get
events
and
there's
some
information
there.
I
don't
know
if
you've
seen
the
docs
yet,
but
I
will
paste
them
in
here
and
if.
B
For
some
reason,
that's
not
enough,
you
can
always
you
know,
get
the
logs
of
the
scheduler
itself
and
hop
over
to
one
of
the
Masters.
A
E
A
E
D
Yeah
it's
and
it's
not
using
it,
not
always
the
same,
so
you
can
have
like
a
few
replicas
of
an
ingress
controller
like
nginx
running
behind
the
sing.
A
lot
answer
it
doesn't
it's
not
always
like
each
each
has
has
its
own
load
balancer,
which
would
get
you
into
trouble
anyway.
Cuz
like
which
one
will
stuff
arrive
on
yeah.
E
It
may
be
the
case
with
some
implementations,
but
actually
I
can't
think
of
one
where,
where
it
will
be
the
case,
I
mean
the
ones
that
I've
used.
Basically,
you
get
yeah
like
what,
for
example,
with
traffic
right,
you
put
the
traffic
in
cruise
control
and
gives
us
the
main
space
you
expose
it
through
a
service
and
then
and
then
anything
that
comes
through
to
that
service
through
through
the
external
IP
address.
D
My
being
I've
seen
people
running
a
few
ingress
controllers.
Sometimes
it's
just
like
one
for
internal
traffic
behind
an
internal
eld,
for
example,
one
for
external
or
one
for
specific
services
that
need
a
specific
type
of
traffic.
Balancing
that
another
ingress
controller
doesn't
have
like
having
a
no
HF
proxy
and
nginx
nginx
for
like
the
functionality
and
HF
proxy
for
some
special
speed
things
that
they
need.
I've,
seen
that
around,
or
even
like
ingress
controllers,
plus
directly
like
services
of
type
Lord
answered
electrically
exposed
for
like
high
traffic
high
volume
stuff.
E
Yeah
so
there's
the
ingress
class
thing
that
he
can
specify
right,
but
either
a
controller
instance
like
can
you
can
you
specifically
address
I
tie
a
an
object
to
controller
instance.
I'm
not
entirely
sure
there
is
a
general
way
of
did
not
even
ingress
class
is
is
an
annotation,
so
it's
not
the
most
general
thing
so
again,
like
we
kind
of
come
hit.
The
ball
here
with
the
limitations
of
ingress
API,
which
you
know
is
not
yeah,
it's
not
particularly
extendable
or
or
it's.
A
All
right,
we
have
some
follow-up
comments
on
ingress,
but
we'll
get
to
those
when
we
get
to
those
saqib
asks.
Question
I
have
a
general
question
related
to
unfriend
deployments
where
cloud
services
are
not
an
option.
I
want
a
database.
That's
a
che
c'è,
my
sequel
in
a
kubernetes
cluster.
How
can
I
achieve
this
starting
group
replication
of
my
sequel
clusters
and
containers
is
fine
but
I
get
bothered
by
volume
storage
should
I
have
local
volume
storage
on
each
node
or
should
I
have
some
network
storage.
D
Is
it
really
depends
like
if
you
have
a
really
nice
storage
thing
that
has
to
a
nice
integration?
You
might
access
persistent
disks,
but
usually
you
don't
and
if
you,
if
you're
running
something
like
a
cluster
data
based
and
you
actually
don't
even
need,
you
should
go
with
local
storage
if
it's
SSD
at
least,
and
yet
it
used
to
be
that
you
needed
to
do
kind
of
volume.
B
D
There,
which
is
ephemeral
but
by
now
I
think,
there's
110.
It's
definitely
better,
at
least
that
you
can
have
local
storage
for
stateful
sets
so
like
persistent
local
storage
mm-hm,
where
you
get
like
a
functionality
where
the
pot
gets
rescheduled
to
the
same
node
if
possible,
you
can
have
that
like
this
is
soft
or
hard
affinity,
I.
Think
at
least
that's
on
the
plan
for
local
persistent
storage
I
would
prefer
that
if
you
can't
get
that,
if
you
can
get
like
fast
local
storage,
yeah.
E
And
if
you
get
the
right
kind
of
replication
going
on
right,
so
I'm
I'm,
aware
of
the
the
most
recent
and
front
projects
in
CNC
f
as
a
fetus
right,
yes,
I
was
actually
gonna.
I
was
gonna,
mention
it
so
I've
not
read
the
I've,
not
read
the
docs
unaware
what
kinds
of
replications
they
offer.
So
there
may
be
the
kind
of
replication
that'd
be
good
enough
for
for
using
local
storage
right.
E
B
Bob
had
a
had
an
opinion
it
it
got
covered.
It's
all
good.
Okay,
oh
yeah.
As
far
as
the
the
stuff
goes,
the
the
local
disk
is
good
for
databases
and
things
that
support
that
sort
of
thing.
If
you
have
a
nice
enterprise
San
a
lot
of
them.
A
lot
of
the
vendors
now
have
like
storage
drivers,
PV
drivers
and
all
that
storage
classes
for
days
these
days.
So
I
guess
it
just
really
sort
of
depends.
B
C
D
C
C
B
E
A
Okay,
hopefully
that
answers
your
question
moving
on,
if
you
have
any
follow,
ups
feel
free
to
post
them.
Let's
go
here,
Ivan
points
out
the
event
router
from
heftier
labs,
two
general
questions:
there
we
go
how's
the
audio,
let's
see,
who
else
is
next
kappa
res
a
container
to
use
NFS
for
and
kerberos
to
mount
volumes?
This.
C
B
So
mounting
a
lei
kerberized
NFS
before,
like
especially,
was
like
a
specific
user.
If
it's
a
service
accounts,
not
a
big
deal,
but
you're
essentially
be
managing
it
outside
of
kubernetes.
If
you
want
to
use
like
the
NFS
storage
right
or
something
like
that,
you
there's
there's
the
answer
spread
out
just
no,
unfortunately,
but
it
is
what
it
is.
A
B
Oh
the
way
we've
handled,
that
is
the
kubernetes
cluster
itself
sort
of
has
privileged
access
to
the
NFS
cluster
or
then
FS
server,
I'm,
sorry,
and
then
we
mount
essentially
like
sub
ders
and
mount
the
containers
as
specific
UID
s
and
G
IDs,
to
lock
that
down.
I
can't
write
a
link
to
an
example
for
that
yeah.
D
I've
seen
similar
things
and
what
we
did
at
one
customer
foot
was
also
too
to
have
egress
rules
that
only
a
single
namespace
has
access
to
the
NFS.
So
then
at
least
you
your
you
can
control
it
in
terms
of
like.
If,
if
someone
just
starts
a
pod
and
knows
the
NFS
end
point,
they
can't
just
try
to
connect
or
DDoS
the.
B
A
D
D
E
D
I'm
trying
that
could
be
like
we're
doing
something
similar
on
Prem,
where
we
have
like
an
external
ingress
controller,
that
routes
to
the
internal
ones
and
I
think
helped.
You
has
something
similar.
What's
a
cop
again
Timbo,
yes,
right,
Ross
talked
about
that.
That's
that
sounds
like
a
very
similar
solution
where
you
would
have
this
one's
fingers.
Controller
outside
it
is
or
in
front
that
brought
to
the
something
risk
controllers,
mm-hmm.
A
A
What's
the
throw
out
of
thanks
to
Ivan
very
grateful
for
you
guys
glad
I
found
you
glad.
We
found
you
blab
we're
here
every
month,
so
please
feel
free
to
come.
Bring
more
questions.
Let's
see,
Marcus
was
to
ask
with
kept
0:02
work.
Being
solidified
will
1.11
be
replacing
the
need
for
cloud
providers
in
cluster
autoscaler
with
cluster
API
features.
You
guys
see
the
URL
there
for
the
autoscaler.
D
A
D
Which
in
general
I
would
say
most
probably
111
will
not
eliminate
any
need
for
cloud
providers.
Okay,
I,
don't
think
work
fund.
That
is
far
enough,
yet
at
least
from
what
I
heard
and
saw
on
click
on
yeah
I
might
be
wrong,
but
I
mean
there's
plans
to
externalize
the
cloud
providers,
but
it's
it's
very
slow
and
tedious
work.
D
A
Marques
I
will,
if
you
could
post
your
question
to
that
thread.
Usually
Chris
joins
us
in
the
afternoon
session
and
I'll.
Have
her
give
you
a
tldr
and
answer
the
question
for
you
if
you
could
just
plop
it
on
there
so
yeah
worst
case,
that's
the
person
who's
working
on
it
right
all
right.
Moving
on,
let's
see.
A
Bob
was
remind
everyone
that
heap
stirs
being
deprecated
or
replaced
with
a
metric
server.
While
we
were
talking
about
that
before
with
a
veces
problem,
let's
see
Hugo
Varela
asks
where
we
live.
We
change
the
time
zone
twice
a
year.
Do
you
know
where
to
change
the
time
zones
for
all
the
pods
on
the
fly?
We
don't
want
to
redeploy
at
all.
B
A
A
A
A
A
B
B
D
B
A
Okay,
if
you've
got
any
any
more
information
on
that
Michael
we'd
love
to
follow
up
basing
on
time
about
twenty
minutes
left
everybody
ill.
You
would
also
like
to
remind
everyone
that
rook
exists
when
we're
talking
about
stories.
You
didn't
even
mention
rook,
that's
our
fault,
so
Keef
says.
Thank
you
so
much
that
doesn't
answer
my
question
and
sweet.
He
had
no
idea
about
the
test.
He's
gonna
explore
it
in
detail.
If
you
have
any
information,
if
you
go,
do
due
diligence
by
all
means,
write
it
up
post
it
on
the
discuss
for
them.
A
B
A
Sweet
sweet-
let's
see
moving
on
james
Strachan,
would
like
to
ask
anyone
ever
seen
an
example
on
how
to
use
a
made
meta
v,
1
beta
1
dot
table
so
that
a
CR
d
appears
nicely
in
cube
kettle
get
food
for
Cates.
Why
not
10
or
later
then
links
to
kubernetes
issues?
60,000
45?
Let's
look
at
the
issue
here.
E
Suppose
James
already
surged
get
out
poor
poor
for
that
I
just
tried
to
look
in
source
graph
if
there
are
any
in
reference
to
that
source
graph
is
aware
of
I
think
all
the
references
in
github
will
probably
point
to
first
activities,
which
is
unfortunately
a
hard
to
filter
those
out
or
there
may
be
some
places
where
it's
used.
I.
D
E
A
D
A
A
Okay,
we
might
have
to
we
might
have
to
try
this
one
on
the
west
coast
edition
sorry
about
that
James.
But
if
you
stick
around
or
post
it
on
the
discussed
forum,
I
could
definitely
find
someone
to
get
back
to
you
on
that.
A
Moving
on
Ivan
would
like
to
remind
everyone.
The
use
case
is
probably
to
save
money,
because
load
balancers
are
expensive.
With
that,
a
question
about
the
multiple
ingress
controllers,
right,
I,
think
that's.
What
he's
referring
to
Bob
to
keek
would
like
to
point
out
someone
who's
trying
to
plan
a
cluster
and
has
posted
a
question.
A
B
D
A
Is
typing,
which
means
he
probably
knows
the
answer,
so
we
have
about
15
more
minutes
for
questions
if
we
have
any
follow-ups
or
any
new
things,
I
would
just
as
label
all
the
things
good
to
know
all
right.
Let's,
let's,
let's
look
at
this
planning
cluster
question
here,
which
band
to
keep
posted
this
guy's
see
our
demos
greetings
all
and
thanks
advance
for
reading
I'm.
A
D
A
A
D
A
D
Some,
like
best
practices
like
don't
use
a
single
instance
if
it's
possible
to
scale
it
to
at
least
two
mm-hmm.
We
use
some
like
soft
anti
affinity
on
that,
so
you
don't
get
them
all
scheduled
to
the
same
node
if
they
don't
goes
down
mmm-hmm
there's
a
lot
of
like
small
best
practices
that
you
find
here.
They're
put
limits
on
the
container,
but
requests
on
that
for
scheduler,
but
yeah,
there's
I,
think
much
more
on
the
on
the
organization
side
of
the
company.
Where
you
want
to
say
say
what
is
my
internal
best
practice?
B
D
A
Like
how
we're
gonna
run
the
registry
right,
like
can
people
just
push
anything
they
want
in
there
who's
reviewing
that
right,
and
then
he
goes
on
to
like
networking,
secret
usage
and
storage
I
mean
we
could
go
on
for
hours
and
hours
on
this.
So
let
me
just
get
to
his
bottom
thingies.
Those
I
know
this
super
broad.
Sorry
about
that.
A
B
C
D
E
Tell
you,
maybe
all
the
12
factors
I
think
some
of
the
that's
there
are
not
so
essential.
Yeah
I
mean
actually
is
this
mostly
about
the.
E
A
E
I
mean
we've
I've
compiled
a
few
things
that
I'm
hoping
to
put
in
a
in
a
blog
post
haven't
got
that
ready
yet,
and
there
are
a
few
things
that
that
we
shared
in
a
workshop
that
we
were
going
to
combat
I'd
like
to
compare
it
into
a
book.
We
compile
it
into
a
blog
post
yeah,
if
he,
if
you,
if
you
really
came,
feel
free
to
to
DM
I,
may
be
able
to
to
find
a
way
to
share
the
existing
back.
It's
just
that.
E
D
E
E
We
have
a
couple
of
things.
You
want
to
look
at
right.
First
of
all,
you
wouldn't
decide
on
your
labels,
and
one
of
the
recommendations
is
that
that
we've
made
that
that
workshop
was
to
to
use
up
label
as
a
if
you
can't
find
another
one
that
you
decide
on
at
least
have
one
label
you
don't
have
to
like
use
too
many
labels.
Unless
you
have
a
particularly
good
use
case
for
it,
many
labels
actually
can
cause
a
performance
degradation
in
the
API
server.
So
health
checks
is
a
next
one.
E
Is
we
mention
the
aliveness
and
redness
probes
and
you'd
probably
need
to
tweak
the
default
timings
there
on?
Some
of
the
other
things
that
you
may
want
to
take
care
of.
Is
that
your
blindness
and
redness
probes
are
actually
different.
Trains,
don't
point
them
at
the
same
thing,
especially
if
that
same
thing,
expensive,
so
you're,
a
regular
pro
could
could
be
an
expensive
one,
but
the
aliveness
probe
should
be
a
very
lightweight
one
on
service
dependencies.
Ideally,
you
don't
want
your
app
to
crush
loop.
E
If
you
can't
connect
to
database
and
breadless
approach
should
give
like
a
status
instead,
and
you
shouldn't
really
like
get
like
been
connecting
to
a
database
is
just
one
of
the
examples.
Metrics
is
definitely
a
good
idea.
You
probably
only
use
Prometheus
here.
There
is
much
more
to
say
about
that
on
the
grasing.
Shutdown
is
something
you
have
to
take
care
of,
so
your
app
has
to
handle
sig
term
and
you
might
want
to
adjust
termination
grace
period
seconds
front,
because
the
default
is
rather
very
conservative
one.
E
So
you
think
your
your
app
can
actually
shut
down
pretty
quickly
in
one
way,
but
turn
that
down
to
a
lower
value
from
from
like
600
seconds
or
something
like
that,
where
it's
at
now
or
forgot,
300
seconds
yeah
and
then
then
additional
things
may
include
your
configuration
and
cigarettes.
You
want
to
decide
how
you
can
store
configuration,
whether
whether
you
have
even
serve
even
a
your
configuration,
is
complex
enough
that
you
need
to
use
a
config
map.
You'd
probably
want
to
use
secrets.
E
If
you
have
any
secrets
and
structured
login,
you
you'll
make
sure
that
your
logs
and
log
level
you
you
may
wish
to
use
JSON
or
a
key
value
type
block
format,
but
that's
not
gonna
get
very
verbose
and
it
kind
of
it's
gonna
flop,
a
height
so
and
container
image
tagging
is
something
you
would
want
to
decide
about.
So
we
recommend
using
branch
short
attach
or
gift
tag
if
you
actually
do
releases
both
get
tagged
on
another
thing,
your
you
know
your
base.
E
You
shouldn't
have
to
use
scratch
image
unless
you're
doing
multi
multi
stage
builds,
and
you
know
what
you're
doing
right
but
like
normally,
you
would
use
scratch
image.
I
mean
there
are
some
examples
of
dog
falls
out
there
that
we
scratch
image
for
go
ups,
but
it's
it's
very
important
decision
to
do
that.
All
you
really
have
to
know
what
you're
doing
right
then,
in
terms
of
like
other
runtime
attributes.
You
have
things
like.
E
You
know,
for
example,
some
some
apps
rough
right,
temporary
files-
you
would
you
know,
use
empty
their
volume
for
that
and
if
the,
if
the
files
are
of
small
size,
you're
going
to
use
memory
as
a
backing
store
for
that,
and
you
may
like
to
use
image
containers
for
certain
things,
but
be
careful
when
you
do
that,
and
you
don't
want
to
install
packages
or
French
files
with
it.
So.
A
Yeah,
we're
actually
gonna
run
out
of
time
here,
because
we've
got
two
more
questions
in.
However,
you
are
you're
working
on
this
block.
So
here's
what
we'll
do
crg
I'll
respond
to
him
with
a
link
to
this
video
and
then
I'll
give
you
the
thread,
and
we
this
will
be
an
interesting
blog,
post,
I
think
and
maybe
the
start
of
like
there's
no
real,
like
kubernetes
architecture
guide
right,
that's
like
hey!
My
company
wants
to
do
this.
What
are
you
know?
E
A
A
This
stuff,
with
so
yeah
sorry
to
cut
you
short
there,
but
we
aren't.
We
are
kind
of
hurting
on
time,
thanks
everyone
for
showing
up
and
giving
us
so
much
questions,
we'd
love
to
have
a
packed
packed.
One
Marquez
asks
what
feature
should
you
expect
to
look
for
from
a
managed
kubernetes,
masternodes,
failover,
replication,
backup,
cost
offsets
based
on
what
is
offered
by
existing
provider,
engines
or
perhaps
isn't
offered,
but
will
be
a
desirable
feature?
I.
D
Mean
basically
just
rely
ability,
I
mean
they
should
take
care
that
it's
up
and
it's
fast
enough
and
how
they
do
it
and
why
they
do
it
and
if
they
mean
backups
I'm,
not
sure
if
you
can
expect
that
you
should
always
do
your
own
backups,
even
if
they
do
backups,
because
yeah
basically
you're
responsible
for
what
you
don't
do
and
what
you
do
and
the
rest
is
its.
It
would
be
good
if
it
comes
with
like
same
configuration
and
same
settings
of
flags
that
you
need,
if
you
can
customize
stuff.
D
That
is
a
bonus
if
it's
needed.
Sometimes
you
need
to
see
like
how
lockdown
the
master
is.
Sometimes
you
might
desire
something
that
is
less
lockdown
and
enables
more
features
like
feature
gates
that
might
be
alpha,
but
you
still
want
to
use
depends
on
your
use
case.
A
lot
for
the
beginning,
I,
don't
think
any
anyone
offers
when
it
is
masters
does
a
very
bad
job.
There
yeah.
A
I
feel
like
everyone
who
does
this,
is
it's
like
one
of
the
main
features
I
like
about
the
manage
clouds
right
like
I,
don't
want
to
deal
with
my
own
at
CD
and
any
of
that
stuff.
I
just
want
to
pay
for
workers,
weapons
yeah.
So
hopefully
that
answers
your
question
there
of
Cygnus
8
595
asks
when
I
set
up
an
on-prem
kubernetes
cluster
I
had
an
issue
where
the
cubelet
container
would
die
every
night
at
10
p.m.
ended
up
being
a
core
OS
update
issue,
but
I
never
got
an
indication
that
it
was
down.
A
B
A
B
D
A
Okay
and
then
the
last
one
would
joyfully
that
answers
your
question,
if
not
post
a
follow-up
on
the
forum
and
then
we'll
get
to
it,
J
Sager
last
question:
now
is
the
time
GPU
go
figure
out
the
dominat,
we're
figuring
out
who's,
who
won
the
t-shirt
today.
I
have
a
newbie
question.
If
that's
okay,
of
course,
it's
okay
I'm
experimenting
with
my
own
kubernetes
deployment.
Following
guys,
various
places
I've
decided
to
try
calico
on
the
bottom
of
this
page.
A
D
I
just
looked
at
them
they're,
basically
only
next
steps
what
you
could
do
with
kellyco,
not
if
not
it
you
got
it
running,
you
don't
need
to
do
any
of
those.
But
if
you
want
now
that
you
have
calico,
you
could
be
locking
down
your
cluster
that
network
policies
so
just
browse,
maybe
through
the
through
their
documentation.
Maybe
they
have
a
blog
post
that
helps
you
with
that
you're,
starting
out
with
network
policies.
I
would
always
recommend
there's
a
blog
post
and
github
by
ahmed
from
google.
D
A
C
A
B
B
E
B
Definitely
think
it
would
a
lot
of
them
have
their
own.
You
know
they
might
have
their
own
thing
for
for
restarting
reloading
it
config,
especially
if
they
have
like
a
long
boot
sequence
or
does
rely
on
something
like
the
whole,
an
it
containers
or
something
like
that
to
take
care
of
some
aspect
of
it.
You.
A
D
Is
also
I
think
a
very,
very
long
issue
already
existing
for
maybe
more
than
a
year
talking
about
how
we
can
maybe
have
some
like
conflict,
might
roll
out
hooks
or
posts
roll
out
hooks
in
there
I
think
the
use
cases
are
so
vast
that
it's
still
very
hard
to
build
the
future.
But
the
sidecar
is
a
bit
workaround.
Let's
say.
A
A
Winner,
winner
of
a
kubernetes
shirt,
so
after
after
this
PM
me
on
slack
and
I'll,
give
you
a
code
to
the
CNC
of
store
and
thanks
for
everybody
who
brought
their
questions
like
to
thank
to
the
following
companies
for
supporting
the
community,
would
developer
volunteers,
Amazon,
bitNami
giant,
swarm
hefty
o
liquid
web
Northwestern
Mutual
packet,
dotnet,
pivotal
Red
Hat.
We've
works
the
University
of
Michigan
and
VMware.
A
All
these
companies
have
donated
it
at
least
some
engineering
time
for
this
office
hours,
so
check
em
out
thanks
for
those
companies
for
allowing
their
engineers
to
spend
time
with
us,
we
will
be
giving
out
a
t-shirt
every
session.
So
we're
doing
this
again
in
five
or
six
hours,
we'll
make
the
announcements
in
the
office
hours
channels
are
the
usual
usual
suspects
and,
like
we
said,
feel
free
to
post
in
the
discussed
at
kubernetes
I/o.
A
You
know
like
the
little
community
here
of
people
that
are
looking
for
help
and
people
looking
to
offer
help.
So
with
that
always.
Thank
you
very
much.
Please
like
share
and
subscribe
this
video
and
we'll
see
everyone
in
a
few
hours.
Remember
third
Wednesday
of
every
month
thanks
everyone
thanks
our
panelists,
you
guys
wanna,
say
goodbye.
Yeah,.
A
The
t-shirts
you'll
be
giving
away
yeah
and
if
you
didn't,
if
you
didn't
win
a
shirt,
you
can
actually
post
on
the
introduce
yourself
thread
on
discuss
and
I'll,
be
giving
it
out
another
shirt.
So
yeah
they're
gonna,
regret
giving
me
the
t-shirts
key.
All
right,
we'll
see
everyone
later.
Thank
you.
Yep.