►
From YouTube: Kubernetes UG VMware 20220602
Description
June 2, 2022 meeting of the Kubernetes VMware User Group with general discussion of monitoring of failure domain related activity and use of event driven automation based on techniques presented at the recent KubeCon Europe session
A
So
hi
welcome
to
the
Thursday
June,
2nd
2022
meeting
of
the
kubernetes
VMware
User
Group,
where
we
talk
about
all
things
related
to
users,
sharing
ideas
for
best
practices
and
even
discussing
issues
related
to
running
all
forms
of
kubernetes
on
VMware
infrastructure.
A
At
today's
meeting,
I
put
a
line
item
in
the
agenda
of
just
a
really
brief
recap
of
what
happened
at
kubecon
Europe
I
know.
Some
of
us
were
actually
there.
So
apologies
if
I'm
rehashing
stuff
you
already
are
aware
of,
but
there
are
others
who
I
suspect
weren't
unable
to
attend,
and
then
we
have
an
audience
on
YouTube
that
perhaps
was
unable
to
attend
and
it
shouldn't
take
long.
Then
our
usual
practice,
if
is
that
anybody
who
attends
here,
is
welcome
to
put
anything
they
want
in
that
agenda.
A
You
have
to
join
the
group
first
to
get
edit
rights
to
the
agenda
notes
document
and
by
the
way,
let
me
paste
a
link
to
that
notes.
Document
in
the
chat
right
now,
if
you're
a
first
timer
and
you
don't
even
know
where
that
lives
one
minute
here:
okay,
but
anyway,
if
you
join
the
group,
then
you
get
edit
rights
by
virtue
of
being
logged
into
the
Google
system.
Under
the
same
account,
you
used
to
join
the
group
and
you're
welcome
to
put
items
on
that
agenda.
A
If
you
do
it
well
in
advance,
say
two
weeks
I'm
happy
to
take
that
as
a
mission
to
go,
try
to
even
recruit
speakers,
so
you
know
I
I,
don't
really
relish
trying
to
be
the
speaker
on
or
and
I'm,
not
the
authority
on
all
subjects
in
all
areas.
But
if
you
give
me
some
lead
time,
I
can
usually
track
down
speakers
on
whatever
you're
interested
in
related
to
kubernetes
running
on
vsphere.
A
You
know:
we've
brought
in
people
involved
with
storage
with
disaster
recovery,
backup
all
kinds
of
topics
and
given
enough
lead
time,
I
can
usually
be
successful
at
bringing
in
people.
The
other
thing
is:
if
we
run
out
of
agenda,
we
don't
automatically
kill
the
meaning.
Sometimes
we
might
shorten
it,
but
we
just
turn
it
into
open-ended
birds
of
a
feather
discussion,
whatever
you're
curious
about
want
to
discuss,
we'll
go
for
it
and
sometimes
those
turn
out
to
be
the
best
meetings
you
know,
even
though
they
were
completely
unplanned.
A
You
know
you
never
know,
what's
going
to
happen
in
these
discussions,
and
sometimes
they've
turned
out
to
be
really
interesting.
So
with
that
said,
let
me
share
my
screen
and.
A
A
So
I
think
if
someone
can
confirm
that
you
can
see
a
a
slide
being
rendered
yep
you're
good
okay.
So
this
was
the
presentation
that
was
done
by
myself
and
Michael
gash
at
kubecon,
Europe
and
I'm.
Just
going
to
give
you
a
taste
of
this
and
in
the
agenda
notes,
document
I
published
a
link
to
the
video
recording.
That's
just
got
went
up
on
YouTube
this
morning
as
well
as
the
deck,
so
you
can
learn
more.
A
But
the
idea
here
about
this
presentation
is
that
when
you
run
kubernetes
on
top
of
Beast
fare,
there's
actually
a
number
of
abstraction
layers
involved
here.
That
can
and
do
have
metrics
and
interesting
things
going
on
and
in
some
circumstances,
particularly
when
you
get
failures
at
different
levels
of
this
abstraction
hierarchy,
it
can
be
advantageous
to
be
fully
aware
of.
What's
going
on,
maybe
you,
maybe
you
know.
A
If
you
get
advance
notice,
you
can
adjust
things
so
that
there's
no
impact
at
all,
or
maybe,
if
things
malfunction,
you
at
least
have
an
understanding
of
root
cause.
So
it
turns
out
that
there
is
this
system
of
what's
called
a
Viba
appliance
that
is
built
on
open
source
technology
that
hooks
into
these
different
abstraction
layers
and
produces
events.
These
are
called
Cloud
events
and
the
cloud
events
Cloud
events
itself
is
a
cncf
administered
specification
for
publishing
events
in
a
common
form.
The
cncf
also
publishes
software
in
the
form
of
the
k-native
project.
A
It's
called
k-native
Eventing,
and
this
allows
you
to
both
produce
and
consume.
These
events
in
useful
ways-
and
the
scenario
here
is
that
the
vsphere
platform
already
is
producing
well
in
excess
of
a
thousand
of
these
events.
Relic
reality
to
give
notices
of
things
going
on.
Some
of
these
can
be
related
to
security
issues
like
failed
login
against
others
to
issues
like
I,
don't
know
a
failed
dram
chip
in
a
compute
server.
A
Historically,
these
were
put
in
place
for
things
like
you
know,
pagerduty
notifications
back
in
the
old
world,
but
they
still
live
on
today.
I
think
the
actual
number
is
a
little
over
1700
of
them
that
are
built
into
the
product,
but
don't
quote
me
on
that
figure,
and
it's
always
growing.
On
top
of
vsphere
itself,
if
you're
using
third-party
storage,
often
the
storage
arrays
will
produce
events
or
have
an
API
that
can
be
used
to
with
a
little
bit
of
a
wrapper
to
produce
events.
A
Things
like
load
balancers
firewalls
typically
have
once
again
they
might
be
for
legacy
pager
notification,
but
it's
very
likely
that
all
the
way
to
the
bottom
levels
of
your
hardware-based
infrastructure,
you
have
systems
that
are
capable
and
are
producing
events.
Vsphere
can
do
it.
Some
applications
can
even
do
it,
and
the
reason
that
this
is
useful
is
that
it's
possible
to
build
a
system
that
puts
all
of
these
on
something
like
a
message.
Bus
and
the
event
system
built
into
k-native
and
Cloud
events
doesn't
even
lock
you
into
one.
A
If
you
want
to
react
to
something
going
wrong
and
turn
it
into
some
kind
of
an
audit
log
or
an
email
notification,
or
even
a
slack
message,
which
is
what
Michael
demoed
you
can
pretty
much
do
it
in
all
the
popular
languages.
You
know,
Powershell
I
think
is
common
amongst
typical
vsphere
users,
but
I
think
you
could,
if
you
prefer,
to
write
your
code
in
python
or
some
other
platform,
since
it's
an
open
thing
with
plenty
of
examples
for
all
of
these
you're
not
locked
into
any
particular
one.
A
The
other
thing
that
was
called
out
in
this
presentation,
as
an
advantage
of
this
event,
is
that,
even
though
many
of
these
things
have
apis
that
allow
you
to
subscribe
to
things
that
are
going
on
in
some
of
these
low-level
things,
they
anticipated
that
almost
the
API
creds
would
be
combined
to
somebody
with
almost
root
level.
Authority
and
their
read,
write
things.
A
But
with
this
event,
notification
system,
you
can
put
in
place
a
service
that
gets
the
events
from
an
API
and
turns
them
into
a
one-way,
a
read-only
thing
that
maybe
filters
them
too,
so
that
only
events
relative
to
a
certain
area
or
a
certain
Department
of
your
company
or
whatever
end
up
being
exposed.
So
you
have
granular
control
potentially
over.
A
Who
can
use
these,
who
can
see
them
Etc
and
sometimes
that's
a
very
useful
feature.
That's
at
that
isn't
available
in
whatever
apis
might
be
there.
So
the
bottom
line
summary
of
this
is
that
by
using
this
I
compare
this
to
the
model
of
you
have
two
choices
in
life.
You
can
ignore
all
these
things
going
on
below
the
level
you're
operating
at
and
or
you
can
be.
A
You
know
you
can
have
systemic
situational
awareness
of
all
things
from
top
to
bottom,
and
that
gives
you
the
potential
to
you
know
to
be
more
like
the
commercial
airline
pilot,
where
you
know,
we've
all
had
the
experience
of
flying
in
a
plane.
The
announcement
comes
over
the
public
address
system,
saying
put
your
seat
belts
on
in
about
20
minutes,
we're
expecting
a
little
turbulence.
You
know,
and
that
only
comes
about,
because
that
pilot
is
getting
weather
reports
about
an
area
he's
about
to
fly
into
and
kind
of
an
advanced
warning.
A
You
can
re-steer
the
aircraft
to
even
avoid
things
that
are
really
bad
versus
the
alternative
of
being
captain
of
the
Titanic,
where
your
ship
has
been
had
a
gaping
hole,
ripped
in
it
below
the
water
line,
you're
going
to
sink,
but
you're
oblivious,
you,
you
know,
you
think
that
in
the
beginning
you
think
nothing's
wrong
and
the
act
of
the
ship
going
down
is
a
huge
surprise
to
you.
You
know
you
take
your
choice
so
anyway,
that's
that's
the
gist
of
that
presentation.
So
let
me
share
the
links
oops.
A
A
A
Since
you
were
at
kubecon,
if
I
left
out
anything
interesting
that
you
came
across
related
to
kubernetes
and
vsphere,
certainly
yeah
I
I
don't
mean
to
monopolize
this,
but
you
know
I
think
maybe
there
were
a
few
other
things
that
went
on
we
we
did
have.
This
is
more
social
in
nature,
but
we
did
have
a
a
physical
face-to-face
meeting
of
some
of
the
users
at
a
dinner
and
I'm,
hoping
to
maybe
repeat
that
experience
at
kubecon
North
America
when
it
comes
around
in
October.
B
Yeah
no
I,
don't
think
I
had
much
to
add
I
mean
I,
attended
a
couple
mini
Cube
sessions,
all
right,
sorry,
yeah
mini
Cube
sessions,
which
was
very
interesting.
B
You
know,
they're,
adding
support
for
she's
been
blinking
on
it,
but
yeah.
You
know
other
than
that.
Like
yeah,
that's
probably
like
my
highlight
what
I've
seen
that
coupon
yeah,
that.
B
B
B
Yeah
I
think
it
was
armed,
but
it
was
also
what
it
was
something
else.
It
was.
B
A
C
A
A
The
the
reason
I
was
looking
at
minicube
is
that
you
know
typically
minicube
is
not
deemed
worthy
of
production
use
cases,
although
at
Edge,
where
you
know
you
do
have
constrained
resource
that,
could
the
world
is
quite
different,
so
maybe
it
is
viable
for
that
and
I've
been
looking
at
and
in
fact,
in
another
session,
at
kubecon,
I
did
a
demo
of
bringing
up
kubernetes
in
kind
on
an
edge
device
that
only
had
eight
gig
of
RAM
and
one
of
the
issues
with
kind
is
it's
sort
of
sandboxed
inside
Docker
for
Network
purposes,
so
it
takes
more
than
a
little
bit
of
work
to
expose
a
service.
A
You've
got
running
inside
kind
to
like
an
outside
network
interface
and
I.
Think
minicube
might
be
a
little
better
in
that
regard.
In
terms
of
flexibility,
you
know
it's
it's
closer
to
a
regular.
If
you'll,
you
know,
maybe
it's
an
abuse
of
the
term
regular,
but
it's
closer
to
a
regular
kubernetes
node
that
you
might
Deploy
on
bare
metal
or
in
a
VM
than
something
that
is
living
inside.
A
If
you
live,
if
you
run
your
kubernetes
in
kind,
you've
added
like
another
abstraction
layer
where
you've
got
the
outer
host,
supporting
the
docker
runtime
and
only
inside
the
docker
runtime,
is
your
kubernetes
cluster
and
I.
Think
in
minicube,
you're,
you've
sort
of
removed,
one
layer
of
abstraction
that
you
have
to
deal
with
to
get
to
the
outside
world.
A
Usually,
those
bootstraps
are
just
sort
of
temporary
in
nature,
yeah
so,
and
they
have
one
job
to
do
and
then
often
they're
powered
off.
So
the
fact
that
you
can't
get
to
the
outside
you
actually
can
effectively
get
to
the
internet
to
download
things.
You
just
can't
expose
something
like
a
kubernetes
service
and
in
some
ways
for
that
use
case.
That's
a
feature.
You
know
that
you've
reduced
your
threat
model
because
you
don't
really
have
any
scenario
with
that
bootstrap,
where
you
want
the
outside
world
reaching
into
you
yeah.
A
If
you
can
get
out
you're
fine,
but
you
don't
really
want
people
coming
at
you.
Yet
in
these
Edge
use
cases
you
know
it
all
depends
on
the
edge
use
case.
You
know
some
of
them
all.
I
o
over
IP
networks
are
originated
by
you,
in
which
case
maybe
kind
is
just
fine.
A
But
if
it's
a
scenario
where
I
want
to
host
a
web
server
or
a
web
service
or
something
that
other
people
in
my
location
out
at
Edge
want
to
establish
connectivity
to,
then
you
need
something
you
know
in
the
traditional
kubernetes
in
a
data
center
would
be
to
deploy
a
load,
balancer
and
Ingress,
and
you
can
do
those
things
inside
kind,
but
really
all
you've
accomplished
in
a
default
employment
by
running
the
load
balancer
and
the
Ingress
is
potentially
exposing
it
to
the
host
not
to
the
outside
Network
and
I.
Think
with
minicube.
C
I'd
be
interested
because,
like
in
the
beginning
with
like
bootstrapping
cluster
or
environments
that
were
like
air
gapped,
it.
B
C
Probably
like
the
biggest
number
one
issue
with
customers
trying
to
like
just
try
to
get
GM
and
I,
even
remember
like
an
internal
fellow
Cloud
team
having
a
similar
problem
with
like
their
bootstrap
VM,
was
in
one
Data
Center
and
the
other
data
center,
where
the
vcenter
was
to
deploy.
The
management
cluster
was
like
across
in
like
the
UK,
and
they
were
in
New
York
and,
like
the
response
back
from
the
vcenter,
was
causing,
like
all
sorts
of
crazy
problems
with
the
deployment
of
the
management
cluster.
A
Yeah
a
lot
of
times,
Well
Edge,
often
has
really
lousy.
Networking
too,
in
the
sense
that
it's
subject
to
going
out
altogether.
It
has
high
latency
low
bandwidth,
so
yeah
there's
there's
a
lot
of
challenges
there
and
kubernetes
itself.
I.
Think
a
lot
of
rookie
users
aren't
even
aware
of
some
of
the
implicit
assumptions
that
go
into
latencies
between
different
components.
A
Like
your
you
know,
you
can't
have
an
infinite
latency
between,
say
your
worker
nodes
in
the
control
plane
and
expect
to
have
things
work
real
well,
and
you
know
it's
kind
of
interesting
that
some
of
these
problems
happen
even
in
data
centers.
If
you
try
to
cross
why
geo
regions,
but
when
you
get
to
Edge,
they
might
even
be
in
the
same
metro
area,
but
still
trying
to
do
their
links
over
Radio,
Networks
and
things
that
are
not
a
hundred
percent
reliable.
A
So
I
think
that
this
is
sort
of
like
trying
to
run
on
a
finished
race
track
versus
an
obstacle
course.
Sometimes,
when
you
go
out
to
Edge
and
people
are
still
trying
to
figure
out
how
to
deal
with
some
of
the
challenges.
C
A
A
This
was
actually
you
know,
just
by
sheer
coincidence.
I
am
co-chair
of
this
VMware
user
group,
but
I'm
also
Tech
lead
of
what's
called
The
kubernetes
iot
Edge
working
group.
So
that's
nothing
to
do
with
VMware,
that's
just
Edge
in
general,
so
we
had
a
session
at
kubecon
talking
about
what
was
called
secure
device
on
board
where
you
deal
with
the
challenge
of
bringing
up
a
was
a
kubernetes
node
in
this
case
at
a
location
that
has
no
trained
or
even
trusted
people
at
it.
A
So
there
are
some
of
these
Edge
scenarios
where
I
don't
know
like
an
offshore
oil
platform
that
literally
have
they're
unattended
and
others
where
you
know,
perhaps
a
retail
store.
You
might
have
some
people,
but
they
have
zero
it
skills
and
maybe
they're
not
even
trusted
that
much
in
that
you
don't
want
to
give
them
even
logging
credentials
to
anything.
And
yet
you
want
to
have
a
scenario
where
you
could
FedEx
or
DHL
a
system
to
this
location.
A
Yet
and
some
of
the
interesting
things
being
discussed,
although
I
don't
think
they're
in
widespread
use,
but
we
had
a
chat
in
the
hallway
track
at
qcon
over
some
of
these
ideas.
One
being
that
as
part
of
a
bootstrap,
you
could,
in
addition
to
having
that
person
out
at
Edge
who
hooked
up
the
power
and
the
network
table
plug
in
a
USB
key.
A
A
Sending
a
USB
key
inherently
seems
to
have
risks,
but
perhaps
you
could
alleviate
them
by
putting
a
file
on
there.
That's
cryptographically,
signed
and
encrypted
so
that
something
in
the
device
can
establish
the
provenance
of
this
blob
that
it's
trustworthy
and
came
from
the
source.
It's
supposed
to
decompress
it
and
install
it
and
say
cut
back
on
a
lot
of
that.
A
Some
of
that
Network
traffic
during
the
initial
onboarding
is
typically
when
you're
going
to
take
a
massive
hit
that
you
know
on
a
slow
Network
could
take
days,
and
that
might
be
a
workaround
to
that
issue.
Now,
I,
don't
know
that
it's
viable
long
term.
You
know
for
your
day
two
operations
and
things
for
doing
your
updates,
but
at
least
boots
wrapping
the
thing
up.
It
would
give
you
a
Fighting
Chance,
another
thing
similar
to
that.
You
know
that
maybe
is
more
secure.
Maybe
not
you
know.
A
There's
all
kinds
of
devices
with
you
know
that
emulate
keyboards
and
things
that
can
come
in
there
and
cause
Havoc
if
you've
got
an
OS
that
sort
of
Auto
installs
drivers
when
things
get
plugged
into
a
USB
port,
but
another
one
that
we
discussed
in
the
hallway
was
shipping
almost
like
a
burner
cell
phone
with
Wi-Fi
or
Bluetooth,
so
that
the
device
could
bond
to
it.
And
you
maybe
could
almost
do
something
like
run
a
harbor
container
image
registry
or
some
other
container
image
registry
temporarily
on
a
cell
phone.
A
A
You
got
the
same
issue
with
the
USB,
where
you
need
some
kind
of
authentication
of
it
and
things,
and
but
I
think
that
those
were
would
probably
be
solvable.
Problems.
C
A
Yeah
and
even
in
the
vsphere
world
I
know
William
lamb
published
that
fling
of
an
appliance
that
even
hosts
like
ovas
and
for
VM
images
and
I
believe
the
latest
Incarnation
might
even
have
a
container
image
registry
in
it.
So
if
you've
got
a
vsphere
out
there,
it's
probably
even
viable
to
install
that
as
a
VM,
but
an
external
box
which
could
be
as
little
as
a
cell
phone
I
think
could
do
that
too.
C
It's
an
interesting
thought
process.
If,
like
it
was
like
a
device
that
you
like,
if
you're
deploying
multiple
Edge
locations,
you
you
know,
you
bring
it
out.
It
has
the
registry
with
the
newest
images
on
it,
and
then
you
take
that
home
with
you
when
you
go
back
and
then
go
to
another
site
after
you've
like
updated
the
images
or
something
like
that
and
just
bring
the
box
with
you,
yeah.
A
Another
one
for
the
day
too,
this
is
just
I'm
brainstorming
and
this
thought
just
occurred
to
me
as
we're
making
this
discussion.
But
a
lot
of
these
Edge
scenarios
are
things
like
retail
stores
that
you
know
where
who
the
company
operating
them
has
trucks
that
visit
these.
You
know
once
a
day
once
a
week
or
whatever
I,
almost
wonder
if
you
couldn't
do
something
like
put
like
a
Wi-Fi
note
on
your
truck,
that's
going
to
go
there
once
a
day
or
once
a
week.
A
You
know
it
could
be
an
industrial
computer
with
Wi-Fi
or
once
again,
even
a
cell
phone,
and
these
retail
locations
are
capable
of
spotting.
When
the
truck
is
there
and
opportunistically
doing
an
update
so
effectively
they
might
be
air
gapped.
You
know
in
the
sense
of
no
internet
connectivity,
but
if
the
truck
comes
by
periodically,
they
could
use
that
as
an
opportunity
to
get
updates
even
on
profiles
of
the
device
updates
on
the
software
running
there
and
I,
don't
see
why
that
wouldn't
work,
although
I've
never
heard
of
anybody
trying
that.
C
Yeah,
like
I
I,
heard
too,
like
a
lot
of
like
telcos,
with,
like
their
cell
towers,
they
utilize
some
like
air,
gapped
kind
of
installation,
I,
don't
know
if
they'd
have
like
esxios
or
whatever,
but
like
I,
wonder
how
they
go
through
that
same
process
like
do
they
just
send
somebody
up
there
all
the
way
up
to
the
cell
tower
with
like
a
device
and
connect
in
or
maybe
it's
not
it's
connected
kind
of,
but
not
really.
A
Yeah,
no,
it
has
to
be
connected
to
at
least
their.
You
know.
The
cell
towers
go
to
a
land
backbone
I
believe
that
they're
not
like
fully
mesh
networks,
I
I
believe
that
they
run.
You
know
a
wired
pipe
down
to
the
ground
to
use
terrestrial
wiring
as
kind
of
the
point-to-point
links
between
the
cell
towers,
but
I
could
be
wrong.
I'm,
not
an
expert
on
that.
A
We
do
have
a
few
members
of
this
group
who
work
for
cell
companies,
but
unfortunately
none
of
them
are
here
today,
but
maybe
in
the
future
we
could
ask
them
how
that
works.
A
Is
an
opposite
polarity?
That's
somewhat
like
this
idea
of
you
know
the
truck
visiting
a
retail
location
in
that
I
have
heard
of
an
open
source
project
being
done
by
a
company
to
support
automakers,
and
that
would
use
you
know
in
modern
cars
they
can
easily
have
20
or
30
computers
inside
the
vehicle,
each
with
firmware
talking
on
things
like
can
bus
and
they
can
and
do
require
updates.
A
You
know
I
think
I've
had
the
experience
with
my
own
cars,
where
you
know
firmware
updates,
come
out
on
things
anything
from
the
entertainment
system
to
potentially
things
like
engine
controls
anti-lock
brakes,
Etc
and
the
Legacy
scenario.
A
There
is
that
somebody
would
have
to
be
notified
of
a
recall
come
into
the
dealership
where
they'd
plug
in
a
cable
and
perform
an
update,
and
that
process
is
cumbersome
enough
that
a
lot
of
vehicles
stay
out
there
not
updated
so
they're,
typically
only
heavily
subscribe
to
when
it's
a
serious
safety
issue
and
more
or
less
they
Badger
somebody
into
getting
the
update.
But
some
of
the
other
classes
of
updates
like
Entertainment
Systems
Maybe.
A
The
customer
is
oblivious
to
the
fact
that
it's
even
available
they
wanted
this
scenario
where
you
could
even
potentially
do
a
drive-by
update.
Where
they'd
give
you
a
notice.
Hey
we've
got
a
station
set
up
at
our
dealerships,
so
drive
into
the
parking
lot.
You
don't
need
an
appointment.
You
could
even
drive
in
in
the
middle
of
the
night
when
it's
closed
and
drive
there
and
park
it
for
20
minutes
and
it
you
know.
A
I
I,
don't
know
that
that
system
is
in
production,
but
it
seemed
to
make
a
lot
of
sense
and
it's
sort
of
the
the
inverse
of
the
the
truck
route
going
out
to
the
edge
locations.
It's
sort
of
bring
the
edge
locations
in
if
they're
mobile.
But
you
know
the
world
is
becoming
interesting
with
some
of
the
opportunities
that
are
being
put
out
there
with
you
know,
radio
links
in
addition
to
wired
links
everywhere.
A
Maybe
we're
getting
way
off
topic
here,
because
some
of
this
I,
don't
think
is
all
that
related
to
vsphere.
You
could
sort
of
apply
these
on
everything,
but
given
that
vsphere
aligns
with
on-prem-
and
this
is
sort
of
like
on-prem
kubernetes
as
opposed
to
running
kubernetes
exclusively
in
large
public
clouds,
I
I
guess
I
will
declare
it
relevant
to
this
group.
Subject
matter.
C
A
A
A
It
was
a
demo
of
using
the
Viva
open
source
event
platform
to
monitor
events
being
generated
by
the
different
levels
of
your
stack.
Not
just
you
know,
kubernetes,
but
going
down
into
vsphere.
A
What
they
call
Cloud
events,
a
cncf
spec
for
a
uniform
format
for
publishing
events,
and
then
you
can
put
together
systems
that
subscribe
to
all
of
these
notices
and
maybe
react
to
them.
Maybe
the
reaction
is,
you
know,
steering
away
from
a
failure
point,
or
maybe
it's
just
being
aware
that
this
is
happening
so
that
you
have
time
to
avoid
a
little
turbulence
and
take
preemptive
measures
before
they
knock
you
off.
The
air
and
I
think
you
might
be
interested
in
spending
a
few
minutes
to
go.
A
Viba
is
v-e-b-a
here.
Let
me
I'll
I'll
re-share.
A
I
did
about
a
year
ago,
so
this
was
updated
so
about
a
year
ago,
Michael,
gash
and
William
lamb
did
a
presentation
on
it
and
at
that
time
it
was
just
sort
of
this
fling
that
falls
under
VMware
only
kind
of
unsupported
but
they've
open
sourced
it
and
they
even
have
Community
meetings
on
it.
A
So
it's
getting
a
fair
amount
of
traction
to
where
they
have
users
of
it,
showing
up
for
I
I,
don't
remember
if
their
meetings
are
monthly
or
every
two
weeks,
but
they
it
actually
gained
enough
popularity
that
they
have
meetings
running
on
this
here.
Let
me
re-share
my
screen.
A
A
And
then
I
know,
since
the
chat
postings
drop
off.
A
Oh
thanks
and
then
we
morphed
into
a
discussion
just
during
birds
of
a
feather
talk
about
different
challenges
with
deploying
kubernetes,
not
just
on-prem,
but
at
Edge
and
we've
been
having
an
interesting
discussion
of
how
you
deal
with
the
intermittent
network
connectivity
and
things
like
onboarding
when
you're
challenged
with.
Maybe
you
know
when
you
onboard
a
new
location,
you
have
typically
a
challenge
of
that
entailing
a
lot
of
big
binary
downloads
and
things
to
get
the
node
started
and
I
mentioned
to
this
group.
A
That
I,
just
by
coincidence,
happened
to
be
affiliated
with
the
kubernetes
iot
edge
working
group
as
well
as
this
group,
and
we
had
a
presentation
at
kubecon
on
secure
device
on
board,
which
is
a
mechanism
made,
maybe
for
something
smaller
than
something
as
big
as
a
a
Walmart
store,
but
even
like
an
offshore
oil
platform
or
a
really
tiny
shop
that
has
no
trained
I.T
people.
Maybe
no
trusted
employees
where
you
want
to
just
FedEx
a
hardware
device
to
a
location.
A
But
you
don't
even
give
them
login
credentials
and
you
want
a
scenario
where
that
thing
can
come
on
board,
install
itself
and
come
up
into
a
remotely
managed
kubernetes
cluster,
maybe
a
single
node
cluster
if
it's
a
super
low
resource
device
and
in
that
iot
edge
session,
I
I
demoed
that
bringing
up
a
single
node
kubernetes
on
a
Edge
device,
really
tiny
one
that
they
all
Edge
Gateway
that
had
a
few
CPU
cores
and
eight
gig
of
RAM.
A
Now
you
couldn't
run
much
on
that,
but
it
did
do
a
self-initiated
kubernetes
cluster
install
taking
about
25
minutes.
Now
it
did
suck
up
a
fair
amount
of
internet
bandwidth,
but
we
were
talking
about
workarounds
to
that,
where
potentially
to
alleviate
some
of
that
bandwidth
consumption,
you
could
possibly
do
things
like
plug
in
a
USB
key,
a
flash
drive
that
had
a
file
that
was
encrypted
and
cryptographically
signed.
So
you
could
establish
provenance
and
use
that
as
part
of
your
bootstrap
process
to
maybe
get
access
to
some
of
the
large
binary
blobs.
A
But
if
that
visited
the
site
once
a
day
or
once
a
week,
they
could
do
rolling
upgrades
to
even
cover
day
two
operations
without
requiring
a
lot
of
you
know:
public
internet
access.
It's
almost
like
you
could
argue
that
this
is
somewhat
like
air
graft,
where,
if
you
had
truck
rolls
that
were
periodic
to
these
sites,
why
couldn't
you
put
in
place
a
private
Network?
That
would
let
you
do
you
know
High
latency
update.
A
None
and
if
you
don't
have
a
lot
of
bandwidth
to
the
public
internet
and
maybe
that
creates
security
risks
of
even
opening
up
that
kind
of
Port.
This
might
be
something
interesting
to
consider
so
for
those
of
you
who
don't
know
why
I'm
going
into
all
this
with
Bryce
and
he's
affiliated
with
Walmart,
so
I
was
just
thinking
he
might
be.
This
might
be
something
interesting
to
him.
B
Yeah
we've
had
to
deal
with
a
lot
of
that
that
it
ended
up
being
you.
You
throttle
that
traffic
so
that
you
can
still
have
other
things
run,
but
then
it
just
means
everything
takes
forever
to
pull
down.
B
Really
that
comes
down
to.
If,
if
you're
deploying
things
out
there,
because
it's
not
just
building
the
cluster,
it's
deploying
your
apps
yeah
and
they
don't
have
their
image
out
there.
Yet
they
sit
there.
An
image
pulled
back
off
forever,
pulling
down
the
image,
so
it
ends
up
being
like
a
strategy
of
hey
we're
going
to
deploy
so
we're
going
to
push
our
image
down.
B
First
then,
when
we
actually
turn
on
the
app
it's
ready
to
to
roll,
and
we
do
something
like
you
mentioned,
we
have
a
a
local
registry
cache
that
will
cache
it
so
that,
if
it's
pulled
already,
it
doesn't
matter
what
node
it's
on
it
pulls
through
that
cache.
You
can
pause
quickly
once
it's
it's
down
there,
yeah.
A
I
think
you
kind
of
have
to
do
that,
because
the
other
scenario
with
these
images
is
sometimes
in
fact
I
think
more
often
than
not.
When
you
trigger
an
update,
it's
not
one
image,
it's
a
bunch
of
them,
so
that,
if
you
you
don't
want
to
initial,
you
don't
want
to
pull
the
trigger
on
doing
that.
Only
to
find
that
you've
got
an
kind
of
an
update
of
an
anterior
system
that
needs
two
or
three
images
to
work
right
and
find.
A
You
only
have
a
couple
instead
of
all
three
and
end
up
in
a
you
know,
sort
of
a
mess.
B
Yeah
and
on
on
edge,
yet
you
have
to
be
prepared
to
not
have
network
connectivity
right.
So
if
you
don't
have
network
connectivity
and
you
want
everything
to
keep
running
without
the
internet,
then
you
need
to
be
able
to
have
your
apps
move
to
a
different
node
and
be
able
to
pull
the
images
to
that
node
without
having
to
go
out
to
the
Internet.
B
So
that's
why
one
of
the
reasons
having
that
local
cache
or
I
mean,
even
if
you
don't
want
to
have
a
local
cache,
having
something
in
place
that
syncs
the
the
images
between
the
nodes
so
that
they
were
already
on
the
Node.
You
could
do
something
like
that
too,
but
yeah
just
building
the
cluster
is
only
the
one
aspect
on
the
edge
you
then
you
have
to
like
at
any
time.
You
could
not
have
Network
because
they
cut
the
phone
line
or
right
on
what
you're
you're
doing
yeah.
A
And
I
think
any
anything,
that's
a
success.
Business-Wise
at
the
end
of
the
day
over
the
course
of
the
years,
it's
likely
to
be
in
service
that
initial
onboard
is
just
a
small
part
of
you
know.
Ultimately,
your
investment
is
sort
of
in
the
day,
two
thing
of
keeping
that
thing
updated
and
maintained
over
time
without
having
to
do
truck
rolls
and
visits.
Subsequently,.
A
A
I've
got
one
more
thing,
but
I'll
hold
off
on
it
to
see.
If
any
any
users
want
to
bring
up
any
things
to
discuss
or
that
they've
encountered
or
want
to
ask
about
recently.
B
A
You
know
I
I
know
there
are
updates,
but
I'm
I'm,
the
wrong
person
to
ask
for
a
detailed
report.
I
can
go
find
out
for
you,
but
a
lot
of
the
things
I'm
dealing
with
are
through
a
distribution
that
uses
cluster
API
to
do
the
install
but
sort
of
hides
it
from
me.
So
that
I'm
not
aware
of
that.
A
The
the
recent
activities
on
other
things
related
like
say
the
cloud
provider
are
that
I
think
that
it,
the
vsphere
cloud
provider,
has
moved
forward
with
dual
stack
support,
meaning
ipv4
with
V6
kind
of
like
kubernetes
in
general,
so
that
if
you
had
an
occasion
to
use
IPv6
and
ipv4,
there
have
been
improvements
in
that
area
and
I
think
that
there
are
also
seeing
a
recent
CSI
improvements
for
storage
related
to
supporting
snapshotted
things
for
I.
Think
it
comes
into
play
more
when
you're
trying
to
do
backup
of
stateful
apps.
A
C
Could
be
interesting
because
a
lot
of
the
like
back-end
Engineers
for
to
get
you
and
other
tansy
products
are
like
contributors
to
Cluster
API
it'd
be
interesting
to
hear
like
something
from
them
if
they
had
any
cool
new
features
or
like
different,
even
like
at
a
lower
level
of
like
even
going
through.
What
is
cluster
API?
If
there
are
people
who
don't
know
yeah
a
good
like
feature
topic,
I.
B
Guess
and
what
to
your
point
about
Edge,
like
one
of
the
things
that
I
think
we
held
off
on
doing
some
stuff
like
that
before
was
because
of
the
edge
like
having
all
those
I
think
that
some
of
the
things
that
are
required
early
on,
we
had
to
have
it
at
the
edge.
B
A
So
for
those,
if
there
is
anybody
on
the
clock
on
the
call
who
hasn't
even
heard
of
cluster
API,
it's
a
system
to
manage
your
underlying
infrastructure
itself
through
vsphere,
so
there's
a
number
of
cluster
API
providers,
it's
designed
so
I
could
deploy
kubernetes
to
AWS,
to
vsphere
to
Bare
Metal,
and
there
are
implementation.
Cluster
API
itself
is
more
or
less
a
spec,
and
then
there
are
implementations
for
these
different
underlying
platforms,
and
the
idea
is
that
you
come
up
with
a
manifest
for
what
you
want.
A
Your
infrastructure
to
look
like
pull
the
trigger
and
through
the
kubernetes
API,
and
things
that
operate
in
these
implementations
just
make
it
happen.
So
in
vsphere,
the
cluster
API
for
vsphere
would
compose
virtual
machines
that
become
kubernetes
cluster
nodes
and
likewise
in
Amazon
VMS
would
be
deployed.
That
would
be
your
kubernetes
cluster
notes.
There's
a
couple
implementations
for
that
I
think
would
arguably
be
suitable
for
Edge
one
that
VMware
is
working
on
and
I'm,
not
so
sure
David
do
you
know
how
much
of
this
is
currently
available
in
public
versus
still
in-house?
Only.
A
Think
since
equinix
is
behind
it
in
there
you
know
it
put
a
I,
don't
know
what
category
Equinox
is,
but
they
have
data
centers
that
you
can
buy,
services
from
and
I
think
it
does
deploy
to
VMS,
and
there
have
that
one
is
most
definitely
public
and
there
have
been
presentations
on
that.
There
was
a
good
one
at
the
cloudnative
rejects
conference.
A
A
You'd
I
think
you'd
have
to
be
either
a
really
large
user
that
is
effectively
going
to
take
on
the
job
of
installing
kubernetes
itself.
Kubernetes
yourself
or
you'd
be
a
distribution
provider.
That
would
you
know,
as
part
of
your
distro,
consume
cluster
API
and
package.
It
into
a
commercial
offering
that
for
a
smallish,
end
user
of
kubernetes
boy,
it
strikes
me
that
you
know
going
to
Cluster,
API
and
deploying
your
own
clusters.
A
Yourself
is
maybe
something
you'd
prefer
to
Outsource
to
a
vendor,
because
it
there's
a
fair
amount
of
work
there
to
keeping
tabs
on
it
and
running
it.
A
A
For
example,
we've
had
a
lot
of
talk
on
load,
balancers
and
things
that
technically
aren't
kubernetes
itself
and
they've
been
making
suggestions
that
perhaps
this
group
is
better
hosted
over
in
the
generic
cncf
rather
than
the
kubernetes
project
itself,
because
we're
kind
of
going
beyond
the
boundaries
of
kubernetes
and
what
gets
talked
about
here
and
where
likely
to
try
to
put
on
a
presentation,
a
birds
of
a
feather
thing
for
users
at
kubecon,
North
America.
That
would
discuss
this
concept
of
how
can
the
cncf
better
serve
the
user
base?
A
You
know
so
that
users
have
forums
to
get
out
of
it
and
it's
broader
in
scope
than
just
a
group
like
this,
which
is
kind
of
worldwide
in
scope,
meets
on
Zoom,
but
also
during
covid.
There
was
at
one
time
a
pretty
healthy
infrastructure
of
physical
meetups.
You
know
in
major
metropolitan
areas
where
users
would
get
together
and
share
ideas
face
to
face
in
Los
Angeles.
A
It
got
so
big
that
I
think
the
peak
meaning
of
one
of
the
Los
Angeles
kubernetes
meetup
groups,
Drew
250
people,
and
it
got
popular
enough
at
Los
Angeles
that
it
actually
forked
into
a
group
operating
predominantly
on
the
west
side
of
Los
Angeles
and
another
sort
of
closer
to
downtown
and,
like
I,
say
those
just
completely
died
with
covid,
but
there's
an
aspirational
goal
of
trying
to
bring
those
back,
maybe
under
some
kind
of
a
formal
structure
that
would
serve
as
a
means
to
recruit
speakers
to
these
groups
and
keep
them
running
on
a
healthy
basis.
A
Anyway,
I'm
planning
on
submitting
a
cfp
for
kubecon
North
America
to
just
be
a
birds
of
a
feather
discussion
for
users
on
you
know,
maybe
bringing
in
some
of
the
cncf
people
on
how
can
you
better
be
served
as
a
user
or
maybe,
if
you're,
with
a
service
organization
you're
effectively
a
representative
of
users
and
build
up
this
infrastructure?
One
of
the
things
being
talked
about
is
to
maybe
change
the
scope
of
this
particular
group.
A
You
know
there
I
I
think
this
might
lift
and
shift
over
to
the
cncf
from
the
kubernetes
project,
but
we
might
also
simply
declare
this.
One
idea
is
that
this
be
declared
an
on-prem
kubernetes
group
as
opposed
to
a
VMware
kubernetes
group.
You
know
if
you're
running
on
VMware
you're,
certainly
on-prem,
but
there
are
other
forms
of
on-prem
other
than
vsphere
and
it
would
broaden
this
to
be
not
so
VMware
specific
met,
but
maybe
we
bring
in
other
voices
that
are
not
with
VMware.
A
But
who
are
you
know,
experts
in
the
field
of
running
kubernetes
on-prem,
so
I
just
wanted
to.
Let
everybody
know
that
this
is
in
the
planning
at
this
stages
and
if
I
get
one
of
these
birds
of
a
feather
sessions
accepted
for
this
kubecon
conference.
I
certainly
welcome
anybody
on
this
call
to
go
in
there
and
visit
vigorously
participate
in
that
session.
A
Maybe
even
help
me
run
it
if
people
have
experience
either
as
users
with
opinions
on
what
they
would
hope
to
get
out
of
a
user
group
infrastructure
or
even
experience
running
local
meter
groups
or
attending
local
meetup
groups.
You
know
all
voices
welcome.
A
A
Okay,
I'll
take
silence
as
nobody
with
a
last
item.
A
So
thanks
everybody
for
attending
and
we'll
see
you
at
the
next
one
in
a
month,
although
I
haven't
looked
to
see
if
that
conflicts
with
the
US
Fourth
of
July
holiday,
in
which
case
maybe
I
won't
be
attending
and
I'll
have
to
see
if
miles
gray,
who
is
the
other
co-chair,
would
be
interested
in
hosting
that
or
perhaps
will
end
up
canceling
the
meeting
on
first
Thursday
of
July,
depending
on
where
the,
how
that
looks
from
the
calendar
perspective
so
once
again
buy
everybody
nice
chatting.