►
From YouTube: Kubernetes Office Hours 20210721 (EU Edition)
Description
Office Hours is a live stream where we answer live questions about Kubernetes from users on the YouTube channel. Office hours are a regularly scheduled meeting where people can bring topics to discuss with the greater community. They are great for answering questions, getting feedback on how you’re using Kubernetes, or to just passively learn by following along.
For more info: https://k8s.dev/events/office-hours
A
Welcome
everybody
to
today's
kubernetes
office
hours,
where
we
answer
your
user
questions
live
on
the
air
with
our
esteemed
panel
of
experts,
you
can
find
us
on
the
pound
office
hours
on
slack
on
kubernetes
slack
and
check
the
topic
for
the
url
for
the
information.
Now
before
we
begin.
Let's
start
by
introducing
ourselves
in
this
elaborate
set,
we
built
for
this
week,
who's
going
first.
B
C
D
Hello,
my
name
is
borko
a
while
ago.
I
got
help
here,
learning
kubernetes,
so
I'm
trying
to
give
back
and
pass
tomorrow.
F
A
Gotcha
everyone-
and
my
name-
is
dan
pop
andre,
I'm
the
director
of
open
source
ecosystem
and
community.
I
work
on
a
cncf
project
called
falco.
So
before
we
start
here
are
the
ground
rules.
This
is
this
is
a
kubernetes
event,
so
the
code
of
the
cncf
code
of
conduct
is
in
effect,
so
please
be
excellent
to
one
another.
This
is
a
judgment-free
zone,
so
everyone
had
to
start
from
somewhere.
So
please
help
out
your
buddy
like
like
darko
dorco
somebody
helped
out
darko,
not
darko's.
On
the
panel,
you
see
how
this
works.
A
Everybody
had
to
start
from
somewhere
help
help
somebody
and
let's
be
supportive
of
one
another
in
the
channel
and
in
life.
While
we
do
our
best
to
answer
your
questions,
the
panel
doesn't
have
access
to
your
cluster
right,
we're
not
going
to
live
debug
your
your
your
cluster.
We
will
do
our
best
to
get
you
moving
and
down
the
to
the
next
step
so
and
also
kind
of
a
one,
some
house
clean
house
cleaning
for
you
all
is
normally
we
we
provide
shirts
from
the
cncf
where
the
cncf's
replenishing
its
inventory.
A
So
we
will
give
you
a
shout
out
in
our
under
angle
ocean
for
for
going
here.
So
panelists
are
encour
courage
to
expand
on
answers
with
your
experience
and
pro
tips
audience
you
can
help
by
pasting
in
urls
to
official,
docs
blogs
or
anything
that
might
be
relevant
to
the
topic
at
hand.
So
please
post
your
questions,
etc.
On
discuss.kubernetes.io,
you
can
also
help
us
out
by
tweeting
spreading
the
word
and
paying
it
forward.
So
again,
this
panel
is
made
entirely
of
volunteers.
A
A
Of
course,
he's
a
diva
and
didn't
show
up
today,
but
anyway,
now
all
jokes
aside:
puya,
if
you
all
know
puya
from
from
giant
swarm,
just
an
awesome,
wonderful
human
being,
and
so
he
couldn't
make
it
today.
But
we
wanted
to
thank
you
for
all
your
contributions
to
the
kubernetes
community.
A
With
that
said,
let's
get
started
panel
you
pumped
yogi.
I
see
you
over
there.
I
see
you're
pumped
right
now,
all
right
good,
absolutely
we
removed
archie's
banner
life
is
good
all
right.
So
let's
get
started.
Here's
our
first
question
david.
Do
you
want
to
take
the
first
question
you
want
me
to
get
it.
A
C
C
C
All
right
I've
tried
it,
so
it
works.
Actually,
I
don't
think
the
kubernetes
particularly
mines,
what
the
cri
is
on
each
of
your
nodes.
The
kubelet
just
spawns
the
containers,
and
so
I
have
experimented
with
a
mix
of
docker
and
continuity,
and
things
seemed
to
work.
I
did
not
run
it
for
long,
so
I
can't
tell
you
if
it
is
a
good
thing
to
do,
or
a
bad
thing
to
do.
Typically,
I
would
probably
say
is
bad
because
of
a
few
operational
concerns.
C
I've
found
to
maintain
and
understand
deeply
to
container
run
times,
but
in
theory
there's
nothing
stopping
you
doing
that
and
you
may
be
in
a
position.
I
guess
where
you've
got
docker
and
you
want
to
move
to
container
d
and
spinning
up
new
node
pools
would
be
a
good
way
to
do
that
as
a
bridge
and
then
migrate.
Everything
over.
D
A
Okay,
I
want
to
ask
the
obvious
question
that
I
ask
every
time
I
get
we
get
one
of
these
like
hey.
I
wanted
to
like
why
the
question
is:
why
would
you
have
container
runtime
like
of
different
sort?
Why
would
you
want
to
kind
of
have
a
different
support
model
for
like
there's
benefits,
obviously,
to
like
you
know,
cryo
or
or
container
day.
Excuse
me
like
in
terms
of
efficiencies
like
I've,
seen
direct
efficiencies
from
different
container
run
times?
A
Is
it
because
you
know
you're
it's
what
you're
working
through
like
a
migration
of
some
sort
and
you're
kind
of
like
are
stuck
with?
You
know
either
maybe
a
previous
quite
like
docker,
and
you
want
to
move
to
container
d,
and
you
know
I
I
don't
know
I
kind
of
want
to
ask
that
follow-up
question.
Yeah
of
why.
C
I
think
migration
will
be
the
main
one
for
a
majority
of
people,
especially
going
from
something
to
container
d,
and
I
think
another
one
could
be
just
high
performance
computing.
You
may
find
that
people
want
a
certain
node
pool
with
a
certain
cri
that
maybe
responds
better
or
works
better
in
that
kind
of
environment.
F
Yeah
a
couple
of
you
other
use
cases
like
we
have
support
for
the
vms
right.
You
can
use
keyboard.
I
think
project
which
allows
you
to
spin
up
vms
on
the
kubernetes
cluster.
So
potentially
you
would
like
to
mix
vms
and
containers.
That
would
be
a
one
use
case
and,
like
google,
has
a
project
g
visor,
for
example.
Maybe
you'll
want
to
have
some
containers
that
are
running
as
guys
or
containers
like
more
secure
and,
like
maybe
the
rest
will
be
running
container
d
by
default,
for
example.
D
A
Rg
archie,
without
that
banner,
your
your
your
game
is,
is
stellar
this
week
already
dude
nice
work
all
right.
Anything
else
on
this
before
we
move
on
to
the
next
question
panel.
A
C
Typically,
I
think
most
of
visuals
are
back
as
a
way
to
assign
capabilities
permissions
to
users,
groups
etc,
but
it
sounds
like
they're
trying
to
do
an
invert
here
and
actually
explicitly
deny
access
for
a
role
or
cluster
rule.
A
Yeah,
well
I
mean
the
verb
would
be
the
deny
and
you
just
define
the
name
space
as
one
of
the
resource
names
right
like
so
this
is
just
a.
I
don't
think
this
is,
I
think,
maybe
we
might
be
over
engineering
it
if
it's
just
where
it's
at
this
is
seemed
like
a
common.
You
know
deny
for
that
specific
namespace.
C
D
G
Denied
yeah,
that's
right,
the
kubernetes
are
back,
doesn't
have
a
default
like
a
explicit
deny,
like
you
see
in
cloud
iam,
so
by
default,
everything
is
denied
unless
you
add
a
role
that
or
cluster
role
that
allows
it.
C
Okay,
so
it
sounds
like
if
they
want
to
be
able
to
deny
access
to
certain
parts
in
a
specific
namespace.
They
probably
just
want
to
avoid
cluster
rules
altogether
focus
on
names
based
roles
and
then
within
the
namespace
is
their
ability
to
block
access
on
certain
resources.
Could
they
do
that
with
a
admission
controller?
Perhaps.
G
I
think
you
can
add
a
resource
name
field
in
the
our
back
thing,
but
I
don't
know
how
well
it
really
affects,
like
with
secrets
you
can
actually
see
you
can
get
a
specific
secret,
like
the
role
is
only
allowed
to
access
a
specific
secret
or
a
specific,
but
putting
in
a
board
name
seems
kind
of
counter
intuitive,
because
the
name
is
like
dynamic
right
if
it's
created
by
deployment,
so
probably
a
deployment
name
and
really
tried
it.
But
it
seems
like
an
interesting
use
case.
E
Yeah
could
be,
I
mean
I
wasn't
aware
about
this.
One
actually
payback
attribute
based
access
control.
E
This
is
like
going
further
from
role
based
access
control,
so
it's
going
by
per
attribute
basis
so
that
that
could
be
an
interesting
thing
to
look
at,
maybe,
and
just
maybe
they
what
they
are
actually
trying
to
do
is
it
may
not
be
part,
but
maybe
because
of
some
custom
resources,
so
very
specifically
on
any
sort
of
new
custom
resources
they
might
be
trying
to
set
up
like
a
deny
by
default.
So
I
mean
typically
in
case
of
our
back,
it's
deny
by
default
right
unless
you've
authorized.
A
H
Absolutely
hey:
everybody!
Apologies
for
being
late.
I've
got
my
kubecon
san
diego
shirt
on,
so
I
came
somewhat
prepared
just
way
late.
I
am
mario
lori.
I
currently
work
for
cartax
a
financial
services
company.
I
am
everything
everything
sre
everything
cloud
infrastructure.
H
I
love
networking
and
auto
scaling
and
some
of
the
more
intricate
topics
around
resiliency
availability
and
security.
I
just
became
triple
certified.
Just
got
my
cks
knocked
out
about
like
10
15
days
ago,
so
very
happy
about
that.
I've
also
had
the
pleasure
to
party
with
at
least
one
of
the
people
in
this.
This
current
call
this
past
weekend
in
my
hometown.
So
had
a
great
time
happy
to
be
here.
You've
probably
seen
me
before.
I've
done
a
bad
job.
A
Thank
you,
yeah,
all
right,
so
question
for
I'm
gonna
alternate
from
questions
to
hack
md
to
the
ones
in
the
channel.
Next
question
here
is
hi
team:
how
to
kubernetes
hard
way,
kelsey
hightower
installation
on
vmware
workstation
16..
Let
me
take
a
first
stab
at
this.
I
mean
you're
looking
at
nodes,
there
there's
a
specific
amount
of
nodes
that
are
being
asked
like
you
know
the
underlying
control
play
nodes
and
then
the
the
nodes
themselves
for
application
perspective.
I
think
I
think
it
asks
for
like
six.
A
I
believe,
if
I
remember
correctly-
and
so
my
question
is
again-
I
asked
the
why
questions
a
lot,
but
I
apologize
that's
kind
of
my
mo.
I
understand
you,
you
know
you
could
probably
do
it
at
a
lesser
scale.
A
Maybe
the
two
could
you
know
one
control
plane
and
one
application
if
you
want
to
kind
of
understand
how
to
understand
the
underlying
bits
and
understand
system
md
and
just
to
understand
how
to
do
the
certificates
and
aspects
of
this,
but
I
think
the
question
is
somebody
probably
wants
to
set
up
a
lab
doing
the
hard
way
on
their
local
laptop?
Does
anybody
have
any
suggestions
here.
E
I
did
it
once
and
then
I
sort
of
went
on
to
do
it
via
vagrant
on
not
workstation,
but
fusion
but
same
thing
I
mean
I
had
a
mac,
so
I
did
it
on
fusion
and
I
use
vagrant
for
it
and
it's
it's
fairly
simple.
I
think
I
I
do
have
a
github
repo
where
the
vagrant
files
are
kept,
so
people
can
actually
refer.
It's
essentially
going
through
the
same
thing
going
through
all
the
commands,
but
yeah
I
mean
set
it
up
once
and
then
you've
learned
it
and
then
yeah.
E
A
Yeah
yeah,
but
I
think
this
person
probably
wants
to
understand
the
bits
aspect
of
it,
so
I
would
say
I
wouldn't
do
it
at
the
scale.
The
hard
way
does
it
like
having
like,
I
think
it
asks
for
you
know,
x,
amount
of
nodes
and
all
that
fun
stuff.
I
think
you
could
do
it
on
a
one-to-one
basis
right
just
to
understand
how
these
things
are
interacting.
A
Okay
question:
I
have
created
few
pods
in
different
name
spaces
when
I
run
a
curl
command
from
web
client
and
namespace.
My
app
aren't
returning
any
results
but
web
client
in
app
team
one
is
working.
Fine.
The
default
pod
should
be
able
to
access
the
same
cluster,
but
why
is
this
not
working
as
expected.
C
So
I
put
this
question
on,
even
though
I
think
it's
going
to
be
tricky
for
us
to
answer,
but
the
kind
of
tldr
here
is.
They
have
pods
in
different
name
species
and
they're,
trying
to
curl
the
pod
ip
across
the
name
space
and
it
is
being
denied.
E
Yeah
so
typically
like
a
network
policy
in
a
network
policy,
you
would
set
up
a
rule
for
egress
or
indress.
So
you
know
you
need
to
check
both
sides.
So,
on
the
side
where
you
are
actually
executing
curl
from
you
need
to
make
sure
that
there
is
egress
allowing
you
to
go
out
the
way
you
sort
of
define
the
egress
and
ingress
rule
is
using
pod
selection
labels.
You
could
confine
it
to
certain
specific
labels
or
you
can
keep
keep
it
fairly
open
and
you
do
it
on
both
sides.
E
You
you
do
it
on
your
source
as
well
as
the
destination
or
the
target
name
space
so
yeah.
That
is
the
first
thing
I
would.
I
would
check
if
there's
a
network
policy
defined
on
either
sides.
A
Yogi
our
anchor
just
just
totally
bring
it
bringing
this
legitimacy
to
this
panel
today.
F
Awesome,
I
I
just
want
to
add,
like
I
think,
potentially
for
the
future
use
case.
F
If
you
want
to
get
like
better
visibility
of
your
network
policies
and
what
talking
to
what
you
know
if
you
switch
to
something
like
psyllium
with
edtf,
there
is
a
project
hubble
where
you
can
actually
see
how
you
know
pods
talking
to
each
other,
and
they
also
have
another
a
nice
tool
which
is
called
celium
editor,
where
you
can
actually
configure
your
network
policies,
and
you
can
see
you
know
you
can
test
them
before
applying
them.
For
example,
and
stuff
like
that,
so
I'll
share
those
two
projects
in
the
slack
channel.
A
Shameless
plug
systig
also
allows
for
network
policies
to
be
edited
there.
I
just
want
to
throw
that
out
there
and
I'll
also
put
that
in
the
link
as
well.
A
Alrighty
we
are,
we
are
nailing
it
this
week,
you
all
I'm
going
back
to
the
channel
for
questions
here.
There
is
a
question
from
steve
yaki
good
to
see
you
steve,
always
a
pleasure
when
running
a
cluster,
with
both
internal
and
external
workloads,
public
apis,
private
apis.
What
are
best
practices
around
keeping
things
secure
around
those
boundaries,
especially
around
securing
ingress.
H
So
network
policies,
I
think,
like
network
policies,
is
one
of
the
first
things
I
think
about
here.
It
depends
on
the
boundaries
it
depends
on
where
traffic
is
traversing
right.
If
you're
traversing
vpcs
you're
going
to
be
more
concerned
with
security
groups,
if
you're
traversing
something
else
like
you're
going
to
be
concerned
with
whatever
security
layers
and
implementation
of
acls,
are
there
dialing
in
your
cni?
H
If
you're
using
a
service
mesh,
that's
another
kind
of
maybe
layer
to
consider,
I
think
you
really
have
to
look
at
the
end
to
end
flow
of
traffic
right
so
and
what
what
applications
are
using?
What
resources?
So
what
are
apis
are
being
accessed?
H
How
are
they
being
accessed
and
trying
to
think
in
a
zero
trust
model,
like
least
privilege
model
with
everything
you
do
so
there's
a
lot
of
different
solutions
out
there
that
help
you
get
visibility
into
that
hubble
is
a
great
example
of
that,
and
I
know
systig
has
some
great
things
too,
like
we
were
saying
so
I
I
think
you
just
have
to
consider
everything
when
it
relates
to
where,
where
your
traffic
is
going,
where
your
data
is
flowing
and
the
systems
intermediate
to
that
right,
that
it
might
be
hopping
through
how
it's
being
accessed
even
things
like
having
public
dns
zones
right
where
you
might
want
to
actually
private
dns
zones
right.
H
H
It
just
had
a
a
deny
list
in
it,
so
it
blocked
non-vpn
addresses
right
well,
technically,
that's
still
available
to
the
world,
so
there's
fun
things
called
zero
days
and
if
there's
something
that
happens
with
nginx
and
there's
a
zero
day
that
comes
out-
and
there
is
a
let's
say,
a
buffer
overflow
that
can
be
caused
right
that
can
still
be
executed.
You
know
more
or
less,
depending
on
what
you're
allowing
right.
So
I
think
the
ways
that
people
try
to
solve
this
are
a
little
bit
out
of
bounds.
H
You
know
an
allow
list.
Denialist
seems
like
the
the
go-to,
but
I
think
you
have
to
think
a
little
bit
deeper
about,
what's
actually
happening
in
your
systems
and
really
the
the
risk
for
your
company.
So
I
work
in
financial
services,
so
we
think
about
it.
A
lot
differently.
We
have
sec
and
finra
and
regulations
like
that.
You
really
have
to
look
at
like
what
do
we
care
about?
What
is
what
is
the
the
key
thing?
What
about
our
data?
H
C
C
C
G
Sure
I
assume
I
understood
the
question
right,
so
it's
mostly
basic
about
having
like
topping
based
egress
filters,
rather
than
using
ip
addresses
yeah.
I
assume
my
understanding
is
right.
If
the
understanding
is
right,
cbm
seems
to
have
support
for
domain
based.
Egress
filtering,
like
you
can
even
like
to
start
or
like
file
cards
at
all,
and
I've
put
a
link
in
the
chat
about
the
page
that
describes
the
document.
It
has
a
documentation.
D
A
Great
stuff
and
you
all
they
do-
I
just
want
to
throw
a
plug
out
for
them
and
on
fridays
I
think
every
other
fighter
or
something
they
do,
a
really
good
talk
on
evpf
and
and
some
overall
discussions
on
psyllium.
I
think
it's
very
a
really
good
stream.
If
you
haven't
checked
it,
that's
called.
G
Echo
I.
B
F
Yeah,
like
I
think
that
the
approach
we've
discussed
was
the
using
the
celium
right.
The
fpdn
policies
is
that
what
I
think
was
recommended
the
like
this
is
good
when
you
have,
for
example,
ceiling
networking,
but
there
like
google,
actually
recently
also
open
sourced
the
project
which
is
using
cert
manager
and
basically
creating
fqdm
network
policy
very
similar
to
what
cilium
is
doing
so
like.
I
can
share
the
link
as
well.
F
It's
open
source
project
and
you
can
try
it
as
an
alternative
to
ceiling,
but
I'll
have
also
stealing
approach,
which
is,
you
know,
pretty
pretty
solid
and
a
lot
of
people
using
it
for
filtering.
A
I
want
to
throw
this
out
there
too.
I
mean
there's
other
cni
projects
that
have
some
levels
of
like
ingress
or
whatever
you
think
of,
like
you
know,
I
think,
calico.
I
think,
as
well
have
some
solutions
that
that
also
do
this.
So
you
know
from
a
being
agnostic
perspective,
but
like
again
in
terms
of
experience,
I've
just
seen
this
you
know
psyllium,
like
especially
like
you
know,
just
taking
off
in
terms
of
what
what
is
required,
especially
from
an
egress
ingress
and
flow,
and
all
that.
F
I
think
calico
might
be
adding
edpf
as
well
right,
so
maybe
that's
why
it
popped
up,
but
before
calico
never
had
this
support.
So
it's
like
pretty.
It
was
pretty
unique
for
cilium
for
a
long
time
right
and
like
if,
if
calico
is
adding
new
etf
support,
then
I
think
they
can
also
use
of
qdm
based
network
policies.
Yeah.
B
E
Up
here
in
one
of
the
products
we
actually
have
integration
with
nsxt,
which
is
a
cni
and
that
actually
implements
sort
of
egress
shaping.
So
specifically,
it
can
do
things
like
snap,
so
you
could
actually
look
for
solutions
which
can
actually
provide
you
with
some
sort
of
estimate,
cap
capabilities.
E
So
if
it
is
say
something
like
a
layer,
7
communication
that
you're
looking
at
then
obviously
using
a
sort
of
web
proxy
might
be
one
of
the
one
of
the
ways
rights.
But
if
you're
trying
to
replace
that
with
more
of
a
layer,
4
thing,
then
you
would
obviously
have
to
look
for
a
solution
that
provides
you
with
some
way
of
doing
asthmatic.
E
So
with
nsxt.
There
used
to
be
one
in,
like
vmware,
actually
has
a
cni
now
called
antria,
which
also
has
eager
policies
that
you
can
actually
explore.
A
All
righty,
we
have
attacked
the
network
policy
in
the
network.
Today
we
this
panel
is
on
fire.
Today,
all
right,
we
have
a
question
from
babu
sudar
baba
sasidar,
I'm
sorry.
If
I
I
mispronounced
your
name,
can
I
install
or
configure
service
mesh
locally
to
kubernetes
kernels,
or
should
I
need
a
cloud
environment?
A
I
think
again
you
can
do
this
on.
I
think
there's
examples
as
well
on
a
lot
of
them
like
if
you
think
about
like
I'll
mention
like
solo
I
o
or
like
link
or
d
or
others
right.
You
can
run
those
you
know
locally
on,
like
mini
cube
or
k3s,
and
all
those
a
lot
of
them
even
in
their
quick,
starts
talk
about
that.
So,
please,
you
know,
take
a
look
at
the
various
quick
starts
that
are
out
there.
It's
just
running
a
yaml
right
and
we
all
know
that
you
know
you
know.
A
F
Archie
yeah,
I
mean
you
can
install
obviously
anywhere
like
in
case
of
eastern
I'm
sure
linkery
has
the
same
like
you
can
install
inquiry
anywhere
like
there's,
no
really
need
to
have
cloud
provider
in
in
the
in
the
mix.
However,
you
know
obviously
cloud
providers,
probably
if
you're
running
on
specific
cloud
providers,
it's
better
to
look
the
documentation
for
that
specific
cloud
provider,
because
there
might
be
some
features
that
they're
using
like
maybe
monitoring
or
tracing
like
like,
which
is
like
specific
to
that
club
provider.
F
So
it
could
be
an
interesting
approach.
For
example,
if
you
use
it
on
google
cloud,
because
I
can
stick
up
for
google,
we
have
right
now
managed
control
plane
of
easter,
so
that
you'll
definitely
need
to
follow
the
instructions
from
gcp.
If
you
want
to
have
manage
control
plane
but
like
if
you
just
want
to
install
easter
for
your
personal
interest,
and
I
need
to
try
like,
I
would
recommend
in
case
of
istio
to
use,
you
know
just
to
go
to
the
the
documentation
and
follow
the
instructions.
A
Straightforward
in
babu,
I
I
think
it's
it
seems
like
by
your
questions.
I
love
the
fact
that
you're
you're
getting
in
there
right
all
of
us
in
this
panel
had
the
same.
Like
you
know
when
we
started
it
was
like.
Oh,
we
had
the
questions
about
like
how
to
do
like
you
know
getting
started
with
like
hard
way
or,
or
you
know,
spinning
up
a
cluster
and
you're
you're
asking
these
questions
as
you're
trying
to
experiment
do
those
experiments,
because
that's
how
we
all
got
better
at
this.
A
A
Anchor
dude:
that's
why
you're
the
anchor
all
right.
So
let
me
see
here
so
let's
talk
about
the
the
1.22
release
with
some
of
the
deprecated
api.
I
guess
those
types
of
things
david,
I
mean
you
want
to
kind
of
lead.
This
discussion
here.
C
Sure
so
we're
approaching
the
122
release,
which
I
think
is
due
in
the
the
first
week
of
august
and
as
with
every
I
guess,
every
third
release
there's
the
removal
of
deprecated
apis.
C
So
I
don't
think
the
deprecations
should
be
a
surprise
to
anyone,
but
there
are
a
substantial
number
of
api
versions
disappearing
from
the
api
server
in
this
next
release.
Let's
see
I
pulled
a
list
up.
This
is
not
coming
from
the
top
of
my
head,
but
we
are
losing
access
to
validating
web
configurations
and
mutating
web
configurations
and
the
v1
and
beta1
namespace,
as
well
as
custom
resource
definitions,
api
service,
token
reviews,
subject,
access
reviews,
local
subject,
access
reviews,
self-subject,
iteration
views
certificate,
sign-in,
requests,
leases
and
ingress.
C
D
A
So
there's
a
deprecated
api
migration
guide
that
I
just
put
in
channel
I.
That
was
something
I
think
that
you
know
I
think
cat
cosgrove
put
that
up
as
well.
It's
something
that's
just
to
make
sure
that
everybody
knows
about
it's
really
cool
again.
You
know
I
shout
out
yet
again
to
the
kubernetes
docs
team,
fantastic.
I
mean
this
we're
in
lockstep
in
terms
of
these,
but
people
need
to
know
about
this.
A
To
be
able
to,
you
know,
migrate
things
over
and
just
be
be
aware
of
these
things
right
and
plan
accordingly,.
C
Yeah
and
there's
a
as
mentioned
in
the
gate,
but
there's
a
cube,
control,
plug-in
clip
control,
conveyor,
which
is
an
official
plug-in,
that's
being
maintained
to
help
migrate.
All
of
your
older
yaml
manifests
into
the
newer
format
and
then
the
migration
guide
there's
also
a
bunch
of
flags
that
you
can
pass
to
your
api
server
to
explicitly
disable
those
namespace
versions
as
well
to
make
sure
things
don't
break
and
mad
props
to
kyverno
and
opa
as
well,
who
have
policies
to
monitor
all
of
this
stuff.
C
So
you
should
have
enough
visibility
into
your
cluster
and
just
make
sure
you
check
those
resources.
E
Don't
be
a
developer
and
ignore
all
the
warnings,
that's
funny
yeah,
because
I
I
I
was
like
I
was
ignoring
those
warnings
and
then
suddenly
I
one
day
I
started
one
of
the
beta
releases
and
boom
like
nothing,
is
working
oops,
so
yeah,
especially
for
the
ingress,
because
respect
is
changing
a
bit.
It's
not
just
like
changing
the
the
kind,
because
the
spec
is
changing
a
bit.
I
think
that
that
would
impact
a
lot
of
people.
A
So
heed
those
warnings,
you
all
don't
you
know
I'm
out
on
that
all
right.
Do
we
have
any
more
questions
or
can
we
wrap
it
up
for
today.
A
C
D
Yeah
I
just
saw
this
last
night.
Apparently
there
was
a
cve
that
could
leak
some.
I
guess
your
home
repository
username
passwords
to
different
domains
and
different
repositories.
I
guess
it
was
patched
last
week.
I
don't
know
if
it
was
discovered
last
week,
but
it
was.
It's
been
already
patched
in
the
latest
version.
D
A
All
righty,
so
I
think
we're
going
to
go
ahead
and
wrap
it
up
and
say.
Thank
you
to
the
following
companies
for
supporting
the
community
with
developer
volunteers.
Our
steam
panel
is
made
up
of
sky
scanner,
equinix
metal,
google,
vmware,
systig
and
carta.
Did
I
miss
any
companies
y'all
we
got
everything
here.
I
need.
I
need
archie's
background
for
me
to
know
exactly
what's
going
on
where
he
looks
and
stuff
like
this
all
right.
A
Lastly,
everyone
feel
free
to
hang
out
in
office
hours
afterwards,
we'll
be
in
there
for
a
little
bit
answering
questions
and
if
the
other
channels
are
busy
for
you
and
looking
for
a
friendly
home
you're
more
than
welcome
to
pull
up
chair
and
hang
out
in
office,
I
would
really
appreciate
it
again.
We
do
this
for
the
community
and
we
appreciate
all
that
appreciate
all
the
questions
and
again
I
love
the
fact
that
some
of
the
folks
are
getting
started,
they're
trying
to
get
understand
what's
going
on.
A
We
all
were
you,
know,
beginners
and
so
really
that's
what
we
do
this
for
is
to
make
sure
we
have
other
folks
that
will
be
contributing
back
to
the
community
as
well,
so
we'll
be
back
at
the
same
time.
Next
month
again,
the
truce
will
be
in
effect
for
me
and
my
enemy
raw
code,
oh
by
the
way
raw
code
this
week
on
friday,
cloud
native
tv
is
going
to
have
opa.
So
that's
in
this
show
it's
called
the
lgtm
great
show.
A
If
you
haven't
checked
it
out,
clayton
cloud
name,
tv
follow
we'll
be
back
at
the
same
time
next
month.
Until
then
have
a
great
month.
Love!
You
all
see
you
all
soon
bye
everybody
talk
soon.