►
From YouTube: Kubernetes SIG On-Prem Meeting 20170201
Description
Kubernetes Special Interest Group On-Prem Bi-Weekly meeting
Agenda/minutes:
https://docs.google.com/document/d/1AHF1a8ni7iMOpUgDMcPKrLQCML5EMZUAwP4rro3P6sk/edit#heading=h.nrh4k3ck5icu
Mailing list:
https://groups.google.com/forum/#!forum/kubernetes-sig-on-prem
A
C
A
Let's
see
so
thanks
for
the
intro
and
thanks
for
having
me
well
I,
don't
I
promise
I,
don't
have
much
slide
so
yeah.
My
name
is
Alex
Fran
I'll
be
talking
about
cheese,
matic
and
cosmetic
enterprise.
Toolkit
I
work
at
a
friend
that
I've
been
around
I've
been
out
of
hand
up
for
about
three
years
before
digging
in
I.
Just
want
to
put
a
friend
92
context.
We
we
fell
in
love
with
Cooper
Nettie's
about
a
year
a
year
and
a
half
ago,
and
we've
been
collaborating
with
the
community.
A
We
really
enjoy
being
part
of
the
community.
We
are
mainly
involved
in
six
Buster
lifecycle,
helping
with
cube
ADM.
We
are
working
with
big
windows.
We
are
interested
in
bringing
and
windows
to
the
crew
benetti's
world,
we're
also
working
in
six
ash
borer
than
that
you're
getting
started
and
joining
us
sing
on
frame,
which
I
think
is
going
to
be
awesome.
A
So
kids
matic
itself
is
a
toolkit
and
what
we're
interested
in
is
bringing
some
of
the
lessons
learned
from
the
community
and
the
customers
into
this
set
of
tools
and
put
the
best
practices
that
we
that
we
think
are
the
ones
to
go
with
into
code
and
make
this
this
toolkit
accessible
to
as
many
people
as
we
can
as
we
can.
So,
if
I
can
search
by
school,
kids
or
text
for
short,
is
a
collection
of
currently
five
full.
A
The
first
one
is
the
CLI,
which
is
the
main
tool
that
the
biggest
tool
the
tool
kit,
which
is
what
allows
you
to
install
and
manage
through
Nettie's
cluster.
So
we
deploy
vanilla
pernetti's
and
we
try
to
keep
up
with
the
releases.
The
creative
team
is
doing
an
amazing
job
and
releasing
patches,
and
we
try
to
keep
up
with
them.
We
try
to
release
ad
most
a
week
after
akua
Nerys
release.
So
that's
that's
been
that's
been
our
motto
for
now.
After
that
we
have
the
inspector
which
allows
you
to
run
validation
against
your
infrastructure.
A
A
We
deploy
a
couple
of
pods
and
a
service
and
make
sure
that
everything
is
accessible,
that
the
network
is
configured
properly
and
that
everything
is
working
and
next
we
maintain
our
own
rpm
and
death
packages.
So
for
some
of
our
customers,
what
we've
seen
is
that
they're
interested
in
installing
behind
the
firewall,
so
this
allows
them
to
download
these
packages
and
happen
in
their
own,
their
own
registry
or
repo
and
use
them,
and
then,
lastly,
we
have
a
provision
tool
which
is
mainly
for
demo
and
test
environment.
A
Kinematic
itself
is
agnostic
to
the
underlying
infrastructure.
So
if
we
found
that
for
some
of
for
some
of
us
it
was
difficult
to
stand
up
infrastructure
or
you
know,
stand
up
a
demo.
We
wanted
something
quick,
so
we
built
this
little
tool
that
allows
us
to
to
provision
some
of
the
environments
for
for
using
with
cosmetics,
so
I'll,
just
I'll
double
check
that
I'm
not
missing
anything
in
the
chat
cool
yeah.
It's
mostly
go
and
it's
open
source.
A
We
are
working
on
upgrades
I'll,
get
into
that,
so
the
main
I'll
dig
into
cosmetic
a
bit
more
and
the
main
workflow
is
that
there's
a
couple
of
phases
during
the
thickest
attic
insulation.
So
the
first
phase
is
guiding
the
user
through
what
we
call
a
planning
phase
and
setting
up
Cooper
Nettie's
is
a
little.
You
have
to
make
a
couple
of
decisions
that
you
have
to
think
about
your
cluster
and
what
it's
going
to
look
like.
A
So
through
a
combination
of
documentation
and
the
CLI,
we
guide
the
user
through
through
planning
their
cluster
once
the
once.
The
final
phase
is
done.
We
actually
capture
all
this
information
in
a
plan
file.
What
we
call
it
on
tile,
which
basically
has
all
the
information
we
need
and
we
go
ahead
and
run
validation
to
make
sure
that
everything
is
okay
and
we
use.
A
We
use
the
inspector
here
as
a
measure
before,
and
the
last
step,
of
course,
is
to
actually
apply
the
plan
against
the
infrastructure,
and
this
is
where
we
actually
go
ahead
and
stand
up
the
cluster
and
make
and
make
it.
So
basically,
so,
given
the
distance,
we
come
from
I'll
address
some
of
the
challenges
that
we
are
trying
to
solve,
or
that
we
think
we
really
v8
so
I
mentioned
before
the
distant
accident
spell
is
one
of
them.
We,
we
support
a
private
container
registry.
A
So
if
you're
again,
if
you're
running
behind
the
firewall
or
if
you
just
want
to
use
your
own
internal
registry,
you
can
tell
us
where
it
is
and
we
will
use
it.
Otherwise,
if
you're
behind
a
firewall
but
don't
have
a
registry,
we
can
also
set
one
up
for
you,
so
you
can
tell
if
they
actually
yet
could
you
please
set
up
a
registry
for
us,
and
we
do
next
is
right.
A
Next
is
ingress
where
we
we
encourage
our
users
to
set
up
dedicated
ingress
nodes,
and
the
reason
for
this
is
we.
We
usually
find
that
it
will
have
different
firewall
rules
or
they'll,
be
in
a
DMV,
for
example.
So
in
the
plan
file
you
can
tell
us
a
these
are
the
notes
there
are
going
to
be
in
breast
notes
and
we
deploy
an
english
controller
onto
the
ingress
nodes
and
then
finally,
the
latest
feature
we've
released
is
support
for
storage,
which
is
what
I'm
going
to
focus
on
the
demo
today.
A
I
don't
want
to
make
you
fit
through
uninstall,
which
isn't
very
interesting
so
before
before
I.
Do
that
I'll
see
if
there's
any
questions
or
maybe
it
seems
like
they
want
to
do
it
after
them?
Oh
yeah,
I
make
sense,
looks
good
questions
after
the
demo,
so
I'll
just
jump
in
into
my
CLI
and
I
hope
you
can
see
this.
A
The
first
thing
I
did
was:
prove
it
useful
vision
to
create
couple
of
nodes
on
AWS,
and
this
basically
generated
a
plan
file,
which
is
the
kinematic
cluster
plan
which
we'll
look
at
in
a
second
and
then
I
just
ran
apply
on
the
plan
file
and
we
just
ran
through
a
bunch
of
steps
to
to
set
up
the
cluster
and
at
the
end
we
get
a
shiny
new
cluster
and
we're
ready
to
go
so
before
diving
to
the
demo.
I'll
look
at
the
cluster.
A
The
plan
file
and
you'll
see
that
we
have
a
bunch
of
a
bunch
of
information
here.
Some
decisions
around
networking
we
deployed
calico,
so
we
support
either
an
overlay
network
or
router
network
using
bgp,
given
as
we
use
calico.
We
also
support
top
policy,
so
you
can
enable
policy
if
you
don't
have
dns
and
given
that
this
is
mainly
a
demo
cluster
I
don't
have
PMF
set
up
so
I'll
just
ask
schismatic
to
update
my
host
files.
We
generate
certificates,
we
use
ansible
under
the
coverage,
so
we
need
at
this
age
and
we
need
SSH.
A
We
need
an
ssh
key
for
the
node.
This
is
where
you
stand
up
the
registry
and
then
just
a
bunch
of
notes
that
we're
going
to
use
for
the
cluster.
So
this
is
the
list
of
nodes.
I
didn't
set
up
an
H
a
cluster
today,
because
it's
just
a
demo,
so
I
don't.
I
don't
really
need
it,
but
we
do
support
it.
We
can
do
SE,
DHA
or
master
a
che,
and
then
we
just
list
the
worker
nodes,
so
you'll
notice
here
that
I
have
to
work
your
notes.
One
of
them
is
an
ingress.
A
I
didn't
do
a
dedicated
interest,
because
I
didn't
want
to
stand
up
extra
p.m.
so
I
have.
One
of
them
is
a
dangerous
and
then
both
are
going
to
be
part
of
the
cluster
cluster.
That
hispanic
is
going
to
set
up
so
I'm
going
to
quit
here
and
I'll
actually
start
working
with
my
volume,
so
kids
matic
has
for
now
it
has
a
couple
of
command
around
volumes.
The
first
one
is
the
ability
to
add
a
storage
volume
in
the
second
one.
A
Is
the
ability
to
lift
so
I
am
going
to
list
my
volume,
then
there's
nothing
there,
because
I
haven't
created
anything.
So
what
I'm
going
to
go
ahead
is
I'm,
going
to
add
a
new
volume
and
to
add
a
new
volume.
I
have
to
give
it
a
side,
so
I'm
going
to
do
one
gigabyte
and
I'm
going
to
say,
I'm
going
to
call
it
my
volume
and
given
that
this
is
backed
by
luster,
I
can
actually
give
it
a
couple
of
interesting
parameters,
mainly
around
replication
and
distribution.
A
So
I
can
say
I
actually
want
my
data
to
be
replicated
in
two
nodes.
So
I
can.
I
can
specify
that
and
then
I
can
also
specify
a
storage
class.
So,
for
example,
if
I'm,
if
I'm
a
storage,
engineer
and
I'm
setting
up
this
replicated,
stores,
I
can
call
it
may
be
durable
or
replicators,
or
something
like
that
for
now
I'm
going
to
use
my
class
because
I
think
that's
what
I
use
and
in
the
PVC,
so
I'm
going
to
hit
enter
and
kids
matic
is
going
to
go
out
to
the
storage.
A
A
Come
on
sit
there,
we
go
so
yeah.
So
now
we
created
the
Gloucester
volume
and
then
we're
going
to
go
ahead
and
create
the
PV,
and
then
we
can
see
that
I
get
a
little
cube,
CT
I'll
command.
That
I
can
use
to
valid
to
look
at
my
volume
and
we
get
the
volume
that
I
just
created,
and
then
we
actually
work
a
little
bit
with
the
list
command
to
give
the
user
a
little
bit
more
information
about
the
volume,
so
you'll
notice
that
the
replication
count
is
here.
A
A
Pvc
first,
so
that
I
can
claim
my
volume
so
I'll
create
a
PVC,
and
I
created
my
PVC
and
if
I
go
back
to
you,
know
falling
list,
the
status
changed
to
bound
and
then
to
actually
consume
this
storage.
I
have
to
force,
deploy
at
work
load
and
you
might
have
guessed
it
and
there,
the
port
engine
X
the
usual
the
class
that
you
demo
lap.
A
So
I'll
go
ahead
and
do
that
I'm,
so
I'm
going
to
create
my
deployment
and
if
I
lift
my
volumes
again,
you'll
notice
that
it's
going
to
actually
tell
me
that
it's
the
claim
is
that
dip.
The
claim
is
that
the
following
the
sound
and
that
these
are
the
cause
and
container
they're
actually
consuming
my
stores
and
again
this
information.
We
thought
was
important
for
operators
so
that
they
know
it,
for
example,
for
whatever
reason
they
have
to
take
one
of
the
nose
out
for
maintenance.
How
would
that
affect
anything?
A
That's
running
or
anything,
that's
using
the
the
storage.
So
that's
mainly
the
the
demo.
The
installing
wouldn't
wouldn't
be
super
interesting,
so
I
thought
showing
some
of
the
storage
stuff
would
be
one
of
the
most
interesting
features
for
fur
on
prem.
So
I'll
go
back
to
the
slides
here
and
just
talk
a
little
bit
about
what's
next,
so
we've
been
working
on
upgrades,
we
hope
to
have
that
in
the
next
month.
A
We're
working
on
that
and
then
after
that
we
are
looking
at
the
logging,
monitoring
and
alerting
and
authentication
and
authorization
is
are
the
couple
of
things
are
next.
Our
roadmap
is
fairly
fluid,
so
once
like,
once,
we
release
a
new
feature,
we
actually
revisit
and
make
sure
that
there's
no
changes
in
priority,
but
for
now
this
is
what
we're
looking
at
next
and
with
that
oh
I'll,
open
the
floor
for
questions,
I.
Think
there's
a
bunch
in
the
chat.
A
D
A
A
Yeah,
we
did
so
we
we
just
use,
we
we
use
go
here
and
we
just
use
the
API
client
for
the
various
infrastructure
providers.
Oh
yeah,
we
for
now
we
support
AWS
package
neck
and
make
a
question
was
around
high
availability.
Yes,
we
do
support
high
availability,
be
for
now.
The
low
bountiful
concern
that
we
push
it
to
be
the
easier
they'll
have
to
set
up
a
little
bouncer
or
whatever
techniques
they
want.
44
we're
actually
load
balancing
the
demands
there,
the
schismatic
setup
and
networking.
Yes,
it
does.
A
It
stands
up
kalso
networking
what
interests
implementation?
Are
you
using
an
additional
features
in
gulf
of
interest?
We
don't
currently
add
anything
on
top.
We
are
using
the
engine
X
implementation,
where
the
schismatic
fit
into
work
around
cube,
ABM
yeah.
So
this
is
a
great
question:
we're
actually
tracking
cube
ABM
fairly
closely.
We
would
love
to
eventually
move
over
to
using
cube
ABM
to
stand
up
clusters,
but
one
of
the
things
that's
blocking.
That
is
the
ability
to
stand
up
an
H,
a
we're
working
on
now.
A
Client
for
flannel
support,
we
don't
have
plans
for
final
sports.
We've
been
fairly
happy
with
Callaghan,
we
haven't
ran
into
anything.
I
was
overlay
and
calico
supports
overlay,
so
Kevin
found
the
reasons
to
do
that,
but
we're
open
to
it.
Definitely
what
is
the
biggest
cluster
deployed
using
cosmetic
I?
Think
last,
the
last
steps
with
it,
I
think,
was
around
100
nodes.
A
That's
for
storage!
No!
Not
at
the
moment
we
week
before
two
options
with
storage,
wanted
to
bring
your
own
NFS
or
stand
up
a
cluster
cluster.
We
haven't
looked
into
stuff,
we're
definitely
open
to
that.
If
people
wanted,
this
is
provisioner.
Work
with
metal
clusters
know
the
provision
air
is
making
for
cloud.
A
D
A
A
Can
you
discover
the
IP
host
info
of
an
instance?
Yes,
so
this
is
something
that
this
is
mainly
what
what
made
us
build
vision,
and
we
don't
have
a
good
answer
here.
We
haven't
had
a
chance
to
work
on
this.
We
know
that
you
know
typing
in
100.
Ip
is
a
pain,
so
here
we're
where
we
will
work
on
this
I.
Think
in
the
future.
A
A
Yes,
so
if
you
use
the
key
there
routed
network
approach,
we
actually
set
up
appearing
with
with
routers
and
ratliff
and
about
appearing
with
with
your
own
internalized
and
then
the
last
question
is
I
was
being
a
sandal
for
deployed
applications,
so
I
the
s
in
the
cluster,
we
actually
deployed
q
BN
s,
we
don't
touch
the
actual
vns
outside
of
the
cluster.
This
is
something
that
we
haven't
had
a
chance
to
play
around
with,
but
we're
definitely
looking
at
at
all
days-
and
this
is
excellent.
Excellent
feedback
looks
like
one
question.
A
Just
a
last
question
just
came
in
what
assumptions
are
made
about
the
host
setup,
so
the
couple
of
assumptions
are
you're
running
NOS
with
system
v.
We
do
use
system
restore
our
deployments.
All
that
might
change
is
sweet
little
into
a
containerized
appointment
and
all
the
the
the
nodes
must
be,
of
course,
network
addressable
by
hostname
and
IP,
and
they
have
to
be
all
the
subnet,
and
I
basically,
if
I
can
think
of
anything
else,
well
any
other
assumptions
that
we
make.
A
Network
cards
were
support
when
our
car
supposed
to
like
or
installation
manual
or
the
provision,
the
host
yeah.
So
there's
a
great
questions.
We
we
don't
provision
the
hosts
at
the
moment.
A
prerequisite
for
being
able
to
use
kinematic
is
that
you
bring
your
own
infrastructure
or
you
can
use
provision
to
set
up
up
in
the
clouds
without
unrelated
to
the
shipping.
So
I
long
talk
Letta,
but
yeah.
We
haven't
done
it
that
big
saluting
or
anything
like
that.
Yet
and.
D
E
A
Great
question
so
right
now,
the
the
registry
that
we
deploy
is
is
about
just
the
vanilla,
dr
registry,
and
that's
the
first
thing
with
is,
but
we
were
definitely
looking
into
other
options.
It's
currently
not
in
a
road
map,
but
if
our
customers
wanted
definitely
all
that,
I'm
looking
to
other
other
solutions
there,
but
you
had
a
short
answer
is
we
will
deploy
docket
about
the
vanilla,
dr
registry,
cleaner.
A
A
F
Had
a
follow-up
question
to
the
dr
question:
yeah,
oh
did
so
when
you
deploy
a
registry
if
it
is
a
docker
run
for
that
registry,
so
are
you
doing
it
in
dr
itself,
rounded.
E
A
G
A
So
yeah,
I
think
I'm
going
to
call
it
because
I
don't
want
to
think
of
lhasa
Domini
thanks
for
having
me
again
and
I'm
always
accessible,
feel
free
to
reach
out
either
via
Twitter
the
Cooper,
Nettie's,
black
or
e-mail,
or
you
know,
check
out
the
github
repo
if
you
think
we're
doing
something
that
would
could
be
doing
better,
please
let
us
know
yeah
we're
always
open
for
suggestions
and
collaboration.
So
again,
thanks
for
having
me
I'll,
stop
the
share
and
get
it
back
before
back
who
then
Thanks.
H
D
D
So
all
right
so
guys
if
I
miss
anything
for
the
universe
to
the
mouth
piece
of
it.
I
think
I.
I
skipped
some
of
the
question,
sir.
So
someone
added
the
the
cubicle
question
to
the
agenda.
So
do
you
guys
think
there's
a
there's?
A
need
to
meet
at
could
come
I
personally,
would
do
it
anyone
anyone
going
to
the
billing
yeah.
G
D
G
G
F
G
D
H
Clayton
just
asked
me
to
give
kind
of
a
brief
overview
of
some
of
the
things
that
that
we've
seen
with
open
shift
and
some
of
our
customers
for
on-premise
deployment,
and
also
some
of
the
things
that
we've
done
to
tackle
him
I,
just
not
like
a
full
demo.
I
just
want
to
run
through
some
points.
Briefly,
alright.
D
J
D
D
So
that's
great
I
think
we'll
have
a
lot
of
them.
There's
a
lot
of
people
willing
to
deliver
this.
That's
that's
great
yeah
I'm
from
a
feature
matrix
document,
so
I
think
I
need
to
change
the
screen.
So
can
you
guys
see
the
document
now
or
you
still
seeing
the
agenda
documents
if
I'm
not
true
how
the
sharing
works.
D
These
guys
I
was
meted
okay
again
well.
On
the
on
the
last
meeting,
we
were
struggling
to
actually
define
what
should
be
the
focus
in
terms
of
work
for
the
seat,
so
the
conclusion
was
that
the
single
person
is
to
actually
collect
or
identify
the
gaps
that
are
in
the
user
experience
on
premise,
so
that
was
proposal
to
start
this
document.
It's
it's
very
dumb.
D
For
now
we
just
collected
some
of
the
features
some
of
the
API,
etc,
etc,
and
there
are
some
obvious
areas
like
oil
provisioning,
which
be
a
problem
for
for
most
of
the
solution,
so
looks
like
people
are
just
skipping.
This
then
there's
networking
which
is
lacking
from
us
proper
you
x,
users
p.m.
and
probably
yes,
like
authorization
authentication.
So
we
wanted
to
start
collecting
this
and
there's
a
question
for
you
guys.
If
you
see
some
obvious
gaps,
we
could
hear
and
then
extend
it
to
some
usable
form
and
start
working
on
it.
D
C
D
I
have
some
issues
in
my
mic.
Probably
so
my
question
would
be:
what
are
the
other
implementations
that
exists
now
I
mean
we
have
some
of
the
stuff
that
we
found
in
the
in
different
places.
There's
a
service
loadmaster
in
the
car,
although
actually
in
the
country,
we
as
we
ramp,
is
we're
working
on
external
IP
controller,
which
sold
some
of
the
stuff.
So
is
aware
of
any
other
project
when.
H
D
Right
that
will
be
cool
if
you,
if
you
just
put
it
there
or
in
the
chest
yeah
yeah,
we
should
probably
check
that
sure.
Yeah
just
I
mean
what
is
the
reason
for
that
is.
We
might
not
be
able
to
work
on
all
of
the
stuff
up
flee,
but
we
want
to
work
on
the
documentation
and
then
we
want
to
mention
all
the
possible
solutions.
So
we
have
kind
of
diverse
dealership
documentation,
so
other
other
staff
guides
I
think
you
comes
to
mind
in
terms
of
load,
balancing.
K
All
right,
I
know
I've
seen
a
shim
or
like
s5
and
try
to
remember
where
the
link
was
just
looking
for
it.
I
I
think
the
main
problem
is
on
premise:
just
the
amount
of
options
we're
integrating
this
with
everyone
else.
Infrastructure
is
the
hard
part
where
someone
bought
an
f5
or
someone
bought
an
8
10
or
someone
was
AK
proxying.
We
don't
know
into
unless
you
build
in
everything
like
open
ship
does
I
mean
open,
should
pretty
much
gives
you
everything
with
some
integrations
externally.
K
K
Sure,
that's
how
I
mean
a
lot
of
people
are
doing
it,
but
automating
the
external
routes
into
that
is
also
even
custom.
Where
do
you
integrate
that
with
your
DNS
automatically
and
you
automatic
you
know,
do
you
have
separate
ingress,
routers
or
external
load,
balancers
routing
to
something
or
they'll
just
share
one
VIP,
or
how
do
you
actually
manage
that
yeah.
B
That's
that's.
That's
I!
Think
one
of
those
like
kinda
out
of
scope,
things
that
you
don't
want.
You
don't
want
to
do
because
everybody
has
their
own
internal
policies
on
how
they
use
their
load
balancers.
So,
even
if
you've
got
an
a
you
know,
big
IP
or
some
other
load
balancer
the
internal
policies
for
how
they
deploy
new
routes
to
those
it
can
be
completely
different.
If
some
people
might
use
all
the
at
the
cell
formation
features
and
some
people
might
only
use
them
as
layer
to
load,
balancers,
I
guess.
K
That's
also
one
of
my
questions
is:
what
is
the
scope
of
this
document
because
we're
obviously
not
going
to
you
know,
get
into
people's
policies.
We
can
say
hey
this
works
well,
if
this
doesn't
or
here's
some
ideas
on
how
you
can
implement
something
like
this,
but
I
mean
one
holistic
document
that
says
hey.
These
are
all
the
things
that
doing
don't
work,
and
you
say
you
solve
all
those
problems
obviously
have
let's
go
cuz
I'm,
I,
guess
I'm,
trying
to
figure
out
that
what
this.
D
Yeah
yeah,
that's
that's
a
good
question.
We
spent
some
time
on
last
meeting
discussing
that
and
looks
like
there's
no
clear
idea
and
you
perfectly
right
that
you
know
the
G
ecosystem
is
so
big.
That's
putting
everyone
they're
not
happening
in
you
know
not
harm.
Anyone
would
be
extremely
hard,
so
so
I'm
not
sure
I
mean
well.
The
ideal
situation
would
be
to
to
describe
all
the
stuff
that
is
in
either
in
in
a
core
or
country
or
incubation
right.
D
That
would
be
kind
of
safe,
safe
ground
for
this,
but
like
after
the
quick
look,
it
looks
like
it
might
not
be
enough,
but
at
the
same
time
it
might
you
know,
motivate
people
to
put
their
project
in
incubation
I'm,
not
sure
if
it's
good
or
not,
but
maybe
yeah.
Maybe
it's
got
the
idea,
so
it's
I
think
it's
also
asked
for
discussion.
You
know
how
this
document
should
look
like
we
won.
We
don't
want
it
to
be
kind
of
hundred
percent
up
in
United,
because
you
know
we
have
given
on
film.
D
D
I
H
I
L
K
D
Maybe
yeah
another
idea
is
that
we
actually
wanted
to
provide
the
user
with
the
information.
What
are
you
getting
on
premise
out
of
the
box
right,
but
well
you
what
you
should
expect
and
all
you
need
to
work
on
on
y'all
and
then
next
level
would
be
actually
to
provide
some
recommendation,
at
least
is
what
I
remember
from
blood
week.
K
K
K
Don't
think
that
as
beneficial
for
a
user
just
to
say,
like
oh
I,
didn't
you
know,
what's
that
feature,
what
does
it
do
and
make
them
go
down
this
or
the
rabbit
hole
of
oh
did
I
until
I
won't
leave
or
they
want
flying
out,
like
you
know
that
that's
not
the
problem
like
okay,
yes,
an
overlay
network
would
still
work
on
pram
and
in
a
cloud.
Okay,
that's
fine!
Mmhmm,.
D
Yeah
and
I
I
thought
it
would
be
an
easy
job
right.
So
I
did
I
added
this
column
supported
on
front
one
with
other
members.
Obviously,
and
and
in
many
cases
there
are
some
sexual
problems
and
actually
I
would
like
to
catch
those
subproblems
like
you
know
it
is
supported
by,
but
you
know
it's
like
with
ingress.
It
is
supported,
but
the
user
experience
will
not
be.
You
know
the
same
as
on
GC
or
AWS,
or
some
other
cloud
providers.
K
B
K
K
D
K
D
Right
yeah
yeah,
that
sounds
that
sounds
saying:
yeah
I
think
so
yeah.
We
need
to
kind
of
distinguish
the
first
time
users
looking
for
kind
of
basic
information
from
actually
developers
or
heavy
users.
That
I
usually
know
all
of
this
stuff
because
they
discover
it
with
a
lot
of
pain,
usually
okay,
yeah.
That
sounds
good.
I
think
we'll
start
with
that.
I
will
talk
to
to
joseph
start.
The
document
or
I
think
we're
running
out
of
time.
Actually,
so
any
closing
questions
remarks
anything
else.
L
L
A
H
D
K
There's
multiple
layers
as
I
certificate
because
they're
you
know,
certificates
for
the
SUV
cluster,
their
certificate
for
the
nodes
to
the
API
server
and
then
their
certificates
for
the
services
you
expose
and
I
know
the
in
the
cube
lit.
They
are
working
on
the
stuff
that
cube
admin
has
been
pushing
in
to
get
autumn.
Experts
certificate
that's
being
rolled
into
the
cube
lit
by
default,
so
you
won't
have
all
these
extra
calls.
It's
just
want
to
keep.
It
starts.
K
It'll
automatically
get,
but
you
still
didn't
want
to
secure
your
at
TD
layer
and
the
services
to
expose
I
would
love
it.
If
someone
had
a
good,
lexing,
crypt
type
service
internally
that
you
could
run
that
you
know
here's
my
here's
our
end
point
for
you
know
automatic
certain
size,
I,
gotta,
be
awesome
and
I
know
a
redhead.
Idm
can
do
some
of
that
kind
of
stuff.
They.
D
K
But
again,
that's
making
a
lot
of
assumptions
that
people
have
these
things
in
place
where,
when
it's
just
a
small
service
like
let's
encrypt-
and
you
say-
oh
here's,
my
endpoint,
can
you
call
it?
Yes,
okay,
make
an
ID.
Okay,
I
have
a
cert,
that's
fine,
even
even
bulk
can
do
some
of
that
stuff.
And
but
again
it's
too
many
assumptions
and
I.
Don't
think
we,
it
is
a
definitely
a
problem
and
some
people
just
say:
oh
well,
we
do
have
a
wild
card,
sir.
We
just
use
it
everywhere
internally.
K
So
is
that
it
is
that
the
best
thing
I.
You
know
it's
the
easiest
thing
probably,
but
it's
better
than
no.
You
know
HTTP
so,
but
I
agree
that
I
mean
certain
management
is
a
problem,
but
there's
multiple
areas
were
searched.
Our
problem,
I
think
in
16,
is
when
the
search
should
be
automatic
for
the
culet.
So
hopefully
some
of
that
will
be
sorted
out
all
right.