►
From YouTube: The Cloud Multiplier: Ep. 5 | Build Your Open Distributed Cloud with Open Cluster Management
Description
Kubernetes drove dynamic scalable compute from the datacenter out to the edge and everywhere in between. As the scale and heterogeneity of your compute footprint grows, one core challenge emerges - management. Infrastructure is only as useful as it is accessible, visible, configurable, and manageable. Join host Gurney Buchanan and guests Mike Ng and Mikela Jackson this week to discuss Open Cluster Management, a CNCF Sandbox project that focuses on simplifying and unifying Kubernetes multicluster management!
A
A
A
Unfortunately,
joy
deep,
wasn't
able
to
join
us
today,
he's
feeling
a
little
under
the
weather,
and
I
encouraged
him
to
take
some
time
to
get
better,
so
hope,
joy,
deep
will
be
back
next
time
in
two
weeks,
but
I
have
the
pleasure
to
be
joined
by
mike
and
michaela
from
the
open
cluster
management
community.
So
today
we're
going
to
be
talking
all
things
open
cluster
management-
I'm
really
excited
to
have
them
here.
A
It's
a
really
exciting,
cncs
sandbox
project
that
I've
had
the
opportunity
to
work
with
and
work
alongside
these
folks
for
a
good
little
while
so
welcome
to
the
show
folks
I'll
we'll
do
a
little
round
table
mike.
You
want
to
kick
us
off,
introduce
yourself
a
little
bit.
B
C
Yep,
my
name
is
michaela
jackson.
I
am
a
writer
with
red
hat
advanced
cluster
management.
I
mean
I
am
also
a
participant
in
open
cluster
management
project
and
have
been
enjoying
myself
at
least
just
learning,
the
ins
and
outs
of
open
repositories
and
what
that
means
to
actually
be
a
contributor.
So
yeah
thanks
for
having
me.
A
Awesome
thanks
for
joining
folks,
I,
like
I
had
tossed
up
their
githubs
and
socials.
Are
there
if
anyone's
interested
in
reaching
out
we'll
get
more
into
the
project
here
in
a
little
bit,
some
of
the
interesting
links
and
and
where
people
can
get
involved,
but
first,
as
always,
I
have
some
top
of
mind
topics.
I
think
I
think
I've
still
shamelessly
stolen
from
ask
an
openshift
admin.
I'm
still
workshopping
names,
hopefully
we'll
get
andrew
his
back
soon.
A
But
that
being
said,
the
one,
the
one
interesting
thing
I
have
been
kicking
around
with
this
week-
and
I
know
mike
probably
has
this
near
and
dear
to
his
heart
as
well.
I
have
been
once
again
in
awe
of
and
hacking
around
openshift
get
ops.
Well,
basically,
argo
cd,
so
I've
been
doing
a
ton
of
work
in
argo
and
recently
it
was
brought
to
my
attention
and
this
might
be
new
mic
as
well.
A
I
want
to
see
what
you
think
they're,
adding
potentially
adding
a
terraform
integration
to
argo
cd,
so
it'll,
allow
you
to
provision
infrastructure
and
do
other
terraform
applies
and
runs
and
actions
through
argo
cd.
So
you
can
do
declaratively
through
get
ops
configuration
of
infrastructure.
I
don't
know
if
you'd
seen
that
at
all,
I
can
hunt
down
the
link
for
that.
If
you're
interested.
A
Yeah,
let
me
it
is
looks
like
it's
an
argo
cd,
terraform
control.
C
B
C
A
Are
I'll
drop
a
link
in
in
the
chat
for
everyone
really
interesting
project?
It
is
just
in
a
pull
request,
but
I'm
pretty
excited
to
see
that
as
someone
who's
used
terraform
in
the
past-
and
I
think
we'll
get
a
lot
of
good
insights
mikayla
as
well
from
the
open
source
docs
standpoint.
This
is
one
of
the
best
written
prs
I've
seen
as
well,
so
I've
I've
enjoyed
that.
I
know
I'm
bad
about
it,
so
no
never
die
so
yeah
mike
mikayla,
any
cool,
interesting
or
fun
open
source
developments.
B
Yeah
we've
been
actively
participating
in
the
multi-cluster
sig,
which
is
a
part
of
the
kubernetes.
B
We
work
on
the
work
api
which
we
can
say
sort
of
it's
a
project
that
that
the
open
cluster
management
also
originated
from.
So
that
is
something
that
we're
trying
to
commun
contribute
to
the
community
to
set
a
a
standard
api.
So
we
can
deliver
a
workflow
from
a
centralized
location
to
a
multiple
locations.
B
So
that's
something
that
we've
been
discussing
and
we
actively
participate
on
in
the
kubernetes
sick
font.
C
Okay,
okay,
so
some
a
project
that
I've
been
aware
of
for
a
little
bit
of
time
now
is
it
comes
from
the
linux
foundat
foundation.
Company
and
specifically,
is
called
ad
recommendations.
C
Well,
excuse
me,
the
entire
project
is
called
ag
stack,
but
there
is
one
project
underneath
it
and
that's
called
ag
recommendations
and
basically
it's
a
framework
designed
to
help
enable
people
to
create
applications
as
well,
but
it's
related
to
agriculture
and
basically
they're
looking
for
contributors
to
help
take
information
from
the
cooperative
extension
guide
and
that's
a
guy
that
farmers
use
or
anybody
that
might
be
interested
in
like
pest
control,
management
or
water
management.
C
Things
of
that
nature,
but
basically
there's
an
effort
to
digitize
this
information,
and
so
personally,
I'm
looking
to
figure
out
how
open
cluster
management
can
be
used.
How
that
framework
can
be
used
to
create
applications
and
then
be
able
to
just
add
data
pool
date
or
whatever
for
ag
stack
or
to
add
recommendations
console
whatever
whatever
is
to
come
in
still
like
in
its
early
stages,
but
that's
something
that
I've
looked
into
in
terms
of
open
resource.
I
mean
excuse
me
open
repose,.
A
Wow
I
had
never
seen
this.
I
had
never
seen
the
ag
stack.
I
know
a
lot
of
open
source
work
was
happening
in
the
agricultural
space.
If
there's
ever
a
tinkerer
community,
that's
going
to
solve
their
problems,
they're
you
know
on
their
own.
It
agriculture's
got
some
really
cool
makers
and
that's
that's
amazing.
I
dropped
a
link.
I
hope
it's
the
correct
link
to
the
agstack.org
yeah.
C
That
is
it
it'll
that
should
take
anybody
to
the
original
page,
of
course,
and
then
they
have
their
github
link
attached
to
that
too.
C
A
I've
I
so
the
side.
The
side
conversation
is
in
college.
One
of
my
one
of
my
projects
that
I
worked
on
was
studying,
honeybees
and
and
monitoring
honeybees
with
you
know,
little
embedded
systems
on
the
side
of
a
honeybee
hive
and
we
did
machine
learning
to
count
bees
and
and
identify.
So
it's
it's
really
interesting
to
see
a
whole
open
source
linux
foundation,
project
dedicated
to
biological.
C
A
C
A
I'll
bring
it
up
next
week,
we
got
to
bring
it
up
to
joy,
deep
because
I
know
there's
a
lot
of
data
science
to
be
had
there,
and
that
is
his
favorite
thing
sounds
good
yeah
thanks
for
bringing
that
up
folks!
A
Why
why
open
cluster
management
is
relevant,
especially
when
maybe
you
have
a
few
embedded
systems
that
might
be
monitoring
rain
and
soil
composition
and
growth,
and
something
maybe
on
a
tractor
at
a
cell
site,
and
now
you
have
five
ten
fifteen
hundred
thousand
different
compute
devices
that
you
really
need
to
connect
and
coordinate,
and
I
think
that
that
stems
directly
into
the
open
cluster
management
world.
So
what
is
open
cluster
management?
What's
what's
its
foundation?
Where
do
we
find
it.
C
So
one
you
can
find
it,
of
course,
on
github,
that's
something
pretty
easy,
but
let
me
start
off
with
the
summary
of
what
open
cluster
management
is
again.
My
name
is
michaela
and
so
open.
Cluster
management
is
an
open
source
project.
Oh
yeah,
you
go
to
the
next
slide.
C
It's
an
open
source
project
from
cncf,
which
stands
for
cloud
native
computer
foundation,
and
it's
designed
to
simplify
and
unify
the
management
of
kubernetes
clusters,
and
so
today,
mike
is
going
to
also
go
into
the
architecture
of
open
cluster
management
which
includes
the
hub
cluster
or
excuse
me
hub
and
manage
cluster
architectures,
and
you
can,
with
with
this
framework,
you're
able
to
specify
the
distribution
or
yeah.
C
You
could
specify
the
distribution
of
kubernetes
manifest
just
from
your
hub
cluster,
so
mike
I'll
toss
it
to
you
now
to
describe
the
architecture
and
for
the
demo.
B
B
So
it
just
keep
going
up
the
stack
as
we
as
we
build
on
top
of
the
of
open
cluster
management.
So
in
terms
of
the
overall
architecture,
it's
a
hub
and
spoke
or
help
and
manage
model.
So
it's
the
same
model
that
kubernetes
uses
for
the
api
pattern,
we're
very
fortunate
to
have
several
key
members
from
the
kubernetes
project
as
open
cluster
management
maintainers.
B
So
the
open
cluster
management
design
it's
heavily
influenced
by
the
existing
kubernetes
design.
So
the
key
is,
if
you
familiar
with
kubernetes
on
a
single
cluster.
Some
of
the
terms
and
some
of
the
design
philosophy
that
we
use
in
open
cluster
management
should
sound,
similar
and
more
similar
as
well.
B
So
going
back
to
the
hub
and
spoke
model,
we
have
a
cluster
that
can
be
act
as
a
hub
by
running
some
cluster
management
controllers
on
it,
then
the
spoke
or
managed
clusters
with
agent
running
in
them
will
join
the
hub
cluster,
and
this
is
the
key
point
I
want
to
emphasize
is
to
make
the
connectivity
is
actually
initiated
from
the
spoke
cluster
to
the
hub
cluster.
B
This
is
done
intentionally
because,
based
on
the
community
and
user
feedback,
we
we
didn't
want
the
hub
having
to
go
through
the
firewall
and
reach
out
to
cluster
in
a
push
like
model,
so
open.
Cluster
management
is
more
of
a
pool
model
where
the
clusters,
where
the
spoke
or
managed
clusters
are
looking
in
the
hub
for
work
or
the
manifest
that
needs
to
be
deployed
and
bring
them
down
and
to
the
the
managed
transport
cluster
side
and
applying
them.
B
So
as
well
from
a
scalability
point
of
view,
you
know
it's
it's
much
easier
to
have
individually
similar
agent
running
on
those
remote
clusters
doing
most
of
the
heavy
lifting
instead
of
in
a
push
model
where
the
controllers
on
the
hub
is
trying
to
push
down
to
a
thousand
and
maybe
two
thousand
clusters.
B
So
again,
our
hub
h,
our
hub
agent
is
a
pool
model,
so
the
agent
is
pulling
from
the
hub
once
they're
connected.
But
that
being
said,
there's
obviously
cases
where
you
want
to
want
to
do
push
and
we
actually
have
add-ons
that
enable
the
push
model
as
well.
So
it
really
depends
on
your
on
your
use
case.
You
can
have
a
default
decentralized
cool
model.
You
can
or
you
can
have
a
centralized
push
model,
and
that
is
one
of
the
benefits
about
open
cluster
management.
B
C
A
Oh,
I
was
gonna
say
that
that
that
we
have
a
good
question
that
lines
up
right
here,
so
you
said
that
by
default
it
uses
a
pool
model
so
rather
than
having
having
your
hub
component
push
down
content,
two
thousand
two
thousand
different
different
clusters:
you're
gonna,
have
all
of
those
one
or
two
thousand
managed
clusters.
However,
many
really
pull
from
that
pool
data
pool
work
to
do
from
that
hub
and
then
there's
a
concept
of
add-ons
where
add-ons
can
utilize
their
their
own
interaction
framework.
A
That
might
be
more
of
a
push
in
some
add-ons
use
that
push
model
so
there's
an
ability
through
open
cluster
management.
It
sounds
like
to
do
both
a
pull
and
a
push,
but
you
need
to
understand
the
constraints
and
and
costs
and
benefits
that
that
sounds
right.
Yup.
B
A
Awesome,
I
hope
that
answers.
We
had
one
question
in
chat
so
that
that
might
answer
your
question
already.
B
Yep,
so
are
there
any
other
questions
before
I
show
in
action
with
a
demo.
B
Okay,
so
I
got
three
terminals
here
on
the
left
side.
Here
I
have
a
kind
cluster
that
is,
I
set
up
sort
of
a
two
in
to
imitate
a
hub
cluster
and
then
on
the
on
the
right
side.
Here
I
have
a
they
all
nearly
created
another
client
cluster
that
represent
the
remote
cluster
one
and
another
client
cluster
that
represent
the
remote
cluster
two.
B
So
what
the?
What
I'm
gonna
be
using
is
the
extra
admin
cli
tool,
so
this
cluster
admin
cli
to
we,
based
on
our
experience
from
the
cube
admin
cli
to
so
some
of
the
commands
might
be
similar
and
does
the
similar
things
in
a
cube.
Admins
cli
to
you,
bootstrap
a
kubernetes
cluster
with
the
control
plane,
and
then
you
join
worker
nodes
to
that
control,
plane
and
then
in
in
open
cluster
management.
The
cluster
admin
command.
B
You
you
initiate
the
the
control,
multi
cluster,
a
hub
control
plane,
and
then
you
have
the
remote
cluster
joining
to
the
to
the
hub
for
command.
So,
in
the
interest
of
time
I
already
ran
the
cluster
admin
init,
which
essentially
lay
down
the
controller
for
the
hub
on
the
hub
cluster
side
and
after
that
is
done.
It
also
creates
the
service
tokens
so
that
we
can
use
the
service
token
to
do.
B
The
initial
join
from
the
remote
cluster
to
the
to
the
hub
cluster
and
it'll
also
spit
out
the
commands
that
you
can.
You
can
use
to
join,
join
the
to
request
a
join
request,
a
registration
from
the
remote
cluster
to
the
to
hub
cluster.
So
I'm
gonna,
I'm
gonna
run
one
of
those
both
of
those.
B
B
B
The
hub
cluster
admin
still
have
to
to
approve
it
as
well.
So
I'm
going
to
do
that
on
cluster
2
as
well.
B
So
while
while
we
wait,
we
can
talk
a
little
bit
about
the
security
and
then
I'll
go
into
more
depth
later,
when
we
have
more
more
slides
to
show
regarding
the
registration
process
so
in
in
this
case
the
sort
of
the
remote
or
the
worker
cluster
admin
they
can
list.
And
then
we
the
manage
clusters
and
and
create
a
managed
cluster
request
on
on
the
hub
cluster
side,
and
also
we
create
a
csr
request.
B
B
Look,
the
p
is
actually
stored
on
the
remote
cluster
side
and
it
is
actually
never
transmitted
over
the
network
and
then
and
the
worker
clusters
of
the
remote
clusters
cannot
approve
his
own
customer
registration
by
default
because
we
we
have
our
backs
set
up
so
that
to
approve
a
cluster
registration
is
only
bound
by
the
cluster
admin
on
the
hub.
B
So
when
you
generate
a
request,
a
join
registration
request,
you
create
the
certificate,
signing
requests
and
then
you
also
create
manage
cluster
as
well.
So
these
manage
cluster
appears
on
the
hub,
but
you
can
see
they're
not
joined
and
not
available
yet
because
the
the
hub
admin
has
not
accepted.
I've
accepted
the
join
request.
B
So
now
I'm
going
to
accept
the
sub
the
one
of
the
clusters
and
then
I'm
going
to
accept
the
other
cluster
as
well.
So
we
can
go
back
and
check
the
csr
and
now
they
be
improved
and
then
for
both
clusters.
So
now
that
that
means
the
we
set
up,
the
authentication
between
the
remote
cluster
to
the
hub
cluster
and
the
certificate
will
renew
itself
by
the
by
the
controller
on
the
remote
cluster
side
and
also
in
terms
of
authorization.
B
So
after
you,
after
you
set
up
after
you
set
up
this
connectivity,
one
of
the
basic
things
that
you
can
do
is
you
want
to
deploy
some
workload
from
the
hub
to
the
remote
cluster.
So
this
is
done
in
open
cluster
management
through
a
manifest
work.
Api
so
manifest
work.
Api
in
after
the
registration
is
completed,
each
each
cluster,
which
remote
cluster
have
its
own
namespace,
that
designated
namespace
on
the
hub
cluster
side.
So
if
we
look
at.
B
If
we
look
on
the
hub,
we
can
see
these
two.
These
two
namespaces
are
created
so
on
the
remote
cluster
cluster
one.
It
only
has
access
to
the
hub
cluster
cluster,
one
namespace
and
same
for
the
cluster
two
remote
cluster
2
only
have
access
to
the
hub
clusters:
namespace
cluster
2,
as
well,
so
to
deploy
a
workload.
B
We
use
some
nfs
work
api
and
then
you
you,
you
wrap
your.
You
wrap
your
workload
or
manifest
in
in
this
api,
and
then
you
put
it
in
the
namespace
which
represent
the
remote
cluster
that
you
want,
and
then
you
apply
it
on
the
hub.
B
You
can
see
that
the
manifest
work
has
been
applied
on
the
on
the
hub
and
then
the
we
can
check
on
the
remote
cluster.
It's
been
it's
been
deployed
on
the
remote
cluster
and
if
we
check
we've
checked
on
cluster
2,
obviously
there's
no
no
deployment
yet
because
we
we
only
deploy
on
the
cluster
one
name
space
and
the
cluster
one
doesn't
have
permission
to
access
the
cluster
to
for
security
reasons.
B
The
key
of
registry
trading,
your
remote
cluster
to
hub
cluster,
and
then
you
can
deploy
some
workload
towards
your
remote
cluster.
So
before
I
continue
on,
are
there
any
questions.
A
A
In
that
case,
okay,
we
have
a
couple
questions.
The
first
one
is
a
note.
Next
time
we
go
back
to
the
slides,
we
need
to
bump
the
font,
size
or
sorry,
the
open
cluster
management
web
page.
The
link
should
be
in
chat
as
well,
but
the
other
question
is
to
make
sure
by
default.
We
push,
isn't
mandatory.
Just
pull
push
is
an
optional
add-on,
something
that
you
can
enable
and
utilize
separately.
But
pull
is
the
default
out
of
the
box.
B
That
is
correct,
so
so
I'm
gonna
get
on.
I'm
gonna
explain
add-on
in
a
bit,
but
we
do
have
add-ons
available
that
allows
you
to
push
kubernetes
api
request
to
the
to
manage
cluster.
Okay,
can
you.
B
Awesome
awesome,
so
you
need
to
set
up
a
cluster
proxy
add-on
and
a
managed
service
account
add-on,
and
then
you
you
file
through
the
setup,
then
at
the
end
you
can
actually
use
with
the
hub
with
the
hubq
config.
You
can
actually
proxy
through
to
your
remote
cluster.
B
So
with
with
with
that
ability,
then
you
can
push
whatever
workload
you
want
using
this.
This
cluster
proxy.
A
That
is
awesome,
and
it
looks
like
thanks
to
patrick
and
chat.
Someone
else
was
curious
about
giving
this
a
try
in
a
home
lab,
so
the
the
the
behind
the
scenes
pulling
back
the
curtain
mike
told
me
ahead
of
time.
All
of
this
demo
is
actually
running
off
of
kind
clusters
on
his
local
machine,
so
kind
and
cluster
adm
can
actually
get
you
basically
what
what
mike's
doing
for
the
demo
today
is
what
he
told
me
right.
B
Exactly
so,
all
three
of
my
clusters
were
actually
freshly
created
today:
kind
clusters,
so
in
in
our
instructions
they
have
about
setting
up
a
local
kind
environment
to
do
the
initial,
bootstrap
and
testing
as
well.
A
Awesome
that
is
this
is
pretty.
This
is
pretty
great,
I
I'll
be
honest.
I've
definitely
been
to
plenty
community
plenty
of
these
community
meetings,
but
I
I
have
never
actually
played
around
with
the
manifest
work
api
which
that's
that's
pretty
incredible.
That's
a
a
great
easy
way
to
push
different
kubernetes
manifests
direct
between
clusters.
What's
the
overhead
look
like,
I
know
we
have
a
lot
of
scale,
sensitive
folks
in
chat.
What
does
the
overhead
look
like
for
the
footprint
on
a
managed
cluster.
B
So
it
should
be
pretty
lightweight,
because
the
our
our
agents
are
quite
small
and
we're
we're
not
using
a
polling
system
for
watching.
We
actually
acted
we're
just
watching
the
from
the
remote
cluster
side
and
watching
on
the
hub
cluster
side.
So
on
manifest
work,
you
can
actually
configure
a
status
sync
so
say.
B
For
example,
you
you,
you
look
at
a
pod
and
then
you
see
these
certain
statuses
and
you
want
to
sync
those
statuses
back
on
the
hub
side,
because
that's
where
you
you
manage
your
your
entire
fleet,
so
there's
also
an
option
in
the
manufacture
where
you
can
configure
that.
But
we
definitely
we.
We
definitely
don't
recommend
syncing
the
entire
status.
B
We
we
recommend
you
there's
a
jsonpath
configuration
that
you
can
pick
on
manifest
work
and
then
you
can
surely
pick
the
status
you
want
and
that
will
become
a
quite
lightweight
as
well
so
yeah.
We
we
run
testing
before
and
we
were
able
to
support
a
thousand
like
two
thousand
clusters,
no
problem
there
there's
some
configuration
tweaking
needed
in
terms
of
the
heartbeats
going
from
the
remote
cluster
to
the
hub
cluster.
Maybe
I
think
the
the
default
it's
a
little
bit
too
strong,
but
yep.
A
That's
that's
awesome,
so
so,
basically,
what
you're
saying
is
the
user
gets
a
lot
of
dials
to
tune
for
how?
Basically,
if
if
you
have
10
clusters
or
20
clusters
to
to
to
monitor
and
and
to
roll
out
10
manifests
to,
maybe
you
can
actually
send
back
a
lot
more
rich
detail,
but
if
you're
running
a
thousand
manifests
to
ten
different
clusters,
maybe
you
just
want
the
status
item
that
says,
ready
or
not
ready.
You
know
ready
true
false
and
that's
what
you
care
about,
so
you
can
specify
that.
A
That's
that's
a
really
cool
amount
of
configuration,
and
this
is
definitely
feels
like
a
foundational
tool
that
a
lot
of
people
can
build.
On
top
of,
I
know
spoilers
for
the
community.
I
think
some
folks
are
building
on
top
of
this.
This
is
the
foundation,
but
that's
that's
incredible.
So
you've
mentioned
add-ons
a
lot.
I
think
this
is
probably
where
you're
going
next,
but
but
is
there
any
way
for
folks
to
contribute
and
build
and
extend
add-ons
themselves
and
pick
up
pre-existing
add-ons.
A
B
Yeah
I'll
go
into
the
more
technical
details
about
registration
as
well
as
add-on
later,
but
are
there
any
other
question
of
the
demo
before
I
pass
it
over
to
mckellar
to
talk
about
where
you
can
contribute
or
where
you
can
participate
in
the
open
cluster
management?
Community
and
possibly,
you
know,
develop
an
add-on,
for
example,.
B
If
not
I'll
I'll
pass
it
to
opacity
to
michaela
right
now
and
I'll
talk
a
little
bit
about
the
community
side
how
to
get
involved
and
how
to
engage
with
our
open
cluster
management.
Community.
C
Cool
thanks
mike
and
great
job
on
that
demo.
Do
you
mind
selecting
to
present
the
presentation,
so
I
could
come
up
a
little
bit
larger.
C
Okay,
so
yeah,
like
I
mentioned
earlier
in
the
video,
make
sure
that
you
all
start
with
going
to
github.
First,
that's
where
you'll
see
a
lot
of
resources,
you'll
get
a
view
of
the
readme
and
you
can
even
contribute
and
contribute
in
that
way.
C
So
that's
something
that
that's
amazing,
about
open
source
and
learning
how
to
become
a
contributor,
because,
despite
you
know,
despite
any
knowledge
that
you
don't
have
right
now
or
any
knowledge
that
you
do
have,
you
can
define
the
value
that
you
have
and
go
ahead
and
maybe
just
make
a
suggestion
or
anything
like
that.
So
one
way
that
I
do
like
I
mentioned
before,
I'm
a
technical
writer
for
a
product
for
the
product
team,
and
so
one
way
that
I
know
that
I
can
contribute
is
through
documentation.
C
And
so,
if
you
see
something
wrong,
a
misspelling
or
even
maybe
a
different,
maybe
we're
using
the
wrong
api
or
something
that's
described.
C
You
could
put
in
the
issue
create
an
issue
describe
what
the
problem
is
and
then
that
will
eventually
be
solved
or
you
can
solve
it
on
your
own
and
you
can
create
a
pull
request
and
get
it
reviewed
by
one
of
the
maintainers
and
things
of
that
nature.
So
you
can
contribute
it's
different
projects
within
open
cluster
management,
so
you
might
see
something
like
michael's
added
you
might.
He
was
speaking
about
add-ons.
You
can
contribute
to
the
governance
policy
add-on
project
or
you
can
contribute
to
api
project.
C
Whichever
project
you
know,
piques,
your
interest
feel
free
to
go
in
dive
in
and
see
what
issues
are
already
created.
What
pr's
are
in
progress
right
now?
You
can
also
join
the
slack
channel
and
see
the
conversations
there
join
the
community
meetings,
which
often
happen,
I
believe
at
like
10
30
on
thursdays,
usually,
but
might
correct
me
on
that
information
if
I'm
wrong
and
then
you
can
also
tune
in
on
youtube
like
you're
doing
now
or
on
twitch
and
just
get
involved
with
the
community.
That's
how
the
community
moves
forward.
C
It's
through
different
contributions
from
outside
ex
or
external
contributors
and
just
to
help
build
collaboration
within
the
oregon
stuff.
So
yep
back
to
you,
mike
on
explaining
add-ons.
B
Thank
you,
michaela
yeah.
I
just
want
to
touch
up
on
our
community
meetings
so
because
we
have
contributed
from
the
west
coast
east
coast,
canada,
israel,
europe,
india,
china
et
cetera.
We
have
actually
two
community
time
slots,
one
it's
10
30
eastern
time
and
the
other
one
is
9
30
pm
eastern
time,
the
10
30
a.m.
B
Eastern
time
is
in
in
in
the
morning,
so
we
rotate
that
on
bi-weekly
basis,
so
feel
free
to
it's
a
open,
completely
open
community
meeting
so
feel
free
to
join
in,
and
then
we
can
talk
about
whatever
problems
or
whatever
suggestion
you
have
for
the
community.
B
So
thank
you
michaela
for
that
quick
plug
on
our
on
our
community
side.
So
I
I
want
to
go
into
a
little
bit
deeper
on
the
cluster
registration
and
how
it
actually
works.
So
the
in
the
demo
I
glossed
over
some
of
the
details
around
who
does
what
and
since
the
open
cluster
management
is
really
about
building
a
foundation
block
and
the
very
foundation.
B
B
We
get
a
lot
of
questions
when
a
organization
or
a
team
comes
to
want
to
participate
in
the
open
customer
management
they
they
want
to
know
that
it
is
secure,
it
is,
it
is
done
and
designed
properly
from
the
from
the
base
of
so
I'm
I'm
going
to
be
using
some
of
the
slides
that
were
provided
by
david
east
david
east
is
one
of
the
key
contributor
of
the
kubernetes
project
on
on
github
site.
B
He
probably
was
participating
in
a
project
since
the
very
beginning
of
when
it
was
brought
over
from
when
google
open
sourced
the
kubernetes
project.
So
my
my
explanation
is
probably
not
going
to
be
on
par.
It
says,
but
I'm
going
to
give
it
give
it
a
try.
B
So
when
when
when
we
first
started,
you
know
we
have
we,
we
have
three
actors.
We
we
have
the
hub,
the
manage
cluster
and
the
the
hub
admin
and
the
the
bootstrap
identity
is
what
we
started
with,
which
is,
which
was
the
service
account
so
service
account
that
the
hub
administrator
with
the
the
the
remote
or
the
smoke
cluster
and
the
and
the
managed
cluster
uses
that
bootstrap
identity
basically
go
like
hey.
I
want
to
create
this
custom
resource
managed
cluster.
B
I
want
to
provide
some
information
of
what
I
am
so
do
you
accept
me
here
and
here's
my
current
life
cycle
states
in
the
end
there
it
contains
other
information
like
labels
and
then
cluster
claims,
which
sort
of
describe
what
the
managed
cluster,
what
the
match
cluster
is,
and
then
we
can
build
more
functionality
on
top,
as
well
as
the
the
creation
of
the
csr.
B
So
in
the
in
a
certificate
signing
request,
it
is
in
the
name,
shape
like
this,
so
it's
in
the
format
that
the
the
hub
admin
can
recognize.
So
after
after
it's
created,
you
saw
that
we
have
a.
We
have
a
chance
to
approve.
B
So
after
the
approval
you
actually
we
we
won't
use
the
bootstrap
identity
anymore,
actually
create
a
more
persistent
cube,
config
on
the
managed
cluster
size,
and
then
it
can
renew
itself
and
the
app
access
the
hub
cluster
again,
and
this
is
how
the
manifest
work
actually
function.
This
is
how
we
sort
of
keep
the
different
cluster
distinct
from
each
other
and
what
access
device
they
have.
B
So
once
you
accepted
the
manage
cluster,
the
the
hub
cluster,
the
hub
cluster,
actually
creates
a
namespace,
as
I
mentioned
in
in
the
demo,
so
because
the
way
the
the
manifest
work
we
want
the
manage
cluster
to
reach
out
to
the
hub.
B
So
we
need
a
way
for
the
hub
to
distinctly
distinctly
manage
cluster
efficiently
and
only
grant
access
to
a
subset
of
resource.
So
we
want
to
avoid.
B
We
want
to
avoid
the
situation
where
managed
cluster
one
is
able
to
get
information
from
another
cluster
like
managed
cluster
two
or
even
modify
the
status
of
managed
cluster
two,
because
you
you
can.
If,
if
you
allow
managed
cluster
one
to
modify
manage
cluster
two
status,
you
can
you
can
sort
of
steal
all
the
workload
you
wanna,
you
say
manchester
cluster
2
is
really
busy.
B
Now
give
me
all
the
workload
and
that,
and
that
way
you
can
sort
of
steal,
steal
contents
that
way
so
in
open
cluster
management.
We
we
use
we're
using
kubernetes
are
back
on
on
the
names
namespace
level,
so
it's
efficiently
to
evaluate
so
because
we
know
which
precisely
which
user
we
need
to
grant
access,
then
we
can
have
them
match
inside
the
namespace
and
that
really
gives
us
the
ability
to
segregate
the
workload
delivery.
B
So
when
we
look
at
after
registration,
we
can
see
how
the
demand
is.
Work
get
his
detail
associated
with
the
with
his
cluster
and
with
with
that
identity,
it
contacts
the
hub
and
we
treat
the
cluster
customer
resource
called
the
manager's
work,
which
we
show
and
then
and
inside
the
manifest
work.
It
contains
the
workload
and
then
each
each
controllers.
B
So
it's
it's
also
important
to
to
know
that
the
manifest
work
can
create
almost
anything
from
like
namespace
to
customer
resource
or
add-on,
whatever
he
needs
and
because
there
are
back
that's
associated
with
it.
So
if
there's
an
evil
managed
cluster
trying
to
access
in
a
cluster
you'll
get
its
access
rejected.
A
So
yep
go
ahead.
So
not
only
does
this
not
only
do
we
have
a
secure
connection
that
has
to
have
a
hub
and
a
managed
cluster
agree
to
become
connected,
but
you're
also
saying
that
the
the
mechanisms
baked
into
that
foundational
handshake
protect
from
cross
pollution
and
and
kind
of
cross
access.
So
you
can
give
role-based
access
control
to
you.
A
Can
you
can
r
back
access
to
a
single
managed
cluster
and
know
that
if
someone
can
access
rolling
out
manifest
to
that
managed
cluster
that
might
be
owned
by
app
team,
a
app
team
b
can't
access
the
other
managed
cluster
unless
you
give
them
access
and
those
managed
clusters
can't
cross
access
either?
That's
that's
really
interesting.
That's
really
good!.
B
Yeah-
and
it
also
helps
with
cleanup
as
well-
we
want
to
segregate
everything
on
its
own,
isolate
namespace,
so
that
it's
easy
to
sort
of
clean
up
a
managed
cluster.
If
the
manage
cluster
once
we
the
register
from
the
hub,
are
there
any
questions
before
I
go
into
more
details
about
the
add-on.
B
Okay,
I'm
gonna
go
into
what
an
add-on
is,
because
what,
if
I
wanna,
be
like
what,
if
I
wanna
be
like
work,
so
what
naturally
comes
out
of
this
is.
I
wanna
have
a
controller
that
runs
on
the
managed
cluster
that
communicates
back
to
the
hub
and
that
uniquely
identified
and
perform
whatever
operation
you
want.
B
So
we
we
call
those
add-ons
so
there's
a
couple
criteria
to
determine
if
your
add-on,
for
example,
if
you
need
to
read
data
from
the
hub,
so
you
can
use
it
to
figure
out
what
information
to
feed
or
act
on
also
do
you
need
a
different
configuration
for
a
different
managed
cluster,
so
that
will
be
a
good
use
case
for
an
add-on
as
well.
B
If
you
need
the
same
configuration
across
all
different
managed
cluster,
you
can
consider
using
other
mechanism
like
you,
can
install
git
ops
on
the
hub
cluster
and
then
you
just
sort
of
distribute
the
the
same.
B
The
same
configuration
across
multiple
cluster.
So
to
support
this
a
couple
to
support
this
add-on.
We
define
a
couple
of
concepts,
so
we
have
the
add-on
manager
that
runs
on
the
hub
that
distribute
the
resources,
which
is
the
add-on
to
the
individual
resources
individual
clusters,
and
then
we
also
have
the
add-on
agent
that
runs
on
these
book
cluster
that
work
almost
similar
to
the
work.
B
So
one
of
one
of
the
one
of
the
things
that
was,
as
is,
regarding
scalability,
that
we
was
brought
up.
So
what?
If
I
want
to
push
a
lot
of
data
back
or
I
want
to
use
something
that
is
not
not
a
normal,
the
west
resource
box.
So
then
we
get
into
the
access
pattern
that
we
we
sort
of,
don't
encourage
for
add-on.
B
We
don't
encourage
to
a
large
amount
of
data
sent
in
back
to
the
api
server
through
the
add-on,
which
which
essentially
make
the
add-on
sort
of
act
like
like
a
proxy
and
if
you
want-
and
if
you
want
that
one
way
to
one
way
to
do
that
as
david
suggested
is
you
you
create
an
end
point
that
on
the
hub
side,
and
then
you
can
expose
that
endpoint
to
handles
that
better
and
open
cluster
management
actually
provides
a
library
that
lets
you
perform
the
csr
dance,
which
is
the
creating
cr
csr
request
and
then
accepting
it
that
we
we
talked
about
and
demo
about
earlier.
B
So
that's
another
another
use
case
for
open
class
cluster
management.
You
can
use
that
library
to
build
your
as
david
call
it
the
awesome
data
recorder
and
having
the
awesome
data
recorder,
sending
a
big
amount
of
data
and
even
non-west
data
back
to
the
hub.
B
So
this
is
basically
it
in
terms
of
my
presentation
in
terms
of
presentation.
B
We
we
talked
about
how
to
how
to
join
a
cluster.
What
happens
during
the
joining
process?
What
happens
afterwards?
How
does
the
information
flow
look
like?
How
does
the
permission
look
like
how
to
keep
the
data
segregated
and
how
do
I
create
and
how
do
how
to
add
on
work?
B
So
there
are
still
a
lot
of
other
apis
on
open
cluster
management.
For
example,
we
haven't
touched
the
the
placement
api,
which
is
a
really
powerful
api
where
you
you
can
determine
which
clusters
have
allocated
resources,
and
then
you
can
use
the
placement
api
to
determine
create
that
cluster
one
after
you
have
more
resources
in
cluster
two
and
I'm
going
to
push
the
workload
towards
the
customer
cluster
one
and
there's
there's
add-ons.
B
We
we
have
native
add-ons
like
application,
lite
application
application
life
cycles.
We
have
governance
policy
add-ons,
we
also
have
the
cluster
proxy
add-ons,
etc.
So
that
really
is
allows
you
to
build
functionality
on
top
of
open
cluster
management
as
well
and
so
yeah.
Please
give
it
a
try
and
we
welcome
all
contribution,
we're
very
active
on
slack
we're
very
active
on
the
coming
meetings
and
the
mailing
list.
A
Yeah,
yes,
that's
awesome
mike,
so
where
would
someone
so
I
I'm
looking
at
this?
This
is
amazing.
I
see
that
there's
add-ons
for
policy.
I
really
like
this
manifest
work
thing
I
see.
There's
a
proxy
and
a
managed
service
account
that
look
really
interesting.
Where
would
I
get
where
would
someone
get
started
on
on
figuring
out
if
they
should
build
and
building
their
own
add-ons,
so
say
they
wanted
to
build
another
add-on?
They
want
to
leverage
this.
They
have
some
specific
use
case
and
they
want
to
extend
what's
out
there.
A
A
B
Exactly
so
head
over
to
the
open
cluster
management,
and
then
you
can
click
documentation,
and
then
we
have
all
the
topics
that
we
talk
about.
We
also
have
the
specifically
for
add-ons.
We
have
the
add-on
page
and
then
you
can
visit
the
add-on
framework
github
and
there's
more
examples
on
how
to
build
or
what
what
is
what
is
a
add-on
as
well,
and
we
also
we're
actually
we're
actually
creating
from
the
from
your
feedback
from
community
feedback.
B
We
we're
actually
trying
to
enhance
our
our
add-on
development
guide.
B
So
so
guys
shout
out
to
g
g
way
in
here
for
creating
this
add-on
doc
add-on
developer
doc
to
further
enhance
the
the
creating
an
add-on
experience
and
you
can
provide
anyone
can
provide
feedback
to
to
to
the
dog
and
see
if
that
helps
with
the
experience
in
terms
of
developing
it
at
all.
A
That
is
awesome
and
someone
already
linked
it
in
chat
feel
free
to
ask
any
questions.
Folks,
I
I
surely
have
a
few
in
the
interim
my
favorite
question
to
ask
anyone
in
an
open
source
community,
especially
anyone
who's
been
as
involved
and
involved
for
as
long
as
I
know
mike
has
what
is
your
favorite?
What
is
your
favorite
part
of
open
cluster
management?
Is
there
a
part
that
you
helped
to
write
that
you
helped
architect
that
there
was
a
heated
discussion
about
that?
Is
your
absolute
favorite
mike
mikayla?
A
I
don't
know
if
you
have
any
favorites,
you
don't
have
to
pick
your
favorite
child,
but
what
have
you
enjoyed
the
most.
C
So
we're
actually
here
so
I
would,
I
would
say
my
favorite
part
is
not
when
I
do
have
the
opportunity
to
do
so
is
to
review
the
documentation
from
the
open
source,
or
at
least
over,
because
their
management
people,
like
I
said
when
I
have
the
time
to
do
it-
usually
I'm
already
doing
just
regular
product
docs,
but
when
that
opportunity
presents
itself,
it's
definitely
awesome
to
see
like
just
a
collaboration
coming
together
there,
and
we
presented
this
one
website.
At
least
you
know
just
this
brand
that
we
that
we
all
on.
B
And
my
favorite
moment
is
when
we
get
community
feedback,
saying
hey
we're
using
a
certain
project,
we're
using
a
certain
tools,
but
they
are
no
longer
scaling
for
our
as
we
increase
the
amount
of
multi
clusters,
we
no
longer
scale
out
and
that's
when
I
get
involved
in
presenting
open
cluster
management,
saying
here's
a
really
modular
you
can
plug
and
play
and
choose
the
pieces.
You
want
solution.
B
So,
let's
see
if
this
open
custom
management
can
solve
your
scalability
problem,
your
multi-cluster
management,
multi-cloud
management
problem
and-
and
I
really
get
a
joy
out
of
that
being
able
to
provide
a
a
solution
for
for
the
community
where,
where
they
went
into
a
certain
roadblock
in
this
multi-cloud
multi-cluster
cluster
space.
A
That
is
awesome,
any
other
highlights
from
the
community
anything
else
that
we
might
have
missed.
If
not
we
can.
We
can
wrap
things
up
if
there
aren't
any
more
questions
and
we're
always
here
for
questions
afterward
I'll
drop,
the
here's
the
show
contact
also
drop
the
email
and
chat
but
yeah
any
shout
outs
mike
or
michaela
to
the
community.
I
know
we
have
a
rather
large
participating
community
on
and
off.
So
any
shout
outs.
B
Yup
shout
out
to
all
the
participants
on
open
cluster
management,
whether
you're
from
the
from
canada,
us
china,
india,
israel.
Everyone
is
welcome
to
join
and
shout
out
to
the
organizations
that
haven't
really
helped:
building
open
cluster
management,
red
hat
and
tencent,
microsoft,
expedia
alibaba
cloud
and
other
smaller
companies
as
well.
That
really
help
us
on
develop
and
foster
this
community,
as
well
as
the
some
of
the
key
contributor
from
the
kubernetes
space
that
really
guide
us
in
terms
of
the
design
david
eats.
I
mean
cam.
B
C
A
Yeah
thanks
for
coming
on
today,
folks,
so
I
dropped
a
link
in
chat
for
the
open
cluster
management.
Io
project
go.
Take
a
look,
maybe
write
an
add-on.
If
you
have
the
concerns
come
to
some
of
the
community
meetings.
I
know
I
make
it
from
time
to
time.
Normally
the
north
america
ones
I'm
a
bit
of
an
early
to
bed
person,
so
I
I
tend
to
miss
the
other
ones,
but
thanks
everyone
for
coming
and
joining
today
and
we'll
see
everyone
in
two
weeks.
I
don't
have
the
topic
finalized
for
that
one.
A
Yet
it's
one
of
two,
so
I'm
not
going
to
tease
it,
but
as
always,
you
can
find
announcements
on
reddit
and
twitter
to
find
out
we'll
be
talking
about
in
a
week's
time.
So
we'll
see
everyone
back
here
in
two
weeks
and
maybe
mike
and
michaela
they'll
come
back
another
day
or
we'll
do
a
cross
stream
with
an
open
cluster
management
community
meeting.
Who
knows
what
is
to
come
so
thanks
folks,
I'll
roll,
the
intro
is
the
outro.
As
always-
and
you
see
we'll
see
everyone
in
two
weeks,
yeah.