►
From YouTube: Kubernetes Office Hours (West Coast Edition) 20181121
Description
Join our monthly live stream where Kubernetes experts answer user questions, join us on #office-hours on slack or post in our question thread (see below):
Info: https://github.com/kubernetes/community/blob/master/events/office-hours.md
Question thread: https://discuss.kubernetes.io/t/office-hours-for-21-november/3528
B
Welcome
everybody,
it's
the
third
Wednesday
of
the
month.
That
means
kubernetes
office
hours.
Thank
you
for
joining
us.
The
special
Michigan
Edition,
where
the
entire
panel
just
happens
to
be
from
Michigan.
We
are
trying
to
definitely
gets
as
much
community's
expertise
in
the
Midwest
as
possible.
So
oh
hi,
Chad,
hello,
welcome,
I'm
gonna,
do
a
quick,
intro,
we'll
introduce
ourselves
and
then
we'll
get
started.
So
welcome
everybody.
This
is
the
kubernetes
office,
our
third
Wednesday
of
every
month.
We
have
two
sessions,
one
for
the
EU.
B
This
is
generally
speaking
for
the
west
coast
US,
but
the
u.s.
centric
time
zone
one.
What
this
is
is
a
live
stream,
where
we
grab
all
your
questions
for
kubernetes
users
in
the
office
hours
Channel,
and
then
we
try
to
spend
an
hour
to
just
like
help
answer
questions
for
users
so
that
you
can,
if
you're
stuck
on
a
specific
problem.
You
know
that
once
a
month,
there's
like
a
place
you
can
go
to
and
someone
will
do
their
best
to
help
you
out.
B
So
if
you're,
looking
at
the
live
stream
check
out
the
link
below
you
can
get
to
the
hash
office
hours
channel
on
slack
dicooper10
DS
on
I/o
just
go
to
select
that
kubernetes
that
il
follow
the
instructions.
Go
to
that
channel.
Ask
your
question:
if
we
address
your
question
on
air
will
automatically
enter
you
into
a
kubernetes
t-shirt
raffle
where
you
can
win
this
wonderful
t-shirt
that
we
like
to
give
away
one
per
session.
So
hopefully
they
don't
encourage
you
to
ask
some
questions.
B
A
D
Hi
guys,
my
name
is
Mario
Laurie
I
am
a
devil's
engineer
for
stock-out
space
and
Detroit
Michigan.
My
focus
generally
is
while
not
doing
community
things,
usually
ingress
and
other
ways
of
optimizing
workloads,
auto-scaling
and
and
general
operability
of
grenades
clusters,
where
you
don't
have
to
ever
touch
them
and
everything
just
works
magically.
E
Hi
I'm
Ralph
thanks
I
work
at
hefty
owned
located
in
East
Lansing
Michigan
I
specialize
in
helping
bootstrap
clusters
on-prem
in
the
cloud
and
pretty
much
running.
Questions
for
people.
B
It's
your
first
time
here,
so
that's
it's
good
to
have
you
hope
you
have
a
good
time
all
right
before
we
get
started.
We've
got
the
questions
queuing
up
in
Hash
office,
a
showers,
those
of
you
listening
on
the
stream.
First
of
all,
if
you
can
just
let
us
know
how
we
sound,
it's
always
good
to
know
that
the
stream
is
running
well.
We
would
appreciate
that
we're
gonna
I'm
going
to
lay
down
some
ground
rules,
real
quick
and
then
we
are
going
to
try
to
answer
as
many
of
your
questions
during
at
any
point.
B
If
you
need
to
ask
a
follow-up,
just
feel
free
to
keep
on
chatting
in
the
in
the
chat
where
we
went
ahead
and
started
to
show.
Actually,
let's
see
those
of
you
watching
on
the
stream,
you
should
be
able
to
see
the
chat
right
here
of
what's
happening
in
the
office
hours
channel.
So
before
we
start
just
remember,
this
is
a
kubernetes
resource,
so
it
does
fall
under
the
code
of
conduct.
So
everyone
please
be
on
your
best
behavior
you're
streaming
on
the
Internet.
This
is
also
a
judgment-free
zone.
B
We're
gonna
get
a
variety
of
questions.
Some
might
be
beginners,
somebody
very
complex,
remember
we
all
had
to
start
somewhere
and
let's
make
sure
that
we
have
a
nice
healthy
place
where
people
can
learn
and
grow
and
not
judge
them,
because
they
might
not
understand
something.
While
we
will
do
our
best
to
answer
your
questions,
the
panel
doesn't
have
access
to
your
cluster,
so
there's
gonna
be
some
questions
that
we
just
can't
help
with.
We
had
a
cluster
this
morning
that
was
just
kind
of
broken.
B
B
It
says
to
do
this,
but
like
this
is
something
I
learned
on
the
side
or
any
kind
of
pro
tips
that
you
have
audience.
You
can
help
out
by
pacing
URLs
links
to
the
official
Doc's
blog
post.
Anything
interesting
about
what
we're
talking
about
at
that
time
feel
free
to
just
whack
the
URLs
into
chat.
We'd
love
it
when
people
are
kind
of
helping
us
all
fix
that
one
person's
issue
or
problem
and
that
kind
of
helps
us
help
everybody.
B
It
also
is
nice
to
have
all
these
URLs,
so
we
can
whack
them
in
the
show
notes
for
future
references
and
things
like
that.
So
absolutely
feel
free
to
toss
any
information
that
you
have
into
the
chat.
It's
really
great.
When
sometimes
we
have
people
on
chat
that
that
really
have
a
lot
of
knowledge,
and
if
you
can
help
someone
else,
I
will
be
really
great.
B
We
do
have
a
thread
on
discuss
like
kubernetes,
on
I/o,
for
this
and
I
forgot
to
link
to
it
again.
Bob
is
he's
gonna
toss
that
in
the
channel,
that's
kind
of
where
we're
pacing
notes,
where
we're
pasting
links
to
the
stream
that
you'll
get
and
that's
also,
usually,
we
have
I
start
to
thread
about
a
week
before.
So,
if
you're
at
work
or
something
like
that
and
you
get
stuck
on
something
we'll
always
have
a
thread
for
the
next
office
hours.
We
also
do
monitor
the
officers
channel
from
month
to
month.
B
We
get
such
a
variety
of
subjects
that
we
pretty
much
have
dealt
just
about
everything
if
you're
using
this
as
a
work
resource,
for
example,
if
you're
sharing
it
with
your
team
kind
of
watching
it
at
work
or
something
like
that.
As
a
group,
we
really
would
love
your
feedback
because
for
us,
it's
kind
of
important
that
we
make
something
useful,
that
people
can
actually
use
professionally
and
as
you're
learning
and
starting
kubernetes
journeys.
If
you
want
to
sit
in
on
this
panel,
all
these
wonderful
people
are
volunteers.
B
It's
a
great
way
to
spread
your
knowledge.
The
commitment
is
one
hour
a
month.
You
don't
even
have
to
show
up.
Every
month
we
have
enough
volunteers,
or
as
long
as
we
get
a
healthy
role,
rotation
to
account
for
people's
travel
and
conference
and
holidays
that
you
can
join
them.
If
you
would
like
to
feels,
please
feel
free
to
ping
me
afterwards
and
I'll
be
more
than
happy
to
send
you
an
invite,
let's
see.
B
Okay,
all
right?
Let's
start
all
right,
so
Bob
I'm,
just
gonna
read
off
the
notes:
I'm
not
reading
off
of
slack
directly
right,
okay,
just
making
sure
all
right.
First
question:
thanks
for
joining
in
comes
from
xqc
one
asks:
what
are
the
best
practices
for
monitoring
kubernetes
with
prometheus?
Isn't
it
somewhat
a
problem
that,
when
the
cluster
fails,
the
Prometheus
running
inside
it
might
fail,
would
it
be
possible
to
monitor
multiple
clusters
from
a
special
monitoring
cluster
or
how
do
people
actually
manage
this
problem?.
F
C
As
far
as
sort
of
like
aggregating
them
out
or
having
a
separate
metrics
cluster,
that's
actually
you
know
pretty
common.
If
you
reach
a
certain
size,
you
can
use
something
like
m3
or
Thanos.
If
you
want
to
sort
of
monitor
a
lot
of
clusters
and
aggregated
all
to
likes
or
one
central
repository,
Thanos
is
I,
think
sort
of
becoming
the
default
way.
People
are
doing
that
these
days,
oh
I,
think
there's
also
we've
cortex
does
something
similar.
F
B
What
about
having
a
separate
I,
don't
want
to
say
separate
cluster,
because
I
feel,
like
a
lot
of
organizations,
will
have
monitoring
in
place
and
have
had
monitoring
in
place.
This
whole
time
you
know
before
they
introduced
kubernetes.
Is
that
a
typical
thing
that
we
see
people
just
plugging
in
their
existing
monitoring
infrastructure
and
not
even
bothering
with
putting
it
into
kubernetes?
We
talk
about
some
a
lot.
C
Of
the
monitoring
stuff
like
there
wasn't
really
a
good
way
of
like
putting
that
layer,
don't
like
dumping
it
into
sort
of
your
classic
infrastructure
or
your
classic
monitoring,
stuff,
I,
think
senses
working
on
better
coordinate
integration.
I
know
that
they
completely
rework
their
thing.
They're
going
now,
they
don't
agree
as
Ruby
and
I
think
they
actually
use,
etc.
D,
but
the
let's
see
I
think
there's
another
thing
for
metrics
beats
can
contain
to
it.
But
I
don't
know
too
much
about
that.
C
As
far
as
like
the
the
services
cluster
or
you
know
the
the
monitoring
cluster
the
way
we
actually
do
it
is,
we
have
a
sort
of
Central
Services
cluster.
So
we
dump.
You
know
it's
a
thing,
that's
running
like
our
Oh,
a
DC
and
sort
of
other
services
that
are
other
clusters
consume
and,
like
that
one
we
make.
You
know
we
do
all
sort
of
we
care
about
the
monitor,
much
more
make
everything
highly
available.
B
All
right
do
we
have
any
more
tips
for
xqc
one
as
far
as
Prometheus,
actually
before
the
stream
started.
We
were
talking
about
how
we
should
definitely
link
up
with
the
Prometheus
folks
and
maybe
have
more
expertise
on
hand.
So
we
should
definitely
reach
out
to
them
and
figure
out
how
to
do
a,
maybe
a
shared
office
hours,
one
time
or
something
would
be
pretty
cool.
So
if
you're
interested
in
that
sort
of
thing,
plus
one
of
the
chat
I'm
interested,
we
could
reach
out
to
the
Prometheus
operator
people-
oh,
that
is
a
good
one.
B
Yes
operator
people,
it's
also
a
working
meeting,
awesome
all
right.
Any
other
comments,
then
on
prometheus
before
we
move
on
give
it
a
second
for
the
chat.
If
anybody
has
any
opinions
on
this
feel
free
to
toss
them
in
chat,
it's
about
a
10
second
delay.
Excuse
me:
it's
about
a
10
second
delay
all
right.
He
says.
Thanks
for
the
input,
let's
move
on
Sanwa
would
like
to
ask
I'm
trying
to
deploy
sentry
through
helm
with
helm,
install
nice
name,
sentry
stable,
slash,
sentry.
Then
he
gets
an
error.
B
The
PostgreSQL
pod,
which
is
bundle,
is
failing
with
the
air,
could
not
change
permissions
of
directory
varlet
PostgreSQL
data
PG
data
operation
not
permitted.
Would
anyone
be
able
to
help
resolve
this
and
I
see
you
pasted
it
in
a
stack
overflow
link?
Is
that
the
link
to
the
question,
or
is
that
that's.
A
Off
the
bat
it
sounds
like,
if
he's
using
like
a
volume
underneath
it
or
it's,
trying
to
spin
up
a
volume
underneath
it.
The
permissions
for
the
volume
were
wrong
cuz
if
I
recall
and
I'm
pretty
sure
them
right.
When
you
spin
up
a
Postgres
container,
the
Postgres
container
tries
toning,
the
directory
to
itself
mm-hmm.
D
I
I,
don't
know
if
he
change
any
the
configuration
in
terms
of
how
that
mounts
was
done,
I'm
not
sure,
if,
like
he
did
a
bind
mount
or
if
that's
an
option,
the
values,
file
etc,
but
like,
if
he's
trying
to
bind
mom
to
a
directory
that
doesn't
have
any
permissions,
and
that
would
be
a
problem
like
permissions
are
screwed
up
to
a
point
that
that
container
can't
can't
shower
or
something
like
that
or
I
don't
well.
It
was
the
error
here.
D
Yeah
could
not
change
versions
yeah,
so
so
it's
trying
to
change
the
permissions,
but
I
can't
so
maybe
it's
mounted
read-only
or
something
like
that
right,
so
that
that
something
configuration
I'd
look
prior,
but
I
think
by
default.
That's
just
a
volume,
that's
created,
Jeff
I,
don't
think
it's
like
you
know
like
you
must
make
it
a
fine
mount
or
anything
like
that.
So
right.
A
But
the
the
real
thing
is
when,
depending
on
okay
so
he's
just
if
he's
just
running
helm,
install
name
century
da-da-da-da-da.
Theoretically,
it's
gonna
try
and
provision
a
PVC,
a
PVC
right
right.
So,
depending
on
like
the
provisioner
storage,
class,
etcetera,
etcetera
need
to
need
a
little
more
info
but
sure
you
Angela.
F
F
Its
core
yeah,
yeah
I,
agree
with
Jeffrey
I
mean
I've.
Seen
that
a
lot
of
helm,
charts,
one
thing
to
might
do
is
just
tweak
those
values
value
animal
to
not
try
to
provision
a
a
PVC
on
there
just
to
just
to
try
to
narrow
it
down.
But
it
seems
like
a
pretty
common
thing.
We're
just
like
Jeffrey
saying,
with
the
permissions
like
tries
to
take
your
ownership.
The.
C
Other
thing
is
I,
don't
know
if
this
is
the
case
with
Postgres,
but
I
know
some
of
them
have
issues
when
you're
mounting
when
you're
doing
stuff
over
NFS.
So
it's
like
Prometheus
really
doesn't
like
having
its
volume
being
like
the
external
volume
being
stored
on
NFS,
just
sort
of
depends
on
how
it's
mounted
there.
C
B
Any
other
options
on
this,
as
always
as
we
go
through
these.
Sometimes
we
need
more
information
so
as
we
get
to
them,
feel
free
to
just
type
in.
If
it's
your
question
before
we
move
on,
so
it
looks
like
we're.
Gonna
move
on
just
some
quick
around
information
on
the
last
question:
Mitchell
Mahler,
I,
hope,
I
got
that
right,
says:
I
know,
AB
dynamics,
new,
relic
and
elastic
metric
beats
can
monitor
clusters.
Now,
that's
good
to
know
and
Nick
would
like
to
say
+1
for
dead
man's
switch,
plus
heartbeats
really
good
to
know
all
right.
B
We
will
be
moving
on
to
Eve
C's
question.
Welcome
again,
I
hope.
I
am
pronouncing
your
name
correctly,
good
to
know
he
says
wave,
although
once
again
so
looking
at
running
Kafka
and
kubernetes
and
struggling
with
external
access,
clients
need
to
connect
to
the
caucus
service
and
then
to
a
designated
broker.
How
can
I
make
these
individuals
stateful
set
pods
behind
a
headless
service,
externally
accessible
I'm
on
gke?
For
what
it's
worth?
And
this
feels
like
a
bob
question,
yep.
C
This
is
actually
a
very
common
question.
I
will
end
up
getting
on
office
hours.
I
went
up
writing
a
blog
post
on
it.
I'll
drop
it
in
there,
but
essentially
outside
of
the
hello
service.
You
wind
up,
creating
an
additional
service.
That's
you
know,
service
type,
load,
balancer
and
point
it
towards
each
one
of
these
stateful
set
instances.
Each
stateful
set
instance
has
a
explicit
label
that
you
can
use
to
target
it.
So
it's
like
a
stateful
set
that
could
raise
that
IO
/pha
name,
and
then
it
will
have
the
instance
ID.
B
B
Just
kind
of
agreeing
okay,
all
right,
you
see.
Hopefully
this
helps
you
out
we'll
give
you
some
time
there
to
digest
that
blog
and
feel
free
to
ask
a
follow-up
question:
I
see
you're
typing,
so
I'll
just
give
him
a
second
or
her
a
second
to
confirm
them.
That's
it
it's
a
really
good
idea,
I
think
surfacing
whatever
kind
questions
are
a
not
only
making
sure
they
get
back
to
the
right
cigs
in
kubernetes
itself,
but
using
it
as
a
source
of
like
wow.
Maybe
I
should
blog
about
this
and
people.
B
You
got
sick
of
it
I'd,
you
know,
Josh
ended
up
blogging
the
whole
running
a
database
inside
kubernetes
thing
he
a
four-page
series
there,
all
right,
so
you
see,
has
a
follow
up
just
how
do
you
deal
with
scaling
in
the
scenario
or
is
it
just
an
accepted
drawback
that
you
need
to
create
services?
If
you
need
the
scale
so.
C
If
you
have
to
sort
of
like
expose
every
single
on
your
steeples,
that's
out
there
and
you're
going
to
be
scaling.
Your
steeple
set
up,
there's
a
I'm
totally
blanking
on
this
on
this
lick
automation
tool,
but
there's
a
way
to
essentially
like
anytime,
a
new
instance
is
created.
It
will
automatically
create
a
new
service
for
you.
C
B
All
right
awesome,
any
other
opinions
on
this
one
will.
Let
will
let
you
see,
consume
this
for
a
minute
and
then
loop
back
around
and
check
to
see
how
they're
doing
any
other
comments
on
this
one.
All
right,
those
of
you
just
joining
the
live
stream.
We
have
a
queue
of
questions
and
we're
almost
at
the
end,
so
we're
starting
to
get
caught
up
here.
So
if
you
have
more
questions
feel
free
to
whack
them
in
the
slack
Channel.
That's
hash
office
hours
on
slack
dock
kubernetes
on
I/o
I,
just
go
to
slack.
B
Dock
kubernetes
is
out
I/o
down
there
in
your
browser
and
follow
the
instructions
to
get
to
the
right
channel,
and
then
we
will
address
them
as
fast
as
we
can
all
right.
Moving
on
machee
Mitchel
Mahler
asked
we're
looking
at
multi-region
deployments.
Would
it
be
better
to
just
have
multiple
clusters
and
deploy
to
each
one
or
have
a
single
large
cluster
with
nodes
in
different
regions?.
B
E
I
I
would
do
multi
clusters
that
are
in
a
single
regions.
You're
gonna
have
to
deal
with
scaling
sed
because
you're
gonna
deal
with
a
lot
of
latency
going
back
for
your
rights.
That
depends,
if
you
then
put
us,
if
you
put
control,
plane
nodes
across
your
regions
and
there's
a
whole
bunch
of
even
trying
to
get
the
etsy
detuning.
So
you
don't
time
out
and
have
some
weird
errors
and
then
there's
actually
keeping
quorum.
E
B
E
C
The
place
where,
like
I've,
seen
this
stuff
before
is
a
all
your
control,
plane,
stuff
is
gonna,
be
running.
Sort
of
in
one
region
might
deploy
the
nodes
geographically,
and
this
is
used
commonly
in
the
IOT
type
stuff,
where
you
know
they
don't
necessarily
care
about
inner
pod
communication
between
the
things
it's
more
like
they're,
just
using
it
as
a
deployment
mechanism
and
like
deploying
demon,
sets
or
something
like
that
or
they're,
being
very
careful
on
how
their
crafting
sort
of
their
their
node
selectors
mm-hmm.
B
Yeah
and
then
Mitchell
has
a
follow
up,
but
I
would
like
to
say
that
we
did
talk
a
lot
about
Federation
at
this
morning
session,
so
Mitchell.
If
you
want
to
look
at
the
session
in
YouTube
from
this
morning,
that
will
give
you
some
filler
information
along
with
this.
But
the
follow
up
is
with
multiple
clusters.
C
C
B
B
E
E
And
there's
you're
supposed
to
have
I
think
it
was
meant,
but
us
these
two
is
kind
of
a
backup,
dr
region,
because
they
they've
basically
lowered
the
inter
region
pricing.
So
it's
not
any
more
expensive
than
going
to
an
availability
zone
between
us.
These
one
in
sales.
Okay,
though
that
wasn't
terrible
going
to
us,
was
too
was
a
little
pricey
yeah.
B
E
B
Awesome
five
minutes
I,
like
I,
totally
want
to
try
Europe
now
we're
trying
Europe
well
we're
gonna
cube
Khan
we're
gonna,
try
it
all
right.
Moving
on
Dan
manners
welcome
Dan,
ass,
hello.
This
is
definitely
more
of
an
opinion
question
at
this
point:
our
favorite
music
eks
and
look
into
multi-tenant
services
for
various
clients.
B
Do
you
feel
the
kubernetes
is
mature
enough
at
this
point
in
time
to
support
multi
tennessee
in
a
safe,
secure
way
between
namespaces
and
various
CN
eyes,
and
would
you
recommend
separate
clusters
entirely
before
we
start
well,
while
y'all
think
about
that
real
quick?
I
also
want
us
to
start
to
think
what
we
mean
by
multi-tenancy,
as
in
like
different
departments
of
the
same
company.
Multi-Tenancy.
Are
we
talking?
I
am
reselling
something
to
customers
and
I
know
I,
don't
trust
any
of
them
so
any
to
be
like
hard.
I
was.
D
Gonna
say
it
sounds
like
most
most
Tennessee
questions
are
generally
the
latter
right,
like
a
company
will
be.
You
know
something
basic
like
main
spaces
or
even
same
names.
Please
different
are
back,
etc,
but
I
know
I've
done
this
before,
where
we
did
multi-tenancy
namespace
ask
you
know
in
it's
kind
of
a
shared
hosting
mantra.
D
I
guess
right
at
one
of
my
previous
companies
and
I
think
it
is
definitely
doable,
but
you
definitely
are
going
to
want
to
get
that
Network
ACLs
going
one
of
the
key
ones
is
you
know,
other
namespaces
can't
reach
other
namespaces
right
and
then
ensure
that
your
tools
are
properly
configured
that
need
to
jump
into
every
single
namespace
right.
They
have
the
proper
permission,
but
they
they're
not
too
grabby.
Right
least,
privilege
is
the
big
thing
and
and
definitely
I.
Think
testing
here
is
very
important.
D
Depending
on
the
workloads
I
mean
several
clusters
might
be
a
thing
with
how
easy
it
is
to
spawn
new
clusters
and
and
and
configure
them.
You
know
kind
of
set
up.
Think
of
a
couple
for
what
you
want,
depending
on
the
workloads
that
you
know
that
could
be
doable
but
I
think
it's
a
little
bit
tedious
for
if
you
have
many
many
customers
right
as
your
volume
increases
all
those
clusters,
it's
going
to
be
a
pain
to
manage
all
those
and
and
rollout.
D
Oh
I've
got
no
problem
detector
and
this
new
HP,
a
policy
that
I've
got
know
about
need
to
roll.
It's
four
hundred
thousand
clusters:
that's
gonna
be
a
little
tedious,
so
yeah
I
think
it's
definitely
doable.
Although
that
kind
of
answers
this
question,
but
it's
gonna,
take
a
decent
one,
I
for
just
like
anything
else,
multi-tenancy
VMs
and
all
that,
like
there's
gonna,
be
obviously
security
concerns
as
well.
You
know:
do
you
want
to
use
kind
of
containers
or
a
different
runtime
and
other
variables
are
on
how
you
run
your
nodes.
B
C
D
C
E
D
F
Found
it
alright
out
we're
not
one
alternative
on
omission
to
is:
there's
a
couple
projects
like
Qbert
virtual
cubelet,
where
you
can
actually
you
know,
run
run
DM
z--
as
workloads
and
inside
kubernetes.
So
it's
kind
of
running
around
the
answer
to
the
to
the
question,
but
you
know
in
theory
you
could
launch
vm's
with
kubernetes
and
then
you
know
bootstrap
of
kubernetes
cluster
in
there.
But
you
know
how
it
depends
on
how
far
down
the
wormhole
you
want
to
go.
Yeah.
B
D
B
Dan
says
it
gives
a
ton
of
good
information.
Our
bag
has
been
a
challenge
to
learn,
but
it
generally
makes
sense.
Thanks,
guys
really
appreciate.
The
question
dan
pure
would
like
to
add:
there's
some
info
from
Jesse
Frizzles
blog,
so
a
bunch
of
her
posts
have
been
turning
on
Hacker
News
this
week.
I
guess
her
blog
is
having
a
good
week.
Basically
anything
she
writes,
you
should
read.
B
So,
let's
see
our
rights
anything
else.
As
far
as
it
comes
to
multi-tenancy,
all
right,
damn
feel
free
to
check
in
with
us
periodically.
I
would
like
to
know
how
people
get
on
when
it
comes
to
you
learning
this
kind
of
stuff,
and
hopefully
that
answered
is
useful.
All
right.
Moving
on
Dave
would
like
to
ask
lo.
Is
there
a
quick
and
dirty
way
to
convert
a
node
to
a
master
in
kubernetes
I
added
this
little
labels
No
we
rolled
that
Cooper,
nays,
I/o
master,
and
this
the
specs
taints
effect
no
scheduled
keynote
role.
B
F
Know
with
with
cube
idiom,
you
know
what
I
would
do
is
probably
drain
it
drain.
Then
the
worker
node
and
then
you
know,
set
up
a
configuration
and
then
use
the
alpha
phase
stages
to
manually.
Add
it
I,
don't
believe,
there's
a
quick
and
dirty
way
to
to
just
you
know:
that'd
be
cool
if
it
was,
though
yeah.
B
B
C
They
tend
to
spin
it
and
manage
them.
The
control
plane,
notes
separately
right,
like
in
GK.
You
don't
really
have
access
to
those
at
all,
and
then
it
sort
of
really
depends
on
how
they're
actually
like
provisioning
the
sort
of
control
plane
services.
I
know
that,
with
you
know,
cube
ATM,
especially
when
you're
like
they
have
the
whole,
like
H,
a
deployment
method
now,
so
it
is
technically
possible
to
like
add
another
node
and
get
something
up
and
going
in
there.
B
B
B
Yeah,
I
personally,
I
like
my
lab
setups
when
I'm
tearing
up
in
clusters,
like
it's
really
nice
to
just,
have
cube
and
in
there.
So
just
do
this
thing,
I
really
like
it.
So
shout
out
to
those
of
you
that
are
working
on
that.
Ok,
let's
see!
Where
are
we
any
follow-up
questions
on
that?
One
Dave
I,
don't
know
if
Dave's
actually,
on
the
show,
we
got
this
one
from
kubernetes
users,
both
or
it's
from
users.
Ok,
does
anybody
have
any
questions
in
the
office?
Irish
Channel,
please
feel
free
to
to
ask
a
question.
B
C
D
D
Had
cube
leo
going
either
way,
yeah
watches
or
ingress
definitions
and
in
the
ingress
definition
you
basically
say
I
want
us
to
sell,
and
then
it
basically
goes.
You
know
to
let's
encrypt
does
what
it
needs
to
do,
get
to
serve
for
that
domain
and
then
I
believe
Lego
stored,
the
cert
in
a
secret
and
then
cert
manager
was
like
a
CRD
I
think
this
is
all
like
rusty
knowledge
as
well,
so
things
that
could
have
changed
on,
but
that
the
TLDR
is
locked,
maybe
I
for
her
stuff
engines
and
then
reading.
B
D
Okay,
cool
so
basically
yeah
a
sentence,
cube
Lego,
actually
both
Lego
and
sort
manager,
sir
manager,
being
the
newer
just
watched
the
kubernetes
api
for
ingress
definitions
that
are
made
that,
but
basically
anything
that
requires
as
a
cell
TLS
anything
with
any
domain.
It's
looking
for
that
they
read
that
they
go
out
to
love
some
trips.
They
get
the
skirt
and
I
believe
sir
manager
stores
it
as
a
CR
and
then
Cuba.
D
They
go,
which
I
believe
is
old
now
and
you
probably
should
not
be
using
actually
stores
it
as
just
like
it's
a
basically
secret,
so
that's
utilized
by
indexing
dress,
then
so
yeah,
but
Sir
manager.
I
believe
is
the
live
like
what
you
want
to
be
using
right
now
and
I
that
nginx
Lego
like
years
ago,
that's
sitting
in
the
church,
stable
repo,
so
I
yeah
that
should
maybe
get
cleaned
out.
Honestly
I,
don't
know!
If
anyone
does
that
yeah.
B
And
I
looked
at
all
the
Forks
I
could
on
github
and
they
all
seemed
like
committed
two
years
ago.
So
I,
don't
I,
can't
really
speak
to
the
quality
of
that.
But
you
see
we
like
200
per
100
percent,
recommend
certain
manager
have
to
be
using
it
to
manage
over
a
thousand
certs
OG
actual
certificate
is
just
stored
as
a
normal
secret,
and
you
would
like
a
flow
of
one
more
question
here.
Nick
says
he
just
started
using
cert
manager
on
Monday
seems
great.
B
So
far,
thanks
Nick
for
your
plus
one
there
and
easy
can
float
a
question
here.
That's
not
in
the
backlog!
So
let's
do
it.
Does
anyone
have
an
exact
understanding
on
how
plus
roll
backs?
It
seems
like
a
field
upgrade,
can
leave
the
cluster
in
a
state
where
helm
has
created
resources,
but
it's
not
tracking
them
forward.
Shakes
and
home
fails
because
this
resource,
because
the
resource
it
tries
to
create,
already
exists,
roll
back
and
it
doesn't
clean
up
those
newer
resources.
D
So
I
remember
this
happening
quite
a
bit,
and
this
was
more
in
the
realm
of
this
actually
habits
on
install.
So
if
you
do
a
basic
install
from
scratch
and
something
goes
wrong
depending
on
the
object,
slash
resource
helm
will
not
clean
up
and
the
other
thing
is,
when
you
do
like
a
home
delete,
you
have
to
pass
the
purge
option
to
actually
clean
out
everything.
Well,.
F
D
Doesn't
do
that
by
default,
and,
and
so
is
it
really
so
rollbacks
yeah
there's
still
there's
still
run-ins,
where
you
got
something
too
deployed
and
it
doesn't
know
or
it's
not
tracking
it,
because
something
failed.
So
if
it
fails
it
just
it's
actually
registered,
though.
If
you
do
a
homeless,
so
see
the
deployment
and
it
will
usually
say
failed
or
running,
and
if
it
failed,
you
can
you,
you
have
to
kind
of
manually,
look
at
what
resources
failed
to
actually
deploy,
which
can
be
really
tedious.
D
In
most
cases,
you
know,
I
just
do
a
complete
purge
and
then
try
to
redeploy
it
in
terms
of
a
rollback
that
can
get
really
hairy.
So
I
think
it
depends
on
your
application.
It
depends
on
how
many
objects
helm
is
deploying
for
that
application,
like
config
maps
and
load,
balancers
and
and
other
things,
and
it
you're
gonna
want
to
do
a
lot
of
testing
with
roll
backs.
I
would
say
as
well.
D
B
I
see
their
typing
I
just
want
to
add
that
during
the
European
sessions
now
Matt
Farina
from
helm
has
actually
been
able
to
join
us
to
actually
have
a
helm,
a
person
from
helm
also,
unfortunately,
he
can't
commit
to
the
West
Coast
time.
So
when
we
have
home
questions
like
this,
if
there's
follow-up
and
it
gets
a
little
hairy
beyond
our
expertise,
we
can
definitely
pass
it
along
to
that
team.
It
looks
like
they're
typing,
but
Mario
you'll
always
be
my
favorite
Homer
I.
Just.
F
Want
to
add
to
that,
it's
always
nice
to
just
specify
name
space
whenever
you
deploy
stuff
with
helm,
to
kind
of
keep
things
separate
because
just
makes
it
easier
to
clean
things
up,
especially
in
this
state
that
we're
talking
about
yeah.
D
I
want
it
yeah,
absolutely
specifying
name
space
if
you
don't
whatever
the
current
context
and
namespaces
and
your
environment
is
used
unless
there's
something
set
in
the
actual.
You
know
in
the
deployment
templates
for
namespace,
which
just
happen
with
something,
with
a
with
a
lot
of
things
like
monitoring
tools
that
you'll
find
in
the
charts,
repo
that
have
a
cue
system
hard-coded
in
there.
D
That's
something
to
look
out
for
as
well,
so
also
there's
two
flags
to
helm
that
you
can
pass
with
every
command
and
they
are
debug
and
I
run
I
highly
recommend,
both
of
them
for
any
initial
testing
and
those
will
also
print
out
the
final
template
with
values
matched
together.
The
final
m/l
that's
actually
being
committed
to
the
cluster,
so.
B
Yep-
and
it
just
so
happens
those
of
you
watching
in
chat.
We
had
Matt
Farina
speak
at
our
local
group
and
we
got
a
video
of
that
talking
about
home
3
in
the
tiller
list,
home
3.
So
we
went
ahead
like
that
session
and
his
slides
into
the
channel
and
also
going
to
YouTube
the
kubernetes
YouTube
channel
for
this
morning's
office.
B
Our
section
where
Matt
coming
gave
us
a
ten-minute,
TL
DR,
here's
what
coming
in
helm
3
here
the
major
changes
things
to
watch
out
for
so
he
was
definitely
here
this
morning
and
has
a
lot
of
good
information
so
check
the
previous
session
in
in
the
office
hours.
It
will
be
dated
20
18
21
11
same
as
this
one,
except
without
the
West
Coast
in
the
title.
So
hopefully
that
answers
your
question
and
gives
you
something
to
think
about
feel
free
to
post
a
follow-up
with
that
any
other.
B
Alright,
moving
on
David
would
like
to
ask
this
is
a
question
from
kubernetes
novice.
We
do
try
to
cover
the
novice
questions,
of
course,
as
we,
as
we
can
says,
with
distributive
block
storage
solutions,
does
the
dis,
speed,
eg,
raid,
SAS
or
SSD
matter,
or
it
is
a
software
layer
in
between
make
their
speed
similar
now
I
know
it's
easy
to
say,
hey
if
you
have
SSDs,
of
course,
always
just
use
these.
Do
we
have
any
opinions
here
as
far
as
depends.
A
B
B
E
On
Prem,
in
my
opinion,
is
still
like
the
most
difficult
area
for
an
on-prem
sort
of
solution.
You're
trying
to
put
all
that
up,
we
have
folks
using
rook.
We
have
some
folks
that
just
use
straight
NFS
to
basically
a
storage
array
in
the
backend
mm-hmm,
but
in
the
end
it's
still
storage,
on-premise,
still
the
harder
the
hardest
of
the
the
challenges
going
from
the
cloud
to
on
from
Jeff
and
probably
have
a
similar
opinion.
I.
C
One
thing
I
can
comment
about
that:
SEF
is
Paul.
Your
best
option
to
get
the
most
flexibility
for
an
on-prem
tool
and
like
I,
would
definitely
recommend
a
dedicated
SEF
admin,
because
you
can
tune
the
heck
out
of
that
thing.
If
you
want
like,
if
you
want
to
just
put
mostly
spinning
disks
and
hosik
to
nvme
disks
and
use
them
for
essentially
cache,
you
can
do
that.
There's
all
sorts
of
ways
of
tuning
it
yeah.
B
F
Around
this
space
and
another
post,
one
for
open,
EBS
I
found
the
install
was
a
lot
more
straightforward,
although
that
then
at
rook,
but
all
the
rook
does
do
you
set
our
Neath,
which
is
probably
you
know,
more
bulletproof
and
stable
in
the
long
run.
But
a
lot
of
a
lot
of
nice
work
recently
coming
out
in
this
space
for
sure
mm-hmm
I
see.
B
People
people
furiously
typing
in
chat
alright,
so
while
people
but
people
discuss
stories,
we're
gonna
go
ahead
and
ask
a
follow-up
for
Sally
or
I'm.
Sorry
soggy
would
like
to
ask
hold
on
they've
got
a
picture
of
a
dog
Nicholas
Lane
soggy
has
a
picture
of
his
dog
and
a
slack
icon.
I
had
to
look
something
that
comes
up
occasionally.
How
have
y'all
handles
certificate
rotations
for
the
route
kubernetes
certificate?
B
D
I
just
give
it
a
certain
manager,
and
it
just
automatically
goes
to
Lutz
and
preppies
I'm.
Joking
completely
joking,
you
don't
do
that
I.
Actually,
I
would
like
to
I
feel
like
there's
a
couple
tools
that
have
been
released
around
this
I
can't
remember
what
they
are.
So
if
anyone
else
has
details,
I'd
like
to
know
that
kind
of
keep
users
updated
for
you,
mm-hmm.
C
C
Our
original
cluster
that
we
deployed-
oh
that's,
that's
now
gone
I-
did
use
the
science
source
for
everything
and
managed
everything,
sort
of
out-of-band
separately
and
I
had
a
root
certificate.
I
then
created
a
sort
of
another
rich
term
get
signed
with
that
one
CA
root
and
then
managed
it
that
way
and
I
kept
the
CA
cert.
You
know
sort
of
in
my
pocket
someplace
else
completely
separate
from
everything
it.
F
B
F
Yeah
I,
just
personally
just
can't
get
enough
of
all
you
know:
I'm
not
use
that
specific
back-end
for
it,
but
use
it
within
different
scenarios
with
apples-
and
you
know,
having
you
know,
rotating
secrets,
and
you
know
getting
tokens
and
things
like
that
and
it
container
so
awesome
project
I
know
that
definitely
check
out
the
core
arrests
of
all
operator
that
came
out
this
year.
So
it
makes
a
lot
easier
to
deploy
it
then,
in
in
previous
times,.
B
B
Generally
fan
of
all
their
operators,
so,
okay,
anything
else
before
we
move
on
from
certificates,
so
sounds
like
Moulton
operator.
All
the
things
all
right.
Moving
on,
let's
see
all
right
rain
would
I
like
to
ask
what
does
updating
the
image
of
a
deployment?
Typically
look
like
like
when
you
want
to
start
with
running
a
new
version
of
an
image.
If
I
use
cue
cuddle
set
image,
my
mo
file
will
be
in
sync
with
the
current
state
anymore
and
I
can't
apply
it
in
case.
There
are
other
changes
later,
not
sure
how
to
automate
this.
A
So,
there's
this
concept
of
get
ops
the
way
that
we
typically
do.
It
is,
if
there's
a
new,
build
it'll,
actually
update
the
file
and
then
run
the
deploy
from
the
file
all
within
the
same
like
build
pipeline
mm-hmm,
so
that
that
is
a
very,
very
plain
answer
for
a
very,
very
complex,
subject:
route
now
that
I'm
thinking
about
it,
but.
F
Was
just
it
depends
on
your
CI
CD,
there's
tons
of
different
tools,
and
things
like
that.
You
know
the
the
main
issue
that
is
the
promised
route
is
very
real,
though
you
know
you
don't
want
to
get
things
out
of
sync
and
you
don't
want
to
do
things
in
a
non
declarative
way,
which
is,
if
you
start
doing
it.
You
know
it's
a
command
line.
You
know
and
setting
the
images,
and
you
know
kind
of
lose
track
of
things.
I
mean
if
you
want
to
go
hyper
scale.
B
All
right,
I'm
going
to
move
I'm
going
to
skip
a
question
and
move
on
to
a
related
one,
which
is
hello.
My
rails
application
is
two
important
files:
the
database
that
UML
and
a
configuration
dot.
Yeah,
no
I,
don't
want
to
store
these
files
in
a
git
repo
for
security
reasons.
What
other
solutions
should
I
use
in
kubernetes
using
secrets
stored
in
the
main
space.
F
Vault
well,
there's
also
a
project
called
sealed
secrets
where
you
know
you've
got
it's
kind
of
like
you've
got
your
key
that
decrypts
these
things,
you
know
possibly
kubernetes,
and
that
way
you
can
actually
store
it
in
your
repo.
But
you
know
it's
not
sitting
out
there,
which
is
a
nice
little
happy
medium.
If
you
don't
want
to
go
full
ball,
yeah.
B
C
B
B
B
F
B
B
Seeing
more
options
in
this
space,
we
are
running
out
of
time.
So
maybe
let's
do
this
time,
for
maybe
one
or
two
more
questions
like
to
prioritize
those
in
the
channel
for
those
of
you
that
are
listening,
live
so
if
you've
got
them
queue
them
up
now,
then
we
will
do
the
raffle,
which
Jeff
will
figure
out
now
and
then
this
morning
we
forgot
to
do
the
raffle.
We
haven't,
do
it
at
the
last
second
and
then
we'll
do
the
raffle
and
then
we'll
close
it
up.
B
So
if
you've
got
any
questions,
I
see
people
furiously
typing
I
see
Matt
Barina
typing
in
chat.
So
maybe
he
has
some
insight
on
my
hum
questions
that
were
asked
previously
welcome,
Matt.
If
you're
listening
and
we'll
give
everyone
a
few
minutes,
just
a
reminder,
we
won't
be
having
office
hours
in
December
as
that's
right
after
cube
con
and
a
bunch
of
us
will
be
sleeping
recovery.
B
So
not
not
a
lot
of
official
kubernetes
stuff
happening
around
the
holidays,
with
a
lot
of
kids
and
meetings
and
stuff
like
that,
as
everyone
takes
a
break
with
window
30
and
everyone
being
really
happy,
keep
console
abrading,
113
taking
a
bit
of
time
off
and
then
starting
with
one,
not
14.
As
soon
as
we
get
back
are.
C
We
doing
an
office
hours
that
cube
con
I,
don't
think
so.
Okay,.
B
I,
don't
know
I
think
with
the
contributor
summit.
We
just
decided
not
to
have
that
my
true,
but
those
of
you
listening,
we
will
be
at
just
about
everybody
here
will
be
at
cube
con,
so
you
can
always
come
see
us
I
always
have
stickers
and
stuff.
If
you
have
feedback
on
how
we
can
improve
the
show,
if
you
love
it
hate
it,
you
can
hang
out
with
us.
B
Would
love
to
hang
out
with
any
of
you
going
to
cube
con
definitely
come
see
us
and
Matt
would
just
like
to
say
that
he's
a
SAP
user
as
well.
So
that's
always
a
good
to
know
all
right.
Ecs
has
anyone
bothered
with
priority
class
on
pods,
especially
if
you
have
a
cluster
auto-scaling
at
your
disposal?
Yes,.
A
F
C
B
Right
and
the
last
question
belongs
to
you:
wait
unless
there's
a
follow-up
from
me.
You
see,
let's
see
I
love,
to
see
the
threaded
replies
firing
off.
The
last
question
belongs
to
you:
Dan
manners,
any
highly
recommended
classes,
conferences,
you'd,
recommend
the
check
at
Q.
Khan
I've
got
a
few
but
I'll.
Let
the
panel
go
first
I've.
B
It's
a
contributor
summit
is
sold
out,
unfortunately,
but
those
sessions
will
be
recorded
and
shoved
onto
the
youtube
channel.
One
thing
to
note
is
just
about
every
session
at
Q.
Khan
is
recorded
and
ends
up
on
the
CN
CF
YouTube
channel
like
the
next
day.
It's
like
a
really
short
time
and
it
gets
edited
and
stuff.
So
there's
a
lot
of
times
where
it's
like.
Oh
no,
there's
three
or
four
sessions
going
on
all
at
once.
B
Definitely
the
cigs,
so
cigs
of
special
interest
groups
in
kubernetes
doo-doo
status
updates
throughout
cube
con
and
cloud
made
of
con
well
they're
kind
of
talking
what
they're
working
on.
So,
if
that's
important
to
you,
you
can
go
directly
to
the
group.
That's
working
on
a
certain
feature.
So
the
question
that
asked
about
you
know:
Federation
sig,
multi
cluster
would
be
a
session
that
you
would
want
to
attend
to,
because
the
people
that
actually
work
on
this
stuff
go
to
these
sessions.
They
kind
of
give
you
roadmaps.
B
They
talk
about
what
they
worked
on
the
last
cycle,
whether
I
want
to
work
on
this
cycle.
A
lot
of
SIG's
are
also
asking
for
direct
user
feedback,
so
I
know
say
close.
Your
life
cycles
always
like.
Please
tell
us
what
we
need
to
fix
for
bare
metal
and
cube
admin,
and
you
have
access
to
them
to
be
able
to
just
give
them
direct
feedback.
So
I
definitely
recommend
the
sig
sessions.
Many
other
sessions
that
are
peaking
your
interests
panel
unless.
B
B
B
So,
if
you
haven't
heard
guys
cube,
will
be
performing
at
cube,
gun
kind
of
the
most
Puneeth
ever
so
with
that,
let's
close
it
up.
First,
let's
run
the
raffle
real
quick
I
have
a
quick
outro,
so
real
quick
before
we
close
out
like
a
thank
our
panel
for
contributing.
If
you
want
to
be
on
this
panel,
it's
volunteer
only.
So
please
thank
our
illustrious
panel,
who
gave
their
time
and
I
also
like
to
thank
the
following
companies
for
supporting
the
community.
B
By
allowing
these
developers
to
sit
in
on
office
hours,
these
companies
are
giant
swarm,
hefty
o
stock
X
packet,
dot,
Matt
Kuchar
com,
Red,
Hat,
Samsung
SDS.
We've
worked
VMware
Xing
Huawei
and
the
University
of
Michigan
good
luck
this
weekend,
you're
gonna
need
it
and
special
thanks
to
Google
who
sponsors
the
t-shirt,
giveaway,
hey
it's
a
Michigan
panel.
So,
hey
we're
gonna
talk
about
the
Michigan
game
and
thanks
to
Google
for
sponsoring
our
t-shirt,
giveaway
speaking
of
the
t-shirt,
giveaway
Jeff.
Do
we
have
a
winner
for
today?
B
Yes,
we
do
and
it
was
soggy
soggy,
alright,
PME,
soggy
and
I
will
send
you
a
code
to
the
CNC
F
store.
Where
you
can
wear
this.
You
can
get
yourself
a
nice
swanky,
kubernetes
t-shirt
and
with
that,
like
we
said,
we
will
not
be
around
December,
so
New
Year,
it's
always
the
first
ones
day
of
every
month.
We
will
send
notifications
into
the
usual
slack
channels,
thanks
everyone
for
listening
in
and
participating.
We
appreciate
it.
Everyone
have
a
good
holiday
for
those
of
you
in
the
u.s.