►
From YouTube: Kubernetes Office Hours 20200119 (West Coast Edition)
Description
Office Hours is a live stream where we answer live questions about Kubernetes from users on the YouTube channel. Office hours are a regularly scheduled meeting where people can bring topics to discuss with the greater community. They are great for answering questions, getting feedback on how you’re using Kubernetes, or to just passively learn by following along.
For more info: https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
All
right
welcome
everybody.
It
is
a
third
Wednesday
of
every
month
and
welcome
to
our
West
Coast
edition
of
the
kubernetes
office
hours.
This
is
our
monthly
live
stream.
Sorry
had
a
bit
of
an
echo
there.
This
is
our
monthly
live
stream,
where
we
hop
onto
YouTube
with
a
bunch
of
kubernetes
experts
and
try
to
answer
as
many
of
your
user
questions
as
possible.
We've
got
tons
of
new
volunteers
and
new
people
going
so
welcome
everybody
how's
it
sound
there.
A
Please,
let
us
know
in
hash
office
hours
follow
these
instructions
if
you're
not
on
the
slack
channel,
and
the
slack
chat
is
available
here
on
the
side.
For
you,
those
of
you
watching
the
live
stream,
thanks
for
watching.
If
you
are
in
the
slack
Channel,
say
hello,
let
us
know
where
you're
from
we
like
to
see
stuff
scrolling
by
all
day
when
we
say
stuff,
that's
always
our
favorite
all
right
before
we
begin
we're
going
to
kind
of
run,
run
down
how
this
works
for
you
here.
A
This
is
a
kubernetes
event,
so
the
code
of
conduct
is
in
effect,
please
be
excellent
to
each
other.
Before
we
start
into
the
rules,
let's
get
into
some
introductions,
so
we
will
go
in
this
order
here.
Who
are
you
where
you
work?
What
you
do
I,
don't
know
your
favorite
dinosaur.
Let's
do
that.
The
order
will
be
saddled.
Rolla,
marki,
Monica
here,
Jeremy
and
Dave.
B
Hey
guys
good
running
this
one
will
get
seen
infrastructure
engineers
at
American
Airlines
new
to
this
community,
but
in
you,
I
mean
three
to
four
months:
working
with
open
source,
but
pretty
much
working
with
Hewlett
is
live
from
last
year's
and
good
to
know
the
community
and
started
working
with
say
convicts
and
really
see
a
signal.
Six
just
hopping
in.
Thank
you.
C
D
F
G
My
name's
Dave
strable,
so
I'm
a
cloud
native
architect
at
Microsoft
I
work
on
that.
As
your
global
black
belt
team,
we
essentially
help
customers
implement
kubernetes
on
Azure
I've
also
worked
on
the
release
team
for
quite
a
few
releases
recently
authored
a
kubernetes
best
practice
book
by
O'reilly,
and
my
favorite
dinosaur
is
also
a
t-rex
and
partially
because
a
little
hands
and
I
don't
like
paying
for
bills.
So
I
get
t-rex
hands
when
I
gotta
get
my
wallet
out
a.
A
Mention
your
favorite
dinosaur.
When
we
get
to
you
in
a
question,
you
have
to
mentor
your
favorite
dinosaur
and
Dave
toss
a
link
to
your
book
into
the
chat.
So
people
have
it
that'd
be
awesome.
If
you
want
to
check
that
out
all
right,
let's
go
over
how
this
is
gonna
work.
So,
first
of
all,
this
is
a
judgment-free
zone.
Everyone
had
to
start
from
somewhere.
We
have
experts
here,
but
we
have
people
just
getting
started.
A
We
like
to
we
like
to
think
of
the
office
hours
channels
kind
of
like
the
safe
zone,
for
you
to
ask
any
kind
of
dumb
question.
What
other
reason
I
started.
This
show
was
I
had
to
learn
everybody's
myself.
So
why
not?
Do
it
together
and
use
all
these
fine
people
here
use
their
knowledge
to
our
advantage
and
share
with
everybody.
So
we
can
keep
that
ball
rolling.
Well,
we
will
do
our
best
to
answer
your
questions.
The
panel
doesn't
have
access
to
your
cluster,
so
live
debugging.
A
Questions
are
gonna,
be
off
topic,
especially
those
of
you,
I'm
Prem,
with
networking.
It
just
gets
like
really
complicated
and
difficult.
So
what
we
will
try
to
do
is
in
cases
like
that,
maybe
tried
to
teach
you
best
concepts
of
places
where
you
could
find,
maybe
in
a
certain
log
or
something
where
you
can
find
the
problem
to
help
you
at
least
get
moving
forward
a
little
bit.
So
those
questions
will
be
off-topic.
A
Panelists
you're
encouraged
to
expand
on
your
answers
with
your
experience
and
pro
tips,
while
it
would
be
awesome
to
listen
to
you
recite
to
kubernetes
Doc's
back
to
me,
the
real
value
is
the
experience
you
get
in
the
field
and
messing
with
the
software
on
a
day
to
day
basis,
all
that
goodie,
all
the
asari
goodness
we
want
all
of
that
stuff
audience.
You
can
help
us
out
by
piecing
URLs
to
the
official,
Doc's
blogs
or
anything
that
might
be
relevant
to
the
topic
at
hand.
A
A
So
if
there's
anything
blog
posts,
things
of
that
nature
that
are
useful
for
the
community,
whack
them
in
there
and
what
we
do
is
collect
them
all
in
the
two
sessions
and
then
I
publish
them
all
as
show
notes,
so
that
people
can
have
all
these
links,
and
it's
really
handy
to
kind
of
review
and
while
you're
watching
the
show
too
it's
nice
to
have
the
URLs
there.
So
you
could
check
out
the
stuff
that
people
are
talking
about.
A
Let's
see
you
can
post
your
questions
on,
discuss
that
kubernetes
on
I/o
our
forum
and
give
us
the
link.
You
can
give
us
a
premade,
Stack
Overflow
question
or
you
can
just
ask
directly
in
the
slack
Channel.
That's
also
fine.
What
we
do
is
we
throw
all
these
into
a
working
document
and
then
we
just
read:
I
read
them
top
to
bottom,
so
when
I
ask
for
questions,
feel
free
to
just
start
putting
them
in
the
chat.
If
you
have
a
question
now,
just
do
question
:.
A
So
it's
easy
for
us
to
determine
where
it
is
and
ask
your
questions
feel
free
to
start
queuing
them
up.
As
as
we
go
and
then
we're
gonna
try
to
get
through
as
many
of
them
as
possible,
this
panel
is
made
entirely
of
volunteers.
So,
if
you
want
to
rotate
in
please
let
us
know
it's
a
great
way
to
get
back
to
the
community
I
like
to
watch
to
see
who's,
helping
people
the
most
and
ask
them
to
come
onto
the
panel.
That's
what
Pierre
came
from
so
he
was
chatting
a
lot
in
the
chat.
A
We
just
ask
them
hey.
You
know
it
might
be
easy
if
you
just
explain,
explain
this
to
us
and,
lastly,
we're
DevOps
people
to
you,
so
we
like
to
measure
our
metrics
to
see
how
we're
doing
so,
subscribing
liking,
sharing
a
tweet,
retweeting
I'm
on
etre,
all
that
stuff,
that
it
helps
me
figure
out
how
many
sessions
were
going
to
do
how
many
volunteers
I
need
resources
that
are
need.
A
A
So
with
that
before
we
get
started,
I
want
to
thank
the
following
companies
for
supporting
this
community
with
developer
volunteers,
Giants,
warm
stock
ex
pleasure,
calm,
weave
works,
VMware,
University
of
Michigan
Red,
Hat
spectrum,
IO,
American,
Airlines
and
Utility
Warehouse,
and,
as
always,
a
special
thanks
to
the
seeds
for
sponsoring
our
t-shirt
giveaway
and
with
that
panel
army
ready
Monica.
Did
you
decide
on
that
favorite
dinosaur?
Yet.
D
A
Okay,
alright,
with
that
we're
gonna
go
with
our
first
question
from
a
mere
if
you're
a
heater
Ahmir,
please
let
us
know,
but
this
is
a
holdover.
We
ran
out
of
time
in
the
morning
session,
but
I
figured.
This
is
a
general
question
to
start
off
with
the
panel,
the
rest
of
you,
please
keep
typing
your
questions
in
and
we
will
get
to
them
so
Amir
asks
we
are
soon
going
to
scale
up
our
micro
service.
C
Load
test,
load,
test
load
test,
run
load
test
against
your
application.
You
will
find
that
if
you
put
something
in
a
dev
environment
and
you
load
tested,
things
will
shake
out
before
you
get
it
to
prod.
So
I
would
strongly
suggest
putting
like
load
test
control
planes
and
look
Jessica
load
test
control
workers
in
more.
D
A
huge
fan
of
iteration
I
mean
so
as
they're
going
through
and
trying
to
prepare,
like
you
said,
load
testing
like
just
iterate
and
you
can
do
benchmarks.
So,
if
you're
going
through
make
sure
you
understand
like
where
you're
maxing
out-
and
you
know
you
want
to
go
straight
from
you
know,
one
to
a
thousand
so
kind
of
go
along.
You
know
the
different
intervals.
There
pick
your
your
air,
your
whatever
your
limits
are
and
then
make
note
of
it.
So
you
can
kind
of
compare
like
you
know
how
it's
looking
along
the
way.
E
A
A
A
Windows
specific
office
hours-
and
this
is
something
everyone
to
look
forward
in
the
future.
We
are
gonna
I'm
gonna
try
to
expand
to
kind
of
have
topic-based
office
hours,
so
that
should
be
a
lot
of
fun.
So
the
question
from
reddit
I
building
my
container
lab
today:
I'm
planning
for
three
nodes,
two
workers
in
the
master
question:
can
all
these
VMs
run
Windows
Server,
where
Microsoft
shopping
or
planning
us
start
with
converting
existing
dotnet
framework
apps
to
containers.
A
Then
we
write
apps
on
dotnet
core
any
help
would
be
appreciated
and
then
I'm
gonna
add
a
little
bit
of
extra
sub
question
here
for
you
Dave.
If
you
could
share
any
expertise,
I'm
sure
that
their
window
shops
that
are
just
like
pure
window
shops,
I
might
not
have
like
the
expertise
to
like.
Oh
no
I
have
to
set
up
a
cluster,
so
you
know
any
insight
you
can
give
yeah.
G
No
I'll
wait
to
that
new
world
of
dotnet
core
and
all
the
all
the
good
stuff
I'll
preface
it
with
the
haven't
used
Windows
in
about
1215
years
and
because
I
work
in
Microsoft,
everybody
thinks
they
know.
Windows
yeah
I
will
say
what
I
know
here
and
I
believe
every
spot
read
it
to
that
a
question
but
yeah
your
control
plane
still
has
to
run
within
the
context
of
Linux.
Your
worker
nodes
will
run
Windows,
but
you
still
have
to
have
a
control
plane.
That's
built
around
Linux.
A
G
A
A
See
somewhat
stipend
will
let
people
type
there
and
then
we
will
move
on
John
McGowan.
Thanks
for
joining
the
show
says:
I
ran
into
something
yesterday
and
I
posted
it
on
our
/
kubernetes,
which
is
the
kubernetes
subreddit.
Perhaps
someone
can
look
at
it
and
talk
about
it
in
office
hours?
Oh
I
should
actually
probably
just
open
the
question
yeah
it's
okay.
B
I
think
yet
what
does
it
says?
It
says
unexpectedly,
balancing
with
WebSocket
connections
flowing
to
the
engineering
service,
so
his
house,
his
set
up
is
his
helpers
like
deployment
where
service
with
number
of
parts
with
X
number
of
marks
and
his
services
fronted
by
ingress,
which
is
ingress
engine
X
controller
and
his
parts
are
running
a
crap
sequence.
Service
clients
have
running
long-running
WebSocket
connections,
so
the
behavior
does
something
like
this.
B
So
he
is
not
sure
what
to
look
at
it,
but
we
would
expect
the
following,
for
instance,
when
a
new
part
is
started
in
a
deployment
that
the
new
part
will
be
available
for
new
connections,
but
the
existing
long-running
WebSocket
connections
to
previously
running
parts
were
just
processed.
So
this
is
the
overall
issue
what
he
posted
it,
but
yeah.
B
B
H
E
A
H
A
You,
okay
1.4
for
the
enginex
controller.
Okay,
so
let's
keep
following
up
with
them
on
slack
will
continue
going
with
some
questions
and
then
we'll
come
back
and
address
this
as
the
show
goes.
While
they
get
the
details,
thanks
John
for
being
patient,
and
we
will,
we
will
get
back
to
you
here.
Jake
Cowden
says
chiming
in
from
the
UK
yay
I
hear
mini
cube,
mention
a
lot
when
it
comes
to
local
testing.
Is
my
car?
F
A
huge
fan
of
kind
now
I
have
not
used
mini
cube
in
quite
a
while
now
pretty
much
only
using
kind
for
most
of
my
local
stuff.
It's
really
awesome.
It's
much
more
reliable
than
I
found
mini
cube
to
be
over
the
last
few
releases,
and
it's
pretty
lightweight
I
was
using
the
built-in
kubernetes
stuff
in
doctor
for
Mac
like
that
doc.
Our
desktop
application
for
a
while,
but
I
just
feel
like
kind,
is
so
much
better
to
use.
D
I
was
just
I
was
gonna,
add
on
to
I'm
a
huge
fan
of
kind
now,
I
think
when
I
first
started
using
and
I
was
so
blown
away
after
using
both
mini
cube
and
micro
Kate's,
so,
like
I,
mean
I'll
run
my
own
test
for
Prometheus
or
something
and
I
found
it
super
easy
to
customize
and
put
up
like
more
than
you
know.
Multiple
workers-
and
you
know,
do
some
Valero
testing
or
different
things
like
that.
So
it
was.
It
was
great,
so
I'm
a
huge
fan
of
kind.
One.
C
Of
the
things
that
I
loved
about
it
was
they
built
inst.
The
ability
for
built-in
testing
against
a
version,
so
I
can
pull
in
the
1.18
version,
and
I
can
run
a
set,
a
set
of
conformance
tests
that
are
already
built
in
to
test
something-
and
maybe
my
application
with
that.
So
that's
like
huge
for
me
and
for
the
development
teams.
C
E
A
D
A
My
favorite
part
about
kind.
They
have
a
channel
than
the
kubernetes
slack
and
they're
very
helpful,
and
it's
just
the
maintainer
czar
very
responsive
on
issues
and
things
like
that,
and
you
could
say
that
to
about
micro
gates
and
keep
three
us
as
well.
But
the
kind
folks
really
do
go
out
of
their
way
to
help
people
and
I
just
love
that
it
just
makes
everything
so
much
nicer.
All.
B
A
A
B
Yes,
let
me
get
to
that
yet
that
you
read
from
the
jimang
question:
there's
any
it
of
horror
stories,
lessons
learned
or
strange
pitfalls,
for
example,
I'm
running
into
strange
things.
With
order
of
operations
like
deploying
the
CR
DS
operators-
yeah,
that's
yeah,
that's
a
good
question.
I
think
anyone
yeah
most
of
them
will
have
a
lot
of
stories
around
it
and
on
the
get-ups.
E
So,
in
regards
with
see
a
decent
operators,
so
I'm
a
each
one
of
em
I'm
using
hamelot
and
I,
think
that
how
file
tool
is
quite
nice,
which
actually
allows
allows
you
to
orchestrate
your
helm
charts,
and
it
also
allows
you
to
execute
certain
things
before
others
and
also
have
said
all
modern
poetry.
So
that's
how
I
do
it?
I
just
have
like
a
repository
and
they're
executed.
Alphabetically
and
I
don't
have
any
issues
with
order
of
operations.
Oh.
B
B
G
Say
the
biggest
thing
I
found
is
understand
how
you're
going
to
structure
your
git
repositories,
whether
you're
doing
directory
Bay's
first
branch
based
type
stuff.
The
branch
base
can
get
you
into
really
weird
situations.
Where
there's
you
know
some
truth
approaches
have
a
lot
of
different
trade-offs,
one
that
I
would
recommend.
Looking
in
the
get
ops
channel
and
the
kubernetes
slack
there's
a
lot
of
people
have
been
using
the
different
patterns
for
a
while.
Now
he's
found
they're
very
helpful
in
that
channel,
so
I
would
definitely
check
there
to
hear
kind
of
in
users.
B
A
Where
it's
no
worries,
so
it
looks
like
John,
is
also
start
on
a
thread.
Their
question
there
and
I
see
Aaron
Eaton
engaging
there
thanks
for
that.
So
let's,
let's
for
John's
question
here,
he's
got
he's,
got
a
threat
here
that
he
just
posted
at
12:23
there
and
okay.
We
are
moving
on
to
the
next
question
is
for
Taylor.
They
said:
I
have
a
service
defined
here
and
I'll
plop
I'll
plot
this
little
github
link
here.
F
F
A
F
A
A
Okay,
I'll
go
with
the
opinion,
there's
kubernetes
and
there's
a
lot
of
stuff,
that's
kubernetes
and
a
bunch
of
other
stuff.
That's
way
too
complicated
to
cover
here.
So
you
know
you're,
not
just
getting
kubernetes
when
you
do
and
those
tansy
would
range
here,
you're
getting
a
whole
bunch
of
stuff.
So
this
is
like
really
way
too
complicated
and
way
too
generalized
yeah.
A
B
A
B
Yeah
debris
has
Riggins
him
yeah.
The
brilliance
in
his
question
is
something
this
I
am
looking
at
building
my
first
cluster
and
have
a
background
in
a
dubious
and
struggling
with
what
software
to
use
to
do
that.
He
cares
versus
scarabs
versus
cube
spray.
There
any
suggestions
of
what
works
going
together
or
any
bad
experiences
with
something.
B
C
Right
so
I'm
gonna
tell
you
my
opinion
having
gone
through
this,
but
this
might
not
be
what
you
should
do:
I,
don't
particularly
like
using
eks,
because
I
do
not
know
what
is
happening
under
the
hood
to
my
cluster
and
I,
like
the
control
from
an
application
perspective.
I
build
deploy
clusters
on
AWS
using
cops
because
I
can
control
that
and
that's
my
answer
and
I'm.
Sorry.
If
I
offended
anyone.
F
I'll,
take
you
back
off
of
that
and
I
think
I.
Think
Monica
was
responding
and
thread
to
that
and
I
think
the
real
salient
point
there
is.
It
depends
on
what
you're
looking
for.
Do
you
just
want
kubernetes,
that's
gonna
run
and
someone's
managing
for
you,
like
you,
can
says.
Okay,
for
that,
do
you
want
to
have
a
lot
of
control
over
what
you're
doing
in
terms
of
versions
that
you're
deploying
or
think
like?
F
I
wasn't
really
concerned
with
the
operations
of
the
cluster
just
pulling
my
application.
All
I
needed
was
the
app
to
run
using
kubernetes
and
like
some
cloud
services.
So
in
that
case
the
managed
service
makes
a
lot
more
sense,
and
you
can
may
give
you
that,
if
that's
what
you're
looking
for
at
any
of
us.
B
D
Been
putting
in
there
so,
like
everybody
else,
said
seconds
all
that,
and
and
it's
also
a
budget
issue
right
I
mean
if
you've
got
all
the
money
in
the
world
like
sure,
go
to
manage
service
with
eks
or
whatever,
and
that's
probably
your
fastest
thing
and
and
you're
gonna
have
you
know
the
least
control
over
it.
I've
got
that
background
where
I
want
to
know.
What's
going
on,
I
want
access.
I
gets
bizarre
to
me
to
not
get
into
a
server
or
something
so
I
like
that.
I
do
like
terraforming
cube
ADM.
D
Yes,
I
have
totally
on
myself
and
broken
things
horribly,
but
I'm,
you
know
still
using
it
and
learning
and
I
love
it.
So
that's!
That's
my
favorite
I
haven't
used
cops
cubes
for
a
ice-like
within
the
past
year,
so
I
don't
want
to
comment
too
much
on
like
how
would
the
state
of
those
are
right
now,
I
think
there's
been
tons
of
improvements
with
cops
and
cube
spray.
When
I
was
first
setting
up
clusters,
I
mean
ku.
D
Adm
wasn't
really
out
there
like
it
was
still
beta,
so
we
had
to
do
all
kinds
of
really
ugly
things
to
get
kubernetes
cluster
running.
So
I
am
super
happy
to
have
a
terraforming
cube.
Atm,
though.
A
Yeah
we
talked
about
that
this
morning
when
people
were
mentioned,
it
keeps
by
having
all
these
tools
kind
of
rally
around
cube.
Admin
has
really
made
a
lot
of
bugs
go
away.
First
of
all,
but
like
usually
when
I
asked
me,
I
was
like
look
you're
evaluating
these
tools
is
something
the
one
thing
I
always
you
know
remember
is:
is
that
tool
kind
of
talking
to
the
cig
responsible
for
the
entire
cluster
lifecycle
and
in
cases
of
like
cops
and
keep
spray
and
stuff
they
are
so
that
just
gives
me
a
little
bit
more
confidence.
A
You
know
that
upstream
is
kind
of
like
supporting
this
thing.
John
mentioned
a
good
tip,
which
I
thought
was
interesting.
He
says,
I've
been
happy
using
ranchers,
a
very
thin
layer
just
to
provision
mostly
vanilla
clusters.
I
avoid
all
the
things
they
try
to
give
you
so
I
had
more
control
over
them.
For
instance,
I
turn
off
the
ingress
option,
but
then
install
that
myself
with
help,
which
I
think
is
an
interesting
way
to
do
it.
So
that
is
an
option.
Anybody
else
have
opinions
on
this.
G
So
I'll
make
one
point
since
I
work
for
a
vendor
that
provides
manage,
kubernetes,
I,
would
say.
Manager
Bernays
is
great
to
like,
if
you're
just
getting
your
feet
wet
and
getting
started
with
your
kubernetes
deployment,
it
can
be
great.
It
takes
off
some
of
the
operational
burden,
but
I
think
once
you
get
more
experience
with
kubernetes,
you
start
doing
more
complex
things.
You
kind
of
it's
kind
of
nice,
knowing
what's
going
on
behind
the
scenes
and
having
some
more
control
over
that.
E
So
I
can
also
add
some
information
like
I
came
all
over
world
where
we
use
managed
communities
and
then
I
also
kind
of
shift
it
into
self-managed
communities,
and
so
learning
curve
is
still
quite
steep.
So
if
you
want
to
get
started
now,
a
managed
service
might
be
what
you
want
to
have.
But
if
you
have
time
and
can
invest
the
resources
into
learning,
how
to
many
just
yourself,
it's
definitely
worth
it.
A
All
right,
Maria,
hey,
asked
welcome
Maria.
Is
there
a
programmatic
way
to
feed
a
pod
status
into
the
scheduler
and
react
conditionally?
According
to
it
example,
we
have
pods
running
user
jobs.
These
jobs
can't
be
abruptly
interrupted
or
data
will
be
lost.
We
would
like
to
be
able
to
tell
kubernetes
from
the
pod
hey
this
pod
is
running
a
job,
don't
kill
it
or
don't
interrupt
it
or
if
this
pod
status
equals
claim
by
a
user
migrated
to
XYZ
node.
A
B
Yeah,
there
are
two
things
right,
so
one
this
data
is
being
lost,
I
am
like
I'm
countries,
because
the
data
should
not
be
residing
in
the
part
right,
so
it
should
be
somewhere
now
outside
I
think
somewhere,
and
how
would
the
part
it
shouldn't
be?
It
shouldn't
be
like
as
soon
as
what
was
it
should
come
up
again
but
yeah.
That's.
The
first
thing
is:
why
is
the
part
like
who
is
it
with
the
matrix
there's,
a
name
in
the
CPU
or
memory?
B
E
E
A
A
A
First
of
all
everything
older
than
0.25
point
one
is
affected
by
several
CDs,
but
there's
actually
a
like
that
issue
here
in
the
change
notes,
that's
like
hey
ensure
that
we're
not
killing
all
the
end
points
when
them
phones
are
reloaded.
So
it
looks
like
that
is
just
an
issue
of
upgrading
to
the
latest
version
of
engine
X.
A
B
A
I,
don't
know
worth
pinging
him
on
this
one
Maria.
If
you
stick
around
after
we
go
I,
have
a
I
have
act.
One
of
our
panelists
is
a
batch
expert.
They
just
don't
happen
to
come
to
this
session.
I'm
so
worst
case.
I
will
connect
you
with
Jeff
afterwards.
Is
there
any
other
information
or
anything
that
we
can
ask
from
her?
That
might
help
sort
this.
A
Okay,
we'll
just
let
that
thread
develop
and
worst
case
I'll
send
I'll,
send
someone
for
you,
okay,
moving
on!
Well,
that's!
Well!
That's
developing
here
Alex,
noting
ass
hi
everyone.
My
team
has
finally
has
a
kubernetes
cluster
up
and
running
yay
and
we're
starting
the
process
of
migrating
apps
to
run
a
kubernetes.
Kick
anyone
provide
tips
for
adding
secret
files
like
SSL
certs,
into
running
pods
and
containers.
G
C
B
Yeah
I
think
it
yeah.
It
depends
on
the.
Where
are
you
hosting
it
right?
So
even
it's
like
cloud
providers.
You
have
the
ones
which
you
can
directly
use
it
or
if
it
is
on
Prem
or
if
it
isn't,
it's
like
any
native
tools
like
cyber-ark,
any
other
tools
which
your
enterprise
provides
or
it
may
be
linked
by
default.
The
community
secrets,
it's
just
the
cumulus
secrets,
just
story,
so
it's
a
meatiest
configure
and
use
it.
So
that's
that's
what
I
think,
but
are
there
any
other
things
into
options?
No.
D
A
E
Practice,
I
guess
it's
the
best
practice.
You
could
also
like
how,
depending
on
how
much
you
trust
your
pipelines,
you
could
put
your
secrets
in
the
pipelines
and
deploy
them
by
a
terraform.
For
example,
I'm
not
saying
I'm
promoting
this
or
I
say
it's
a
good
idea,
but
it
works,
and
if
your
storage
and
your
pipelines
less
secure,
it's
something
you
can
do
some
things
that
I
have
done
before.
A
C
B
H
A
Kubernetes
integration,
with
all
four
secrets,
as
I
have
similar
native
integration
with
AWS
secrets
manager
or
kms
/
SS
M
parameters
store
what
non
vult
secret
RAC
ants
have
people
use.
That's
an
interesting
question
so
from
a
from
I,
want
to
keep
everything
kind
of
neutral,
running
your
own
vault
kind
of
makes
sense,
but
I'm
sure
there's
plenty
of
people
with
use
cases
that
just
want
to
use
with
their
cloud
provides.
So
do
we
have
a
tldr
and
on
how
people
are
doing
secrets
how's
it
working
as
your
Dave
just
curious.
G
Answer
also
has
a
key
vault
integration,
so
customers
I,
see
depending
if
they've
already
have
vault
deployed
they'll
typically
use
volt,
but
they
want
to
use
something
built
into
a
cloud
provider.
Ezra
has
you
know
same
type
of
integration,
they've
redesign
also
that
done
the
CSI
driver
for
secrets,
yeah.
D
A
And
Amit
would
like
to
point
out
kubernetes
external
secrets
allowed
to
use
external
secret
management
system
like
AWS,
eh
manager
or
about
securely
and
there's
a
link
there.
That
appears
to
come
from
GoDaddy.
That's
cool,
I
didn't
know.
That
was
the
thing
all
right.
Anything
else
secrets
tools
wise
before
we
move
on.
E
H
A
H
B
Yeah
so
yeah,
the
question
is
a
big
but
the
I.
It's
a
little
bit
bigger.
It
says
I'm
currently
setting
up
a
CRT
with
convolution
webhook,
while
setting
up
the
SSL
part
I
created
a
cert
for
my
web
service
using
the
Berlin
CSR
mechanism
which,
to
my
understanding,
is
using
the
KA.
The
cubanelle
is
CA
to
sign
the
csr,
then
on
the
C,
a
bundle
section
of
the
C
and
E
conversion.
Stanza
I
would
have
expected
that
by
not
specifying
it
and
letting
it
default
to
the
built
in
CA,
it
will
work.
B
However,
it
didn't
and
I
had
to
actually
get
the
API
servers.
Ca
using
cube,
CTL
get
conflict
map
in
order
to
pull
the
CA
and
specified
minor
in
my
CI
D
conversion
stanza.
So
he
was
just
curious
to
see.
Did
he
is
missing
anything
in
this
process?
Or
is
this
something
he
didn't
understand
correctly
or
this
is
the
mean
info
missing
the
question
he
says
he
can
provide
it,
but
yeah
as
I
understand.
Is
that,
like.
E
E
I
I
C
A
B
A
We're
counting
on
you,
because
the
rest
of
us
are
kind
of
like
blanking
out
here.
Ok!
Well,
let's
give
Joseph
time
there
to
do
it.
Let
me
move
on
to
our
next
multi-part
complicated
question,
but
I'll
try
to
break
this
one
name
down
into
into
sections
here
and
Dre.
C
asks
I'm
running
J,
kids
in
a
kubernetes
cluster,
all
the
worker
nodes
or
spot
instances
sweet,
meaning
to
say
that
all
the
bills,
jacott
slaves
are
running
on
them.
A
It
was
working
fine,
mostly
for
a
year,
but
all
of
a
sudden
deploys
are
starting
to
get
failure
due
to
no
route
to
host
issues
and
then
there's
an
error
which
I
will
I
will
find
in
the
original
post
so
that
you
can
read.
It
basically
cannot
connect
to
another
kubernetes
cluster
to
do
a
cuddle
set
image.
Jenkins
and
other
kubernetes
clusters
are
peered.
I've
restarted
and
check
QB,
be
honest
pods
and
keep
TMS
mask
container,
nothing
in
the
logs
that
can
explain
the
issue
restarting
at
CDR
we've.
A
Does
that
help
the
issue
resolves
by
terminating
the
instance
and
replacing
it
the
deploy
running
fine
front
runs
fine
when
there
are
new
instances.
Please
point
me
in
the
right
direction
like
what
could
be
the
issue
after
replacing
the
worker.
Oh
ok,
then,
at
the
very
on
and
it
looks
like
Bob
fixed
the
issue.
So
it's
just
good
I
should
have
started
with
that.
Let's
just
have
a
look
here:
real
quick.
A
C
So
here's
what
I
think
the
issue
is
the
way
Jenkins
works
in
the
way
it
works
in
cooter
in
Eddie's
is
there's
a
jar
and
to
job
a
jar
and
then
job
a
jar
is
a
remoting
agent.
It's
called
the
JNF
jnlp.
That
connection
is
the
remoting
that
allows
a
control
plane
to
talk
with
the
actual
workers,
where
those
spot
instances
are
being
created,
that's
being
severed
somehow
and
as
we
were
thinking
through
this
and
in
that
thread,
I
started
to
think.
C
If
you
are
listening,
andre
see,
I
gave
you
a
link
to
or
not
a
link.
I
gave
you
a
way
to
go
into
Jenkins
and
create
a
new
log
file,
and
that
log
file
will
pull
your
kubernetes
information
from
in
Jenkins.
What
that
may
show
you
is
once
you
do
that
and
you
set
it
to
all
I'm
the
maintainer
of
this
program,
so
I
actually
want
about
it
once
you
set
that
to
all
I,
have
a
feeling
you're
going
to
see
that
there's
a
sink
resource
issues.
C
What
a
sink
resource
issues
are
is
in
a
Jenkins
worker
when
that
gets
full.
It
leaves
a
thread,
a
javathread
open.
When
that
javathread
stays
open,
it
tries
to
sync
those
resources,
every
I
think
it's
every
three
minutes,
and
it
does
it
in
intervals
of
five
and
then
it
says
something's
wrong,
I'm,
gonna
sever
the
jar.
The
jar
is
the
JM
LP,
which
is
where
your
worker
is
I.
Think
if
you
look
at
those
logs
you're
going
to
see
that
it's
called
a
sink
resource,
disposer
you'll
see
that
that's
showing
airs.
C
If
that's
showing
errors,
you
then
got
to
dig
into
those.
Where
are
those
spot
instances
leave
one
up?
If
you
can
SSH
into
it
and
go
into
the
workspace,
there
will
be
a
file
we'll
be
a
hex
number
followed
by
underscore
WG
in
that
file
will
be
the
logs
that
it
could
not.
Research
dispose
I'm
almost
about
90%
sure.
That's
your
problem
that
could.
C
I
give
people
that
open
this
issue
quite
often
with
me,
as
well
as
in
another
plug-in
that
I
maintain
and
what
I'm
finding
is
the
async
resource
disposal
is
not
happening
that
interferes
with
that
remoting
capabilities
and
jenkins
to
that
worker
and
it
severs
the
connection
now.
What
happens
also
just
to
add
one
more
thing
is
when
that
connection
is
severed.
It
is
not
brought
back
up,
so
there's
no
ability
to
go
back
and
say:
oh
I
lost
my
connection.
Bring
that
thread
back
up.
C
A
A
To
hash,
through
these
next
few
questions
and
then
we'll
give
away
the
t-shirts
yeah
so
Neil
key
ask
questions.
I
got
an
old
one
about
a
loving
cluster
and
I'm
working
on
upgrading,
but
I'm
encountering
a
throttling
issue
right
now,
the
HP
a
set
to
CPU
usage
and
currently
using
nginx
ink
ingress
test,
one
gradually
increased
traffic
in
HP.
A
note.
A
Scalar
works
as
intended
test
to
hit
the
service
with
a
thousand
calls
per
second,
and
we
just
get
a
bunch
of
drop,
calls
and
scaling
business
scale
out
to
handle
the
traffic
I'm
hoping
upgrading
to
one,
not
seventeen
and
introducing
a
custom
metric
for
calls
and
ingress
instead
of
CPU
usage,
will
fix
this.
Have
you
encountered
anything
like
this
before.
A
C
Have
an
opinion,
but
I
can't
say
I
would
say
to
look.
If
you
do
some
searching
and
I
don't
have
it
readily
available
at
my
fingertips?
If
you
look
at
some
searching
for
a
one
dot,
I
believe
it's
version
110
and
1.11
for
the
plague,
PL
EG
issue,
you
may
start
to
see
some
of
your
problems.
I
will
say
that
I
know
of
an
instance
where
1.10
and
1.11
we're
having
what
you're
describing
and
upgrading
it
to
11.8
completely
fix
the
problem,
never
happened
again.
C
D
A
D
A
A
C
A
Any
best
practice,
so
people
do
ask
the
questions
about
Java
and
the
killer
here
actually
is:
are
there
any
best
practices
you
could
share
other
than
you
know?
Do
it
the
way,
try
to
do
a
good
job
to
set
your
limits.
C
You
know,
depending
on
how
your
application
is
the
way
you're
setting
your
for
a
java
application,
especially
the
way
you
set
your
heat
for
that
application
is
like
I,
can't
stress
doing
that
correctly,
because
you
can
the
way
GC
works
and
it'll.
It's
not
a
fun
experience.
I
have
some
links
to
a
blog
post
that
I
wrote
a
while
ago
about
kubernetes
and
Java
best
practices
that
I
will
link
once
I
can
find
it.
A
Ok,
awesome,
and
with
that
we
are
out
of
time
we're
gonna
do
t-shirt
raffle,
it's
our
favorite
part.
The
way
this
works
is
I'll,
announce
the
two
winners
and
then
I'll
PM
you
after
I
did
your
code.
You
go
to
store
dot,
CNC
FIO
and
get
a
shirt.
You
get
a
free
shirt
or,
if
you're
listening
out
there,
you
just
want
some
cool
cloud
native
shirts.
A
They
have
cool
stuff
for,
like
all
your
favorite
projects,
so
with
that
our
winners
according
to
the
Internet's
12-sided
die
bill,
would
you've
won
a
kubernetes
t-shirt
and
Maria
a
you've
won
a
covered
Tribune
Eddy's
t-shirt,
so
I
will
follow
up
with
you
and
with
that,
so
those
of
you
that
are
listening
in
the
first
time.
We
do
this,
a
third
Wednesday
of
every
month.
We
are
looking
at
ways
to
expanding.
This
may
be
doing
a
networking
edition,
a
storage
one
things
like
that.
So
if
you
have
any
feedback
on
that,
that
always
helps
us.
A
C
A
Say:
Tyrannosaurus
Rex,
I,
sorta,
okay,
alright,
fine
everyone
likes
Tyrannosaurus,
Rex,
alright,
and
with
that
everybody
I
will
be
publishing
the
show
notes
here
in
about
ten
or
fifteen
minutes
after
I
gather
all
the
URLs.
Thanks
for
joining
us
stick
around
in
the
channel
and
feel
free
to
hang
out
there.
The
whole
month
queue
up
your
questions
for
next
month's
edition.
We
like
to
keep
the
conversation
going
shut
up
very
thanks.
Those
of
you
in
chat
helping
out
other
users
and
things
like
that.
A
Something
as
always,
if
you
see
me,
a
Q
Khan
in
Amsterdam
I
always
have
swag
on
me.
So
if
you
listen,
this
show
just
come
grab
me.
I'll,
probably
give
you
stuff
and
with
that,
thank
you
very
much
panelist
for
volunteering
over
half,
actually
each
one
of
you.
This
is
your
very
first
time.
All
of
you.
We
literally
have
no
backup
that
was
literally
the
one
thing
I
was
like
make
sure
we
go
in
with
like
having
backups
and
we
did
it.
We
just
did
it
on
their
own.