►
Description
Whether one cluster or a thousand, operating and automating a Kubernetes fleet can be rife with challenges. Ansible is a great toolbox to overcome these challenges, but translating your playbooks to a fleet of clusters can be a headache! The stolostron.core Ansible Collection supercharges your playbooks with easy, secure, and Ansible-native access across your Kubernetes fleet. Join Gurney and Joydeep as they talk to Hao Liu and the team behind the stolostron.core Ansible Collection as they discuss Ansible for fleet management and automation.
A
Hello
and
welcome
to
the
cloud
multiplier.
I
am
your
co-host
granny
buchanan
and
I'm
thankfully
joined
by
my
co-host
joy
deep
today,
glad
to
have
you
back
hope,
feeling
better
and
we're
joined
well,
honored
to
be
joined
by
our
guest,
how
lou
have
guest
personal
friend
colleague,
all
of
the
above
today
we
didn't
have
our
our
load
in
today.
We're
experiencing
some
technical
difficulties,
but
we've
come
to
you
on
time
hopefully
and
live
so
we
are.
A
We
are
ready
to
go
joy,
deep
glad
to
have
you
back
so
I'll
put
you
immediately
in
the
hot
seat
as
we
move
into,
and
I'm
I'm
borrowing
actually
borrowing
a
background
today.
So
there's
top
of
mind
topics
it's
appropriate
because
we're
using
the
af
ask
an
open
shift.
Admin
loadout
that
we've
put
together
so
any
top
of
mind
topics.
Today,
jo
yeah.
A
B
Now,
after
a
bout
of
kobe,
I
can
count
from
five
to
zero
backwards.
I
can
do
my
exercise
and
I
had
actually
the
plethora
you
know
for
you
folks,
first
time
seeing
gertie
a
little
flustered,
because
some
somebody
or
something
deleted
the
show
and
he's
responsible
for
it.
So
he
was
loading
all
the
stuffs
in
the
last
15-20
minutes
so
anyway.
The
the
interesting
thing
that
I
wanted
to
share
is
something
called
hugging
face:
hugging
face
dot
co,
so
I
just
picked
up
this
chatter
from
a
machine
learning
expert.
B
This
this
side
is
not
free
exactly.
There
are
some
things
which
are
free,
but
it
has
amazing
amount
of
machine
learning
models
uploaded
there
by
lots
of
different
companies.
They
are
powerful
problems
that
are
solved
there
for
people
to
reuse.
I
did
not
have
a
clue
that
such
kind
of
thing
existed.
This
was
fascinating
because
I
was
I
was
actually
looking
for,
something
which
I
think
has
been
solved
already
and
trying
to
you
know,
reuse
that
so
that
was
a
fantastic
surprise.
For
me,
a.
B
A
B
A
Yep,
especially
I've
always
heard
the
story
of
you
know
it's
very
difficult
to
compete
with
google,
because
you
don't
have
all
of
the
data
that
google
has
produced
and
that's
a
that's
a
hyper
wild
scale
problem,
but
even
smaller
problems
where
you
don't
have
the
data
and
data
is
expensive
and
data
is
valuable
and
even
more
that
valuable
than
that
are
the
models
that
it
produces.
So
you
know
you
can
pay
use
a
google
service
to
use
a
pre-built
model.
That's
amazing
that
there's
a.
B
A
Also,
I
would
have
never
guessed
that
a
website
called
hugging
face
whose
logo
is
an
emoji
would
be
a
repository.
I
guess
I
didn't
screen
share
this
button.
That
is
amazing.
Well,
how
you're
in
the
hot
seat,
do
you
have
any
have
any
fun
open
source
projects?
I
know
recent
fairly.
Recently,
you
moved
from
the
advanced
cluster
management
team
over
to
ansible,
so
I
assume
a
lot
of
your
recent
discoveries
have
been
ansible
related
right.
C
I'm
just
drinking
from
a
fire
hose
at
the
at
the
moment
and
learning
a
lot
about
ansible
automation,
controller
yeah.
Besides
that,
not
that
many
interesting
news
discovery,
although
speaking
of
ai
right,
like
recently,
I
started
using
copilot
and
I
compete
continuously
be
sure
in
shock
about
how
it's
just
fascinating.
It
actually
produces
useful
stuff.
Sometimes-
and
I
used
to
be
very
skeptical
of
ai-
and
I
don't
think
I
am
anymore.
A
C
C
B
A
B
A
A
Yeah,
I
I
a
devops
person,
a
you
know
somewhere
some
some
days
are
devs.
Some
days
are
ops
most
days
or
both
did
take
some
design
classes
in
college,
mostly
human
computer,
interaction,
interface,
design,
hdi
design,
but
this
was
just
a
magnificent
book
with
a
wonderful
book
cover
because
it's
a
cover
of
a
teapot
and
tea
kettle
and
the
pourer
of
the
tea
kettle.
The
spout
of
the
tea
kettle
is
near
the
hand
right
above
the
handle,
because
it's
not
very
intuitive
you're,
just
going
to
pour
it
all
over
yourself.
A
A
Yeah
and
speaking
of
things
that
you
can
naturally
that
so
many
people
really
naturally
understand
how
to
use
I'm
getting
really
good
at
the
segways
today.
How
is
actually
coming
to
not
talk
about
some
of
the
many
other
things
he's
built
in
in
and
before
my
presence,
like
the
the
cluster
lit
that
we
use
in
in
red
hat
advanced
cluster
management.
This
is
the
the
man
behind
the
curtain
in
many
ways,
but
he's
moved
on
and
he's
done.
A
Some
amazing
work
in
kubernetes
fleet
management
with
ansible
coming
today
to
tell
us
how
to
use
ansible
to
reconcile
and
interact
with
and
manage
a
huge
fleet
of
kubernetes
clusters.
I
I'm
sure
you've
brought
a
demo
that
will
break
the
bank.
So
are
you
ready
to
go
how
what
do
you
give
us?
The
kickoff.
C
Well,
first
time
attending,
I'm
still
trying
to
figure
out
my
flow
here.
So
I
well
I
I
guess,
let's
I
guess,
let's
just
go
straight
into
the
demo
right.
I
I
I
don't
know
who
how
many
people
use
this
ansible
to
manage
the
kubernetes
cluster,
but
given
the
number
of
download
counts
on
ansible
galaxy
for
the
kubernetes
module,
I
I
guess
there
is
probably
a
fair
bit
of
people
right.
A
B
C
C
I
kind
of
just
want
to
directly
interact
with
these
these
these
cluster,
the
acm
managers
like
I
want
to
be
able
to
set
coop
cpl
against
it.
I
want
to
any
other
tool
right
that
is
able
to
interact
with
the
kuber
api
server
directly
from
acm
and
well
that
also
included
ansible
kubernetes
module
as
well.
So
I
I
don't
remember
how
long
ago
I
think
about
six
months
or
so
ago,
a
couple
of
our
community
contributors
for
open
cluster
management
contributed
a
really
cool
project.
C
It
established
a
reverse
proxy
from
acm
from
the
managed
cluster
to
acm,
so
that
from
a
service
on
acm
you're
able
to
communicate
with
all
the
cooper
api
server
on
the
manage
cluster
and
using
you
using
this
functionality,
we
built
a
couple
we
built.
We
built
a
couple
of
modules
and
acm
ansible
collection
to
allow
ansible
to
directly
talk
to
those
managed
cluster.
So
here
I
have
a
couple
of
cluster
being
managed
by
acm
and
going
into
my
ansible
automation,
controller
ui.
Let
me
log
back
in
right,
quick.
C
The
ansible
automation,
controller
itself
for
the
demo
is
in
the
demo,
repo
that
gurney
will
post
later
and
we
can
go
over
that
a
little
bit
in
a
little
bit.
But
the
main
thing
here
I
created,
I
created
a
credential
type
for
community
for
communicating
with
acm
hub,
and
I
created
a
quick.
Well,
I
created
a
credential
to
this
acm
hub.
C
I'm
just
just
been
showing
you
from
here.
I
loaded
the
demo
project
and
also
the
dynamic
inventory,
that's
in
the
demo
project,
so
this
dynamic
inventory,
I
could
go
a
little
bit
into
the
configuration
of
this
dynamic
inventory
plug-in
for
the
acm
ansible
collection
in
a
little
bit,
but
all
that
all
that
it
does
is
a
allows.
Ansible
to
know
know
about
the
cluster.
That
acm
is
managing.
B
C
C
That's
correct:
I
can
show
that
a
little
bit
actually
in
a
little
bit.
Actually,
we
can
try
to
dynamically
add
a
client
cluster
to
to
my
acm
hub
and
sync
the
inventory
and
see
if
it
shows
up.
Hopefully,
everything
works.
So
after
the
dynamic
inventory
is
synced,
you
can
see
that
the
cluster
that's
being
managed
by
my
acm
plus
acl
hub
shows
up
within
the
inventory
of
ansible.
A
And
one
one
thought
there
doesn't
a
host,
and-
and
this
is
me
being
fairly
naive
about
ansible
automation-
controller
hosts
typically
can
also
run
playbooks
as
well.
That's
one
of
the
is
that,
where
the
confusion
comes
in
that
these
are
kubernetes
clusters,
these
are
hosts,
but
they
don't
necessarily
run
the
playbook
on
on
the
client
or
is
that.
C
A
C
C
B
B
C
Typically,
here
is
where
you
will
like
in
any
traditional
inventory
like
a
vm.
This
is
probably
where
all
the
information
about
that
host
is
stored
right.
You
know,
like
the
ip
address
and
like
any
additional
information
that
you
want
to
store.
You
can
see
that
this
is
empty,
so
that
this
dynamic
inventory
plug-in
is
actually
pretty
dumb
by
design.
C
It
only
provides
it
provides
the
grouping
mechanism
and
it
provides
a
pointer
into
the
acm
system
and
the
other
tools
that
we
have
built
in
the
module.
Allow
you
to
use
this
pointer
to
further
ask
acm
about
any
information
that
you
want
around
that
cluster,
like
okay,
well,
policy
is
applied
to
this
cluster.
C
B
C
C
A
little
bit
later,
when
we
try
to
connect
to
these
clusters,
we
I
I
will
try
to
show
how
is
this
being
established
so,
okay
and
there's
no
credential
right,
that's
associated
with
any
other
managed
cluster,
I'm
not
storing
like
tokens
or
certificates
or
anything.
It's
used
to
authenticate
against
those
the
api
server
of
the
managed
clusters.
So
from
here
I
I
I
want
to
go
into
a
really
really
simplistic
demo.
C
C
I
I
I'm
not
that
imaginative
of
a
person
when
it
comes
to
content
and
I'm
sure
people
that's
attending
the
string.
If
you
have
any
idea
about
like
what
kind
of
cool
things
you
can
make,
you
can
leverage
this
technology
for,
please
let
me
know
play
around
with
the
demo
and
ping
me
I
I
have
gurney
will
even
give
you
my
phone,
a
cell
number
I
would
love
to.
C
C
I
can
target
a
group
of
hosts
the
groups
group's
grouping
that
I
showed
earlier
so,
for
example,
I
can
I
can
target
for
just
cluster
on
amazon
or
on
azure,
and
I
can
target
one
specific
cluster
by
referencing
the
custom
name
directly
or
I
can
just
target
all
the
clusters.
So
let's
go
ahead
and
do
that
and
as
this
playbook
run
I
I
can.
You
know
roll
back
the
curtain
a
little
bit
and
try
to
show
what
exactly
are
we
doing
behind
the
scene
right
so
earlier
I
mentioned
this
cluster
proxy
add-on.
C
What
it
essentially
allows
you
to
do
is
allows
you.
It
creates
a
service
on
the
cluster,
that's
hosting
acm
and
having
the
proxy
agent
calls
back
to
connect
back
to
the
acm
so
that
for
any
user's
perspective,
you
can
connect
the
service
and
have
your
traffic
being
able
to
reach
the
kuber
api
server.
I
think
I
have
a
picture
for
this
hold
on
a
second.
Let
me
try
to
find
a
picture
for
this
all
right.
I
I
think
the
the
this
is.
Can
you
can
you
all
see
this
picture.
C
All
right
cool,
so
there
is
two
services:
that's
host
on
acn
hub,
the
user
service
and
a
proxy
service
right.
The
proxy
agent
connects
to
the
proxy
service
and
the
and
the
user
connects
to
the
user
service.
So
I
I
I
can
set
this
my
my
coop
ctl,
the
api
server
that
my
coupe
ctl
talk
to
against
this
user
service
with
like
slash
cluster
name
and
then
that
will
that
will
allow
me
to
communicate
with
the
kuba
api
server
on
the
manage
cluster
one.
C
A
Okay,
so
you've
created
a
secure
tunnel,
that
is,
that
is
basically
initiated
by
the
managed
cluster
and
handshaked
by
the
hub.
Now
you
have
a
secure
tunnel
and
you
can
access
the
cube
api
and
I'm
going
to
go
ahead
and
guess
you're
about
to
tell
us
that
step.
One
of
running,
an
ansible
playbook
targeting
all
of
your
managed
clusters
is
to
configure
communication
through
that
secure
tunnel.
You've
created.
C
C
So
this
is
the
first
part
right.
We
are
enabling
this
cluster
proxy
add-on
on
the
manage
cluster
and
then
there's
the
second
part.
The
second
thing
that
we
we're
using
called
it's
a
managed
service
account
add-on,
so
managed
service
account.
Add-On
is
another
thing
that
came
out
of
the
open
cluster
management
open
source
project
by
the
way,
awesome
contributors,
if
you
guys
have
not
had
the
chance
to
check
out
our
upstream
project,
please
do.
A
So
you've
so
far
just
gone
through
configured
and
verified
a
configuration
of
the
proxy
and
then
you've
gotten
authentication
to
that
managed
cluster
acting
as
the
hub
through
a
managed
service
account,
and
now
you
have
how
to
contact
the
managed
clusters,
plural
and
how
to
contact
all
and
how
to
authenticate
with
them
in
two
steps.
Two:
two
quick
easy
steps
to
the
whole
inventory.
C
C
The
next
part
is
we
we.
We
need
to
have
authorization
right,
because
at
the
end
of
the
day
you
are
trying
to
do
things
on
those
manage
clusters,
so
another
another
plug-in
that
another
module
that
we
provided
is
a
module
for
you
to
create,
like
rbac
resources
on
the
manage
cluster
for
the
managed
service
account.
This
is
done
via
the
manifest
work
api
provided
by
acm.
A
C
A
C
The
plug-in
survive
supports
two
different
mode
right.
One
is
a
dynamic
service
account.
One
is
a
static
service,
account
the
dynamic
servers
kind
of
have
like
generated
names
so
that,
even
if
you
have
like
60
or
100
of
these
playbook
running
they
don't
they
don't
step
on
each
other.
They
don't
accidentally.
A
C
C
Yeah
again,
I
completely
understand
that
this
is
a
really
really
trivial
example
right,
if
you're,
just
creating
namespace
on
a
cluster.
I
can
do
that
here.
Like
with
this,
you
know
broadcasting
criminal,
but
I
I
think
the
the
key
thing
to
take
away
from
this
demo
is
that
this
gives
you,
like
you,
don't
have
to
manage
any
credentials.
You
don't
have
to
know
but
hold
on
a
second.
Let
me
let
me.
C
Technical
difficulties
all
right,
so
you
can
see
that,
like
different
cloud
providers
have
different
ways
of
authenticating
right
so,
for
example,
and
they
have
different
patterns
for
the
api
servers,
it
gets
a
little
messy
like,
for
example,
the
coupe
config,
that's
generated
by
aks.
Okay,
that
one
is
portable,
like
you
can
give.
I
can
give
this
file
to
joy,
deep
and
joy.
Deep
should
be
able
to
use
it,
but
the
one
that's
generated
by
eks.
C
C
C
B
A
Yeah,
so
what
you're
showing
here
is
the
core
the
core
pieces
of,
and
this
is
plugged
for
last
week,
where
we
talked
about
open
cluster
management,
the
community's
made
one
homogenous
way
to
access
and
authenticate
and
talk
to
these
in
this
incredibly
heterogeneous
landscape.
I
can
tell
you
we
have
an
eks
cluster.
That
is
occasionally
has
an
expired
certificate,
and
it
is
the
only
way
we
get
into
it.
Is
this
exact
method,
because
otherwise
the
original
person
who
made
it
on
aws
has
left
the
left,
the
organization,
their
account's?
B
B
The
other
thing
that
I
see
while
you're
talking-
let's
say,
I'm
I'm
a
seasoned,
ansible
admin.
I
don't
know
much
about
coop.
I
can
use
my
same
tools
to
handle
not
to
do
things
in
coug
and
the
greatest.
The
most
important
thing
is
all
the
security
aspects,
etc
are
all
being
taken
care
of
for
me
automatically.
B
If
I
would
do
it
myself,
I
would
probably
create
a
trail
of
mess.
You
know
trailer
service
accounts
or
whatever
credentials
would
leak,
etc
and,
and-
and
the
other
point
of
course,
how
did
you
say-
is
clusters
in
different
areas
in
different
clouds,
etc.
You
have
to
handle
out
out
and
out
z
differently
and
things
like
that.
That's
all
being
taken
care
of
so
this
is
this
is
way
very
powerful.
Yeah.
A
Donning
my
sre
hat:
if
I
need
to
give
someone
access
to
some
clusters
to
do,
and
often
you
know,
do
some
operation,
I
need
to
do
some
tasks.
I
can
write
an
answer,
a
playbook
that
that
does
that
task
verify
it
against
one
cluster
and
hand
it
kindly
to
this
to
this
collection.
I
haven't
linked
it.
Yet
I
need
to
link
this
actual
ansible
collection
to
this
collection
and
then
it
will
just
do
the
hard
lift
heavy
lifting
for
me.
A
We
have
a
question
as
well
how
and
now
might
be
a
good
time
to
talk
about
it.
Yeah
scott
asks.
Let
me
pop
it
up
real
word
example.
What
if
the
cluster's
busted,
let's
say
the
cluster
upgrade
fails,
never
get
happy
state.
Can
you
use
these
methods
to
grab
logs
and
remediate,
and
I
think
I'm
a
hazard
to
guess
how
tell
me
how
wrong
I
am
as
long
as
you
can
authenticate
to
the
cluster
through
a
service
account,
you
can
use
this
method
to
communicate
with
it
capture
logs
remediate.
Do
whatever
you
want.
C
C
A
A
This
can
configure
the
vms
in
aws
and
it
can
go
out
and
ssh
into
you
know
a
bastion,
node
and
use
that
or
anything
to
do,
a
bunch
of
this
extra
behavior.
And
then
this
looks
ansible
native
enough
that
you
could
just
start
applying
other
ansible
collections
to
it
as
well.
Like
I
I
I
know,
there's
a
k-8s
collection
as
well.
C
Right
and
like
one
of
the
use
cases
I
was
thinking
of
that,
I
didn't
really
have
time
to
to
actually
write
a
demo
for,
as,
for
example,
let's
say
I
want
to
I
I
I
I
know
that
there
is
an
impending
meteor
strike
on.
I
don't
know
us
ease
one
right
and
I
have
a
standby
cluster
on
us
east
ii
right.
I
I
can
label
my
application
and
tell
this
okay
go
gather
all
the
all
the
artifact
of
one
cluster.
That's
labeled!
This
way
now
move
it
to
my
other
cluster
and
then
test.
C
A
C
Oh
by
the
way,
you
know
that
you
know
that
you
know
that
thing
that
you
said
earlier
about
like
generating
a
coop
config
and
then
give
it
to
someone
for
a
short
duration
of
time,
yeah
and
funny
enough.
That
was
one
of
the
debug
tools
like
well.
As
I
was
working
on
this
collection,
it
was
one
of
the
debug
tool
that
I
created
so
there's
I
mean
at
the
end
of
the
day
right,
it's
it.
It's
just
like
at
the
end
of
the
day
how
this
work
is
essentially
well
get
the
information.
C
A
So
no
I
I
gotta
pause
there
for
a
second.
So
what
you're
saying
is
I
can
use
this
managed
service
account
tool
through
this
ansible
playbook.
To,
for
example,
have
an
ansible
playbook
trigger
off
of
some
condition?
Maybe
someone
opens
a
servicenow
ticket
against
me
and
says
hey.
I
need
access
to
this
namespace
on
this
cluster
and
I
approve
it
and
then
this
playbook
goes
and
it
runs,
and
it
makes
a
service
account
that
lives
for
12
hours
and
gives
them
a
coupe
config,
and
I
don't
have
to
touch
anything.
C
This
just
grabs
the
information
for
acm
templates
out
to
a
group
config,
and
then
I
can
send
that
coop
config
to
joy
deep
and
I
I
I'm
gonna,
I'm
gonna
go
ahead
and
show
the
playbook
a
little
bit
and
show
how
you
can
modify
this
to
to
like
give
different
permission
to
this
service
account
and
and
to
modify.
How
long
does
you
want
the
service
account
to
live
for
right?
C
So
here
is
the
playbook
I
think
right
now
I
have
it
generating
a
static,
a
static
right,
because
this
is
for
my
own
debugging
purposes.
I
trust
myself,
I
think,
sometimes
on
good
days
and
right
now,
I'm
giving
it
custom
permission
right.
So,
let's
take
a
look
so
in
this
directory
here
I
have
the
row
binding
for
cluster
admin.
I
also
have
row
binding
for
let's
say
name
space
management
right.
A
C
C
B
B
A
B
C
A
C
B
B
B
C
C
C
A
B
A
That
is
magnificent
and
that-
and
I
can
imagine
at
the
in
the
same
way
you
could
you
could
do
a
lot
with
that.
You
can
do
a
lot
with
that
time
to
live
so
yeah,
and
now
you
have
playbooks.
So
what
you've
also
walked
me
through
has
given
me
the
thought
of
someone
requests
access
to
a
project
on
an
openshift
cluster
which
is
another
common
one.
You
write
a
playbook,
you
go
out.
You
select
the
cluster
that
matches
their
selector.
A
C
C
This
is
actually
something
cool
that
I
got
working
last
night.
I
want
to
show
a
in
a
little
bit
but
yeah
you,
you
can
create
a
namespace
right,
create
a
service
account
that
only
gets
access
to
the
namespace
and
whatever
that
the
user
need
to,
and
then
I
have
another
playbook
to
reclaim
the
namespace
afterwards.
A
Nice,
so
the
last
the
the
last
one
question:
that's
on
my
mind
is:
what
does
it
look
like
to
actually
invoke
these
steps
to
to
use
the
prop
configure
the
proxy
to
access
a
cluster
and
configure
the
service
account,
because
you
showed
us
the
service
account
step
just
a
second
ago.
What
does
the
proxy
look
like?
Do
you
have
to
do
anything
for
that?
Or
does
that
just
happen.
A
C
Can
go
a
little
bit
into
it
so
like
by
the
way?
Please
don't
so
so
I
I'm,
even
though
I'm
working
on
ansible
right
now,
I'm
still
very
much
a
novice
ansible,
and
I
know
that
my
playbook
are
not
very
clean,
not
very
consistent,
like
syntactically
right
and
if
you
please
take
a
look
pr
help
me
help
me
learn
more
idiomatic
ansible
practices.
If,
if
you
are
ansible,
expert
or
heck
play
around
with
the
playbook
dude
hack,
it
up
do
the
cool
things
that
you
you
wanted
to
do.
C
This
is
the
playbook
that
I
ran
earlier
right
there.
It's
a
task
that
I
created
for
getting
the
temporary
access,
there's
a
task
for
doing
the
business
logic,
which
is
just
creating
a
stupid
name,
space
here
and
then
there's
a
task
that
always
I
execute,
even
though,
even
if
this
fails,
which
will
remove
the
access
garbage
collect.
Although,
as
you
see
earlier
that,
since
there
is
time
to
live,
you
don't
really
need
to
garbage
collect
if
you
are
lazy,
but
let's
go
into
this
task
and
take
a
look.
A
C
C
Version
of
0.0.1
is
how
early
we
think
it
is,
but
it
provides
the
utility
for
like
enabling
enabling
features
within
acm,
so
cluster
cluster
manager
add-ons
right,
enabling
add-ons
for
specific
clusters
so
manage
cluster
add-ons
and
a
couple
of
specific
modules
to
interact
with
the
subsequent
function.
I
mentioned
earlier,
like
plus
the
proxy
and
manage
service
account,
and
that's
it
so
this
this
playbook.
Just
it's
there's
nothing
that
tricky
here.
C
A
Okay,
so
you
can
just
basically,
if
you,
if
you
have
I,
I
guess
this
is
rackham
out
of
the
box.
I
assume
multi-cluster
engine
and
maybe
the
open
source
project
can't
guarantee
that
one.
But
if
you,
if
you
configure
it
similarly
we're
just
using
that
technology,
then,
theoretically,
you
can
just
walk
up
with
your
ansible
playbooks
targeted
at
kubernetes
and
use
this
to
access
them,
natively
and
immediately
and
securely
and
temporarily,
to
carry
out
remediations,
and
I
assume,
all
the
venting
and
everything's
ansible
native.
C
B
C
C
A
C
A
A
C
A
C
C
C
A
C
C
C
So
in
ansible
automation,
controller,
you
can
add
instances
to
improve,
increase
its
execution
capacity.
Right.
Imagine
you
know
a
remote
vn
sitting
somewhere
that
you
get
to
like
run
the
playbook
on
against
everything
else.
That's
that's
in
your
data
center
or
whatever
just
additional
execution
capacity,
and
you
can
also
add
a
thing
called
container
group,
but
essentially
container
group
in
ansible
is
just
an
ansible
automation
controller.
C
A
So
you're
about
to
say
that
you're,
going
to
in
a
felled
swoop,
take
by
some
label
match
turn
every
single
kube
cluster
that
matches
that
label
in
your
fleet
into
an
ansible
execution.
So
just
for
example,
maybe
you
have
a
bunch
of
different
regions
that
you're
going
to
run
ansible
jobs
on,
but
networking
latency
is
it's
faster
for
you
to
talk
from
us
east
1
to
us,
east,
1,
usc,
2
to
us
east
to
each
region.
A
C
Yeah,
essentially,
I'm
I'm
turning
every
single
cluster
right
now.
That's
been
managed
by
this
instance
of
acm
into
execution
into
a
container
group
that
ansible
automation
controller
can
use
to
execute
playbook,
thus
providing
more
capacity
to
the
ansible
automation
controller
itself
and
also
allow
you
to
well
be
closer
to
where
you
are
automating.