►
From YouTube: Kubernetes Office Hours 20190417
Description
Office Hours is a live stream where we answer live questions about Kubernetes from users on the YouTube channel. Office hours are a regularly scheduled meeting where people can bring topics to discuss with the greater community. They are great for answering questions, getting feedback on how you’re using Kubernetes, or to just passively learn by following along.
For more info: https://github.com/kubernetes/community/blob/master/events/office-hours.md
A
Yeah
all
right,
everybody,
it's
a
third
Wednesday
of
every
month.
That
means
it's
time
for
kubernetes
office
hours,
where
we
answer
your
user
questions
live
on
the
air.
With
our
esteemed
panel
experts,
you
can
find
us
on
hash
office
hours
on
slack,
follow
the
text
below
and
feel
free
to
start
asking
your
questions
before
we
start.
Let's
start
with
some
introductions
panel,
introduce
yourselves.
B
D
E
Your
speed
I
work
for
pusher,
we're
based
in
London
and
chu'lak.
My
primary
stuff
at
the
moment
is
building
controllers
so
I'm,
quite
often
in
the
key
builder
channel
talking
to
people
about
how
to
build
controllers
and
that
kind
of
stuff,
so
CID
questions
and
that
kind
of
stuff
I
might
be
able
to
answer.
F
Hey
folks,
Ilya
from
the
also
based
out
of
London
and
worked
on
various
areas
of
kubernetes
for
a
while,
starting
with
Kier
admin
back
in
the
days.
Networking
stuff
is
also
one
of
the
areas
where
I
know
quite
a
few
things,
and
the
other
thing
of
late
is
ETA.
Escarole,
that's
been
my
main
project
lately,
so
any
questions
about
ink
ears,
I
tell
also
anything
to
do
with.
Did
offsetting
deployments
alteration
of
deployments.
I
see,
ICD
type,
stuff,
awesome.
A
And
I'm
Jorge,
Castro
and
I
will
be
your
host
today.
So
first,
let's
go
over
some
ground
rules
before
we
get
started
first
things.
First,
this
is
a
judgment-free
zone,
so
there
are
no
stupid
questions,
so
just
in
the
channel
feel
free
to
ask
I
know
a
lot
of
us
have
to
start
somewhere.
So
let's
try
to
have
like
a
positive
environment
about
this
and,
as
always,
remember
that
the
code
of
conduct
is
in
effect.
Well,
we
will
do
our
best
to
answer
your
questions.
A
The
panel
does
not
have
access
to
your
cluster
so
like
live
debugging
and
all
that
kind
of
stuff
is
kind
of
off
topic,
but
what
we
can
do
is,
if
you
can
give
us
the
most
amount
of
data
that
you
can,
we
will
do
our
best
to
at
least
get
you
going
in
the
right
direction
or
unblock
something.
Panelist
you're
encouraged
to
expand
on
your
answers
with
your
experiences
and
pro
tips
an
audience
you
can
help
us
out
by
piecing
URLs
to
the
official
Doc's
blogs,
links
to
github
issues,
projects
and
whatnot.
A
What
we
do
is
put
all
the
URLs
in
the
sidebar
here
on
the
live
stream,
so
we
can
reference
them
and
at
the
end
of
the
show,
I'll
grab
all
the
URLs
and
kind
of
whacking
into
the
summary.
So
we
have
them
available,
so
audience
do
feel
free
to
add
as
much
information
as
you
can.
We
always
appreciate
it
and,
if
you're
listening
now,
how
do
we
sound,
please
feel
free
to
say
hello
and
introduce
yourself.
A
We
love
to
see
you're
from
salafi
is
coming
in
from
Cameroon
I,
think
that's
cool,
so
feel
free
to
post
and
hang
out
in
the
chat,
even
after
the
session
we
kind
of
just
like
to
have
our
own
little
space,
where
we
can
hang
out
with
people
I.
We
do
have
a
discus
thread
for
this.
That
Bob
is
going
to
post
into
slack
where
we
are
collecting
questions
as
well.
A
So
if
you
see
a
question
on
Stack
Overflow
or
you
already
have
it-
and
you
just
want
to
give
us
the
link
that
also
helps
us
out
as
well,
so
you
have
to
rewrite
everything
and
you
can
also
help
us
out
by
tweeting
spreading
the
word
paying
it
forward
that
kind
of
thing.
So,
if
you're
getting
some
belly
out
of
this,
we
ask
that
you
try
to
help
someone
as
well.
Each
of
these
sessions
are
recorded
available
on
YouTube.
When
you
go
into
the
YouTube
channel,
that's
youtube.com,
slash
c
/,
kubernetes
community.
A
All
one
word
you'll
see
all
the
playlists
for
all
of
our
meetings
and
we
have
these
going
back
for
how
long
we've
been
doing
this
almost
two
years.
It
feels
like.
So
we
have
two
years
worth
of
content
for
you
to
hang
out.
This
is,
if
you
want,
if
you
want
to
sit
in
on
this
panel
and
spread
your
knowledge
you're
more
than
welcome
all
these
people
here
are
volunteers.
We're
always
looking
to
get
a
diverse
new
group
of
people
in
here.
A
So,
if
you're
interested
in
doing
this
and
want
to
get
on
the
little
list,
where
I
bother
you
once
a
month
to
come,
hang
out,
it
will
be
great.
The
only
commitment
is
one
hour
a
month.
You
don't
have
to
come
every
month.
If
you
had.
Usually
we
have
a
panelists
to
cover
things,
but
if
you're
interested
and
want
to
help
us
up,
we
would
love
to
have
you
and
we're
always
looking
for
help
to
spread
the
word
and
were
the
last
bit
the
panel.
A
We
do
get
support
from
some
people.
So
I
would
like
to
mention
out
a
shout
out
to
giant
swarm
stock
X
packet,
pusher,
dot-com,
Red,
Hat,
Samsung
SDS.
We've
works,
VMware,
Xing
Huawei,
the
University
of
Michigan,
lift
Argo
crow
and
the
City
of
Ottawa
Ontario
Canada
for
allowing
their
engineers
to
hop
onto
the
show
and
help
us
out.
So
with
that
everybody
ready
panel,
you
ready
audience,
are
you
ready
audience
feel
free
to
just
start,
putting
your
questions
into
the
channel
and
then
we'll
address
your
your
questions.
A
We
kind
of
have
a
little
queue
going
when
we
answer
your
question.
What
normally
happens
is
that
some
more
follow-up
questions
feel
free
to
just
keep
on
asking
them
just
put
like
a
big
question,
:
or
something
that
makes
it
easy
for
us
to
tell
that
you're
asking
a
question
and
not
just
responding
to
someone.
So
with
that,
let's
see
anybody
else
around
who
looks
like
the
questions
are
coming
in,
so
we
gotta
start
you
gotta
start
okay,
who's
ready
for
the
first
question.
A
B
A
Okay,
so
Chris
is
gonna,
do
a
little
research
on
that
one
and
we
will
come
back
to
you.
Next
is
Ms
tiny,
I
guess
it
goes.
I
realizes
more
of
a
gke
specific
question,
but
I've
been
trying
to
grant
users
bare
minimum
access
via
get
credentials
and
then
leave
everything
else
through
our
back,
but
I
get
permission
errors
specifically
surrounding
the
fact
that
they
don't
have
specific
google
IM
permissions
to
do
certain
tasks
when
running
cube
control,
which
is
really
perplexing
to
me.
A
A
D
F
They
can
look
at
things
right,
I,
think
that's
this
woody
get
out
of
the
box
right.
So
if
you're,
like
GCP
admin,
Oh
clever,
you
don't
have
an
admin
role,
binding
income
matters,
but
you
do
have
access
to
metals,
so
you
could
go
and
actually
create
yourself
an
admin
role
binding.
If
you
wanted
to
that's
how
I
recall
it
works
and
you
can,
you
could
probably
use
our
marker
to
to
restrict
access.
It
obviously
isn't
something
that
I
could
just
sort
of
describe
like
this.
It
needs
to
be
looked
into
more
specifically.
F
What
is
it
you
want
to
restrict
access
to
and
what
type
of
things
you
want
to
base
that
on
right,
so
whether
you
want
to
to
care
of
it
like?
How
do
you
want
to
express
it
and
what
is
it
so?
There
are
a
few
ways
to
go
about
it
because
auerbach
is
a
fairly
fairly
complex
API.
So
it's
not
something
that
would
be
able
to
give
you
a
prescriptive
answer
right
away.
So
if
you,
if
you
kind
of
be
more
specific,
what
is
that
you
want
to
do?
And
what
exactly
is
your
concern
here?
F
F
A
And
if
you're
still
online,
if
you
ask
that
question
fee,
please
feel
free
to
post
a
follow-up.
The
next
one.
It's
a
simple
one,
but
I
want
to
talk
about
it.
A
little
bit
from
Sean
stout
says:
how
do
I
migrate
resources
from
one
name
space
to
another?
Could
one
of
you
cover
kind
of
the
answers
that
were
given
and
then
a
little
bit
of
the
mantra
there
I
guess
so
the
answers
then
I
saw
mostly
involved
with
you
know,
exporting
what
you
have
into
a
new
llamo
file
and
then
redeploy.
D
Generally,
you're
not
gonna,
be
migrating
things
between
namespaces,
you
can
dump
all
the
configs
and
everything
like
dump
all
the
objects
and
put
them
in
a
new
namespace
they'll
want
to
you
like,
when
you
dump
up
middle
I,
actually
have
the
namespace
explicit
in
there.
So
you
want
to
change
that.
You
will
have
problems
with
certain
things
like
you,
won't
be
able
to
migrate
like
TVs
PVCs.
Anything,
that's
sort
of
meant
II
have
some
more
stateful
workloads.
I,
really,
you
know,
kubernetes
is
sort
of
designed
to
just
destroy
something,
recreate
something.
There's
no
big
deal.
D
F
A
A
You
know
a
good
pattern
to
get
into
your
brain,
like
one
of
the
once
I
started
to
learn
that
like
destroying
and
recreating
is
the
is
the
way
to
do
it.
I
automatically
found
myself
not
getting
in
as
much
trouble
as
I
did
when
I
was
trying
to
like
treat
things
like
a
pet.
So
does
anyone
have
more
inside
it
to
this
here.
A
C
B
B
F
Like
if
he
usually
you
have
to
conjure
I
think
is
it
still
helps
your
concert,
it's
being
very
comparable,
it's
just
contoured,
now
yeah,
a
sponsor
you
would
you'd
be
looking
to
use.
The
cons
are
specific
ingress
back,
which
is
called
egress
route,
I
believe,
and
that
will
let
you
you
know,
limit
your
situation
to
to
just
contour,
because
contour
is
the
only
one
that
implements
ingress
round.
D
Be
kind
of
like
ingress
is
also
kind
of
in
a
weird
place.
It's
I
think
it's
still
be
one
beta
2
I
forgot
the
API
version
on
it,
but
it's
there's
so
much
actual
configuration
that
has
to
happen
like
three
annotations
or
other
things
or
you
don't
ingress
route.
If
you're
adopting
you
know
some
that
supports
those
CR,
DS
and
I.
Think
a
couple
other
of
the
ingress
orders
we're
starting
to
adopt
an
ingress
route.
A
Okay,
any
other
comments
on
this
one,
all
right.
Moving
on,
if
you're
brand
new
to
the
live
stream
welcome,
you
can
join
us
on
hash
office
hours
on
the
kubernetes
slack.
Those
instructions
are
below
and
feel
free
to
just
start
asking
your
questions
and
we
will
get
to
as
many
of
them
as
we
can.
The
next
one
comes
from
Edie.
I,
add
always
good
to
see
you.
This
is
like
an
ironic
one,
because
he's
asking.
Does
anyone
have
any
experience
getting
kubernetes
running
on
the
new
jetson
nano?
A
F
G
A
C
I
do
Joel,
so
you
mentioned
that
you're
doing
Cube
builders
stuff
a
lot.
Have
you
run
into
an
instance
where
or
how
do
you
monitor
an
object?
That's
outside
of,
like
your
CR,
DS
lifecycle
and
I've
run
into
this
I?
Did
it
one
way
and
when
I
talked
with
Sally
Ross,
he
told
me
a
different
way
to
do
it,
but
said
mine
was
just
as
valid
just
you
know
not
correct.
E
C
So
for
the
person
that
asked
the
hpc
question,
this
might
actually
be
interesting
to
them
as
well.
I
wrote
an
operator
to
support
MPI
jobs.
What
that
means
is
you
create
an
MPI
object?
It
creates
a
job
that
is
owned
by
the
MPI
object,
but
I
wanted
to
monitor
the
pods
that
get
spun
up
by
that
job
and
then
act
on
certain
events
for
those
pods.
C
The
way
I
built
it
was
I
had
a
separate
go
routine,
that
I
implemented
above
the
controller
logic
in
queue
builder,
and
then,
when
I
talked
with
Sally,
he
said
you
should
be
using
some
sort
of
index
logic
with
cube
builder
to
actually
like
traverse
down
the
ownership
tree
to
find
the
pods
to
do
that.
Sorry,
I'm
dealing
with
a
cold.
So
how
would
you
do
it.
E
I
think
probably
the
way
you
would
have
done
it
is
the
way
I
would
have
done
it
solely
has
got
a
lot
more
insight
into
this,
because
he's
actually
controller
run
time.
I
think
that
is
his
day-to-day
right,
but
yeah
like
yes,
it
is
I
think
that
is
definitely
something
that
I
so
much
I
think
if
we've
got
something
similar
that
I've
done
I'll
actually
for.
D
D
F
C
Funny
thing
was
when
I
was
out
there.
Someone
actually
came
was
looking
for
Sally
to
ask
this
question
specifically
and
I
was
like
I,
don't
know
if
this
is
the
right
way,
but
this
is
the
way
I
did
it
and
it
turns
out
that
it's
not
incorrect,
but
there
you
go
so
like
diving
into
the
weeds
of
cube
controller
I'm,
literally
just
creating
another
go
routine.
When
ad
is
called
that
will
watch
me
pods.
E
Yeah
I
mean
we've
got
something
sort
of
similar.
We've
got
like
a
guitar
controller
thing.
That
basically
does
this.
You
have
the
K
tree
paper.
Then
it
creates
an
intermediary
CRD
that
matches
each
individual
real
resource.
So
then
you
do
kind
of
want
that
in
to
meet,
but
the
way
we've
got
it
is
that
the
first
controller
watches
the
second
controllers
objects
and
reconciles
when
those
happen,
so
the
status
got
sort
gets
propagated
up,
rather
than
actually
that
one
watching
the
bottom
one.
A
D
A
D
A
D
A
A
B
Not
that
I've
seen
a
lot
of
a
newer
helm.
Transom
saying
have
annotations
built
into
the
chart
to
do
that,
but
I
mean
if
you
have
a
policy
in
place
with
OPA,
it
should
be
able
to
modify
it
as
a
company
or
treat
it
as
a
template,
ER
and
use
something
like
customize
to
add
those
annotations
in
there.
If.
B
B
A
Let's,
let's
give
them
a
chance
to
type
here
for
a
second,
let's
see
if
we
can
do
something
else
well,
keep
on
typing
everyone,
as
we
will
tease
this
out.
Sometimes
it
might
take
us
a
lotta
so
to
answer
that
question,
so
a
meet
oh
I
hope
I
get
that
right,
says:
hi
I,
we're
gonna
start
up
in
NYC,
where
he
is
a
software
engineer,
part-time,
helping
out
in
DevOps.
Is
there
any
way
to
find
out
why
request
is
taking
too
long
and
responding
kubernetes
when
I
am
trying
to
fetch
data
from
one
pod?
A
D
A
D
Wink
Rd
is
definitely
lighter
weight
than
sto.
You
can
do
other
things
like
circuit,
breaking
and
fault
injection
and
and
some
other
things
there.
It
might
not
give
you
that
might
be
a
good
place
to
start.
It
might
not
give
you
everything
you
need
to
try
and
troubleshoot
the
problem
it
that
that
might
be
a
good
first
step
before
diving
into
you,
like
Jaeger
ins,
with
the
other
stuff,
where
you're
actually
injecting
more
trace
points
into
your
application.
F
Even
without
tracing
I
mean
this
probably
a
way
to
troubleshoot
it,
it
seems
like.
Maybe
the
question
is
kind
of
like
I
mean
maybe
in
this
case
the
person
isn't
exactly
sure
aren't
exactly
sure
how
to
do
things
in
kubernetes
and
they're,
not
sure
where
the
kubernetes
may
be
introducing
something
to
the
to
the
path
that
they're,
not
exactly
aware
of.
F
There
are
a
few
few
good
tutorials
and
networking
out
there
I'd
recommend
watching,
through
the
talks
by
my
colleague,
Brian
Boram
or
as
you're
talking
on
networking
in
general
and
understanding
how
services
on
board,
IPs
and
all
lists
of
works
and
being
able
to
have
it.
With
that
in
mind,
you
you'd
probably
be
able
to
tell
more
clearly
what
is
actually
going
on
and
whether
kinetise
maybe
do
something
to
it
to
your
traffic
versus
you
might
have
misconfigured
something
or
it's
just
an
application
level
issue.
D
B
A
A
A
A
D
D
C
G
A
D
A
And
this
seems
to
be
a
pattern.
Sorry
I'm
trying
to
get
more
of
the
patterns
out
of
everyone.
This
time,
that
seems
to
be
a
pattern
across
kubernetes
right
seems
like
IP
addresses
are
never
meant
to
ever
be
I,
don't
know,
and
user
exposes
kind
of
probably
too
strong,
but
struggling
defaulting
to
dynamic,
DNS
style
things
as
opposed
to
an
IP
address.
Yeah.
F
D
F
F
Sample
use
and
NLB
with
a
pre-allocated
must
be,
and
that's
I'm
saying
right
yeah,
but
it's
like
it's
really
the
question.
It's
done
to
infrastructure,
it's
not
really
down
to
cover
messes,
but
I
just
may
or
may
not
support,
in
particular
thing
that
your
infrastructure
that,
before
you
know,
Cohen
cloud
providers
such
as
a
double
yes,
for
example,
you
could
use
energies
there
and
I
think
they're
similar
future
they're.
Similar
features.
F
A
C
One
of
the
like
passions
that
I
do
kind
of
as
part
of
work
kind
of
is
not
part
of
work
at
the
university
is
trying
to
enable
research
computing
HPC
on
kubernetes
a
lot
of
the
primitives.
Are
there
it's?
The
main
thing
that's
lacking
is
like
the
the
researcher
user
experience
so
like.
Technically,
if
you
want
to
spend
up
like
a
Monte,
Carlo
type
simulation,
which
is
literally
spinning
up
thousands
of
parallel
jobs
that
are
the
same
job
just
just
with
like
a
little
tweak
of
a
parameter
and
not
like
a
whole,
completely
different
thing.
C
C
That
adds
a
lot
of
other
primitives
like
Co
scheduling,
so
having
all
the
pods
in
a
certain
job
spin
up
at
the
same
time,
instead
of
just
you
know,
scheduling
him
and
forgetting
them
also
when
there
is
a
a
PR
for
the
MPI
operator
that
I
kind
of
wrote,
separately
and
linked
earlier,
but
that
should
be
in
there
soon,
there's
also
the
concept
of
queues.
What
I'm
getting
at
is
there's
a
lot
of
HP
C
style
primitives
in
cube
batch
that
sit
on
top
of
the
basic
job.
Primitives
and
kubernetes.
C
D
C
Is
does
this
work
happen
in
a
certain
sig,
or
is
there
a
working
group
for
this?
So
a
lot
of
this
effort
is
happening
in
sig
scheduling,
which
is
kind
of
weird,
but
it
kind
of
makes
sense,
because
the
original
effort
of
cube
batch
was
to
make
a
an
HPC
style
scheduler
that
works
with
kubernetes.
But
the
problem
is
an
HPC
style.
Scheduler
that
works
in
kubernetes
has
a
lot
of
baggage
with
it
like
supporting
specific
types
of
jobs,
supporting
things
like
Co
scheduling
and
all
these
different
behaviors.
C
D
Definitely
are
interested
in
let's
it's
more
Sauve
user
thing
and
it's
so
it
has
like
a
lot
of
bleed
over
with
big
data
machine
learning.
There
isn't
really
a
good
you
know
specific
place
for
it
and
the
honesty
like
the
community
itself
is
sort
of
smaller
than
either
of
those
communities.
So
it's
not
necessarily
worth
like
having
this
dedicated
thing
for
that,
when
a
lot
of
the
work
is
also
being
handled
by
these
other
entities
that
IPA
in
general,
better
fit
to
like
drive
the
general
work
effort
for
this
stuff
cool.
A
B
A
few
things
QG
and
s
or
whatever
DNS
entry
could
be
I've
had
that
issue
before,
where
I
just
had
to
restart
cube,
DNS
and
everything
went
back
or
upgraded.
The
version
can
also
be
just
networking
rules
on
your
in
your
environment.
The
host
config
file
could
be
messed
up,
so
I
think
there
is
another
threat.
Undiscussed
I'll
go
find
that
someone
have
some
similar
issues
with
that.
F
What
do
we
use
there
figure
that
out
and
if,
if
it's
something
that
has
no
particular
straightforward
and
could
be
improved,
then
you
know
try
and
make
those
improvements,
and
if
it's,
if
it's
done
in
a
certain
way
by
design,
that's
fine,
you
just
need
to
find
a
way
to
work
with
that
and
again
I
could
be
based.
Like
I
mean,
let's
say
if
you
are
using
black
vagrant
or
something
that
stuff
could
get
raided.
Okay,
you
know
just
take
a
look
and
leave
you
would.
F
What
is
it
you
have,
and
why
is
it
in
that
way?
And
if
you,
if
you
don't
really
know
what
is
going
on
there,
then
then
obviously
you
have
like
a
bigger
problem
there
and
the
the
other
thing
is,
you
know:
flannel
isn't
like,
ultimately
the
most
the
it's
not
really
the
best
the
best
option,
my
opinion
really
but
again,
I'm
biased,
of
course,
but
flannel
is
quite
you
can
be
quite
tricky
and
it
doesn't
really
give
you
all
the
information
and
I
don't
think.
It's
very
well.
B
A
D
D
If
you
had
multiple
NICs
and
you
you
know
found
the
system
are
you
had
you
deployed
the
container
with
host
networking
and
then
specifically
bind
it
to
use
that
NIC
sort
of
work
around
it
that
way,
and
you
can
in
workloads
to
specific
cores
and
specific
CPUs,
but
there
isn't
really
a
way
to
like
guarantee
exclusivity
and
that
you
would
sort
of
have
to
manage
that
yourself
or
try
and
manage
that
with
like
resource
constraints.
Do
you
say
go
here
and
consume?
D
And
I'm
telling
blanking
out
on
being
able
to
do
like
carve
up
a
adapter
into
multiple,
smaller
adapters
and
the
adapter
sense
sort
of
given
over
to
your
container.
Well
then,
no
wasn't
bonding.
It
was
like
creating
a
virtual
network
of
something
else
and
then
I
think
so
it's
our
Iove
there
we
go
and
being
able
to
give
a
explicit
SR
iov
device
to
a
pod.
D
F
D
Questions
come
up
with
like
telcos,
and
people
are
doing
more
heavy,
like
research
type
workloads
where
they
want
to
pin
or
dedicate
an
entire
CPU
to
an
explicit
task.
It
also
comes
up
with
like
when
you're
mapping
through
to
GPUs
and
other
host
adapters
that
are
on.
Like
X
explicit
you
know,
PCI
Express,
Li,.
D
A
A
I
don't
know
I
would
be
interested
in
the
use
case
as
well
yeah.
So
alright
salafiyyah
asks
I'm
due
to
kubernetes
about
a
week.
Welcome
yeah
I
get
started
about
the
slack
bot
with
a
command,
slash
cuddle
that
should
run
on
my
dev
host.
It
was
kind
of
challenging
to
get
permissions
working
from
a
doctor.
Container
I
got
help
from
here
and
there
to
define
roles
and
it
worked
like
a
charm
bouquet
emoji,
but
when
a
front
tested
on
his
closer,
you
had
to
modify
many
things,
the
image
name
and
other
stuff.
A
He
suggested
me
some
improvements
and
changes.
I
had
my
work
on
it
again,
but
his
environment
differs
from
mine
in
many
regards.
I
want
to
mount
host
path
during
dev.
On
my
side,
only
I've
been
reading
the
helm
helps
set
different
environments
per
wait.
Is
that
environment
variables
per
environment,
I
guess,
but
could
help
me
at
this
nodes.
I
need
host
path
mounting,
but
not
my
friend
testing
it
I
would
be
happy
to
have
the
host
path
relative
to
the
project.
Route
path
could
helm
help
me
at
both.
B
D
Yeah,
the
other
thing
you
could
do
is
if
you
have
a
Eevee
or
whatever
that
you're
gonna
be
looking
for
no
matter
what
that
could
amount
to
you
whatever,
and
then
you
just
have
a
sort
of
stack
way
to
find
PVC
sets
or
separates
out.
You
know
the
hosts
map
or
whatever
you're
having
to
do
to
the
static
resource
to
dynamic
thing
of
the
the
persistent
volume
claim.
A
A
The
way
it
works
is
if
we
read
your
question,
live
on
the
air
you'll
automatically
enter
you
in
a
chance
to
wear
kubernetes
t-shirt,
and
then
we
all
fail
to
wear
that
shirt
on
the
day
to
show
you
what
it
looks
like,
but
they're,
pretty
snazzy
and
then
I'll
ping
you
afterwards
and
you
can
do
that.
It's
just
a
shirt
with
an
ID,
so
go
on
it,
it's
very
handy.
So
we
do
encourage
you
to
drop
by
and
ask
questions
so
so
I
think
it
says:
ok,
thanks
guys!
I
did
it
that
way?
A
Thanks
again,
okay.
Moving
on
to
my
kisses
question
on
eks
there
is
there
an
easy
way
to
make
sure
all
exposed
ingress
services
are
protected
by
a
client
certificate.
By
default
it
looks
like
there
is
no
eld
which
supports
client
certificates,
looks
like
I
should
use
an
MLB
terminate
TLS
on
an
engine,
deck
singer's
controller
and
annotate.
Each
ingress
object
properly.
It
will
be
cool
if
there
would
be
no
need
for
the
chart
developers
to
bother
with
TLS
stuff
and
simply
let
the
cluster
do.
A
F
And
I
would
recommend
you
know
looking
at
other
options,
then
then
nginx,
unless
you
you're
getting
really
comfortable
about
the
idea,
thetan
nginx.
Otherwise
it's
probably
a
better
idea
to
use
something
like
contour
or
whichever
English
control
that
is
based
on
envoy.
That
is
much
more
friendly
with
kubernetes.
The
nginx
integration
with
colitis
is
fairly
ad
hoc
and
you'll
often
end
up
debugging
things
and
beginning
to
into
things
that
that
are
not
very
straightforward.
E
F
F
A
All
right
you
we're
down
to
probably
our
last
two
questions.
David
says:
hey
all
I'm,
pretty
sure
the
folks
that
helped
you
were
working
on
a
dashboard
for
managing
multiple
clusters
before
when
they
were
acquired.
Has
anyone
heard
anything
about
it?
Are
there
any
interesting
products
to
look
around
in
providing
a
UI
to
manage
multiple
clusters?
Can
we
answer
the
the
second
half
on
the
first
part,
I
can't
really
answer
at
this
point.
Other
than
stay
tuned
I
can
speak
to
a
rancher.
Yes,
that
would
that
would
be
great
yeah.
A
B
So
we
use
our
hands
are
internally
here
to
manage
our
clusters.
It's
quite
nice
that
you
have
a
single
pane
for
your
on-prem
clusters,
either
created
through
the
wrench
for
UI
or
through
the
rke
tool.
You
can
also
import
three
nineties
clusters
that
are
created.
However,
you
want.
It
also
has
hooks
into
the
major
cloud
providers
too.
So
if
we
just
hey
I
want
to
create
a
cootie
Kate
cluster,
it
goes
and
creates
and
manages
it
for
you
inject.
B
D
B
D
That's
another
one,
that's
like
also
very
tailored
specific.
Another
thing:
you'll
find
that,
like
the
dashboards
themselves,
tend
to
be
very
much,
the
large
value
add
that
the
different
vendors
in
different
groups
give
so
it's
it's
kinda
hard
to
find
a
good
multi
cluster
open-source
one
and
I
will
be
quiet
now
before
Jeff
cuts
me
off
no.
C
That's
okay,
so
supporting
multi
cluster
is
on
the
roadmap
for
the
current
kubernetes
dashboard
project.
We're
trying
to
finish
our
migration,
which
is
hopefully
going
to
be
done
before
cube
county
you
and
then
the
next
steps
are
getting
better.
Oh
us
port
and
then
we're
going
to
look
into
ways
to
both
support
viewing
multiple
clusters
in
the
dashboard,
as
well
as
potentially
spinning
up
different
clusters
using
dashboard.
So
that's
that's
future
State!
We
aren't
paid
to
work
on
this.
We
have
like
one
day
a
week
to
work
on
it.
So
roadmap
hopefully
said
yeah.
D
B
D
A
A
Busily
reading
his
art,
March,
alright,
you
have
won
a
kubernetes
t-shirt.
I
will
PM
you
afterwards
and
give
you
a
code
to
the
CNCs
store.
So
if
you've
got
a
source,
that's
C
in
C,
F,
dot
IO
anyway,
there's
a
bunch
of
t-shirts
for
all
your
favourite
CNC
have
projects,
so
you
can
get
kubernetes
stuff.
I
got
a
Prometheus
one.
So
that's
always
good
stuff.
A
D
C
A
A
session
we
will
decide
later
on
today
or
something
real,
quick,
they'll
tell
everybody
what
your
cute
con
plans
are.
If
you
have
any,
you
can
always
run
into
us
at
least
into
me,
a
cute
con
and
things
like
that,
and
if
you're
in
office
hours,
participant
I
always
have
cool
stuff
to
give
you
so
drop
by
from
me,
how
about
y'all.
A
A
A
A
We
did
this
the
third
Wednesday
of
every
month,
so
if
you've
had
a
good,
if
you've
had
a
you
know
a
positive
experience,
please
let
us
know
we're
always
looking
to
improve,
and
please
tell
a
friend
and
with
that
sorry
about
the
technique
up
earlier,
but
thank
you
everybody
and
we
will
see
everybody
in
six
hours
or
doing
the
west
coast
edition,
and
we
will
do
this
again
with
another
set
of
panelists.
So
thank
you,
everybody
and
have
a
good
month.