►
Description
Join Naadir Jeewa with guest Jason DeTiberus from Equinix Metal as we explore Cluster API Tinkerbell https://tinkerbell.org/ for automated, declarative deployment of Kubernetes clusters on bare metal infrastructure.
Notes: https://hackmd.io/@randomvariable/HJ1Kiql3O
Photo by Callum Whale: https://unsplash.com/photos/3pH7TxHU6gw
A
A
C
Yeah,
so
for
folks
that
don't
know
me,
my
name
is
jason
datibrus
I've
been
involved
in
the
kubernetes
community,
specifically
around
cluster
lifecycle
management.
Since
about
2015.
Now
I
think
I've
been
involved
with
the
cluster
api
project,
formerly
at
heptio
vmware
and
now
at
equinix
metal,
helping
to
bring
these
cloud
native
management
ideas
for
kubernetes
clusters
into
the
data
center.
A
Cool
we'll
just
wait
a
few
minutes
for
people
to
float
in.
So
if
you
don't
mind,
if
you
can
introduce
yourselves
in
the
chat
in
the
youtube
chat
and
see
who
we've
got,
we've
got
martin
from
the
netherlands,
hello,
there
rory
from
scotland
just
there
was
just
there
last
week.
So
I'm
doing
some
biking
and
nice
to
see
you
for
a
bit
yeah.
How
you
doing
to
see.
A
A
All
right,
let's
see
what
else,
if
you've
got
any
ideas
for
news,
we
will
be
we'll
be
covering:
what's
happened
in
the
cloud
native
community,
so
if
you've
got
anything
you
anything
you've
seen
that's
cool,
maybe
you've
seen
it
on
hacker
news,
which
I
don't
read,
which
I
refuse
to
read.
So
if
you
see
anything
interesting
there
throw
that
in
the
chat
and
we'll
get
going
in
a
few.
A
A
All
right,
all
right,
let's
get
started,
so
let's
have
a
look
at
what
the
what's
happened
in
the
news.
So
so
the
big
news-
I
guess
this
week
well
last
week-
is
the
kubernetes
122
beta
is
out
so
got
a
couple
of
new
features,
and
one
thing
to
be
especially
aware
of
before
you
do
anything
else
is
there
is
a
bunch
of
deprecated
apis?
A
So
a
lot
of
people
using
tube
cuttle
with
like
sso
or
external
authenticators,
and
like
got
much
better
support
for
that
today,
so
yeah,
if
you're
working
in
a
corporation
or
enterprise,
that's
really
how
you
want
to
authenticate
with
your
givenet's
api
server.
So
that's
good
to
see,
but
yeah,
please
make
be
aware
of
the
deprecated
api,
so
we
also
saw
some
sandbox
projects
arrived
this
in
the
last
two
weeks,
so
I'm
gonna
click
on
these.
A
I
haven't
looked
at
a
lot
of
these
before
so
we're
just
gonna
see
what
they're
about
the
first
one
we
got
is
cubrella,
so
we've
got.
I
had
a
quick
look
at
this.
It's
around
it's
using
q,
which
is
a
declarative,
configuration
language.
I
believe,
and
it's
around
like
helping
you
ship
applications.
So
this
is,
if
you
want
a
bit
more
layering
on
top
of
just
shipping
standard
kubernetes
manifest,
then
this
might
be
something
you
want
to
look
at.
C
C
So
it's
particularly
helpful
for
on-premises
type
deployments
being
able
to
support
things
like
being
able
to
migrate
an
ip
using
vrrp
or
also
using
bgp
and
published
bgp
announcements
to
provide
load
balancing
services
where
you
don't
generally
have
it
it's
similar
to
other
projects.
In
the
space
like
metal
lb,
it
came
out
of
dan
finneran's,
the
creator
of
it.
He
created
it
with
some
of
the
plunder
work
that
he
did
a
while
back
for
prototyping
on
premises,
kubernetes
deployments
and
yeah.
C
That's
it
compared
to
something
like
metal
lb.
I
think
the
difference
is.
Is
that
there's
a
growing
more
active
community
around
cube
vip
than
some
of
the
things
like
metal
lb,
where
some
of
the
issues
have
grown
quite
a
bit
stale
and
and
trying
to
get
fixes
and
changes
in
has
become
slow
and
problematic.
A
Yeah,
that's
cool,
I
mean
I
hadn't,
even
so
we
we
use
it
in
vsphere
to
primarily
for
the
api
server
the
kubernetes
api
server,
so
you're
doing
that
at
quite
an
early
stage
in
the
kubernetes
cluster
lifecycle.
So
I
haven't
been
paying
attention
to
google.
I
didn't
realize
it's.
We
now
support
like
a
service
type
load,
balancing
two
bit.
That's
pretty
exciting!.
A
A
And
we've
got
two
projects
which
I've
again
not
looked
a
lot
at.
They
seem
to
be
related
to
around
service
mesh
and
particularly
around
monitoring
service,
mesh
performance
and
the
workloads
under
them
underneath
them.
So
it's
all
interesting
to
see
so
move
on
unless
anyone's
got
anything
exciting
in
the
chat
and
just
check
hello,
ymo
savvy
from
istanbul
hi
there
yeah
hi
everyone,
hi
vlad
cool.
A
So
today
we're
gonna
talk
about
cluster
api
and
in
particular
we're
gonna,
but
we're
going
to
be
talking
about
in
the
context
of
bare
metal.
So
we
don't
I'm
not
going
to
tread
over
old
ground.
We've
talked
about
cluster
api,
so
quite
a
few
times
on
tgita
and
you'll.
Find
links
to
the
show
notes,
you'll,
find
links
to
previous
episodes
and
show
notes.
Do
not
leave
for
the
live
stream.
Stick
around!
Don't
go
away!
Look
at
them
afterwards,
please!
A
A
Oh
yes,
thank
you.
Yeah
keep,
keep
keeping
me
honest
there.
So,
yes,
cluster
api
version,
zero,
four
zero
just
got
released
this
week.
So,
oh,
what
am
I
doing
there
we
go.
So
this
is
the
new
v1
alpha
4
release
of
cluster
api,
and
so
we've
got
big
improvements
to
remediation
of
the
control
plane.
So
so,
if
you're
not
familiar
with
class
api,
just
briefly
class
api
is
a
way
of
using
kubernetes
to
deploy
and
manage
kubernetes
itself.
A
We'll
have
a
look
at
it
running
a
bit
later
on
in
the
episode,
but
one
of
the
things
around
rolling
control
planes
is
they're
not
like
just
replaceable
throw
about
throwaway
items
right.
There
they've
got
the
data
for
the
kubernetes
cluster,
so
we've
done
quite
a
lot
of
improvements,
making
sure
that
if
something
goes
wrong,
we're
able
to
repair
them
machine
health
check
was
a
way
of
like
detecting
problems,
with
no
nodes
and
replacing
them,
and
so
there's
been
quite
a
lot
more
flexibility
added
to
them.
A
A
new
thing
that's
been
added
is
externally
managed
infrastructures.
This
is
where
you
one
of
the
things
that
the
cluster
api
providers
do,
so
we
have
so
there's
different
providers
for
aws
or
azure,
and
if
you
want
to
bring
up
a
kubernetes
cluster
in
any
of
those
environments,
you're
going
to
have
to
bring
up
some
supporting
infrastructure,
like
networks
etc.
A
These
currently,
they
stand
up
a
sort
of
default,
template
and
sort
of
stamp
out
a
sort
of
a
usable
set
of
resources
that
you
want
to
use
for
your
cluster,
but
you
might
want
to
use
something
else,
so
we've
got
improved
support
for
where
you
maybe
use
terraform
or
use
some
other
cross
plane
or
aws
controllers
kubernetes
to
build
that
infrastructure.
And
then
you
can
just
tell
cluster
api
to
use
these
bits
of
infrastructure
instead
and
not
to
touch
them.
Importantly.
A
C
Yeah
so
the
biggest
question
that
most
people
have
when
we
start
talking
about
tinkerbell
is
what
is
it?
And
you
know?
Basically,
the
goal
of
tinkerbell
is
is
to
provide
declarative
life
cycle
management
of
hardware
resources
in
the
same
way
that
kubernetes
allows
for
that
declarative
management
of
application
services.
C
C
So
that
covers
the
the
templates
and
then
the
last
kind
of
component
of
the
main
tinkerbell
is
workflows
and
what
a
workflow
is
is
basically
just
a
way
to
take
a
predefined
template
and
apply
it
to
a
specific
piece
of
hardware
and
then,
once
you
have
those
defined,
you
have
your
hardware
defined.
You
have
some
templates
defined
and-
and
you
have
some
workflows
created
at
that
point-
the
other
components
come
into
play
as
well.
C
C
All
of
that
thing
anybody
who's
had
managed
infrastructure
in
a
data
center
knows
that
there's
very
little
consistency
between
different
devices
and
how
they
support
network
booting
as
a
concept,
and
because
of
that
one
of
the
things
that
we
do
in
boots
is
we
do
the
initial
network
booting,
and
then
we
serve
up
over
tftp,
a
standardized
ipixie
environment,
which
is
basically
just
a
small
binary
and,
depending
on
you
know,
what
type
of
host
is
is
talking
to
boots.
If
it's
a
uefi
one,
it
serves
up
a
uf
uefi
binary
of
ipixi.
C
C
In
the
case
of
the
example
that
we're
going
to
use
today
well
in
the
diagram
up
there,
it's
mentioned
as
oc,
which
stands
for
operating
system,
installation
environment.
This
was
a
larger
initial
os
image
and
the
idea
is:
is
it's
just
an
image?
That's
meant
to
be
able
to
bootstrap
on
any
hardware
and
be
able
to
run
the
tank
worker
to
be
able
to
execute
the
workflows
that
are
just
defined
for
the
the
hardware.
A
Cool
thanks
so
by
in
our
sort
of
standard
tgik
format,
we
normally
just
download
the
repo
live
beside
that
point.
Given
that
we're
dealing
with
bare
metal
and
we
need
some
hardware,
we
decided-
that's-
probably
not
going
to
be
the
best
approach,
so
I'll
go
through.
We've
got
two
lab
environments
got
jason's,
which
is
going
to
be
a
bunch
of
nuts.
A
I
believe
some
intel
nuts
I've
got
mine,
so
I
don't
have
a
bunch
of
free
bare
metals,
so
I
did
these
actually
using
vms,
because
there's
no
reason
why
you
can't,
as
I
said
earlier,
there's
no
reason
why
you
can't
use
tinkerbell
to
deploy
it
to
vms.
So
I'll,
just
show
you
what
my
my
lab
looks
like,
which
is
like
this
yeah,
so
yeah.
This
is
super.
I'm
I
am
available
for
you
know.
My
rates
are
competitive.
A
If
you
need
me
to
do
any
cabling,
so,
oh
yeah,
there
we
go
so
I
I
live
in
a
flat
in
london,
be
aware,
so
don't
have
a
lot
of
space.
So
this
is
basically
a
cupboard
dryer
cupboard
which
has
got
my
sort
of
mechanical
heat
recovery
ventilation
unit.
There's
like
an
iron
next
to
it
and
a
bunch
of
like
like
face,
masks
and
other
random
junk.
So
that's
where
that
lives.
So
I've
got
three
desktops
they're
core
i5s.
A
A
They've
got
one
they've
all
got
intel,
10
gig
card
and
then
that's
connected
to
this
switch
here
and
then
we've
got
one
gigabit
net
networking
for
the
vm
network.
So
if
you're
not
familiar
vsphere
does
has
a
replicated
file.
Storage,
not
full
storage,
replicated
block
storage
technology
called
vsan,
so
you
need
some
fast
networking
for
that
and
then
remotion
is
the
ability
to
move
vms
between
different
machines.
So
you
need
to
copy
the
memory
in
as
quickly
as
possible.
A
So
this
is
what
the
resphere
environment
looks
like.
So
we've
got
our
free
hosts
server,
three
server.
Four
and
seven
five.
Don't
ask
me
what
happened
to
one
two
three.
So
what
I've
done
here
is
I've
created
a
folder
and
vsphere.
It's
not
really
anything
more
than
a
just
a
way
to
organize
things
that
file
our
hierarchy,
not
much
more
than
that.
I've
got
one
machine
which
we
is
going
to
run.
A
The
tinkerbell
environment
and
cluster
api
make
that
bigger
and
we've
got
a
bunch
of
machines
which
are
going
to
act
as
the
bare
metal.
So
we've
got
basic
machine,
0,
1
24,
they
they
are
powered
on.
They
are
they're
just
on.
They
just
keep
cycling
waiting
for
dhcp
information,
so
they're
set
up
to
boot
from
the
network
they're
set
up
as
uefi
and
they
they're
currently
rebooting
every
10
seconds,
because
there's
no
nothing's
offering
anything
for
them.
A
This
is
all
sitting
on
its
own
vlan,
so
each
of
these
hosts
have
a
virtual
switch,
so
we've
created
a
tinkerbell
vlan
read
on
103
and
then
we've
configured
that
it
so
I
use
a
micro,
tick
switch
and
so
we've
got
a
vlan
here.
Reload
103,
we've
connected
that
to
the
free
servers
and
the
switch
itself,
given
the
switch
and
ip
address
for
routing.
A
So
that's
going
to
live
at
190,
168,
103.1
and
one
thing
we'll
get
into
a
bit
later
is
we've
added
a
route
to
the
core
switch
table
to
point
one:
six:
nine,
two:
five,
four
one:
six,
nine,
two,
five
four
at
the
sandbox
vm,
which
is
living
on
point
two.
So
if
you're
not
familiar
with
one
six,
nine,
two,
five,
four
one:
six,
nine,
two
five
four
that
is
normally
the
ia
aws
imds
endpoint.
A
So
if
you're
doing
anything
in
aws
and
every
virtual
machine
in
aws
has
one
six,
nine
two
five
four
one,
six,
ninety
five,
four
endpoint
that
you
can
contact
for
to
get
metadata
about
yourself
which
tinker
bell
is
here
doing
that
in
the
form
of
hegel
which
we'll
go
through
later.
So
this
network
is
fully
isolated
apart
from
having
a
router
in
it,
and
so
there's
no
no
conflict
with
my
wireless
network
or
anything
like
that,
and
then
we
what
we've
used
is
the.
C
Yeah,
so
we
wanted
to
try
to
make
the
sandbox
as
approachable
to
people
as
possible,
so
there's
two
options
in
the
sandbox
right
now:
there's
the
vagrant-based
environment
that
will
basically
spin
up
a
minimal
system
so
that
you
can
have
a
provisioner
vm
and
a
at
least
one
worker
vm.
I
think
you
can
specify
some
number
of
worker
vms
as
well,
but
you
know
that's
basically
a
way
to
kick
the
tires
without
any
type
of
hardware.
C
Investment,
there's
also
a
terraform
based
one
that
lets
you
spin
up
an
environment
using
actual
equinix
metal
hardware
as
well,
and
I'm
sure
you
used
the
bare
docker
compose
based
workflow
when
you
were
standing
up
your
environment.
So
if
you
do
have
the
hardware
or
vms
available,
you
can
go
that
route
too.
A
C
B
A
I
believe
there's
a
file
in
here.
That's
right.
Let's
have
a
look
so
ens
190,
which
is
the
network
interface.
So
we
added
the
one
six
nine,
two,
five,
four
one,
six,
nine,
two,
five,
four!
Sixteen!
So
that's!
This
is
where
this
machine
is
going
to
pretend
to
be
a
imds
service
and
we'll
go
into
why
what
he's
doing
right?
How
does
he
go?
How
does
this
actually
work
in
a
bit
but
yeah?
That's
that
and-
and
we
have
some
rules
in
the
nap
table.
No,
it's
still
that
long.
A
It's
no
case
so
yeah
we've
got
some
that
rules
that
will
pass
ports
on
this
vm
to
docker,
so
this
got
postgresql
htc
people
and
that
so
we'll
go
through
some
of
those
components
as
well.
So
the
other
important
thing
is
in
this
sandbox
scale,
so
we
have
this
deployed.
First
of
all,
we've
got
this
end
file,
so
you
run
this
generate
m
that
with
some
stuff,
and
it
creates
a
yes,
it
originally
would
download
oc
and
then,
but
we
will
replace
the
well.
We
have
all.
A
I
have
already
replaced
the
hook
in
a
minute,
so
it
downloads
some
the
tinkerbell
components
from
key
okay,
great
key
key.
Is
it
key
this
the
host
ip
and
then
it's
got
some
usernames
passwords
that
it
generates?
And
finally
you
can
see
my
administrative
password
for
the
vsphere.
I
will
rotate
this
afterwards
didn't
know
about
this
beforehand.
Don't
worry!
A
C
C
So,
in
addition
to
the
services
we
talked
about,
there's
a
postgres
database,
that's
a
dependency
there's
a
web
server
and
there's
a
oci
compliant
registry-
that's
needed,
so
the
state
directory
actually
stores
that
and
if
you're
running
it
on
the
vagrant
environment,
it
actually
mounts
those
directories
into
the
vagrant
environment.
So
if
you're
tearing
down
the
vagrant
environment
bringing
it
back
up,
it
comes
back
up
quicker
the
next
time
because
it
saved
the
previous
state
from
the
last
run.
A
Cool,
so
this
webroot
folder
is
contains
the
the
directory.
That's
going
to
be
served
up
by
nginx
and
in
that
I've
got
this
tinkymaster.gz,
which
is
actually
from
the
hook
project.
I'm
not
going
to
build
it
because
it
takes
quite
a
while
takes
quite
a
while.
So
it
was
a
bit
fiddly
as
well,
so
that
expands
I
in
it
ram
fs
and
everyone.
Do
you
want
to
just
explain
what
those
are
for
folks
who
are
not
familiar
with
those
items?
Yeah.
C
So
you
have
two
different
files
here.
The
first
one
is
the
actual
kernel
binary
and
then
the
second
one
is
going
to
be
an
initial
ram
disk
that
can
boot
up
for
the
os
and
since
we're
not
talking
about
an
os,
that's
being
installed
on
the
desk,
there
is
no
root
file
system.
So
everything
runs
in
that
initial
ram
disk
in
kind
of
ephemeral,
state
cool.
A
The
image
builder
project,
so
this
is
used
for
most
stuffing
cluster
api,
so
with
class
api,
we
are
creating
machines
from
disk
images
that
have
all
the
bits
pre-installed.
We
don't
want
to
be
because
in
most
cases
you
want
to
scale
quickly.
You
don't
want
to
spend
time
installing
all
of
the
components
when
you
boot
up.
So
we
we
rely
on
pre-generated
images
and
there
are.
There
is
a
recipe
for
building
a
raw
image
for
use
with
tinkerbell.
B
A
C
It
could
definitely
take
a
little
bit.
The
other
thing
too
is
this
was
our
second
iteration
for
the
tinkerbell
provider,
the
first
one
I
did
like
you
said
we
downloaded
all
the
bits
at
runtime
and
it
gets
fiddly,
because
sometimes
a
binary
is
just
not
available.
You
know,
there's
internet
routing
issues,
or
sometimes
some
packets
are
dropped
here
or
there.
C
A
Yeah
that
sounds
difficult.
I
think
another
thing
you
could
do
that
would
be
interesting
is
not
to
have
to
start
a
vm
to
build
the
image,
given
that
this
is
kind
of
like
a
flat
file
system.
So
it's
not
could
potentially
build
it
in
a
dockerfile
or
something
like
that
to
produce
the
image
and
remove
that
one
layer
of
steps
that
we
currently
do
in
image
building.
C
However,
for
the
purposes
of
cluster
api,
we
wanted
to
try
to
maintain
as
much
consistency
with
upstream
as
possible.
So
even
though
we
could
optimize
some
of
those
things,
we
saw
more
value
in
trying
to
do
the
same
things
with
image
builder,
that
the
other
projects
are
doing.
Just
for
that
consistency
and
ensuring
that
you
have
that
similar
experience.
A
C
A
Okay,
cool
yeah,
so
there's
a
bit
so
given
that
I
did
do
this
before
so
what
I
played
with
this
before
so
kind
of
reset
the
environment.
I'll
just
talk
you
through
the
things
that
I
did
to
reset
this
environment.
So
it's
today,
this
sandbox
repo
hosts
the
tinkerbell
components
using
docker
compose
and
I
did
see
a
repo,
that's
moving
it
to
a
kubernetes
deployment.
But
I
was
a
bit
too
afraid
to
try
that
just
yet.
C
You
know,
and
it
generally
expects
to
be
able
to
talk
layer,
two
networking
directly
between
the
hosts
so
for
the
dhcp
process.
It's
inspecting.
What
is
the
mac
address
of
the
machine?
That's
talking
to
me
and
trying
to
ensure
that
within
kubernetes,
without
just
doing
something
like
node
ports
is
problematic,
because
if
you're
tying
things
to
a
node
port,
you
have
other
problems
in
that.
How
do
you
handle
like
reliability
of
those
things?
C
So
I
think,
where
we're
going
to
end
up
settling
is
probably
requiring
some
type
of
dhcp
relay
or
dhcp
proxy
when
interacting
with
it
deployed
on
kubernetes,
so
that
we
don't
add
in
weird
complex
net
cni
requirements
that
will
be
difficult
to
troubleshoot,
but
eliminate
that
direct
requirement
for
layer.
Two
networking
between
boots
and
the
actual
hardware
that
you're
bringing
up.
A
A
So
even
for
my
home
network,
I
was
using
relay,
but
now
it's
directly
because
it
just
was
not
working
properly
so
yeah
that
we'll
get
into
some
of
the
interesting
behavior
around
dhcp
and
pixi,
which
explains
some
of
the
architecture
as
well.
So
what
we're
going
to
do
is
we
are
going
to
bring
up
the
docker
composer
environment
again.
The
postgres
data
is
a
docker
volume,
so
just
make
sure
that's
when
cleaned
off
power
off
the
vms,
we
basically
want
to
blank
the
disks.
A
A
Then
we
start
up
docker
compose
up
and
then
we've
got
one
little
hack,
which
we
need
for
a
cluster
api
tinkerbell,
which
is
there's
an
issue
with
events
in
tinkerbell,
which
I
believe
is
like
being
currently
being
overhauled.
But
we
need
that
for
the
size
of
the
templates
that
we're
going
to
be
using.
C
So
when
we
initially
tried
to
do
this
integration,
the
first
time
we
created
the
cloud
init
data
and
tried
to
put
it
within
the
metadata
tinkerbell
just
returned
an
error
saying
the
message
size
was
too
large.
So
for
the
purposes
of
this
demo
and
older
versions
of
tinkerbell,
you
have
to
disable
the
events.
There
will
be
a
new
version
of
tinkerbell
release
where
we've
actually
removed
the
events
for
now
and
we'll
reassess
how
we
want
to
implement
that
in
the
future.
Without
that
size
limitation.
A
C
And
I
will
say,
your
setup
is
a
whole
lot
more
advanced
and
powerful
than
my
setup
is
because
if
I
flip
my
camera
over
here,
this
is
my
home
network
setup.
Here,
the
small
mini
itx
machine
running
the
tinkerbell
components,
and
then
these
aren't
even
nooks,
they're
small,
dual
core
celeron
machines
that
I
bought,
I
think
about
four
years
ago
now,
so
they
are
vastly
underpowered
cpu-wise.
C
I
think
they
have
eight
gigs
of
memory
so
that
they
can
actually
run
kubernetes
and
some
type
of
workloads,
but,
more
importantly,
for
the
purposes
of
running
tinkerbell
and
deploying
kubernetes
to
it.
These
actually
have
really
slow,
emmc
disks,
so
things
that
take
about
five
orders
of
magnitude
more
to
do
than
if
it
was
like
an
ssd
backed
or
nvme,
backed
disk.
A
Yeah,
that's
good
today,
yeah,
so
the
vsan
backing
alignment
is
it's
hybrid
storage,
so
it's
one
flash
dip
disk
in
each
server
operating
goes
as
cache
and
then
magnetic
storage.
So
I
think
they're
four
terabyte
drives
or
something
and
then
it's
it's
not
quite
it's
like
raid
one-ish,
it's
kind
of
weird
with
vsan.
A
It's
not
it's
not
regular
raid,
it's
so
it's
actually
doing
object,
replication
underneath
so,
if
you've
looked
at
ceph,
it's
kind
of
similar
in
concept,
but
it's
a
lot
more
like
it's
kind
of
set
up
set
it
and
forget
it
really.
So
it's
kind
of
cool,
so
I've
got
my
got
this
environment,
so
I've
got
some
stuff
running
now
in
rocket
ps.
A
I've
got
a
bunch
of
things
running
great
in
that
moment,
and
next
thing
you
have
to
do
is
define
some
hardware,
so
we're
going
to
load
in
and
where
do
I
put
that
I
here
we
go
hardware,
so
got
my
four
machine,
five
machines
here
and
what
I've
done
is
they.
These
are
random
new
ids
just
go
to
that
uid
generator.net
and
click
the
button
enough
times.
A
A
C
One
thing
you
mentioned
there:
I
don't
want
to
skim
over
too
quickly,
but
you
did
mention
defining
a
disc
device
in
that
hardware,
and
I
just
wanted
to
mention
that
this
is
a
requirement
of
the
cluster
api
provider
and
not
of
tinkerbell
itself
and
basically,
as
we
were
going
through
this,
our
first
iteration,
we
actually
hard-coded
this
and
the
demo
that
we
did
was
based
on
virtual
hardware.
So
if
you
had
hardware
that
didn't
have
a
dev
vda
device,
it
didn't
work.
C
So
then
we
started
exploring.
How
do
we
make
it
work
more
generally
for
hardware
and
it
quickly
became
messy
figuring
out.
How
could
we
detect
what
this
device
to
try
to
do
and-
and
we
realize
that's-
probably
not
the
best
thing
to
do-
because
what
if
we
did
detect
the
wrong
thing,
you
know,
especially
if
you
look
at
some
like
arm
hardware
and
things
you
may
have
an
sd
card
device
in
there
and
then
you
that
is
meant
to
actually
hold
your
bootloader
rather
than
your
actual
file
system.
C
So
if
we
detect
that
over,
like
an
emmc
device
or
an
nvme
device,
we
could
actually
override
the
bootloader.
Instead
of
storage,
that's
meant
for
our
use
so
because
of
that,
we
require
that
the
user
to
find
within
the
metadata
for
the
hardware
that
they're
creating
what
actual
disk
device
that
they
want
to
use
for
the
purposes
of
cluster
api.
A
C
A
A
C
A
C
That's
about
all
that
you
can
rely
on
being
consistent
between
pixy
implementations
across
default
hardware,
and
while
you
could
take
something
like
ipixie
and
re-flash
it
on
your
hardware
in
some
cases
and
get
consistency.
That
way,
that's
just
not
realistic.
To
expect
everybody
to
do
that,
just
to
be
able
to
run
something
like
tinkerbell
so
where
we
may
want
to
support
more
things
like
within
tinkerbell.
You
can
actually,
in
the
hardware,
define
an
ipixi
script
that
you
want
to
run
directly
on
the
host
and
do
things
like
that.
C
You
can
specify
a
url-based
booting
so
that
you
can
boot
from
an
http
server,
and
things
like
that.
So
that's!
The
purpose
of
bootstrapping,
from
whatever
exists
on
the
hardware
into
the
ipixi
environment,
is,
is
that
we
know
that
we'll
have
a
consistent
environment
with
support
for
all
of
the
network.
Boot
methods
that
we
want
to
support
within
tinker
bell
from
that
ipixi
environment.
A
Yeah
so
and
one
thing,
no
like
tftp,
so
many
many
years
ago
I
used
to
look
after
the
desktop
boot
and
install
process
for
a
university
and
tftp.
Boot
is
extremely
slow,
like
if
you
just
launching
a
200,
meg
windows,
so
windows
has
a
pre-installation
environment,
not
too
dissimilar
to
what
we're
looking
at
here.
It's
a
couple
of
a
couple
of
hundred
meg,
but
it
would
easily
take
10
minutes
to
download
off
a
pretty
decent
gig
network,
because
tftp
is
not
really
designed
around
performance
anyway.
A
So
one
of
the
benefits
of
using
ipixi
is
that
we
can
switch
over
immediately
to
http
protocol
and
get
that
performance
benefit,
and
I
think
you
can
do
strange
stuff
like
iscsi
boot
or
things
like
that
exactly
yeah.
So
I
just
got
some
comments
from
mali,
using
a
ftp
for
hpc
classes,
which
is
I've
not
heard
of
aftp.
That's
right.
Let's
have
a
quick
look.
What
that
is.
A
We
might
look
at
that
later
fight
and
I
notice
I've
got.
I
can
I
get
a
shell
in
this
and
it's
got.
I
don't
see
much
going
on.
Is
there
so
we
now
move
on
to-
I
guess,
maybe
a
workflow.
So
I
what
I
haven't
done
here
before
so
this
is
new
proper,
normal
tdik
style
with
doing
things
for
the
first
time
is,
how
do
I
run
their
workflow
on
a
machine
without
cluster
api
being
involved?
How
do
I
do
anything
here?
Yeah.
C
C
However,
if
we
do
run
this,
if
you
haven't
preloaded
that
hello
world
docker
container
into
the
registry,
it
will
actually
fail
to
run
on
us
and
that's
because
right
now,
tinkerbell
defaults
to
when
it's
running
the
workflows
defaults
to
pre-pending
the
registry
url
that
you
configure
for
it.
So
it
assumes
that
you're
gonna
have
that
standalone
kind
of
on-premises
registry.
A
A
C
Yeah
and-
and
basically
these
are
being,
these
containers
are
being
run
in
this
case
with
hook
it's
running
within
the
linux
kit,
environment.
There's
a
couple
of
other
additional
services
running
in
there
and
you
can
mount
in
host
directories
they're
running
with
privileged
mode,
so
you
can
access
anything
on
the
local
system
that
you
would
otherwise
be
able
to.
A
A
C
C
C
A
C
A
A
A
C
That's
something
the
system
did
it'll
automatically
create
that,
and
now
that
we
have
a
template
and
we
have
hardware
now
at
this
point
we
can
create
the
workflow
to
do
that
and
there's
a
kind
of
template
syntax
that
you
have
to
use.
So
if
you
take
a
look
at
the
example
there
and
what
this
is
doing
is
inside
of
the
template,
we
defined
you
know
a
placeholder
for
the
hardware
itself,
so
with
the
workflow
command.
A
A
C
So
yes,
however,
you're
not
really
going
to
be
able
to
see
much
because
the
hello
world
example
here
is
running
in
a
container
and
it's
basically
just
echoing
hello
world
out
to
standard
out.
So
we
could
go
in
to
this
instance
and
we
could
go
into
the
container
and
we
can
introspect
the
output
and
do
all
of
that
stuff,
but
that's
kind
of
painful.
C
So
in
this
case,
what
what
is
probably
easiest
to
do
is
just
look
at
the.
What
is
the
state
of
that
workflow?
So
if
we
go
back
to
the
tank
command,
if
we
just
hit
enter
there,
you'll
see
that
there's
other
sub
commands
for
workflow
and
well.
If
you
do
a
get,
it's
just
gonna
show
the
workflow
itself.
There
are
other
sub
commands
that
let
you
see
things
like
the
the
events
associated
with
that
workflow
or
the
state
of
it.
A
B
A
C
C
Yeah,
so
it
depends
on
how
the
failure
occurs
and,
and
one
of
the
things
that
we'll
see
when
we
investigate
things
a
little
bit
further,
is
at
this
point
some
of
the
actions
like
k,
exec
and
reboot-
don't
actually
finish
so.
The
workflow
stays
in
a
partially
completed
state
and
during
a
reboot
it
actually
goes
through
and
reruns
that
last
action.
C
So
any
hardware
that's
configured
to
run
the
workflow
for
cluster
api.
If
that
hardware
is
rebooted,
it'll
actually
start
running
the
workflow
again
and
k
exec
into
the
into
the
kernel
that
was
installed
on
the
machine
and
it'll
just
continually.
Do
that
every
time
it's
rebooted,
but
if
it
had
a
hard
failure,
it
won't
necessarily
retry
that
you
would
be
expected
to
create
a
new
template
and
or
workflow
to
re-execute
it
just
because
we
can't
be
sure
it
would
be
safe
to
retry
or
not.
A
C
Yeah,
so
basically
what's
happening
is
is
when
the
machine
is
given
that
initial
hook
or
oc
image
and
boots
into
that
there's
a
service
running
on
there.
That's
doing
nothing
but
polling
the
tinkerbell
service
and
say
saying:
is
there
a
job
for
me
to
run
it's
running
this
tink
worker
process
just
sitting
there
waiting
to
actually
do
something?
C
So
that's
the
only
purpose
really
of
either
hook
or
osi
in
this
case
is
just
you
know.
Is
there
any
work
for
me
to
do
or
not?
Do
I
continue
sitting
here
or
if
things
are
complete,
you
know
or
or
do
I
need
to
reboot
things
like
that?
You
know
all
of
that's
happening
through
the
definitions
of
the
workflow,
rather
than
the
hook
or
oc
image.
C
So
that
depends
right
now.
We've
been
mostly
focused
on
feature
completeness.
Most
people
are
running
this
in
a
data
center,
not
needing
to
worry
necessarily
about
traffic
being
sniffed
on
the
local
network.
That
sort
of
thing,
but
we
do
plan
on
doing
further
work
on
security
and
and
we'll
probably
try
to
push
it
out
more
towards
the
edge
with
the
kubernetes
based
deployment,
so
tls
would
be
terminated
at
you
know.
C
A
C
A
And
I
guess
that's
what
we'll
might
give
a
go
right
now,
so
what
I'm
going
to
do?
I'm
going
to
use
kind.
So
if
you're
not
familiar
with
kind
kind,
is
a
way
to
run
kubernetes
clusters
in
your
local
environment
using
docker,
so
it's
kubernetes
in
docker
and
you
can
get
that
with
brew,
brewing,
store
kind,
we'll
get
you
that
and
you
can
go
to
the
website.
A
A
So
it's
going
to
live,
live
alongside
all
the
other
docker
containers.
So
this
node
image
is
a.
I
think,
something
a
bit
like
a
debian
or
ubuntu
looks
a
bit
like
a
host
image.
So
it's
got
a
system
d
in
it
boots
kubelet,
runs
container
d
and
is
going
to
run
cube
adm,
which
is
a
kubernetes
bootstrapping
tool.
So
these
all
kind
of
components
that
we're
using
in
cluster
api
as
well
yeah.
It
shouldn't
take
long,
it's
a
bit
slower
than
my
desktop,
but
it
gets
there.
A
And
what
we're
also
going
to
use
is
we're
going
to
use
something
called
tilt
which,
if
you
haven't
seen
the
video
from
ellen
korvs,
did
released
a
quite
amusing
video
on
what
tilt
is
all
about.
It's
in
the
show
notes,
so
go
take
a
look
at
that.
If
you
want
not
now
do
not
go
to
the
link
now
go
later
after
this
live
stream.
So
tilt
is
away.
It's
like
a
local
development
environment.
It
operates
against
the
kubernetes
cluster
that
you've
got
locally.
A
In
this
case
the
kind
cluster
it
allows
you
to
do
hot,
reliable,
hot,
hot,
real
life,
hot
reload
of
code.
So
you
can
make
the
changes
to
your
code
and
have
those
containers
rebuilt
within
seconds
and
running.
So
we
have
we've
supported
tilt
in
cluster
api
as
a
development
tool
for
a
long
time,
we'll
not
go
into
details
of
that
tilt
setup.
So
there's
a,
but
there
is
a
tilt
file
with
that
ships
with
cluster
api.
A
It's
written
in
starlock
language,
skylar,
starla,
the
one
that
bazel
uses,
and
we
have
some
settings
that
you
need
to
put
into
cluster
api
if
you're
using
it
with
tilt.
So
I've
you
have
to
configure
this.
I
don't
think
you
really
have
to
configure
this
default
registry,
but
that
just
happens
to
be
a
google
container
registry.
A
We're
going
to
load
in
the
tinkerbell
provider
goes
go
which
is
in
an
adjacent
directory
and
finally,
we're
going
to
enable
tinkerbell
and
the
different
components
of
cluster
api.
So
if
you
want
to
not
like,
I
said
we're
not
going
to
go
into
massive
details
around
cluster
api
architecture
and
stuff,
oh
that's
the
wrong
book,
but.
A
You
can
go
to
the
cluster
api
dot,
sig
stop
kate's,
I
o
and
we've
got
all
the
documentation
there,
and
so
it's
bunch
of
components
and
nevertheless,
there's
a
bunch
of
components.
There's
a
core
cluster
api
component,
there's
something
called
kubaydm
bootstrap
and
that
ties
in
with
the
hegel
stuff
with
just
discussing
a
moment
ago.
So
it
generates
cloud
init
boot
data
and
cube
adm
control
plane,
which
is
a
stateful
control,
plane
management
controller.
A
We're
gonna,
give
it
some
stuff.
We
can
ignore
this
x,
plus
the
resource
set,
we're
not
using
it,
really
we're
giving
it
the
we're,
basically
pointing
it
at
the
tinkerbell
server
and
then
finally
got
the
tinkerbell
ip
and
I,
given
that
I've
got
that
kill
not
that
kill.
That
kind
plus
has
come
up
successfully.
A
A
All
right,
so,
let's
not
do
it:
okay,
yeah!
So
it's
loaded
in
a
bunch
of
custom
resource
definitions
that
cluster
api
uses
we'll
go
through
some
of
those
what
those
are
in
a
minute
and
I
believe
it's
gonna-
stop
building
a
bunch
of
stuff.
I
have
previously
ran
this
before
so
it
does
take
advantage
of
cache
builds
or
at
least
the
way
that
we
set
up
in
cluster
api.
So
a
lot
of
this,
I
haven't
really
changed
the
code.
A
So
it's
going
to
take
use
of
the
it's
going
to
make
use
of
the
go,
build
cache.
The
docker
layers
won't
have
been
changed,
so
it
should
be
mostly
a
matter
of
loading
in
the
cluster
api
components
and
they
should
be
up
in
a
minute
or
two.
So
whilst
that's
happening
we'll
go
through
the
cluster
that
we
are
going
to
deploy
in
deploy
into
this
kubernetes
cluster,
so
let's
shrink
that
there
you
go
there.
You
go
right,
so
first
we're
going
to
give
it
a
pool
of
resources.
A
C
Yeah,
so
basically,
what
we
did
is
we
could
have
just
created
a
provider
implementation
to
just
talk
directly
to
tinkerbell
itself,
but
one
of
the
things
we
wanted
to
be
cautious
of
is
that
we
didn't
just
assume
all
hardware
available
in
tinkerbell
is
available
for
us
to
use
within
cluster
api.
So
we
have
what
we've
called
a
shim
layers
in
as
well,
where
we
define
crds
and
have
controllers
that
match
up
against
the
actual
tinkerbell
resources
themselves.
C
In
this
case,
the
hardware
that
we're
defining
matches,
hardware,
resources
and
it
and
it'll-
expect
that
that
hardware
already
exists
in
tinkerbell
and
once
you
create
that
you'll
actually
be
able
to
see
the
status
and
all
the
things
that
exist
and
are
defined
in
tinkerbell
directly
here,
but
that
shim
layer
also
allows
you
well
it
doesn't
allow
you
to
actually
create
hardware
in
tinkerbell
right
now.
It'll
actually
allow
you
to
create
those
templates
in
the
workflows
that
we
were
looking
at
doing
against
tinkerbell
itself.
A
A
A
It
was,
and
it's
going
to
get.
Kube
adm,
which
is
a
kubay
dm,
is
a
cli
that
can
instantiate
a
kubernetes
cluster.
If
the
machine
has
kubla
and
container
d
installed,
it
will
download
the
images
from
the
gcr
where
all
the
kubernetes
artifacts
live.
It
will
configure
static
pods,
so
you
can
put
pod
definitions
in
slack
g,
slash,
etsy,
slash,
kubernetes,
manifest
and
tubelet
will
just
run
them,
so
it
sets
up
xcd
api
server
and
just
runs
them.
A
So
one
thing
that
I
did
see
that
was
interesting
is
so:
if
you're
working
with
a
public
cloud,
a
provider
id,
is
going
to
be
something
like
your
instance
id
and
what
you
have
in
the
kubernetes
cluster
is
a
cloud
provider
integration.
So
it's
a
mechanism
that
can
connect
to
that
api,
whether
that's
aws,
gcp
vsphere
and
he's
able
to
get
some
information
about
that
host
and
give
it
and
find
out
what
the
unique
identifiers.
A
C
So
yeah
you
mentioned
the
cloud
provider
interface.
Eventually,
we
may
create
a
cloud
provider
for
tanker
bell,
but
we
didn't
want
to
make
that
a
prereq
prerequisite
for
being
able
to
get
something
going.
So
basically,
all
we're
doing
today
is
we're
passing
it
in
as
arguments
within
the
template
and
the
controller
itself
will
actually
get
the
provider
it'll
get
the
hardware
id
and
it'll
generate
that
provider
id
itself.
C
A
Great
thanks
and
I'm
not
sure
if
I
needed
to
set
this,
I
think
I
think
I've
kind
of
screwed
up
my
deployment
initially,
but
so
I've
got
a
machine
template
for
tinkerbell
and
I've
set
the
image
lookup
base
url
to
the
local
repository.
I
think
I
originally
had
one.
I
misconfigured
it
as
191
to
say
1.1
when
it
wasn't.
190
wants
to
say
1.1
at
all
the
whole
thing
exploded,
so
yeah
I've
got
that.
A
Yeah
yeah,
that's
what
I
noticed
later
and
so
we've
got
so
if,
if
you're
looking
at
this
for
one
of
the
data
providers
for
the
aws,
you
would
declare
what
instance
type
you're
using
like
what
this
you're
going
to
attach
and
those
kind
of
things.
So,
given
that
these
are
bare
metals,
don't
really
need
a
lot
of
information
around
and.
C
So
we
figured
start
with
just
using
the
hardware
that
you
pre-define
through
the
shim
interface,
and
then
you
know
we
can
add
figure
out
how
we
want
to
add
selection
capabilities.
Later
I
did
want
to
skip
back
to
something
that
you
did
kind
of
fly
over
there,
but
in
general,
if
you're,
using
the
sandbox
deployment-
or
I
think,
even
with
the
network
configuration
that
you
have
on
your
local
machine.
C
A
Yeah,
that's
right
because
I
think
it
uses
190
1681,
slash
whatever.
So,
yes,
if
you've
ever
had
the
misfortune
of
deploying
kubernetes
cluster,
where
the
pod
ci
pod
ips
clash
with
the
node
ips
very
strange
things
start
to
happen
with
your
network.
Do
not
to
always
be
aware
of
that!
Yeah
we've
been
thinking
about.
I
think,
for
a
long
time
trying
to
put
some
logic
into
cluster
api
to
sort
of
detect
where
you
might
be
about
to
clash
yeah.
So
I
think
that
there
is
an
open
issue
around
that
pr.
C
Welcome
well-
and
that's
always
challenging
too,
because
right
now
we
don't
assume
that
the
core
cluster
api
components
really
know
anything
about
the
infrastructure
providers
and
when
we're
talking
about
things
like
this,
you
actually
need
to
get
that
information
from
the
infrastructure
provider
generally.
What
we
would
call
the
cluster
infrastructure
provider
to
say
what
is
the
network
that
we
would
expect
these
hosts
to
be
deployed
on?
C
A
Yeah,
that's
right
and
then
we've
got
a
machine
deployment.
So
if
you're
not
familiar
with
class
api,
so
machine
deployment
is
very
much
like
a
deployment
in
kubernetes
so
except
we're
using
machines.
So
we
use
a
similar
sort
of
abstraction,
behavior
and
cluster
api.
So
we
have
a
machine
groups
of
machines
and
machine
sets
and
then
we're
able
to
do
upgrades
or
roll
outs
between
machines
using
machine
deployments,
which
will
then
scale
down
a
machine
set,
create
a
new
one
and
scale
that
one
up
etc
so
very
similar.
A
If
you're
familiar
with
kubernetes
resources,
this
shouldn't
be,
the
idea
is
it's:
it
shouldn't
be
completely
abstract
for
you
and
then
we've
finally
got
a
cube.
Adm
config
template,
so
these
are
going
to
be
used
by
the
worker
nodes,
so
sep.
So
it
looks
a
bit
similar
to
the
control
plane
because
we're
using
cube
adm
underneath
so
it's
pretty
much
very
similar
to
that,
except
it
doesn't
need
the
information
about
the
stuff.
That's
only
going
to
be
on
the
api
server,
so
we
are
going
to
load
this
in.
A
A
C
Sorry
yeah,
so
I
was
going
to
say
this
actually
didn't
have
an
effect,
because
the
hardware
template
and
the
workflow
resources
right
now
are
cluster
scope,
not
namespace
scoped,
and
that
was
just
because
we
haven't
defined
yet
a
a
multi-tenant
story
around.
How
would
we,
how
do
we
want
to
talk
to
multiple
tinkerbell
services?
So
that's
some
that
we're
looking
to
solve
in
the
future.
Just
not
now.
A
Oh
okay,
I
wondered
why
it
was
working
that
explains
things
all
right,
so
you
can
see
I've
like
it's
pulled
information
from
the
tank
server,
so
in
the
status
and
one
of
the
cool
things,
one
of
the
handy
things
about
using
clip
for
this
is
we
can
browse
the
logs
as
well
for
for
these
controllers.
So
we
can
see
we
can
see
some
information
coming
in
here.
It's
all
nicely
json
formatted!
If
you
want
to
put
that
in
your
login
just
server.
A
A
See
we've
got
one
control
plane
machine
so
what's
happening
is
the
kubernetes
control?
Plane
controller
has
templated
out
a
machine.
That's
going
to
act
as
the
control
plane
tinker
bell
has
then
matched
this
with
one
of
the
hardware
pool
one
thing:
that
is
there
an
easy
way
right
now
to
find
out
what
machine
that
is.
C
So
not
right
now
we
could
have
chosen
to
do
something
other
than
the
uuid
for
the
provider
id.
However,
I
wanted
to
avoid
any
potential
issues
that,
if
machines
are
mutated
in
some
way
and
ips
are
changed,
and
things
like
that
that
you
don't
generally
match
up
with
something,
and
since
that
uuid
is
the
distinct
identifier
for
tinkerbell.
C
B
A
A
A
C
A
A
C
That
well
and
right
now,
because
we
are
using
a
heagle
for
the
metadata
service
and
it
is
somewhat
ec2
compatible.
What
this
is
doing
is
basically
writing
the
configurations
to
tell
cloudinet
to
use
the
ec2
metadata
make
sure
to
not
treat
it
as
a
strict
ec2
metadata
instance.
Otherwise,
it'll
fail
and
it
defines
a
default
system
user
that
you
can
then
assign
later
an
ssh
key
or
a
password
to
through
the
cluster
template.
C
If
you
wanted
to
be
able
to
access
it
and
because
cloud
init
is
a
bit
wonky
at
times,
you'll
see
that
right
below
writing
that
file.
We
write
another
file
which
forces
the
metadata
configuration
to
work
too,
because
when
it's
bootstrapping,
you
have
fun
things
like
determining
determining
which
metadata
service
to
use
is
done
multiple
times,
so
we
have
to
define
it
in
two
places
to
force
the
ec2
metadata
service
to
be
used.
C
The
other
thing
is,
is
all
of
the
things
that
are
happening
in
cloud.
Init
are
happening
before
the
network
service
comes
online
because
we're
not
fully
compliant
with
an
ec2
metadata
service,
and
if
you
do
a
detection
from
the
local
host
and
you
do
a
dmi
to
code,
it
doesn't
show
as
amazon
hardware
to
trigger
the
ec2
metadata
service.
C
A
B
C
Actually-
and
another
thing
too,
is
at
that
last
little
bit
there,
where
it's
saying
what,
where
decay
exec
into
this
was
fun
too,
because,
depending
on
what
type
of
block
device
you're
using
determining
what
the
first
partition
should
be
on,
that
device
differs
based
on
the
type
of
block
device.
So
in
the
case
of
things
like
sda,
hda
and
vda,
you
just
append
a
numeric
digit
to
the
end
of
it.
A
Right
so
you
can
see
here
got
the
output,
which
probably
should
we
need
to
check
actually
with
the
other
class
api
providers.
We
probably
should
not
be
displaying
the
join
token
on
the
console,
but
I
think
that's
the
issue
with
all
of
our
providers.
We
need
to
check
that,
but
you
you
can
see
the
cuba
dms
finished
and
it's
we
go
to
here
and
you
can
do
kg
kcp
and
we
can
see.
We
haven't
initialized
control
plane,
it's
not
ready,
and
there
is
a
reason
for
that
which
I
can.
A
C
And
I
think
the
biggest
thing
here
is
is
to
keep
in
mind
when
you're
installing
the
cni,
some
of
the
cni
providers
require
you
to
pass
in
a
configuration
if
the
pod
citer
doesn't
match
the
default.
One
used
by
cuba,
em
and
kubernetes,
so
in
this
case
andrea,
and
doesn't
require
that,
so
we
can
just
apply
it
without
worrying
about
it.
If
we
used,
I
think
older
versions
of
calico,
you
would
actually
have
to
modify
the
cni
deployment
before
you
deployed
to
it,
because
we
are
using
that
non-standard
pod
cider.
A
B
A
C
Yeah
anyway,
once
you
scale
up
the
machine
deployment
here,
you'll
be
able
to
bring
up
worker
machines.
We
haven't
yet
added
support
for
h8
control
planes.
Yet
that's
one
of
the
things
we're
going
to
be
looking
to
do
here
in
the
upcoming
months,
we're
going
to
leverage
the
new
cncf
sandbox
project
cubevip
to
be
able
to
deploy
an
h.a
control
plane.
However,
there's
some
challenges
there,
because
what
ip
do
we
use
for
that?
So
we
we
need
to
solve.
How
do
we
do
that?
C
Ip
address
management
because
we've
deferred
it
with
the
actual
hardware
instances
by
requiring
that
being
predefined
in
tinkerbell,
but
for
the
purposes
of
assigning
an
ip
to
cubevip,
we'll
need
to
actually
have
an
actual
usable
ip
address.
That's
not
going
to
conflict
with
anything
else
on
the
network.
A
Yeah,
so
I
I
mean
we
have
so
I
mean
those
requirements
of
bare
metal.
Are
not
this
similar
to
everything
in
on
any
sort
of
on-premise
environment
if
you're
using
research
as
well
so
I'll,
say
everywhere,
we're
going
to
work
together
and
just
to
make
sure
you
know
you
might
be
thinking,
oh,
what
vmware
about
metal?
It's
like!
Oh,
you
know
for
the
way
we
see
it
is
you
want
if
you're
going
to
deploy
kubernetes
cluster,
you
want
to
have
it
on
some
form
of
programmable
infrastructure.
A
All
right
and
vsphere
provides
that
for
you
aws.
Why
is
that?
For
you?
You
know
they.
We
have
well-defined
apis.
That's
spent
many
years
in
the
making,
and
that
makes
it
super
easy
to
get
a
full,
fully
featured
environment.
You
can
deploy
kubernetes
clutter
and
vsphere
and
you're
going
to
get
stuff
like
vsan
you're,
going
to
get
provision
volumes
and
all
those
sort
of
cloud
type
benefits
right.
A
So,
if
we're,
if
we
I'm,
if
we're
going
to
do
that
on
bare
metal,
we're
going
to
make
have
to
make
that
bare
metal
programmable
in
some
way
right-
and
this
is
where
projects
like
tinker
bell
like-
are
showing
that
promise
in
terms
of
providing
a
programmable
infrastructure
for
bare
metal.
So
it's
a
really
interesting
space
for
us
and
like
a
lot
of
the
similar
concerns.
So
this
is
an
exciting
area.
C
C
So
you
tend
to
want
to
support
things
like
doing
things
in
place
because
doing
things
like
rebooting
a
server
in
a
data
center
can
take
anywhere
from
like
10
to
20
minutes,
depending
on
what
needs
to
happen
to
initialize
the
hardware
at
boot
time.
Things
like
that.
So
you
know
what
we
really
wanted
to
try
to
do
when
we
developed
the
cluster
api
for
tinkerbell
is
is,
could
we
take
a
real,
modern,
cloud-native
approach
and
do
it
with
hardware,
and
so
far
it
looks
really
promising
things
like
being
able
to
do.
C
C
Os
images
like
golden
os
images
that
are
streamed
on
demand
and
treated
like
ephemeral,
instances
and
sure
we
do
have
some
problems
to
solve
like
how
do
you
run
stateful
workloads
in
this
environment?
But
I
think
that
we're
starting
to
show
the
promise
of
what
it
really
means
to
do.
Cloud
native
management
of
bare
metal
infrastructure.
B
A
A
C
B
B
A
A
Oh
yeah,
that's
right
yeah,
so
one
of
my
hosts
has
got
a
big
red
alarm
next
to
it
complaining
about
memory,
usage
and
cpu,
so
that
that's
fun.
So
that's
all
very
normal.
That's
not
a
lot
of
memory
in
these
consumer
grade
hardware.
It
is
it's!
It's
just
been
slow.
It's
fine!
Okay,
I've,
probably
saturated
the
network
and
overloaded
the
cpu.
So
it's
fine,
so
I've
got
some
of
the
other
machines
coming
up.
A
C
Yeah
I
mean
my
bare
metal
is
still
kind
of
fake
bare
metal
in
that
it
doesn't
have
server
grade
baseband
management,
but
I
think
that
creates
it
makes
it
kind
of
fun
too,
because
let
me
switch
my
camera
over
here
so
have
a
little
there
in
the
corner.
I
have
my
actual
infrastructure,
I'm
going
to
speed
through
this
a
little
bit
because
it's
going
to
be
a
lot
of
what
nadir
just
showed,
but
let
me
go
ahead
and
create
the
actual
hardware
resources.
C
C
So
now,
if
I
cluster
api
here
I'll
be
able
to
see
which
machine
was
assigned
to
it.
In
this
case,
I
did
say
that
I
cheated
with
my
uuids
a
little
bit,
so
I
know
that
this
is
the
hardware
that
I'm
marked
here
at
a
so
let
me
go
ahead
and
power
that
on
and
when
I
mentioned
that
this
hardware
was
a
little
bit
older.
It's
not
going
to
boot
up
as
fast
as
nadir's
vms
did
so,
where
his
probably
booted
up
in
roughly
a
minute
or
two.
C
This
machine
will
actually
take
about
five
minutes
to
fully
bootstrap
and
again
because
I
don't
have
remote
management,
I
don't
have
a
way
to
show
the
console
on
that
machine
kind
of
nicely,
but
similar
to
everything
else,
it'll
be
going
on
in
the
background.
I
can
go
ahead
and
get
the
cube
config
for
this
cluster
and
it'll
mostly
just
sit
here.
If
I
tried
to
do
get
nodes
on
it
until
that
finishes
bootstrapping
and
everything
I
don't
necessarily
want
to
keep
everybody
waiting
on
that.
A
C
So
it
it
has
a
look
and
feel
similar
to
alpine.
But
when
you
get
into
it,
things
like
troubleshooting,
it
are,
are
slightly
different.
Everything's
run
within
it
runs
container
d
by
default,
all
of
the
services
that
run
within
the
os
or
run
within
container
d
and
and
that
sort
of
thing.
So
it's
it's
not
as
easy
as
saying
whether
it's
written
in
c
or
anything,
because,
just
like
the
kernel
like
normal
kernel
and
things
like
that
for
the
linux
kernel,
those
are
written
in
c.
C
C
So
that's
just
standard
docker
service
running
in
there,
so
docker's
generally
written
in
go
but
then
there's
some
of
the
helper
things
like
the
tool
to
write
tank
worker.
There's
a
like
a
restart
helper
to
be
able
to
help
issue
restarts
and
things
like
that,
because
you
can't
do
that
directly
from
a
container
without
some
additional
help
on
the
on
the
host
side.
C
A
Yeah,
that
makes
sense,
so
I
guess
linux
kits
newsland,
where
it
differs
from
a
standard.
Linux
distribution
is
go
based,
but
you
know
you're,
not
it's
going
to
be
a
long
time
before
we
move
away
from
c
I
mean
we
are
talking
about
rust
appearing
in
the
linux
kernel,
we'll
see
where
that
goes.
Had
some
questions
about
the
home
labs.
I
am
probably
not
the
best
person
to
talk
about
home
labs.
If
you
want
demos,
william
lam
and
I
will
put
a
link
in
the
show,
show
notes.
A
William
has
a
website
which
has
or
everything
you
ever
want
to
know
about
vsphere
home
labs
and
how
to
build
them,
how
to
build
them,
cost
effectively
how
to
get
discounts
and
that
kind
of
stuff
and
I'm
sure,
there's
a
lot
of
youtube.
I
will
try
and
dig
out
some
youtubers
where
he's
gone
through
that
home
labs
and
put
that
up.
Yeah
I've
got
a
question
from
jay
interested
in
the
vagrant
recipe.
I
guess
this
is
particular
relevance
because
a
lot
of
the
kubernetes
on
windows
work.
C
Oh
no,
this
is
fine.
I
got
it
right
here.
So
in
the
sandbox
we
do
have
the
vagrant
file
a
lot
of
the
things
that
are
happening
to
actually
configure
tinkerbell
aren't
actually
happening
in
the
vagrant
file
itself,
but
we
did
have
to
do
some
funky
things
in
the
vagrant
file
to
make
things
work.
One
of
them
is,
is
we
don't
enable?
We
want
to
make
sure
that
we're
not
doing
parallel
instantiation,
just
because
we
don't
want
the
workers
coming
up
with
the
initial
provisioner
machine?
C
Otherwise
you
end
up
with
some
weirdness
there
around
the
type
of
networks
that
you're
defining,
because
we
define
the
network
for
communication
between
the
workers
and
the
provisioner
when
we
define
the
provisioner
and
then
we
just
use
it
in
the
worker.
So
if
we
try
to
bring
those
up
in
parallel,
you
get
weird
failures:
being
able
to
do
things
like
configure
the
number
of
workers,
whether
you
want
to
enable
the
gui,
if
you're,
using.
C
Box
we
do
have
some
of
the
fun
things
like
you
can
disable
configuring
the
nat
so
like
on
my
setup,
I
don't
configure
the
nat,
so
I
opt
out
of
that
and
don't
have
to
worry
about
things
forwarding
from
the
worker
machine
through
the
provisioner,
because
if
you
start
looking
at
the
way
that
like
virtualbox
does
networking,
if
you
stand
up
a
separate
separate
network,
you
can't
define
a
gateway
on
that
network
to
be
able
to
directly
nat
out
of
the
bridge
device.
But
you
can
do
that
in
libvert.
C
So
this
combination
of
this
configure
nat
and
this
lib
forward
mode
give
you
a
way
to
basically
opt
out
of
the
gnat
and
be
able
to
do
direct
network
connection
from
the
individual
worker
vms
out
to
the
internet
directly.
But
we
can't
do
that
with
virtualbox
and
if
we
supported
other
providers,
you
know
the
you
know.
How
do
you
configure
networking
across
those
gets
fractal
and
messy
pretty
quick?
C
I
don't
remember
what
virtualbox
does,
but
that's
so
that
things
can
bootstrap
faster
a
second
time
if
we
have
to,
and
things
like
the
oc
image
were
like
two
gigs,
so
it's
like,
if
you
had
to
like
bring
the
environment
down
and
bring
it
back
up.
You
had
to
wait
for
two
gigs
to
download
over
whatever
network
connection
you
had,
and
that
was
messy.
C
Here's
where
we're
doing
some
of
the
network
stuff.
You
know
we're
we're
basically
telling
it.
You
know
to
use
a
private
network
for
the
purposes
of
being
able
to
talk
to
the
worker
machines.
There's
always
a
default
network.
Adapter,
that's
configured
for
the
purposes
of
being
able
to
talk
to
the
host
and
back
and
trying
to
make
sure
that
everything
talks
right
and
the
right
traffic's
going
over
everything.
So
we
had
to
do
a
lot
of
playing
around
in
trial
error
to
make
sure
that
everything
works
there.
C
Other
things
we're
doing
is
we're
forwarding
the
ports
so
that,
if
you
wanted
to
talk
to
take
a
bell
directly
from
the
local
host,
you
can
do
that,
but
other
than
that,
there's
there's
not
much
to
do.
We
do
have
a
minimal
set
of
memory
that
we
want
to
make
sure
that
the
provisioner
has
that
sort
of
thing
all
that's
pretty
standard.
C
A
Cool
thanks
hope
to
answer
your
questions.
Jay
yeah!
So
oh
going
back
earlier
with
a
little
comment,
so
I
was
looking
up.
The
wrong
thing
got
eight:
it's
a
tftp
to
speed
up
tftp
downloads,
so
from
looks
fingers
it
uses
multicast,
which
is,
I
think,
something
that
the
windows
pre-installation
environment,
supported
as
well.
Back
in
the
day.
A
little
comment
about
in
the
hpc
environments,
using
bittorrent
to
speed
up
boots
for
whole
hpc
classes
fairly,
interesting
yeah.
So
that's
pretty
cool!
That's
ended
questions
how's
your
host,
doing
jason.
C
Well,
we
do
have
the
hardware
available
now
and
we
do
have
a
not
ready,
node
in
my
case
I'll,
be
deploying
psyllium
to
there,
just
because
that's
another
network
provider
that
doesn't
require
you
to
configure
the
podciter
by
default
and
similar.
I
I
don't
necessarily
see
a
point
in
going
too
far
through
this,
but
once
that
cni's
available,
this
will
show
is
ready.
I
could
also
scale
up
those
machine
deployments
in
a
similar
way.
C
C
I
think
somewhere
between
four
and
eight
gigs
of
memory
and
a
really
really
slow,
emmc
disc
that
doesn't
even
perform
anywhere
near
what
an
ssd
or
even
most
sd
cards
would
do
for
throughput.
So
it
takes
about
generally
about
five
minutes
to
bootstrap
these
instances
compared
to
something
that
would
be
faster,
which
would
be
closer
to
like
a
minute.
A
C
I've
had
some
fun
because
all
of
the
arm
hardware
that
I
own
is
really
funky
around
network
booting,
like
one
of
the
devices
I
have
is
a
macchiato
bin
and
depending
on
how
you
boot
the
instance,
you
can
get
uefi
hardware
for
it.
They
have
a
build
of
edk-2
that
you
can
put
on
there,
but
what
you
see
with
it
is
is
when
it
gets
to
linux.
C
You
know
it
doesn't
get
an
ip
address,
because
the
mac
address
doesn't
match
what
you
configure
it
originally,
and
it
uses
like
a
weird
default
mac
address
scheme
that
you
can't
even
tell
hardware
to
be
because
it's
not
even
a
legal
mac
address,
and
I
I
don't
have
any
newer,
raspberry
pi
4s
that
support
proper
network
booting
and
the
raspberry
pi
3s
that
I
have
don't
quite
have
support
for
it.
So
you
know
tinkerbell
itself.
A
C
C
A
Yeah,
I
think
one
of
the
interesting
you
probably
need
to
have
an
ethernet
port
with
that
laptop
and
with
a
usb
ethernet.
That's
not
gonna
have
to
boot
one
so
yeah.
If
it's
like
a
lenovo
or
dell
and
they've
got
physical
ethernet
ports
built
in
or
you're
able
to
plug
in
a
pcie
express
one
with
a
boot
one.
Then
I
think
it.
I
think
you
should
be
good
to
go,
but
yeah.
C
C
A
Yep
and
to
run
the
ftp
server
does
it
have
to
be
on
the
host
or
call
it
one-on-one?
You
need
to
expose
that
tftp
server
onto
the
network,
don't
know
how
you,
if
that's
even
possible
and
kind,
especially
if
it's
running
on
mac
mac
os
on
your
printing
machine.
You
say:
if
you're
able
to
port
forward
it
somehow
and
maybe
there's
instructions
and
kind
to
do
that,
then
maybe
it
might
work
yeah.
C
You
know,
especially
if
you're
looking
at
non-linux
os's,
because
on
a
linux
os,
you
can
tell
kind
to
use
a
specific
bridge
on
the
linux
host
and
then
you
can
access
direct
traffic
to
the
kind
instance
there.
So
you
could
do
things
like
expose
boots
on
a
node
port
on
you
know
that
kind
cluster
to
a
specific
network
bridge
and
then,
as
long
as
you
have
a
vm
or
whatever,
on
the
machine
connected
to
that
bridge.
C
C
A
C
C
I
don't
know
if
I
have
any
documentation
to
get
it
all
working
from
a
linux
machine
directly,
but
there's
a
flag
that
you
can
pass
to
kind
or
maybe
it's
not
a
flag.
Maybe
it's
actual
part
of
the
config.
When
defining
a
cluster,
you
can
tell
it
specifically
which
network
device
network
bridge
you
want
to
use
instead
of
the
default
one.
And
then,
if
you
just
bring
up
the
worker
machines
using
libvar
using
that
same
network
bridge,
then
you
have
direct
l2
connectivity
between
those
two
things
so
it'll
work
in
that
case.
A
Yeah
all
right.
Well,
I
think
we'll
leave
it
there.
We
go
for
two
hours,
it's
quite
a
long
episode
this
one.
So
thanks
for
everyone,
sticking
around
and
join
us
in,
I
don't
know
when
we're
doing
the
next
episode
it'll
be
on
twitter
it'll
be
from
you
will
definitely
see
one
from
joe's
account
and
the
vmware
cloud
native
apps
click
on
the
subscribe
button
and
click
on
the
bell
to
get
reminders.
Don't
let
the
youtube
app
algorithm
figure
out
if
you're
interested
or
not
subscribe
to
all
of
the
episodes.