VMware TGI Kubernetes, 4 Feb 2022

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: TGI Kubernetes 184: kpack

Description

Join Cora Iberkleid and Whitney Lee as they explore kpack (https://github.com/pivotal/kpack) for building OCI-compliant container images at scale.

A

All right, hello, welcome. There are three of us hosting today. It looks like corey can tell you. We've been on together for, like the past week, we're getting.

B

Here welcome, I know, there's three of us posting today.

B

C

Wait was that me is it. I think I had too many windows open.

B

C

A

Oh yeah, it's it's! It's gone now.

A

B

Yeah hello from the netherlands, hi lisa's.

A

Heart to the cat, so I was saying that core and I have been here an hour getting ready for the stream and the cat's been fine and then now the second we start she wants some attention. Pat knows when the cameras are actually screaming.

A

It's been so I'm in texas and it's snowing here or it did snow a couple days ago, but there's still snow on the ground. It's in the 30s, we're not used to this at all and the cat had is usu usually goes in and out, but now she's like it's cold and she's confused.

A

So a lot of times today, she's been kind of like up in my face like what like she thinks, because I have control over everything else in her life that I should have control over the temperature outside. She wants me to fix that for her.

C

A

C

You can make it a little bit warmer in new york too,.

A

It's it's not global warming, it's just me being a jerk yeah, so hi, hello, I'm whitney! This is cora. We should introduce ourselves. I think, before we dig in on the learning yeah.

C

Do you want to go first? No, you go first.

D

C

Keep an eye out also on chat. We've got people joining from israel from colorado from the netherlands.

B

That's awesome.

A

Yeah go ahead: israel, hi hi, um um so my name is whitney. I'm relatively new to tech. I went to a a boot camp in 2019 I graduated in october of 2019 and um at the boot camp I learned full stack web development, so I actually wrote my very first line of code in january 2019. I graduated. I worked really hard that year. I graduated 10 months later and then I immediately got a job as a cloud developer where I didn't use any of that web dev knowledge at all.

A

So I started over again, but I I work really hard at learning I study every day.

A

I have a certifiably medium amount of kubernetes knowledge, because I have a kcna certification and I'm an advocate here at vmware and I'm I'm honestly meant to represent new learners and and make myself vulnerable and be here and let everyone know that, like they're, not the only ones trying to wrap their head around this new material, it's hard to learn, and um but it's fun too, and rewarding and there's so many great people in the kubernetes community, such as cora.

E

I I often find that I don't know many things, but I.

C

Cannot say that it's from lack of time in the field.

A

Your thirst for knowledge and your willingness to learn, though I've seen you learn a lot just in the eight months. I've been in this position.

F

C

So much to learn: um hey spencer, hey kr! We have been from romania, I am from wales, so exciting. I want to travel to each of these places. San jose, denmark, helsinki.

A

Wow thanks everyone. This is amazing,.

E

Yes, um so yeah, so I'm cora iverkleid.

C

I'm on the same team as as whitney here at vmware, we're both developer advocates.

E

And uh this is my second time co-hosting tgik, so I'm uh really thrilled.

C

E

Yeah eight months goes by fast. It does.

B

I started in june.

E

um So I guess we've got uh we're. Gonna follow the normal format, which is a little bit of news of the week. uh There's a.

C

Hackmd link, which I guess uh you should share that yeah.

B

Let's do that have any.

C

News that you want.

A

C

It, or should I.

A

C

B

If you have it.

A

I'll put it in the right now.

C

Here we go and mark is probably lovely.

E

I almost spent a semester in college in denmark and then.

F

And then I didn't.

E

C

One of those.

A

Yeah, I um my I have a son who's 22 years old, so I had him when I was 20 and it's been very rewarding to be a parent. I'm all done now. I've been there. Did it he's a he's, an adult who lives in in california he's graduated college, but um I feel like in my life I missed out on global travel. That's the big thing I sacrificed by being a mom instead of yeah, so I hope to make up for that this.

A

If the world lets me and opens up I'm hoping to visit everybody's city exactly.

C

Here's your travel list right in the tgik chat right there.

C

Let us know in chat also, have you played with kpac already or.

D

C

World packs, um if there's anything specific you want to get out of today,.

E

That we can spend extra time on, uh let us know and um yeah, so the hackmd link is there.

C

And we picked out some stuff that we thought was maybe interesting for news of the week.

E

On do you, I don't know if you wanna, I can get.

A

Started with that, um we're gonna take turns announcing things. So uh if you're, a kubernetes contributor with uh kubernetes, is switching over to easy cla and so, according to a github issue that was brought to my attention, the migration is scheduled to happen this coming weekend. So if you have any cla issues now, you know why I don't know what you do about it. Hopefully they get the github issues.

C

Until you found this issue whitney, I didn't even know what a cla.

E

Was but you've been despite your short time in the industry, you've been you managed to become a kubernetes contributor. Yes,.

A

I I got involved with the sig docs, so I go to all the sick, docs meetings and I get it's been such a warm and welcoming community community.

A

So I've done a little bit of fixing up, just as I learned from um I I okay so for this job I felt like I wanted to understand all the vocabulary around kubernetes, so I actually went and like made flash cards of all of the glossary entries so that I could get my work up my vocabulary and understand at least the gist of what everything is.

A

So as I found as I found things that were unclear to me in the glossary I fixed them, and so that's how I came to be a kubernetes contributor, but it sig dogs docs, is great, and I understand all the the uh special interest group is what cigs are yeah. The things are wonderful.

E

So you needed, you needed the cla, you need.

C

E

See a contributor license agreement yeah or to do that and so now there's. I guess.

A

Yeah, I believe the seal, the easy cla helps. um Organizations like like I had to go through. It was kind of complicated to be able to contribute the first time, especially as a vmware employee, and so I think the easy cla is meant to make that process easier.

E

um Let's see what's next on the hack, uh do you want to share this screen, maybe for the hack.

B

Sure, let's see.

E

um All right so, the next thing- oh yeah yeah. There was an argo cd vulnerability that uh I don't know all the detail about it, but I know that it's by way of home, like somehow helm, was opening up a vulnerability uh with argo cd that was kind of like a day, zero vulnerability, and um so it was discovered, I believe yesterday, but there's already a patch for it. So if you're using argo cd make sure you go out and grab that patch and patch your systems that sounded important enough, it does.

A

And, uh according to last week, in kubernetes developments, the release engineering published an emergency extra update. So I actually don't know what any of this means, but the word emergency made me feel like. I should include it here.

A

So users who use custom resource definitions that rely on the field x, kubernetes preserve unknown fields. True, should avoid, should update to 1.23.3 immediately.

C

So yeah so a couple security warnings there which which actually bring us to the next one. So there's a project.

A

Oh yeah, we have a question in the chat, is kpack like google? Can eco build containers in a container? We.

E

Will um so uh it works a little bit different, so the idea the purpose of kpac is to build containers from code. uh It works a little differently than canonical, so we will see um it's not a silly question at all, uh so I would say um uh I don't know if I'm saying your name right but rajasthan.

E

If we don't have a good answer, if you, if you don't feel like that, question was answered uh after we start looking into uh kpoc a little bit more, then let's uh bring that question back up at the end.

E

um uh I think mechanical, I'm trying to remember, as I'm saying this if caniko relies on a docker file, if it's using your doc, I think I think chemical requires you drop your docker file and then builds your app from the docker file um and, if that's the case, then uh kpec does not require docker files, um and it has a much more sort of like a very structured approach which we'll we'll explore. So I think that we will answer that question in more detail as we go through this.

E

That was perfect, cool, um so yeah. So, speaking of so we have the argo cd vulnerability and we have this other super onerous sounding statement that if you use these extensions, you should upgrade so uh so we thought it'd also be worth mentioning that uh there is a project called alpha omega that was created to um to design a secure global, open source supply chain, um and uh that was, I think, that might have been already announced back in october.

E

But but I think it was google and maybe microsoft, that uh committed more money to it, so that so it was kind of like raised again this week. I think I was raised against this week uh in in some of the you know, kubernetes sort of like uh weekly newsletter, so um there's a link there to also oh, and also, if you follow that link, so the hack md link is in the chat.

E

So definitely, um if you want to, if you want to find the links that we're showing on the screen, you can go to the hack, md link, which is right here um and so there's a webinar if you're interested in that topic, if you're interested in learning about what they're thinking of in terms of designing this concept of a global, so open source uh secure supply chain, there is that webinar on february 16th. Coming up that you can join.

A

We have another question in the chat: cora can capec builds, be integrated with gradle or maven plugins.

E

uh So kpack itself does not use maven or gradle plugins, but the technology that it uses to build an image can also be accessed. So kpec is kind of like an alternative. uh Kpac is is sort of like think of it as a portal. You know it's something that allows you to use the back end mechanism and uh this for spring boot. The maven and gradle plug-ins are alternatives to k-pac, so they will build ultimately the same image as k-pac but k-pac itself.

E

When it's running in kubernetes, it's not going to directly use the maven or the great appliance.

A

They both use cloud-native build packs, yeah cool yeah.

A

um Another piece of news: are you finished with your piece of news with the alpha omega cool, um so just a reminder that the call for papers for the cncf hosted collated, co-located events at kubecon and cloud native con europe this year are due soon they're, due in 10 days on february, 14th, so get to writing. Yeah.

E

Yeah and if you're thinking of submitting a talk- and you haven't done it before and you need some encouragement you can you can dm me, you can probably dm whitney I'm going to offer her up, but you can certainly damn me.

A

Totally I mean I've never been accepted to one myself, but I'll do the best. I can to help you for sure.

C

We'll help you we can. We can help with your uh abstract, whatever, whatever you need to get the courage up to do it.

A

I can't encourage actually.

E

All right uh and then the last piece of news before we get started on kickback is.

C

Just that uh this I mean these, these.

E

Documentary actually came out in january, but um I think the the second part was announced, uh maybe late last week, so we thought it was worth mentioning. So if you are, uh you know uh this weekend, if you don't have plans and you can't find something to watch on on netflix uh there's a cheaper documentary by honeypot- that's really good!

E

On uh kubernetes um with you know, a lot of the hosts that you see here regularly regularly on tgik are being are interviewed as part of that documentary to kind of tell the story of of how it started and the thought that went into it and how things happened. So um it's very nicely done and highly recommend it.

E

So uh that being said, I think we should get started on kpop, um so yeah. So thank you, uh rochester, london and alex alexander for for the questions so far again yeah. So let's get started.

A

The chat participation is super fun. I appreciate y'all.

A

So the first question is: what is kpac? What is payback, what is it for.

E

Why would you use a pack um so k-pack for it's a project that was created? I think it was 2018-ish cloud-native build packs were created in 2018, which is a way. A sort of a very structured way of generating oci images and kpac was, is one tool that you can use in order to leverage cloud-native build packs to generate images, so the project itself, I believe, also dates back to 2018..

E

uh In fact, joe bida did a tgik episode on kpac a couple of years ago, and so what we're going to try to I mean we'll cover the topic uh as as in in its entirety anyway, but probably in the section where we're doing hands-on stuff we'll try to probably do things in a way that leverage things that were released since uh joe did the last episode, so you'll see something a little bit different from from the last one um but yeah so uh yeah.

E

Let us know in chat also like how are you normally building images? Do you use docker file today or or do you play with cloud native, build packs and if you are playing with cloud native, build packs, do you use?

E

uh Have you used kpac or there's also a cli called pack you can use, or, as alexander mentioned gradle and maven plugins, if you're using spring boot. uh Those are all different ways to use um cloud native, buildbacks and kpak is the one that's oriented towards really like high scaling high scale situations, because kpac is something that you install into a kubernetes cluster, so it can operate at scale and it can operate centrally and serve a lot of developments. Development teams or a lot of developers and it'd be easily managed by operations team.

E

Essentially, so it hits all those kind of like use cases uh as it leverages cloud into build packs to build ocr images in a really structured way. So does that make sense? Yes,.

A

Could you boil it down and say like it's a way to build images, leveraging kubernetes or if you know your images are going to live in a kubernetes cluster? That would be a good use case like who are capex, who, who is the user for kpac? What's.

E

The use for k back so I think um so one aspect of a person who would be interested in using kpac is a person who's interested in building images in a in a in a more structured in a better way like docker files, uh and I can see you know, several people in the chat are saying they use docker files. A lot of people have dropper file templates. Their company has created docker files yeah so that.

D

E

Common dockerfile is the oldest way to build images, so you are going to find that a lot of people use them and it's the.

C

One that most people.

E

Are familiar with so if you have an application and you have to build an image you're, you know. The first thing you might think of is to build a docker file, um build kit and java, also yeah, okay, yeah, um and so uh the thing is that every docker file that you're using is like a script that you wrote by yourself right, like you're, already maintaining your code, you're already maintaining your app.

E

If you add a docker file to your git repository, that's one more piece of essentially custom code that you have to maintain it, and and as alexander is saying, for example, in his case, this company is using dockerfile templates, so they have so. In that case there are organizations that have uh you know, uh assigned the responsibility over docker files to a centralized team that can then put them into a jenkins or something like that, so that everybody's using the same ones um and um but uh but it's still, every docker file.

E

It's still a custom script uh and it's still gonna be different from the ones that you know your your another company is using or, uh or you know anybody else's use, because each one is one that you wrote so um cloud native, build packs was an attempt to solve that problem of saying we can build.

E

We can first of all there we can build better practices and have a standardized way to build images and kind of like make it part of the system that you that things will work out of the box and that they'll be easy to share um uh and and yeah so that was kind of like, and we can talk about sort of the internals of cloud native, build packs and it got rid of some of the disadvantages of docker file like, for example, when you build an image with a docker file.

E

If you want to, if you have an operating system vulnerability, and you need to change the operating system in your image. That means that you have to go to the very first line in your docker file, the one that says from face image and change that line and when you change that line, because your docker image is composed of layers with docker file. If you change the first layer, you've got to throw away all the rest of the layers and rebuild the image which is slow.

E

You have to do it one by one, starting from the source code and you're, also rebuilding parts of the app that didn't change when only the operating system changed. Why are you rebuilding the code? Recompiling?

E

The code right, you might be introducing changes inadvertently, so that kind of thing um is something that cloud native build text just takes a very different approach and has and organizes images in such a way that you can swap out layers without having to rebuild the whole thing uh they're not as sensitive to like the order of the commands in your docker file and things like that and um and then there's also an opportunity, because you're just reusing uh logic, that's already built into uh this project. Basically, um you don't have to write yourself.

E

All of the I mean when you build an application, you can build it very simply right.

E

You can just say, like let's say you're in java right, so you just say maven package, and then you move your jar file jar file into your image and that's that's fine it'll work, but it doesn't have any like um extra efficiencies that you could add uh in terms of maybe memory, management or um or layering things better uh or anything that you would build into the app you're, probably not going to do it in a docker file, so cloud-native build effects. Give us a much more sophisticated way to build images.

E

So that's so that's one! So I guess to answer your question like one reason to use k-path or one reason to use anything that uses file native, build packs, including kpac, is that you want to build better images and you want less responsibility over managing a customized way to do it, and then why k-pac specifically, because your alternatives are a cli, the same way you use docker build. You can have a cli experience with cloud-native build packs or if you like, maven package or gradle build, you can use those.

E

You can use those commands and also use cloud native build tracks to generate an image. So you would use kpac, because you have uh the use case where you need to support, probably a larger number of development teams who are, and you want a more autonomous way where you can just install something in kubernetes that will be watching. So, instead of the imperative, like here's, my code, I'm going to drive it from a cli command uh you're, you can install something that is going to be polling. All of your git repos and building images automatically.

E

So all you have to do is a git commit, and then this uh this operator, that's sitting in kubernetes, watching your code will automatically publish an image to a registry that you can then uh deploy with your patched argo cd, installation.

A

So there are a few things I'm hearing one is um oh, I picture like a dockerfile being like like a parfait or something with a glass cup, and it has all the layers of deliciousness and and then like um a build pack, doesn't have the sides so like if you were able, if you wanted blueberry jam in your parfait instead of the raspberry jam, that's there and um if you had a dockerfile, you have to throw away everything on the top and rebuild your parfait, where somehow, with k-pack and with cloudy to build packs, you can just remove that layer and generate it.

A

Yeah yeah and it just stays pristine yeah,.

F

Yeah and so yeah you might use k-pack just because it's delicious.

A

And then keep that right. I just want to drive home too that I think the big one of the big benefits that I know is that watching and I don't know if any other the cloud native bill pack tools do this, but I think it's so cool that it it. It pulls the get repo for you. So you not only do not have to to maintain a docker file.

A

You don't even have to make a docker file, it's just watching it's just watching and then the the image just gets built, and I think that seems like a huge value and then I imagine if everyone's making their custom script and there are all kinds of different docker files, it seems possible that the end image could be very, not very different, necessarily but not standardized yeah. If you from the same code base, you could build different docker files and get different images and.

E

Yeah and then put yourself in the use of the operator in that scenario, like you, have all these developers using different docker files and they're like here. You.

C

E

C

They're secure, we look, we googled.

F

How to make our docker file secure and we're sure you know and.

C

Then you're the operator responsible for saying, like okay, I'm going to let this into production uh because they said it was secure enough. You know like who knows.

A

So they're it's repeatable like it's perfect, it's reliable, it's yeah yeah! It seems pretty great we're getting lots of we're getting some good parfait humor in the chat right now. It's going to be.

B

All about food, our face, drop, yeah.

E

So so a couple of the questions um cube cuddle exec into a build pack, uh so what you can do is is uh with so when kate, we will see this when capec is building an image. The build is happening inside of a pod, so you can cue cuddle exec into that pod, if you need it to uh as long as that, pot is still up right, like if your build is taking long enough that you have time uh it's just a pod.

E

uh Well, having said that, uh let me yeah yeah, because it has it's a pod, but every the process of building an image is composed of like different steps, and each step is happening in a different init container. So I guess you just have to keep cuddle exec into the right container, um but I don't yeah. So I don't know if you would need to do that very often, but you know it's a bills happening in a pod across a series of containers, so it's no magic and then um okay back work behind corporate.

E

I mean okay you're, installing it in your kubernetes cluster. So as long as you know, the access from kpac to your registry and to your get source code is all behind your corporate proxy. Then um it should just work. It doesn't uh it's just it's living inside your kubernetes cluster. So, however, you configure your.

F

E

uh Are there any application, binary interfaces for windows apps?

E

That's a good question.

F

I don't know if.

E

That's a good question. I'd have to. We have to look up so uh the do you mean um something that you a tool that you can use on your windows, machine to build images or something to build images uh that would have like a windows operating system in the container image. Like is the windows as the the machine you're working on or what you want in the image.

E

I guess, if you can, um we can keep talking about that, one! uh Okay, so should we should we try it out so yeah yeah.

A

I think yes, so we're gonna install kpac next.

E

Yeah so let's install it first.

A

All right spell: okay pack link, yes, yeah.

E

So, okay, so we so it's just a kubernetes project. So, like anything else, you have to cuddle, apply um and the release file that you would download from the website, but um because we because, as I mentioned um joe, did an episode on k-pop a couple years ago, this is the way he would have acquired it in the episode. This is the way he would have installed it in the episode just cute pedal apply and the yaml file that you download from the github site for kpac.

E

So what we're going to do a little differently is, um if you're, uh if you've, been watching recent tgik episodes, you've, probably seen timmy and josh, and others talk about tonzu community edition um and very recently. I think it was one or two weeks ago. um K-Pac a package so so tons of community edition is a tool to provision clusters and also a tool that helps you install additional applications that you would normally you know need on your kubernetes cluster right. If you've heard people say, kubernetes is a platform for building your platform.

E

That means that vanilla kubernetes is not enough. Generally, you need to install things like like k-pak. If you want to build images right or like I don't know, k-native or contour different projects that you need to make your kubernetes cluster, more full-featured and so tons of community edition and there's a link in the chat is, um is a tool that helps you build up that cluster and so kpat was recently added as a package to tanzu community edition. So we're going to go through the installation using that approach.

E

Instead, um thanks tom.

A

So I got to answer to the question before from who works on the kpac project. I believe kpac can build windows images where the stack os is windows, but that is a beta feature at the moment.

A

All right so work, so what is I? I really have? No, I'm leaning on you hardcore. I have no idea how to.

E

We're gonna do this: okay, so basically okay! So so what do we have on so on your computer, uh so so whitney? And I made sure that we have a cluster running uh that wasn't installed with tonsu community edition uh right now uh there shouldn't be anything on it. So if you do a first of all, you can do like a a cube tx just to show we're pointing at a cluster or cube ctx. I'm sorry so we're pointing at a cluster. So the one that we provisioned is a you.

E

Can provision different kinds of clusters with community sounds of community edition. It can be a you, can provision a cluster on a public cloud like aws or google or azure, and uh or you can do something locally on your docker, so we're working locally on on whitney's machine on docker and the other choice you have with tons of community edition is to configure like an unmanaged single cluster or to create a management cluster and then use your management cluster to create worker clusters, where you're actually going to deploy things.

E

But we didn't need that, so we just went ahead and created an unmanaged single cluster running on docker, so you can see it actually leverages kind in the background kind tce is, is the context the cluster we're pointing at so we can also do a q and s and show.

A

Kind is an acronym right: it's coop. It stands for kubernetes and docker yeah.

B

A

That's right, yeah and what's the.

E

What do you want will show us the different name spaces in the cluster? I'm sorry, I didn't hear you uh cuban s, k, u b e.

B

A

Your machine, I did actually.

B

E

That yeah is docker running.

E

A

I guess not sorry, no problem.

E

Let's see uh any other questions.

E

Yeah, I don't know if um not to put you on the spot tom, but if you know more about the uh tbs versus kpat, uh I think there's more support in tbs to swap out the os.

E

um I believe that was a thing with open with uh tbs, um so tbs for those who don't know being the commercial version, so kpac is the open source version and tons of build service is the commercial version of this product. So it is everything k-pac, plus a few extra things that that would be interesting to to you know, organizations um but not essential to to getting value out of kpac if you're, if you're, not looking for that.

E

um Okay, so did that work? Okay, good! Okay! So uh so you can see that in this cluster there's um we don't have a k-pop. We haven't installed paypal, yet there's no k-pac name space, uh there's just um regular name spaces that you expect out of vanilla, kubernetes, plus a couple that have to do with tons of community edition as a system, so the core stuff and the tpg system which helps to provision clusters and then this package repository uh namespace, which it holds the package repository.

E

That includes uh kpop, so here we want to type tanzu package available list command, so here we're just asking this tanzu community edition cluster to tell us what packages are available in this repository.

E

None of these are pre-installed but they're available for us to install, and so you can see there that we have the kpac package available to us so um and just if you're gonna try this at home I'll. Just uh warn you that that, if you're doing the standalone cluster, you just have to upgrade your package repository to version 092 to get kpak in it. Because kpac was a such a recent addition to this package. Repository that um you just gotta, make sure uh there's a you can in the cli.

E

You can do a tons of package uh repository update command and you just do it with version zero. Nine two! Instead of zero, nine one, which is what is in there.

C

E

So um so once you have that, um then what we really wanna do is go to the tonsil community edition website, because the inside the instructions that we're looking at on the screen, which are the ones from the kpac github repo, are the ones to normally the way you would install write cupid'll apply this yaml file to any cluster.

E

But since we're going to do this with tons of community edition, we actually want to check the tons of community edition documentation, and so you can see um there should be a link on the left there to say um that says: packages a bit lower down the insta. The installation on this page refers to the actual installation of which we did yeah. So now we're in the packages section and we can find a contract yeah. So here so now.

E

uh So that's the other nice thing about tons of community edition is that it gives you this resource with information about all of the packages that are part of this particular package repository. So it's a little extra help. I guess in terms of like um getting you to to help install um so so one thing that we see here is that uh if you read through the dock, you'll see there's no prerequisites for kpap it.

E

You can just install it by by itself, and there are some uh configuration uh parameters which we will use a few of them and also there's this mention of a cli right somewhere in the middle. It says this assumes that the kpac cli has been downloaded.

E

So that's another new thing that I I don't think that was around two years ago, when, um when joe did the last session on tgik. So I would say, let's start by installing that cli actually.

A

Okay, I don't see where you're seeing that right.

E

In the middle of the page that says: homebrew, okay, yeah there, let's follow those links. Okay got you.

E

Let me check the chat.

E

I'm super grateful for everybody who's, helping to answer questions in chat.

E

Yeah so I mean waleed.

A

Vmware's trying.

E

To convince you to use tomsu standard um well, one great way to figure out if you, uh if you want to be convinced, is to use tonzu community edition, because tanzo community edition basically has uh it's like an unrestricted.

E

um You know no strings attached, oss free uh all of the oss, that's part of of sanzu commercial, um so it's a so evaluating tons of community edition is a great way to to figure out. You know if you want to go along with those suggestions or or not um awesome. Okay, so we've got the kpcli installed. So now um we want to do uh okay. So let's go back to the documentation.

E

uh And the other thing we're going to need is, of course, um uh the documentation for tons of community edition the the middle one uh yeah okay. So if you scroll up just a little bit we'll see what are the uh parameters that we might have to supply? We're not going to be using proxy. So we don't need the bottom three, but the top three are uh are important, so we want we need a default repository and we need the username and the password basically right.

E

So uh what you want to do is create a file and put these three values in the file.

A

E

And you can call that file anything you want. You can call it, for example, kpac values.yaml, or something like that.

A

Okay, uh touch is the right word right.

E

F

E

Yeah, you can use vi, you can use whatever editor you want and so um yeah. So just you can literally uh make sure you type the I to insert yes, okay and then you can copy and paste those three values.

E

And so that, okay, so for this one then add a colon, because this is yellow um and then here we're going to want to put your uh so we're going to be using docker hub is what we decided.

E

Yes, okay. So then it would be your like yeah, whatever your docker hub, wiggity whitney, uh was that your or you could just actually docker hub docker hub is usually the default, so you don't even need that when it's docker hub, if it's gcr or something you do need, but you could literally just put your username and then slash, and then you know slash something, uh maybe kp or something tgik is fine yeah.

E

This is for this is what kp is going to use to to move some images into your registry. uh We have an opportunity to specify different uh repository names later that are going to go underway whitney, but so this is one okay, okay, then, um then yeah. So then the next value.

A

We do have some questions coming up.

A

D

A

We distribute app traffic across different clusters on different ias's.

E

For well so k-pac is a per cluster installation. So if the question is specifically about like how, if you can distribute the build, because basically the only thing that back is doing is it's looking at where you say your source code is and when there is a git commit, then it will build the image uh and it does that in a pod. um So um you can you can leverage all of the resources within your cluster to do that. If you you know, you can create the the resource that points to your source code.

E

You could create them in different name spaces. So you can you know you can make you can make that spread out. I guess uh somehow, but but it's not gonna spread across a different like one k pack is not going to reach out to a different cluster to trigger a build to happen on a different cluster, um so so from a single k pack perspective no, but you can install kpac on aws or on uh vsphere or on google like it doesn't care. Just you just need kubernetes.

E

So so you could do it across different iss. In that sense,.

E

Let's see all right so in the meantime, let's build up this file. Do we have the repository username.

A

I think I just built it out on my own because of I saw the password coming what's going on so.

E

So if you do like a head minus n two, you could type head minus n minus, oh head space, minus n space, two uh and then the name of the file and that'll just give us like the top two lines of the file. Okay, so long as the password was the third line, uh we should see okay, so, okay, so we'll assume the third line so would have been kpop kp default repository password and and what you actually use was an access token. Is that correct?

E

Yes, that's, correct, right: okay, so yeah, better practices, if you're using, if you know, depending on on your registry, what it gives you, um but for docker hub in particular, um you know we can use access tokens instead of our password. So.

D

E

Now, when we install kpac, it will read this information and it will populate. Actually, I think it's a- I think it populates a configmap so that I think the kpcli is going to use this information. So, um okay. So having said that, um let's go ahead and install it, so the installation command is is going to be a standard command for when you're dealing with tons of community edition.

E

So I mean we know because in the documentation we can see that, on the left hand frame, if you scroll up a little bit like there was only one version of k-pac. This k-pac was just added right, so uh under packages.

E

But but you could also yeah so under packages under k-pac, there's only going to be one version of payback, uh some other some of these other products, zero, five zero, which is the least some of these other products, have different versions that are included in the repository. But here we only have one. uh So we can go ahead and say: tanzu package install.

E

Are we, why don't we do a tan zoo package available uh and I think it's a list um and then type kpak kpac.community.tonzoo.vmware.com.

E

I think that's the right command, I hope yeah right now, yeah the same information right. You can just query the cluster and say like what what versions of k backer here so now.

A

What's that I just what you got for me, just talk to your cluster exactly exactly.

E

Yeah, okay, so now we want to install this, and so it's time so this is for any package. There was like a list of 12 packages. You saw that before right, something like that. So for any package you would just say tons of package install kpac in this case we'll name it kpac and then you say: minus minus package dash name and then you can copy paste that kpak community onto vmware com, not the virgin, though not the version yet nope.

E

Perfect and then minus minus version and then the version number space and then the version number and then uh because we do have a configuration files, then we want to say minus minus values, dash file.

E

And yeah and then your k-pac values file yeah that should do it. Try it.

C

Okay, so pretty easy, which is cool because.

E

If you did, if you did the install the regular way without tons of community edition, uh like you can see here in the output, it's saying it installs a package, uh the name space is also part of the, um but I think it does like so the service account um and the secret is automatically creating those.

E

So it's just like payback installation is, is not complicated regardless, uh even if you're just doing the regular cue cuddle apply in the release file, but doing it, this way does remove like one or two steps of like the secret in the service account. I think so it's a tiny bit easier.

E

B

A question in the chat: let's see.

E

Which question the last one: okay, config options have proxy settings.

E

E

Tom I'm gonna reach out to you for this one.

A

We should read it: the config options have proxy settings, but corporate proxies tend to intercept traffic and use private root certificates to do this for https traffic. So is there a way to add this root certificate, and that is something we don't know. We're hoping that um our friend tom from yeah, maybe.

E

This is better than I can oh hey tasha's here. So let's.

B

E

If tom can help us out and if not, we can do a little more digging, but I feel like we're going to get the best answer uh if we give them a second um but good question.

E

Yeah, so this just takes a second okay. So while this is going.

F

What else could we do.

A

um I'd be interested, so I would like to talk a little bit about just for people. Maybe who's who are earlier on in their journey. Like me, like we said, kpac is a tool for cloud native, build packs, but what are cloud native build packs like that's what I think we should maybe go into about a little bit, because I found cloud native build packs a little bit difficult to understand at first because build packs. The build packs are called build packs, but also build packs.

A

When you refer to the life cycle, you could also be talking about build packs. We refer to the tools, you can also be talking about build packs, and so I just maybe wanted to disambiguate that there's not enough words.

F

Use them to refer to different things right.

C

uh Hey glenn.

E

So yeah should we pull up the we can fill up the build packs website and we can pull up the paquetto okay.

B

The aisle yeah.

A

Let's go to the buildpacks website, but before we do, we have some more conversation in chat. So tom came on um to answer martin's question: there's actually an issue to add a certain injection web hook to tce, meaning tons of community edition. I'm currently working on that, but I don't have any ta yet so it's coming and then alexander has a question where.

E

Does okay yeah, so where does it cash? uh So kpac is going to use a uh persistent volume claim for the cash for a build so that if you, if you build something once and you download- let's say it's a java app, so you build it once and you're going to download the jdk.

E

That's not going to go in your image! That's going to go to production right, so you don't want to have to download that jdk. Every time you build so that has to be cached somewhere. uh So cape back in particular work out. We'll cache that in a persistent volume claim you can you can, if you didn't want that, you could disable that feature, which just means that your builds will take longer. You'll have to download it every time, um but it uses a persistent volume claim to do that um cool.

E

So all right, so we've got kpac installed, so we could do a q, an s again, for example: oh, what is it again? Ks kp, cube nx cube cube spaces.

E

So now we have a new one, uh we're not pointing at it. We're not supposed to be pointing at it. That's good, but there is a kpak one and um you could do like uh you could do if you want to do a cube. Cuddle um get pods in minus n k-pack, for example. You can look at what's what's.

A

Under the hood, all right tell me again right to type please cue, cuddle.

E

Get pods minus n k pack yeah more builds yeah right longer, coffee break exactly so. Okay, so you can see that there's a couple of pods running, so this is like the internal. This is like the actual product right. What's whatever's in the kpac name, space is like what was installed by k-pap for the product itself. We won't be adding stuff to that namespace, but uh you can see the controller is there.

E

So if you ever really like, if something was not working and you just didn't- you thought maybe like it's an error within kpac, you could come to this namespace and check out the log for the controller. That would be- maybe maybe maybe something would um you know, help you out there um so, but we're going to be working in just the default name, space to actually build uh to create the resources that are going to build our application.

E

um Ap doesn't support this yet, but if you pedal apply an image resource, you can use a registry image cache instead of oh cool, okay, okay, pretty.

B

E

All right so yeah, so I think that's the other cool thing about cloud-native, build packs in general that they really leverage kind of like the latest functionality and features of registries, um and they have they offer a pretty sophisticated sort of like caching, caching capabilities um by leveraging the fact that oci images are really manifest. That point to layers uh and and that oci registries uh can enable some sort of advanced caching, and so the cloud native, build text. Projects in general tries to take advantage of those things.

E

So it's nice to see even newer things coming up in that sense. um Okay, so we were uh we've.

C

Installed kpap, we do have.

E

Your opening question whitney about getting more into cloud native, build packs in general, um let's so, okay, so let's do those, maybe in parallel, maybe as as we move forward with k-pac, we can talk about what does that mean in the context of platinum x in general, okay, yeah.

A

E

Okay, so um so, since I know that many people in chat have mentioned that they work with docker files, uh docker files are always the right. The first statement in a docker file is always from something from a base image that has only uh you and you know, some kind of linux or whatever or from a base image. That has uh the run time for a node app or for a java app right. You can choose your starting point and you can go to docker hub and maybe uh see what their like.

E

The certified images are, or maybe your company has like a certified one, that everybody has to use that one. um So in the case of cloud native, build hacks, um so yeah, so I would say: yeah, let's open up those two pages actually build paxa, io and packet. The io.

E

So, in the case of cloud native build packs, so here's the buildpacks.io website- and this is the project that basically like they came up with this whole concept.

E

uh I mean the original concept of build that build packs does date back to like 20, I don't know 11 or ish, more or less, but the cloud native version that is kubernetes native, that is uh for building oci containers. Specifically um this. uh This project came up with this idea that this should be a very strong that this, the idea of building oci image should be a very structured approach and what they did really is.

E

um They came up with a couple of apis and they said we're gonna provide an api for somebody who will for anybody who wants to provide like modules that know how to build your application and that can provide those base. Images that you need. So everything that you expect out of a docker file right, the from base image, and then your, I don't know your maven package or your app get install or your you know, and somebody mentioned that they work with jib one of the things that jib will do.

E

That's different from like, if you write a docker file, you might just do a maven package and you have your jar file and then you, just literally you know, deploy your your image to production with your jar file in it, or maybe you you, maybe you take that jar file and you copy it into an image without the jdk, with only a jre but you're still copying the whole jar file and you put that into production.

E

So one of the things that jib was a jib was a tool that came out of google um that was for java only, um but what it did is it would you would do it would um you would compile your code on your computer as normal, the same like a maven compile, but then jib would take all those class files and instead of taking the jar file and putting it into an image, it would organize your class files and say: okay.

E

Well, these class files are like your dependencies, you're, probably not going to use those very often you're, probably going to change those very often, and then it had some other kind of like levels of of what it predicted to be like what you're gonna change and then the last one was. This is your actual code that you're writing as a developer, so you're probably gonna, be changing these files a lot so it so it what it did. Is it moved those files into the image as separate layers?

E

uh Jib doesn't use a docker file, but it's as if you had a docker file that compiled your code and then had four separate copy statements, the last one of which would be a copy of your actual code right. The first one would copy dependencies and so on, and so jib kind of uh introduced that efficiency, and also because it uh because it copied things as separate layers. That meant that if you only change your code, the rebuild is faster because you don't have to re-uh re-download or re-remove.

E

The the main dependencies you're just dealing with a little layer um and also the application, starts up faster right. An app that starts up from from a jar file is going to be a little slower because it has to explode that jar file than if you already pre-explode um all of those class files. So so the efficiency was better. So jib already introduced those things. So you could do that manually with your docker file, but I'm gonna guess you know like they're.

E

Probably I don't know that everybody's doing that, probably not in docker files, um yeah.

A

A couple things we're gonna we're gonna, make a we're gonna make it java right and java app and so we'll be able to look at the later layers later and demonstrate how it all.

D

A

I think it's going to be helpful to really drive this home.

D

A

And then the other thing, I'm going to say, is when you're talking about the models, the modules that make up the base image or the modules that make up the the environments.

A

Those modules themselves can be called build packs, in addition to the logic that also is included in build packs yeah, I'm just ambiguating again, because that's what tripped me up when I was first learning this.

E

Yeah, like everything that you would have put in your doctor, file, comes from a build basically.

D

E

It's that base image or whether it's all of the code in your docker file, and that would be from if we open the paquetto.io. That's an example of a provider of buildpacks. uh Wouldn't.

A

You know the io.

E

A

Yeah, I'm, how do you spell paquetto.

E

P-A-K-E-T-O, like pac-butt without the c for some reason: okay, yeah, so okay, so the bill packs project just came up with this idea that this is the way things should be done. Things should be very structured so that an image doesn't isn't so sensitive to the order of the layers as a docker file, um so that you can swap things out so that we take advantage of the of the latest and greatest features of registry caching and of oci image.

E

um The way that oca images are composed um and but they did, but the project itself didn't want to say we are the experts in how you build the java app or we're the experts and how you build a node app or even like we're in the business of telling you which base image of you know maintaining slas on vulnerabilities in in your base image. The buildpacks project is not in that business. Instead. What they provided was an api and said here's a buildpacks api.

E

Whoever wants to be in that business go ahead and implement this this api, so pocketo is one implementation of the buildpacks api, and so they provide all of these little modules um of software that each know you know, there's one module. That knows how to do the: how to compile a maven application, there's another one that knows how to deal with a gradle application. There's one that knows how to download jdk, there's one that knows how to build.

E

I don't know to get the node requirements right all these little modules that work together in order to create the image for any particular application, and it is also the provider of those modules that provides you that base image.

E

That is that from statement uh in your docker file right, whether it's the from statement where you might build your app or the front from statement where you that that you use for the for the app that you're actually going to put into your production system right that maybe has less things in the build environment um where you look in cncf lands. So walid is saying where you look in cncf landscape. Things are getting more depth and breath wonder how one will keep up with all of.

A

This, that is an angel question and if you.

B

D

A

Do let us know I.

E

Actually think like yes, the world is getting there's like more options and and they're all getting more sophisticated as you're saying more depth and more breath, but I also think they're getting easier to use. You know sometimes I think about like I used to use this analogy uh even before kubernetes for something else, but I think it applies as well to now, which is like.

E

Do you remember the days like in the office where, like you would have like an old cisco phone or a siemens phone, it wasn't impossible to use, and you had to learn to use like the red like how to look up somebody's number and how to get your voicemail. It was like miserable and then suddenly, like the iphone, comes out.

D

And the iphone.

E

Is so much more advanced, it's like an entire computer in your hand, but it's easier to use right, like the user experience is better. So I think that the same thing is happening in cncf and this whole kubernetes ecosystem. Where, if you look at I mean that's, what tons of community edition is trying to offer right?

E

It's saying we recognize that the cncf landscape is there's more depth and more breath, but we want to make it easier to use we're going to give you packages and we're going to give you a list of things that this is maybe your first go-to and we're going to come. You know sort of consolidate the documentation and I think that's going to be. I think that's a pattern where the now that we've figured out all more like infrastructure topics- and you know kubernetes kind of- was like a way to reinvent all that stuff.

E

The next sort of like step is: how do you make it easier to use right? How do you reduce that learning curve.

A

And we're talking too like from an ops perspective and setting it up and how it all works, but like once it is set up. It's watching your repo, like you, don't do anything! So if, if it's not your job to do this particular piece of it, then it magically happens in the background for you, just like all the components working in your phone that you're not actually thinking about right, we're wearing our operator hats right now. Yes,.

E

We are a hat you may never have to put on.

F

Yeah, so I am oh, you are the army. Okay, sorry.

B

Will you sign up for this.

C

Friend, uh well, thank you ali for making it easier for the developer.

A

Yeah, thank you you're great. We appreciate you. Okay,.

E

So, okay, so now, if you were, if you're just a person on your computer and you're you're, not you don't need kpac, you don't need this thing to be running in a cluster, watching your repos and like maybe helping other developers, uh you could just use cloud-native build plans, which is what we've been talking about with the cli at your computer. And if you're going to do that, then you can just you. Don't never have to wear that ops hat you just go straight to the developer experience and you can type instead of docker build.

E

You type pack build, and you can say I want to use potato build pants or whatever uh heroku has built packs. Google has built blacks, but uh you know we're vmware. We like our potential so also open source, but uh um so you could do that and- um and you would build an image uh using this very structured approach, but if you're using kpac uh you have to um you have to do an extra step. It does take like one step from an operator to do a little bit of configuration that uh you.

D

E

Avoid if you're just using the cli experience so shall we do that? Let's do that? Okay, let's do that? Okay, so basically we've installed kpat uh and so okay. So, as we mentioned, uh we we're we don't wanna, even though we can't use the keto. The default paquetto is stuff 100 directly from kpac.

E

We don't also don't want to create our own base images and we don't want to create our own logic for for building applications. So we somehow want to like get the little pieces from pocketo and make them available to ourselves within kpac. So we need, if we think about our docker file as like the base images right the front.

E

If you have a two-stage docker file, you would have two from statements but from where you're gonna do your your your app build and the from where you're gonna move your code to so that you can deploy that to production uh so that those two images that you use in the two firm statements. That's your stack right! That's that's your base operating system. We call that the stack so we want to create. um We want to make available a a like.

E

A stack to a base image for the build and a base image for for runtime and we're going to do that using the the capex cli. Also um so just quickly before we do that. If you could type cue puddle.

E

Space api dash resources and then pipe and then grep for uh grep k-pac uh without the minus sign. Oh yeah! Oh sorry, that's just I'm just having.

A

To do them together, yeah.

E

Yeah, okay, so yeah. If we make that screen a tiny bit bigger, I think it'll be easier to read.

E

uh Sorry I mean I like a tiny bit wider.

E

So that, like everything, shows up in a single line, maybe.

A

Easier said than done.

E

Yeah, that's perfect, okay, so we can see that these are basically the custom resource definitions that kpac is installing to the cluster. So these are the things that you have to work with so since we're wearing our uh yeah cluster stores, cluster stacks and cluster builders.

E

Exactly so, if we're wearing our operator hat, uh those are exactly the ones that we care about cluster, so stack so stack is the the base images right, so our cluster stack is going to have a reference to the images that on which an image on which we can do actually execute the build of our app and then a an image that we can use as like the base for that runtime image that we're going to want to put into production. So that's our cluster stack.

E

um The cluster store refers to the modules of code that do everything else that you would write into a docker file. So also you would have you know you have a docker file for java applications. You have a docker file for node applications for python, because each one of those has to have different instructions in it.

E

So the store refers to the store of build packs that have the language specific knowledge in this case the the little module build um and then, when you have a stack in a store together, that's like saying, if you compare again to the stalker file idea, that's like saying: okay, I have my from statements and I have all the other statements. So between those two things, I have all the intelligence that I need to build my application image.

E

I have to put those things together, so you put them together in what's called a builder, so that's what you can either make a builder that everybody can access from any namespace or a builder that will only be accessible within a particular namespace. So hence you have cluster builder or just a namespace, scoped builder. So as an operator, those are the things you care about.

E

The source. Revolver is something that's created automatically by kpac to pull your repo, so you don't have to actually use that one directly um so yeah does that make sense.

A

A couple things are, a builder versus a cluster builder is just a builder's, is name-spaced scope, and a cluster builder will work across the whole cluster yeah.

B

A

E

Could have a club for everybody in the ore, but then, like a builder, that's only for your team.

A

Right and then um the other thing I I I've been uh kind of thinking of an analogy for all of this stuff, and so I, I think of like a test kitchen and a test kitchen, is being handed a complete dish of food, which is the co. The source code and the test kitchen needs to reverse engineer that into a recipe.

A

So the stack is the the equipment, the os, the equipment they have to work with in their test kitchen, the store is pantries different pantries, maybe representing different types of cuisine, and so the ingredients for each different cuisine are available in that kitchen, you need to let the kitchen know and then the chef who's, reverse engineering, it that's the build pack logic that the like the process of figuring out. Okay from this dish of food. How am I going to make a recipe.

C

I also like that we started with dessert first.

A

F

But first perfect.

A

B

A

It's like for me it's about it's getting on dinnertime.

F

Layers of food, okay,.

E

So, um okay, so uh let's okay, so let's use our so you can do all of this with declarative. Yet you could write yamo for your stack and your store and apply that from a git repo, that's totally fine, and maybe what you would want to do, but just because we want to illustrate this- the kpcli on this particular episode. Let's do this using the cli, so so what you would type, let's do, the uh let's do the store. First, it doesn't really matter um now.

E

One thing we have to do here is um figure out. I think that I just want to make sure that we're not missing. uh Are you logged in at your?

E

I don't think we need this yet. Actually.

E

Oh yeah, okay, let's look at. I think we need to log into docker at your cli. So um let's make sure that you do a docker login.

E

uh And you're gonna need that uh that um value.

A

Yeah, okay, I'm just gonna! Do it down here: okay,.

E

So we're gonna do a docker uh login uh and you can do minus you and your minus you wiggity whitney, and it should prompt you for your password.

B

A

E

We're good, okay, we're logged in at the cli, okay, okay, so we did a docker login, we're all logged in okay. So here what you want to type is so at this point we're going to use the kpcli right. So we've we've installed kpac with the tanzu cli, because we were using tons of community edition and the tanzu packages, but now that k-pac is installed now now we don't need the tanzu cli anymore, now we're just in cape back land and so from here forwards.

E

It's the same as if you would have installed it with um cue cuddle, apply and created the yeah, just as as, if you would have done it with cube color plan. Basically yeah created the secret, um so we'll do a kp space cluster. Let's start with a cluster store.

B

It's not case sensitive.

E

I I don't know, but I have it all. I do it all in lowercase, okay, um save so we're going to basically create a cluster store and we're going to call it something that's called default.

E

Any name is fine, and here because this is the store. So this is the intelligence that knows how to build a java app right or knows how to build a node or python app. So here what we want to do is add, uh build packs. The build packs are the modules that have that logic.

E

So we want to say minus b for build path, and uh at this point we want to reuse the ones from paquetto, since we don't want to rewrite this logic and so paquetto build packs, are kind of mirrored both on gcr and docker hub. So we can say gcr dot, io.

E

Forward, slash paquetto dash, build max.

E

And then forward slash- and let's say we know that we write apps in java, so there is a java uh built back uh and you can go to the gcr website and find these uh also. uh We were on the paquetto build packs website just a second ago. All of these uh build packs are open source, so they're all on github. um So oh there's information on all of this, uh that's very accessible, but right now what we know is that the kiddo build packs gives us this met.

E

uh Even though it takes a lot of little modules to build the java app right. There's a there's, a maven one, there's a spring boot one, there's a tomcat one! There's a you know: jdk one: they all work together. They all do a little piece of the puzzle, kind of like micro services right each one does something, but they work together. um But uh paquetto gives us this what they call a meta, build pack, so that we can reference them all together.

E

We don't have to name each one, so we can just say java, that's and that will include everything. So we're saying we want all of the java build packs and then let's say we also.

A

I have a question: does does including all of that? What, if I don't need all of that does, including all that make like a bloated image, that.

C

I mean, I think.

E

It at a certain point: you've got to make a call about like how granular you want to be so so what we're going to do here is say- and I don't know what apps will end up building by the time we're done with tgik today. But let's say: let's get prepared to maybe do a java app and a go application, so we're not going to use python and ruby and.net.

E

So we are reducing the bloat of what the default x builder would have.

B

E

So, in the other scenario, we were saying right: if you, if you wanted to skip all these op steps, if you're just using the pax cli you're at your command line on your computer, you can just refer to the paquetto, build x builder, that has already the java and the node the python all those languages. So we are already reducing the size of that builder.

C

E

I don't know that uh you know, I think, if you, if you were, if you had a good reason to say I don't want the gradle one in there, I only want maven. You could do that. There's no one to say that.

A

Yeah and then I would say too, the builder is used to actually make the images, so you don't have that many builders stored. You may only have one builder per name space if each builder can, if you're working mostly all in java apps this one builder, we're making should be able to build all the java apps, not just a certain right. So it's.

B

A

Storing, like all your images, are all bloated with stuff, they don't need by the time you're getting down to the application image. Not the builder image, then yeah. If you use.

E

A if you create a cluster builder, then it's actually a single builder that everybody can use across the cluster, um but because these builders are because you can put like you know, java build packs, go build packs, and maybe you have your own wiggity whitney build packs.

E

So you could maybe you want. You know you don't want to share your wiggity with you, so you that you would choose a builder instead of a cluster builder. So then you've got the cluster one for everybody. Your special sauce.

E

So uh yeah so let's add okay, so then let's add another minus v. So just.

A

uh We have a question, so the pequito level just to reinforce, would bring down all of those resources, but.

E

Yeah, so the paquetto is going to include your right now uh we're just pulling the in the mod the modules that know how to build java apps and we're going to add one to build, go applications in fact uh yeah. If you want to type that go thing, let me I'll bring up the url, so we can um java build packs.

A

So should I press enter on this.

E

On this, oh yeah yeah no same same line. Do a minus b copy that same gcr paquetto, build packs format, uh but then.

D

E

End instead of java, let's set ourselves up for the option to build a go application, so just instead of java type go and.

A

What have I done it's hard for me to tell what's going on. Let me just pull this across.

B

E

Yeah, so, okay, so we're going to do the difference. Yeah we should be able to run that, and so in the meantime, if you want to go on the left-hand side back to the yeah hit, oh go go again.

A

Go go yeah, perfect and now enter.

E

Now enter yeah, okay, so so and in the meantime, if you want to let that run and we can go back to the web page and look at the paquetto website, um I say pokemon, some people say paquito, I don't know, um but you can kind of see. Let's call the whole thing.

A

Off, isn't it I'm sorry.

A

It wouldn't be a proper podcast or a stream. If I didn't sing it. Yeah cora loves musicals, so I'll try to find a reason to break out in this song. Let me stream with her.

F

Everything should be fun and they mean so much more when there's music through it.

B

All right, sorry.

E

Tonight uh so yeah, so if you go up, uh maybe try going to github, let's see where it takes us, okay, so here, okay, so click on the java, one for example. So so all of them are here and if you click on java and scroll down a bit, uh here's all the different individual java build packs that are part of this. Like meta java, build pack and so and you'll see them right. There's maven is in there. Gradle is in there.

E

The um bellsoft liberica is the one that brings in the jdk and the jre there's a spring boot one that does some special stuff if you're using spring boot.

E

uh So you know different stuff, and so they the this, the process that the project itself will look at your application and it will decide which ones to use you don't have to decide but they're all there, and but this is the equivalent of like um you know you, having written all the instructions in your docker file to to build a java application, except that here you're kind of relying on the team behind paquetto buildpacks for their language expertise, um so that you don't have to do that.

E

So you literally can delete all your daughter files.

A

And there's a detection phase as part of the life cycle, so we.

D

A

Making a builder that note that will recognize java and go, but once it sees java, will it will it pull down for java application will pull down all of these or just the ones that are needed for that particular application? So.

E

We're gonna, so what we're gonna do is we're gonna we're gonna, create an image that will contain all of these and that when the, when your application has to be built, that image will be used to create a pod. So all of these things will be in that pod, but the process will then choose which one of these to actually apply to your app code.

E

So if you have a job, if you have a maven app, obviously the gradle build pack will be a piece of code in your build image, but you're not going to execute it. You're going to choose the process by itself will choose the maven build pack, which means.

F

E

That will add the maven binaries and it will be able to do the package.

A

So your application image, if it's being built with this, if it uses maven and not gradle, it will receive a maven layer, but it won't get a gradle later, perhaps so that we were talking about before is not there right.

E

Yeah cool, I mean yeah, just the code that could have done the the code that can do a greater one for for a gridlock is sitting there, but it's not going to be it's also not going to be in your runtime image. It's only going to be in the build image, so that will never make it to production, and then we have.

B

E

Why, um uh if it can't decide, then uh you probably report that, as an issue to the team, uh there should be a reason right for which it can't decide um and uh yeah I mean if there, if there's a case where, like you, think that there is enough information that the bill to actually be able to make a decision, um uh I would say in general, that's probably an issue right, it should be able to pick, and if it doesn't, it might mean that something that you're doing is outside of what these particular potato build packs support right.

E

D

C

E

They only know how to do what they know how to do right with the code. That's in there. So if they go down the tree and they're like we, we looked at your code and like, for example, if right now in our we've only chosen the go builder, the go, build packs and the java build tax. If you submit a python application, it won't know what to do, and so, therefore, it will just tell you no no no did not find any build packs that match your code, so it just won't.

E

Do it basically, um okay, so, okay, so so a couple things just happened on the right hand: side of the screen uh we said hey over there on gcr there's this java meta.

A

E

Pack, with all these little things and then there's also a go meta, build pack with with a few different go modules that we want um and what what kp did for us is. It said: okay, well, I know you want these. What I'm going to do is get them from gcr and I'm going to copy them into your docker hub because you're using docker hub- and maybe that's a local registry inside your organization right, but you don't want to have to be going out to gcr all the time.

E

um So it's actually made copies, and if you look at the output on the screen when it made the copy, because we just said hey, I want basically, we said we want the latest version, all right, thanks walid, for joining. Thank you for coming yeah. Well, thank you.

A

In the morning, thanks for staying up soon,.

E

um So yeah, so, okay, so basically what we said is I want the latest version of the java build packs and I want the latest version of the of the go build packs right, but probably within your organization, you don't want to be that like loosey-goosey, because, like latest tomorrow, might build something different than it did today right if picado build packs issues, a new version of the java build packs, then if you use them tomorrow and get the latest there's not a lot of like reliability there so for something like kpac you're trying to avoid those kinds of scenarios.

E

So what kp is doing? Is it's saying I'm going to copy whatever's latest right now and I'm going to move it into your registry which in this case is docker hub, but it does it with a specific shock. So now from now on, until we actually update our store, we know that we're using what was latest on february 4th at 5 23 pm eastern standard time right so um and so actually, if you go now to your docker hub website, you'll see those two images there.

A

Okay, I was wondering um where, where it says, cluster store created, where is the cluster store resource, so.

E

Did you so yeah, so it did. If you can do it did two things: it created a cluster store resource resource in your cluster. So if you do a cube, cuddle get cluster store and since.

A

There's only it's not running in a pot, it's just a resource.

E

The cluster store is not yeah, it's not it's not running anything yet.

A

E

uh So, okay, so so we called it default right. We said kp cluster source save and then we named it so there's default.

E

And there you can see the images that that are in docker hub in your account wiggity whitney and they have the shaws in them right. So this resource in your kubernetes cluster knows about those two uh images that are now in docker hub instead of they're, not just pointing to gcr right they're, pointing to a specific sha of an image on docker hub.

E

So if you, if you on the left-hand side, if you open your docker hub, uh we should see that uh hub dot, docker yeah, uh if you yeah just say yeah you sign in.

E

uh Yeah so tgik right and that's what we said in the file remember.

B

E

So we said we said in the file with the three parameters. When we installed paper, we said we gave it wiggity whitney tgik. So that's what kp is using, and so one of those is uh one of those two is it. Is the java build packs and the other one is the no the go bill packs I don't know which is which, but that's what those two images are one is one is the java one is.

A

There's an os linux.

B

A

E

Those uh I don't know where that info, that metadata is coming from they'll they're gonna all run an ubuntu uh linux images. um I don't know where it's pulling, that metadata out of to say that compatibility. It's probably, I guess it's in the metadata for the for the original buildbacks.

E

um So, okay now so we have all of the statements now we're missing the from statements. Right. We don't have our. We don't actually have the operating system yet so that's called a stack.

E

So um so, let's do that and again we're gonna use the stack from paquetto because we're not we don't want to be in the business of being responsible for choosing a base image uh and then, following up on whether there's vulnerabilities and how we have to patent like you know where we get a patch we're just gonna say we're trusting paquetto uh to do this for us and they have good slas and so we're we're good. So very similar commando, the last one we're gonna do kp cluster stack, save and then let's call this one.

E

We can call it whatever we want. Let's call it base, for example, and then uh so now we want to do a dash dash, build image, so go back to build dash image.

E

um So this is going back to that idea of a two-stage docker file, because you know you don't want uh like if you're building a java app right, you need a jdk to build your app, but you don't want a jdk in production. You just want jre in production right, so you don't.

E

So you want your build more things have to be in your build image for you to create all the layers, but then you have a run image which should be the same operating system, but it doesn't have to have all of the things so we're going to say for our build image we want to use. uh I don't know why I did it this way, but this one's going to come from, like I said they're mirrored right. I think on gcr and docker hub the original pocket stuff.

E

So here we're going to use the one from docker hub for some reason: uh paquetto build packs. All one word.

E

Slash build colon bass, dash cnb with cloud native, build packs, so we're basically saying there is a build image that paquetto build packs, provides we're going to use that uh and we're just using. They have like a base. They have a tiny one. They have. They have a few different flavors we're just saying, like kind of like your standard base, one and then for the and then we want dash dash, run dash image and we want same potato build packs. All one word forward.

E

Slash in this case run instead of build, and then colon base dash cmd.

E

So so this this is our docker our from stuff. So the from statement in our in our first part of our docker file would be that build image and the front statement in the second part of our docker file, our theoretical hypothetical non-existent talk about, is going to be that that second one. But now now we have the two from statements and from the store we have all of the other intelligence that you would have put into your docker file.

E

So once you have these two pieces, you can see how you no longer need docker files in order to do this, and and and yet everybody can be building images in the same way uh leveraging. You know the the sort of expertise that went into all of the nuances about uh you know, doing java images or go images or whatever in a good way, and also uh knowing where your base images are coming from. um So yeah we can hit enter so same thing.

E

Were you gonna say something right.

A

Oh, nothing, I'm just successful.

E

Yeah, but you can see here the same thing right it took in this case it did go from a docker hub to a docker hub, but it went from like paquetto docker hub to wiggity whitney docker hub. So now we have two more images there yeah.

E

So so we have all of the things that we need to build, but we don't want to also pull down four different images right or we don't have to be able to have to choose like. Oh, I need the build image with the go, build packs for this, and then I'm going to need the run image later like it's. We don't want pieces, nobody wants pieces of things right, so we want all of these things to be delivered to us in one single image. That's just easier to use!

E

That's what there is uh not only that, but the builder also has an extra piece of software yeah.

A

Can I can I try to say it? Can I try to do it? You correct me if I'm wrong the builder also well, it contains the life cycle right, but it also needs to hear the order. So if your uh company does 80 of applications in java and 20 of applications in go, then you want it to look for java first, because that's going to save time in the long run.

A

So when you have a lot of different modules of what it can be you're going to supply logic, for which ones you want it to look at first.

E

uh And you said it better, because I would have forgotten about the order.

A

Thanks you flattered me, thank you.

A

I'm just happy to be here.

F

Exactly no so so you're right, I would have forgotten that part until I would have looked back on my screen and then like whoops, I forgot yeah. So let's define the order.

E

um So we're going to do the order on a in a file, so we need to create a new file. Okay,.

F

A new, a new yaml file.

E

So here the syntax is dash space group, colon and then enter and then indent two two spaces dash space id colon and then paquetto dash, build packs forward. Slash.

E

uh And then it's up to I don't know we can have a popularity contest. Just go go first or just java go first. You choose.

A

If the I don't.

E

No one in chat.

A

Oh, I don't think anyone in chat is responding, so we'll just do java. Okay, if we hear differently before we save this file, we'll switch it okay. So.

E

Then you can literally like just copy those two lines.

A

Oh okay, I was making it more work than it needed to be.

E

Yeah another group.

A

Oh, you have to start group again. I thought group was all go first: okay, conrad.

E

Says, thank you. Conrad. Okay,.

A

C

We're going to do that.

E

So let's do go first, yeah yeah, so because it's a separate group, um you yeah, because you could do if you put both of them in the same group. It would never build right because no application would satisfy all conditions of meeting the qualifications for a go app and the qualifications for a java app. So you need these to be two separate groups, which is why we actually need to specify in a file. If you only had one group, then you could put it and you could put your various build packs.

E

Let's say you added your own custom, build back and you all it all had to be one group. You could put them all in one in the command line, but we ne. We need a file because we need multiple groups. So it's either going to be an app, is either going to be go fit the conditions for go or it's going to ignition for job. So.

B

Okay, so this is our.

F

File we're good.

E

So we can go back to the command line, and uh and now we can do a kp and let's make it a cluster builder right. This is for everybody. So let's do cluster builder uh save so same kind of syntax, and then we can call it builder.

E

You know whatever we want but builder and then we say minus minus tag. So here we're not it's not automatically going to put this in that same tgik, repo that has all of the like sub components. Here we actually have the um the liberty of uh putting it uh wherever we want, so what we're gonna say is um wiggity whitney like we still want it in docker hub right, because that's what we're logged into wiggity whitney, slash and then yeah, you can say cgi caves and dash builder. Maybe.

A

Don't we want to end the tgik folder on docker? However, it's different.

E

We'll have it one level up from all the components: yeah, okay, cool uh and then let me see if we need anything else. So we need to do crepey. Cluster builder, save give it a name. Minus minus tag, something okay, and then we have to say: okay, well we're making a builder. You know we could have had 10 stats in 10 stores so like which ones so we want to say minus minus stack and we had given our stack. The name base.

A

You don't need to give it. It already knows to look in my docker hub.

E

uh It so remember when you did a cue cuddle describe on the cluster stack, so it's.

D

A

E

In kubernetes, it's the name.

A

E

Kubernetes yeah, okay, cool yeah and then we want minus minus store default and then that last piece that I would have forgotten is minus minus order. And then just the name of the file.

E

So that's, that's it! So it's going to make a builder! uh Oh! I guess it doesn't like.

A

The underscore right, I just tried to make it different to so it wouldn't be confusing that.

E

That's going to be the name of the resource, I would leave it as builder, because.

A

Because builder just seemed it seemed it's also a word that could be a command. So that's why I found okay.

E

Okay, yeah follow whatever you want, I guess it just doesn't. Take underscores yeah yeah, whatever you call it here is. What you have to put is is what, when you, when you have an application, and you want to say I want to build this app. You got to tell this builder, so this.

F

Is the name of your.

E

Cgik dash builder, that's fine yeah, so yeah, so it's gonna take.

E

uh How do you check jerry and go version of face images, so um you can you can check it a couple of ways. One is to check the docs. So, for example, if you click actually whitney on the left, if you click on bells off liberica, the third one down.

E

So if you wanted to know sort of ahead of time, uh what's what's here, uh you can you can read about like through the documentation for the build pack, you can find some information, uh including uh there's actually an environment variable where you can modify it yeah, actually, yeah, probably going down to the configuration section, is good okay, so this particular build pack includes 8 11 16 and by default it's going to use 11, but you can. When you build your image, you can supply environment variables, yeah go ahead.

A

Also after it's already built, you can do you could use the pac command with the dash bom for bill of materials and it'll. Show you in detail everything. That's used to build your image so we'll we'll go over that later after we build an image, we'll show you that.

E

um So there's a question about a proc file which I feel like um I'm not the expert on profiles. I feel like it's. um It's like.

A

A tendency declaration almost except you're, declaring all the processes that are running.

E

I I, but I don't know if it's used um is it used. I think there is a profile build pack, but I don't know if there if it was more of a heroku concept, and I don't know if tom is still here or somebody else is still here who would know uh if this was more of a a heroku like a hint to heroku about how to choose build packs back in the day or if it's something more native to a certain kind of application.

E

I think it was heroku so yeah like so the idea of build packs before they became cloud native and kubernetes and oci image oriented the idea of having these um a process. That would take your code and build your code for you.

C

Was initiated by heroku.

E

And heroku apps included a proc file as looking on their website that specified the commands that were executed by the app on startup. It was oh, so it was telling you how to start the app. uh So I guess, if you needed to do that, there's there is a profile build pack, but uh generally these build packs have enough intelligence in them that they know what would be the startup for like a java application or what would be the startup for a you know, python application.

E

um So I think that you generally don't need them, except maybe special cases, in which case you would look to the profile app uh buildback, which is more maybe for those edge cases, so I hope amer amigo. I hope that answers the question. That's what I can tell um so.

E

Okay, where are we? We have our builder yeah. So let's check our builder on docker hub, let's, let's click over to the web page and make sure that it's there.

E

uh Maybe refresh.

C

Yay there it is so.

E

Actually, now now, like imagine, you're at a company and you've, your kpac operator has just built this tgik builder. That builds go apps and java apps now you're a developer and you're sitting at your computer and you're just testing stuff. You don't you, don't actually want to commit code to github and have this kpak thing. That's on this cluster build your code. It seems like too formal you want to do something more local. You can actually do a docker pull on this tgik builder and use you don't have to do the docker pill.

E

Pack will do it for you, but if you have the pax cli installed at your computer, you could just do a pack build and point to this wiggity whitney slash tgik builder. You don't have to use the original paquetto one. um So imagine if your organization had put maybe a little bit of cust one added one custom built back right like in every app. We need to include this license file as as part of the the package, and so they would have added a you know.

E

Acme corporation license file build pack, and so you need to use that you can't use the ones off the internet, so at your computer, you could do a pack build and point to this builder without using kpac and now you've ensured that all of your employees, whether it's a developer use case just at your computer, with an imperative cli or as the app actually goes through the ci cd tool chain through tape they're both using the exact same builder.

E

So in so it's built into this mechanism of build packs the ability to share uh across an organization or across across the world, if you're, using the default page text and that's something that docker is lacking. Docker files is lacking. It's something that jib is lacking. You know, uh so this is very powerful.

E

Just the ability to deliver all of this intelligence packaged into an oci image that is accessible to anybody with access and that can be used by any tool that is compliant with this model, whether it's kpac or the pax cli or the spring boot, maven or gradle build packs. It doesn't matter which, which is the end user experience. All of those mechanisms can point to this builder.

E

uh At this point.

E

Cool, thank you so much um so all right so whitney. Where are we going next? um So I think we can record an image with our builder exactly so, we can take off our operator hat yeah, okay, yeah. In fact, oh before we do that if you want just on the command line, just to kind of show that point uh if you type path inspect, I think the.

C

I think the command is inspect. Is it inspect.

E

Builder, maybe pac mac.

C

Inspect help maybe dash dash help uh or patent inspector.

A

Then we need to supply it with the builder image. Yes,.

E

I don't know if it's a space or a dash, because I think that it's going to think that builder is the image name so well, I think what we want to do is inspect dash builder.

E

Does that work inspect dash builder? That's a command okay! So now, okay, so let's run that again and then add wiggity whitney, slash, tgik dash builder.

E

Cool, so we should see our uh java build packs and our go build packs and we should see if we scroll up yeah- oh yeah, perfect, okay, so yeah, so we see go in java. Basically um do we and we see the order right thanks to conrad, we have go first java. Second, um and then, if you scroll up a little bit, we should see our face images.

E

So our run image is index. Docker io wiggity, whitney tgik, telling us where it's using the base image from and.

D

A little as we said, the life cycle.

E

Is in there right, uh the life cycle is that generic logic that actually knows how to use the build packs, because right now there has to be something that knows how to execute each build pack, one after the other. So that's the life cycle. We can see exactly which one it is, and so you can see here this combination of using the pax cli with some with the builder you used in k back the fact that you built the builder using kpac doesn't matter. You could have built the same builder using the cli right.

E

It's just different user experiences leveraging this cloud. This build packs project basically, um but you, but you have access to some inspection, because the pax cli has some good inspection capabilities. So here's one oh yeah, okay, so yeah ivan, says: let's build something: okay, let's build something.

F

E

B

Have yeah yeah right, okay,.

F

um Let's build, let me get you the comments built.

C

E

Let's build a go application because it's faster, I love.

F

Java but javascript, let's.

A

Okay, is it still going to be interesting to inspect the layers of the go.

E

Not that interesting from that perspective.

E

Let's do two of them: okay, let's do java okay, so um let's do so. You want to type kpac image, create, oh sorry, not kpat. I'm sorry, kp! You were right, you're, right, kpmg and then whatever name you want to give the app it doesn't matter, my app whatever sunshine, perfect, uh minus minus tag, and here you want to give it the wiggity whitney slash and then you know call it sunshine. So we know what it is and then we want to say: minus minus- uh and here you could say either builder or cluster builder.

E

But since we created a cluster builder, we want cluster dash builder uh uh dash builder, just uh just to keep you on your toes yeah cluster dash builder watch builder and then here, whatever builder name, we gave it tgik builder.

E

So this is really it's not really the name of the builder on the docker hub. It's the name of.

F

E

Yeah, which was also cjik dash builder, um and then we want minus minus git, and so let's build so I have a java app, so you could type uh space https poland forward, slash forward, slash github.com forward slash, we can do cyberclyde, uh no spaces. Yeah, see I reply.

E

C, I b r kellyanne okay. Next, I like every people, know how to spell name.

D

E

We could do a couple of things here, but I'm going. Let's put the. Let's put. Let me just check if I uh change this one to main nervous, so, okay may and yeah. So then um the branch so then minus minus get dash revision.

E

And uh space main all right: let's go for it, faded, awesome, okay, so it's doing its thing. So uh we can use.

A

It's just the thing is done. The image.

E

B

Is created yeah.

A

D

Resource is created, so you could do a kp image.

E

List, for example,.

E

And it says: okay, we're still it's still working on it. You could also do a cube cuddle, get uh I think, img will work and or cnb images will work if you don't have to go through the kbc.

E

So cue proto get images yeah, uh not images. I don't think images work. I think. um Oh it does work. Oh maybe, okay, you know what I think you have services where you have to differentiate from candidate, okay, awesome um and then okay. So what happens? So if you let's go back and do our k, api dash resources, grep, k pack.

E

uh Pipe grip. um Sorry.

E

So, okay, so remember that we said there was a few resources that are interesting to operators like the builder, the stack in the store so now as a developer. Obviously, we've done a kp image create, so we care as a developer. We care about creating the image. The image doesn't actually do the work. The image is just there to say, like I know that you want to watch this, this repo got it every time that there's a commit yeah.

A

I think where are we so I guess I'm a wanted. It sounds like we're: making the application image, but right now we're making what what are we we're making a k-pac resource yeah.

E

Yeah we're just telling apac hey. I want you to make images from this repo.

A

E

But but the image is just sort of like that thing that has that information? It's not the thing, that's actually doing the work.

E

So this is uh what like a one-to-many relationship right, one git repo, many built images, mm-hmm, okay, so uh-huh! So you have your singular image resource in kubernetes. That says this is my app and that image resource is going to spawn every time. There's a git commit because we pointed it to the main. You can point it to a specific git command and then we'll we'll only ever do that one build branch, anytime! There's a git commit it's a once many, so so that image will create a build resource for every.

C

E

A

So great so we made a kpac image resource and that kpec image resource is um is going to make a new actual application image every time that main the main branch of that application gets changed.

E

Right, yeah, and, and so you can see, both the image and the build are custom resource definitions that are in this list.

A

E

Right so we've kind of covered all of these right. We've we've covered the stack in the store which are the sub components to make builders we've covered. We made a builder which you could also have made a cluster builder.

E

Those are and the image is going to use the source resolver under the cover to pull and and for every time that finds a commit to build it's going to generate a build resource.

E

um How does kpac depend detect? It's actually polling like every five minutes, it's actually pulling. uh It has information about the last commit, and so it goes and it checks it compares to see if there has been a commit in the next. In the last five minutes,.

A

Is that I imagine that's configurable if you wanted to pull more or less.

E

I don't know tom, I know that it wasn't configurable uh tom can correct me if I'm wrong, if that's changed, believe that it wasn't at least okay.

A

So um I don't remember what we looked at before: to show that kpac is a controller, but my I don't know if this is correct either, but what my very limited kubernetes experience is that anything I read anytime. I read something as a controller, I'm I think that it's a resource that's pulling. Something else is that is that a correct.

E

um A controller is something that's within kubernetes. It's looking at cd to see if it like there's it's looking for things that are that tell it to do something so like there is. The controller is looking for an image resource. So when you as a developer, say, here's apply or kp image, save there's it got.

D

E

Controller is going to see that and do something about it.

A

E

um So, okay, so now so so now that we know that we create one image and that one image can create many builds, we could do either a kp build list or a cube. Cuddle get builds the if you use the kp cli you'll always get better output because it's a little more customized. In fact exactly. But you know all these things are just resources, oh okay! So oh no, all right we'll have to figure out why it failed.

E

So, okay, so you can do a cube cuddle describe on the image you can do a cube cuddle describe on the build. Let's start with those things and see. If we can figure out what went.

B

Wrong, how do we what's the image name.

E

uh It's uh whatever we called the image. I think it was sunshine.

B

E

B

Do you cuddle yeah.

E

So what is it telling us? uh Okay, it just failed ten times. Okay, so let's see we can do well we'll get to the pot eventually. But if you want to do a cute cuddle describe on the build, you could do that also.

A

And and what's that.

E

That so that so the the build is the resource that represents the the image has realized. There's a git commit that it needs to build, and it's going to create this build resource. That's in charge of getting that done so.

F

E

Like the middleman, basically the image says you you go. I need to a build has to happen so it says: hey build, I'm gonna create this build, you get the work done and the work is actually gonna get done on a pod, we'll get there in a second. But let's go: let's go step by step, so you want to do couple describe build and there should only be one build. So I think that should be enough.

E

uh So it's always waiting. Something is wrong. Okay, so, let's see so let's do cube cuddle get pods. So, okay, so the build is like. Like I mean, like I said it's like the middle man, that's gonna make sure that this thing goes gets done, but the work of doing the build is actually happening in a pod.

E

um So there's something wrong in our pod. So yeah, let's see uh so it did successfully pull.

E

F

D

F

F

E

Waiting to start so the pot is not initializing, we you know, maybe it is worth doing uh getting so the logs okay, so I don't think we're gonna see so, okay. So here's a couple of things on the logs.

E

You can, if you do it again, if you do that k where's the output from the k get pods.

E

Let's try that one again, so I can show you something okay, so you can see that oh well, it says. Okay, you can't really see it yet. But there's like an initialization error. It's almost like it's having trouble getting started, so I don't think it's gonna work to get the logs, but you could try a kp um build logs.

A

Since it's cluster scope, does it need some sort of um authentication or anything.

E

I think we gave it the credentials to talk to you know we gave it. We made a secret right, we did, we yeah, we created the secret right, uh or did we skip that step? No, have you do a k, get secret.

E

E

Can you run kp build logs yeah, let's do the kiwi bubbles so, okay, so the problem with the doing a cube cuddle get logs.

E

uh Okay, so it's and maybe we gave it the wrong information or we didn't look.

A

For docker authentication error.

E

Verifying write access um so maybe uh did we create that secret? The secret should be called.

E

I think you maybe didn't create the secret. That's what I.

D

Feel yeah, okay,.

E

B

B

Wow, let me check something here.

A

It's a it's a push, authentication problem.

E

So the builder.

E

Wait is that right, tom, the the builder should the builder should be using?

E

Did we give enough information to the builder? Can you do a cube cuddle describe on the builder?

E

I think we didn't create the secret, but does the name of I'm trying to figure out what the name of the secret would have to be? uh Let's see.

A

Yeah, did you make a secret in the default namespace? I don't think we did. I think we skipped that.

E

Step yeah so um describe bill describe cluster builder, tgi, cable, okay, that makes sense yeah. I think we think we missed a secret.

E

um Oh wait, would it be here or would it be? Let me see.

B

Did I miss it anyway.

A

Should we grab for our service account.

E

uh Where, where does the name of the is it um I think we missed the secret and like when I did this on my machine earlier, I called the secret reg cred, I'm just trying to figure out. If that should be the name of the secret like how do we? How can we verify.

C

A

Name is simple: there's no service account ref.

F

That's not reference.

E

You do um okay get service accounts before kpac tries to start the build. It will attempt to verify right access to your repo, um but what should so yeah? Let's do a k describe kpac default essay.

E

But even with kp secret create, we have to give the secret a name right. Should that just be regret um describe service again? um Should that secret name just be like? How do we know what the secret name should be, or it's.

E

uh Or actually maybe a k get service account create.

A

Create secret using kp secret create. Are we in the default link? Please now we are so.

E

This is so what so. This is what I had typed before. So if I, if we do, um uh if you save your okay, so that token account that token that you have, can you save it environment variable called docker underscore password, not that token. Sorry, that your your access token to docker hub yes screen. If you just create environment variable all capitals, docker underscore password equals and then that value and then, if you want to take that off screen, then we'll have that underscore.

A

Secret all caps.

E

Docker underscore password, you know, underscore password equals and then your token from docker hub and then yeah you want to hit enter enough, that it's off the screen.

A

I'm gonna make sure.

A

E

Okay, so then so then do do it cube cuddle get service account default, minus o.

E

Minus l, space yaml.

E

So the secret name is.

C

B

See this default token.

E

The weird thing is: I've been when I've been doing this. On my like for my own test, I use the word reg cred for.

F

Creating the secret, but I'm actually trying to figure out why I got that information.

E

I've been using reg cred. Is there any way tom that would be using something called wrench? Is there uh sorry was there another service account in the in the next place.

E

Okay, so where do we do it uh the same thing, but for kickback like a get o minus? Oh yama, on that default, essay.

F

E

um So just for kicks, I don't know why, like just because it works on my.

C

Machine try doing a kp secret, create.

E

R-E-G-C-R-E-D, I don't know if this makes any sense: uh minus minus docker hub, okay, so um space wiggity, whitney.

E

uh Yeah- and it should pick up so that should pick up if you have the variable docker underscore password set, it should create. It should pick that up automatically.

A

Cool and and now yeah.

E

So now uh so tom would, let me check actually the one on my machine.

F

D

E

Yeah I have so I have the kpop default service account. That looks the same as that one.

E

uh So how what do we have to delete something and recreate something in order to fix that? That's the question: why don't we try to for now? uh I don't know if this would work, I don't see. I don't really see the links for why it would work, but we can delete and recreate the image.

E

Well, should we check? Okay, we'll add the secret to the default essay automatically? Oh, okay. Okay! So then, maybe we're good okay. So, let's let's delete the image and recreate it.

A

Can we see if it's work, wouldn't it maybe pull like it's trying right now, so wouldn't it just.

E

It has a limit to how many times it tries yeah. If you look, if you do, if you do a describe on, I think the bills or the image one of the two. uh It should tell you that it tried like 10 or 20 times by default, and it's like could give up his build history, limit um yeah, uh so yeah. So we could um delete it and then rerun that command.

D

B

E

Try this again, okay! So so just talking about the logs. The reason that doing the k get logs on the pod doesn't work is because the build is happening.

E

The build we talked about this piece of software called the life cycle that was like injected into the builder image when we created the builder that they does the build, and it follows a certain sequence of steps and when this happens on k-pac every one of those steps is executed in a separate like what's called an init container, and when you do a cube cuddle logs on a pod, it doesn't get the logs from the init containers and even if it did, you'd have to like get them in the right order.

E

So it's a more complicated cube, cuddle logs command to get that information so, rather than write that complicated cube catalogues command. Well, I will do that work for us. Okay, with the kp build blogs. That's what that does.

A

Oh nice, that's great because then that's great yeah.

E

So we can do yeah, so let's do a kp. You can do a get pods and see how our paw is doing.

D

E

uh You did delete it right, yeah delete your sunshine, so we can do uh you could do a cape. You could do again. A kp build logs.

E

Okay image trigger- I didn't know instead of.

A

Deleting and recreating, why don't we just rename this to something else, rainbows.

E

uh It shouldn't make a difference. You can yeah, I mean if you delete it and recreate it. You should see that it's gone in the middle okay. The world would also disappear. um Also, the age right. The age is 56 seconds.

E

um Okay, we could do, uh but let's get the build, so kp build logs and the name of the image so yeah, but I didn't know about the image trigger that's interesting uh tom, so I guess you can just tell it to like rebuild okay.

E

So it's the same.

E

Same error, so if we do okay.

E

If we do again, can we rerun the commands to see the service account and see if it added that secret.

E

uh With a minus, oh yaml see the details.

E

Maybe the default one actually there's a red card there. It is there: okay, okay, so okay, so at least it added the secret um and and definitely the.

E

So the question would be: uh are we are we 100 and and if you do, if you go off screen and do like an echo dollar sign.

A

I did that all right.

E

B

Yeah, that's what um so, why.

A

Oh I'd be horrified if this was just because I didn't enter an environmental variable correctly.

F

E

It's still authentication this time.

E

Yeah I mean I don't know you can try to create a second image, because it's the same, it could be the same commands just a different image name.

A

When you do a cluster builder, your secret has to be in the default namespace.

E

So um the yeah, so the the namespace that you any developer, is working in a namespace that the access role-based access control has to be defined in that name space so that the the pod there can actually log into docker hub and publish the image right. The pod is where the export that export is going to happen, so you need like all those permissions and the access has to be per name space, um so we're working in that default name space. So we need some service account in this name space.

E

To have that information, um and I guess thomas correct that it added it to the defaults. You're saying yeah kpc group will add a secret to the default.

F

Service account.

B

A

Yeah, that's what I was going to be my next.

E

Yeah, because we're not specifying a service account and anything we're not saying yeah.

F

So it's using the default service account by default.

E

What does yeah, I wonder, can you try that kp image trigger, let's try the.

B

uh uh You're in the sunshine we're supposed to.

E

Supply it with sunshine, name, sunshine,.

A

Oh, so you don't have to delete and recreate.

E

So then, I guess not yeah. I haven't used it before. uh So if we do a build list, a kp build list now I would expect to see two builds.

E

And both are failing so now you can do so. If you, if you wanted to see the log I mean, I guess we're going to see the same error. But if you wanted to see the logs for the second one, it would be.

E

That it would be kp build logs uh and then um the name of the image sunshine and then minus b space. Two, because we wanna look at the logs for the second build.

E

um So martin, the the name is wiggity whitney sunshine. When we're referring to the image the tag of how it's going to be published. So do you think, are you saying that we somewhere didn't write that? Oh, oh, I see what you're saying? Oh, not good! I wait good eye okay, error, verifying right access to wiggity whitney dash sunshine, okay, yeah, uh okay! So let's go back and let's look at that image command again. It should be tag wiggity, oh my god. Okay.

A

Martin good job martin, thank you.

E

I don't know if yeah, maybe you have to do a kpmg update or.

F

Patch, but um one of them is a kp image, help.

E

A patch command instead.

F

E

A

Okay, so same command, but then jump.

B

F

Go to the beginning, yeah and just say.

E

Awesome martin. Thank you. I would never have seen that.

E

uh Oh because it's a patch, so you don't need all that information, uh blah blah blah whatever you can also just delete it and recreate it. It might be easier because, yes, this is a patch, you don't have to write information that it uh yeah just delete it wow. I might have taken me all night. I've seen that do I need to do like the b1 and the b2. No, no just the image, because so the image remember that one.

D

E

Relationships so you're just deleting the one and it's going to get rid of all of its all of its descendants. Oh.

A

D

A

You can't change the tag on.

D

A

Oh okay, great.

E

Good to know okay, so we would have had to do it. Okay, perfect, uh all right! Let's rerun that that big.

A

Long one, but with the right the right way, we don't want the patch, though.

E

We don't need the passing yeah right now. We want crete.

A

I should have sorry.

E

All right all right, okay, so we could you know we could do all the describes. You just go straight to the pod, so you could do k, uh get pods exactly.

A

Yeah and it went out of six so the six all those containers represent the different stages of the build pack life cycle right. All those inits.

E

Yeah yeah and I.

A

E

Had it the docks pulled up the second, maybe that second tab, we were looking at.

D

The life cycles.

E

And just documentation, I think at some point.

F

uh Somewhere somewhere.

F

My life cycle, yeah.

E

So all of these pages exactly.

A

So, what's the what's the non logs command, I know the coup the logs command, to follow the logs for this, but what's the you could.

E

Do kp build logs.

A

Kp build logs and then sunshine.

B

E

Because there's only one.

A

Do I have to do a dash f.

E

uh No, I don't think so. uh Nice cool yeah, so awesome, okay, yeah! So wouldn't you want to talk through the log file.

C

It's everybody like three hours.

B

A

uh I can't so I know that it's gonna go through these phases, and so it looks like it's starting to it's trying to detect bellsoft.

A

So it's looking at jvm, so it's it's detecting, whether we're giving it a java and then it must have figured it out because it's starting to download the things.

E

Actually, if you so actually, if you scroll up you'll, actually see in the log file, there's like in light green, every one of those slice cycle stages has a label. So I think.

A

I feel like I'm running backward like the wrong way on a like running on a treadmill or like. I think I can't fight the fast logs enough to scroll up since we're following.

E

Yeah, because it is um uh so why don't we do this? Why don't you in a different? Can you just do a different tab window yeah and oh, but you don't have that kp yeah, okay, so in a different tab.

B

A

E

Or we can just wait for it to finish.

F

E

I could give you like a here. This is a different example. Can I give this to a slack.

A

Yeah uh yeah or the private chat in in our outlook.

B

uh Oh yeah, except I have that on there I don't.

A

Have stock up, but I can open it if that's where you have it.

C

E

F

Okay, I think this will work.

B

Maybe okay get it. Let's see.

F

That finished, so maybe we.

E

Don't need this, but um it looks like it. Can you scroll to the top or did it or is it too much for the buffer.

B

A

B

A

Didn't it's exporting, but it's not finished. Oh, it's just not crazy. So we can see some stuff here.

E

Yeah, can you scroll to.

A

E

Sometimes the window doesn't.

A

Oh I mean it's going to the beginning is going to be oh, this is as far as it lets me go. Okay,.

E

Okay, so uh so two things you could do using tom's advice, you could do a kp image trigger sunshine and it will rebuild it and it will have less output because it already downloaded all of those java libraries so that.

D

E

Or the other one I sent you was, that was like.

F

A go application with the bill to go out as well.

A

So we can look at, we can examine our image yeah.

E

E

So yeah, so, first of all we should see- I guess the point of rebuilding was just to show the log file and to show that in the log file you can see this the life cycle. Okay, would I do kp? I would do the kp image trigger sunshine. I think that's probably the best way to get it.

E

Let's do it sounds fun cool and now, when we look at the logs, we have to add the minus b equals minus b.

E

Okay, so now yeah.

A

Exactly you can see the blue arrows coming across.

E

Yeah and then, and if you scroll up to where it did the detect you'll, see that of all of the java, build packs that we saw before on github it only there. It chose eight of those 19.

A

8 of the 19 are participating exactly.

E

So it knows about that: it's a maven app! It knows it's a spring boot app and then after so the analyzing restore is just like how it's using the cache to be more efficient. The cache and the previous image.

A

It was true yeah.

E

Not redo stuff, it doesn't need to do and then.

D

E

Somebody had asked the question I forgot it was what was we asked the question about the version of java, so here you can actually see from your log file. This is a second place, so you could you know we said you can go to the docs to see what versions of java are there here. You can see that it it used 11 by default, but also the java buildback in particular, is very good at this telling you like. Oh, if you want to change that, that's the environment variable you can use.

B

E

So, each one it's it's telling and then so. Every one of these, like in blue potato stiff to build practical, may even build that. So this is the stage where it's like applying. First, it said which are the build packs I need to do, and then it applies each one on the code, and so each one of these things has its own little script of like what it does. So you can see here also for the maven build pack, the command that it's running is minus d.

E

Maven test skip true package, so it's a maven package basically skip tests. If you wanted it to do tests, you can set that environment. Variable bp maven, build arguments and uh either take out that skip testing or set skip test to false, and it will do the tests uh et cetera and then the process types are there. So I guess it doesn't need the profile. The way that.

F

E

Might have needed it spring boot. This is what you were saying about the slices. This is what jib does so jim introduced this just. This was an efficiency that you got out of the box with jib that dockerfile and you would have to manually do a dockerfile which was to pre-compile your code, organize it into layers and copy them as separate layers. So you can see if you're creating slices where the dependencies you might have like 100 megabytes of spring boot dependencies and like 10 kilobytes of your code.

E

So so now those are four different layers, and- and so, if you just change your code, you only have to swap out.

E

uh You only have to recreate that that one um layer- and this is the export right where it says I don't need to use this- build image in production that has the jdk or the whatever go, build stuff or whatever. We just need the app layers and the runtime, uh and then we should be able to see this on your docker hub.

F

E

And then, just as we did so here's another image now this is an app image and you can see also like the naming convention right of the builds b1 b2 with the name stamps with the time stamp. So you know yeah, okay, just as we did before, like we did last time. Last time we used the pax cli to inspect the builder image. We can do a pack inspect for this image uh from the command line.

A

So we have a question before we do our pack inspect.

A

Is there a list of repositories supported by kpac? Does kpac only support git repositories.

E

What kind of sources does k-pac support? um K-Pack? uh I know that you can also pass it like um a like. uh It doesn't have to be polling, uh get directly uh like, for example, if you were using some other tool like like flux, for example, has something called the get repository that pulls get that can pull a git repository? You can pull different kinds of sources, helm.

E

uh Repo is a control image repositories where a source might come from, and then so you could have a resource, or maybe you had like something before take back. That was testing code and you wanted to pass the output of that to k-pac paypack, I know can also receive not just the plain git url with a branch, but it can receive uh either.

E

It could receive like a blob like if the thing before it had downloaded a blob that had all that source code, then you could just give it and kpak would get that from from you know, wherever that it was stored, whatever claim that was stored on, and it would uh unzip that and build from that, but does it build from something? That's not originally a git repo? um I don't I mean in theory, I suppose you could build build packs that process things that aren't code.

E

So I guess thomas, maybe, are there examples of build packs that are built to operate on things that are not get repos, uh I mean it doesn't have to be a git repo right. It just has to be code, but the build packs are going to look at what you give them and and say like what is in here. If it's a java app if it's the structure of a java app all it cares about, is that it's a like a set of files that represent java code, it doesn't actually an s3.

A

According to this, the source configuration in your in in your source image, you can do it from it, you can watch a git, it can watch a blob or it can watch a registry.

E

So yeah, so I guess uh and if it's a registry- so so maybe not s3, but can you pick multiple buildings.

B

E

When you use it with flux, before flux will produce a blob and then you would use it with the blob instead of the repo directly um yeah, but I guess not s3 directly, so maybe you would have to have like depending on what's in s3. Maybe you would have something like a flux that can monitor s3 and when it sees a new thing in the bucket, it would.

F

E

Turn that into a blob- so I guess you need like oh s3- is a blob okay, so you could use the so you could put the s3 path directly tom. You think in the in the blog.

A

The blob either needs to be publicly accessible or have the access token in the url.

E

So it sounds like sounds like yes sounds.

A

A

All right so ready to dive into this image.

B

uh Yeah, let's do a kp inspect.

E

uh Sorry, let's do a pack inspect uh wiggy, whitney sunshine.

E

So here so, this is also very cool, because you can't do this with an app that was built with a docker file right. So what do we know if so, if you're an operator and there's a bunch of images, now they're not just sort of these like unknown black boxes? Now, you can look inside and say: oh, I know exactly what was used to build this and there's also there's a second level of information, um but.

B

E

A little more convoluted to get it, but I can't I can figure it out.

A

E

Yeah so, but I think what happened is I don't think that's going to get you results right now, yeah, so that bom flag will work for an older version of the build pack. I think uh-huh, but your build packs are changing so that so bom stands for bill of materials. So it's going to tell you so basically the inspect told us information, the life cycle. The life cycle knows: what's the list of build packs I used and what versions and all that the build?

E

What the builder with the life cycle doesn't know is what the you know, what did the maven build pack put in here or what did the spring boot build back put in here, or what did the python build pack put in here right, the the so for that you need something called bill of materials which is information, extra information about what's in the image that each build pack has the opportunity to contribute and that used to be accessible by just adding minus minus bom. But what happened is that currently what's happening?

E

Is that the bill of materials process for um is becoming more structured. So it's now. It's this sbom structured bill of materials.

F

And I think there's.

E

Just like we're just in a point in time right now, where um it's not as easy to get it with a single command, but uh but I can get I have done this, um so there is a way to get it uh okay, so it takes a it'll, be a little typing. So let me actually just put this in.

F

E

You, let's see if we can get it to work, so you kind of want to copy that command, but we'll have to change a couple of things.

E

So this is a little hacky way to get all this extra information out of the image for now, but this information is accessible like a scanning tool right, okay, so now we want to change it to uh the name of the oh. I think you probably instead of I t yeah uh yeah wiggity whitney.

E

Do you want to take out the ip flags? No leave everything else in just just the name of the image.

E

B

Think that should work.

E

So it's going to pull the image down.

A

Wait, why is it so much harder than it used to be like? What's will all the this be built back in.

E

uh That's a question for tom: I hope so. The minus minus b flag be replaced by like a minus minus sbom. That will make it easy.

A

And that's a cloudy to build packs level thing. Maybe tom just knows because that's his job, but that's.

E

Not a keyboard.

E

It's stored in a layer now, instead of the label.

F

Because there's a character limit on there.

E

Right now, it's part of the image it's like contents in the image instead of metadata on the manifest file.

E

Now, okay, so now what you want to do so, okay, so the command that you ran before. If we look at it more carefully, what it was is that we said what we want to do is really that thing. That's kind of on the right that says: docker cp, what we're trying to do copy this layer out of the image and just copy those files, the layer in the image. But the only way you can do a copy on docker to get to get a layer out of the image is to run the image.

E

So we had to do a docker run first and then.

D

E

Ran it copied this layer stopped it so that lay so now on your disk, you should have a slash layer, slash structure, build material, slash launch, so we could do a cat on one of those files, um okay, so cat and then yeah. You should have a lunch. You should have a directory called launch now launch our layers, lunch, okay and then just yeah. So if you tab you'll see how many files are in there.

E

So, for example, let's look at the spring. Let's look at the bell south liberica one that should be interesting. Okay, there might be other reasons says tom, wise cloud native build text moved it, but that is one thing that was causing. You know those wanted to add more information, okay, so yeah. So as tom is saying one of the reasons it changes because um yes, uh yes, yes, we can show that as well in a second so uh yeah, so you have to keep going keep tapping until you get to the file name.

E

uh So let's do jre. Let's say so remember this is the runtime image. It's not the builder image, so there's no jdk in here right. Just this, but now we can see it's exactly so as an operator. Suddenly, I'm like I know if I know what's in here, it's java, jre version 1101 from you know, whoever this is from like right. You know exactly what it is uh as opposed to not knowing and or everything built by every different docker file being different right. um The other one that's interesting here is the spring boot one.

E

Okay, let's check.

A

A

E

And I think, because of json you can also do I don't know if you have jq, but if you can do um yeah after you get after you find the springboot one. You can do a pipe uh and then jq, if you have to, if you want to do bindings or.

B

E

uh Do the I think the bindings- probably I don't know and then uh or maybe not, maybe the other one, this yeah, maybe that maybe the the other.

A

E

Yeah- and I don't know what's in each other,.

B

E

Or maybe that yeah well, maybe that info is going to be added back. I don't know normally when it was a minus minus bl, we could find all of the all of the library. So maybe maybe it's just.

F

In a different.

E

Yeah, maybe there's another layer in there that has that information that I'm looking for um but yeah. So, oh so, let's answer question uh which is yes, oh.

A

Work with images built by k-pac yeah.

E

You so so you may not have, do you have dive installed? Did you do dive or which dive.

B

E

I don't know if it's through a.

F

Spell dive: let's see you can try that.

E

And actually you can do it because that image is public on whitney's docker hub. So you could do a dive on the image yourself right now. uh Okay, so let's do dive and then wiggity whitney.

E

I don't think and uh yeah.

E

So, okay, so dive is basically a ui in the terminal to look inside of the image. um But.

B

You can see what I.

A

So what I would do here.

E

In dive is, I would hit tab.

E

And then I would hit control. U uh hit tab once saying that you're on the right hand, side. Okay, I think, are you on the right.

A

B

A

E

So what that did is basically it says so on the left is a list of layers in the image right, because oci images are the sub layer are layers and, on the right hand, side is the contents, but we don't want to see all of the contents. We just want to see what's different from layer to layer.

E

So now you can just kind of like hit down and you can see the structure of the images of every layer is really well structured and they're all uniform, which is part of what makes it possible to not be so sensitive to order as a docker file would be these. Are you can see that here's a layer added by the the bellsoft liberica uh build pack right, et cetera, like they're all, and so that thing we were talking about the layers um of the app itself is probably a little lower down.

E

I would guess that it's a 19 bit the one, that's 19 megs that one probably that is all yeah. Those are all the spring boot dependencies and if you would just jar it all up and like like in maybe you know most of docker files, if you just jar it up, you would have like you know: 19 megs, plus your 242 kilobytes, plus zero kilobytes from snapshots, plus your 10 kilobytes of your code.

E

All of that would be one jar file and if you change like one line of code, you have to re-package and re-transfer all those 20 megs, which this.

F

Is a tiny house right, probably that's more like 100, more.

E

um But if you do it this way, you change a little code and that's the only thing that changes. That is that's the only that's also retransferred over the network, to your registry or from your registry to where you need the image. That's huge.

A

The dependencies is like the big pudding layer in the middle, it's like a lot of it, and so, if you.

B

A

Take all that out of our parfait, that's and then rebasing is similar too, like with the log 4j but yeah. Let's talk about this yeah.

D

Talk about that.

E

Yeah, we didn't do that so yeah, so rebasing. Let's do the rebasing.

A

um We're gonna rebase ourselves, cool.

E

Yeah we can rebase okay, so so rebasing means it's the equivalent of like what. If you realize that your operating system is bad and you have to change the front statement in your docker file, you just have to rebuild the whole image, so we don't want to do that. We want a better way, um and so what that looks like uh in kpac, let's say, is okay, so we're so we're getting our we're. We kind of like uh outsourced our concern about the uh os to paquetto right.

E

We got we're getting the stack, the operating system from paquetto, so we would expect that when there's some issue with the operating system like a heartbleed or spectre or whatever one of those big deals, that the paquetto team is going to get into action and issue, a new version of the of the stack and all we have to do is go, get it and then patch our systems right, but patching our systems. Really. In this case, we don't want to have to rebuild all the images.

E

We literally want to take out that os layer and say here's a new os layer and just have all the images point to it. It should be really fast.

E

um So in order to simulate that we want to change our, we want to use the kp command to change our store. So let's do that. uh So we do kp cluster stack, save and then remember. The name of our stack was base, and so we say minus minus, build image and build image. What we had before was potential build packs. All one word.

E

Forward, slash build and then wait hold on. I'm sorry. I missed.

B

It what fresh build forward, slash, build.

E

Okay, heading forward, slash, build and then colon, and so here the the tag is, is the version right so before we had bass, c and b. So we just got the latest one: we're actually going to go backwards to simulate this, but pretend we're going forwards.

E

um So, instead of getting base c and b, we're going to specifically say version 1.1.39.

E

A

I'm typing the word version or no.

E

Oh, no, sorry, just okay, just 1.1.39 dashbase dash cnb.

E

And then the same for minus minus front image.

E

Just copy paste it yeah potato build yeah exactly well, instead of build it'll be run in the middle okay.

E

And so that's really all we have to do we just we just say: hey it's. A new stack and k-pac will do all the work. It'll say like oh new stack that affects this builder. This builder was used for this application and so for this application, I'm actually going to go and update the metadata the manifest of the app and say this thing that was pointing to the bad os layer that had a vulnerability.

E

I'm just going to update that pointer and point to this new os layer of version, 3 139139 and I'm not going to touch the other layers, I'm not going to recreate the layers, I'm just going to leave them the way, I'm going to point to the same things.

E

So it's super fast and it's very non-invasive and you can see evidence of it in the log file, for that particular build it'll, look quite different from the log file.

F

E

The statement is true only for paquetto provided os layers. No, this statement is true for well the state this this functionality and this concept comes from the project itself, so any any build facts that are compliant with the build packs. Api should be able to do this, so uh this is a project concept that paquetto is merely implementing.

E

Of course, you know you have to paquetto as an implementer of this concept. There you know paquetto is guaranteeing that the base images are compatible and poquito's doing the work, but that, but the idea and the requirements comes from the project itself. So in theory, any build packs should uh offer this functionality yeah. The the idea is in the project itself, mm-hmm.

B

E

We could do a kp build logs uh if we do a kp build list. Actually we can verify how many builds we have so three. So we want to say- and actually you can already see you see how it gives you a reason. So there was a success. There was a reason config, which was the first time. Then we did a kp image trigger.

E

So the reason for the rebuild was a trigger, and now we change the stack and it's telling us this is a stack. So that's a hint to us that that's probably not a rebuild, that's probably a rebase. So if we look at the build logs for build three, uh that should confirm that.

F

A

So I have to do wiggity whitney centron b3.

E

uh No just sunshine, because you're really looking at the you're looking uh you're putting the name, not wiggity wiggity whitney refers to the image on the.

B

E

Sorry, so you just want the name of the resource in kubernetes. Thank you, uh but you want build three, oh so this is. Oh, it's gonna, be the latest one. Oh, that's awesome, oh cool! Oh, so you don't even have to do that. Okay, so bill bugs gives you the most recent one. So, but you can see this is you know, there's no analyze detect.

E

You know, build export, restore whatever it's just rebase and completion, and but it published a new image uh to the docker registry, um and this would do it like uh you know, to all the if you had a thousands of images that you had created and this kpak installation was managing all of them within you know a few seconds or a minute or a couple minutes.

E

It would rebase all of the images and then all you have to do is reapply them to your cluster, uh which is the most efficient way to get rid of these operating system vulnerabilities um as compared to like you know, kind of status quo in a non-image in a non-container based environment. You would have to coordinate with the development teams take down the operating system.

E

Upgrade the vm, but even with docker files, you'd have to run through from beginning to end to rebuild your entire image so probably also retest it and all that stuff ran into each one imperatively, as opposed to kind of like at scale. Just like an octopus right, like all.

F

Of these and they'll face them all.

A

A very powerful octopus.

A

I like that, that mental image.

F

But it's tentacles in every in all of your images.

F

E

um Yeah uh tom, do you think that there's anything important that we that we should be showing that we missed.

A

We have covered everything that we set out to cover. Does anyone have any questions or does anyone yeah or yes, tom? Is there anything you feel like you'd like to see.

E

I know there was a question earlier by somebody about maven and greedle, so the equivalent of that would be uh if so, if we had cloned, if we like our java app that we're building here uh now. So if I, if we, if we were to clone that onto whitney's machine well, we could either do uh you know we are we've already seen.

E

We can build the image using kpat, we can also clone it and do a pack build or we could clone it and do a uh maven um spring boot colon build image, and it would be this oh yeah, oh so that was that was a previous question right yeah. So you.

D

E

Yeah, if we were to clone that repo, we could literally do uh maven um build image uh spring boot, build image or or the equivalent gradle command, and it would use the same cloud native build text. You would see the same output in the log files. You would use that you know you could use either wiggity whitney builder or the keto original builder, and it.

A

Would build the exact same image in the exact way it would be identical. Yeah.

B

E

Maven, even if you build it with a maven, you can still inspect your pack right. They're. All.

B

A

And this one was way from the beginning that what we said we'd revisit it: okay,.

E

So yeah, so the one so so it's very different from kaneko kaneko doesn't use, but what I didn't wasn't sure is: if this can't go use docker files, if that, if can I go as a way to execute a docker file, that canaco is a tool to build container images from a docker file inside of a cluster, okay, so yeah. So if you're using canaco, you wouldn't be able to get rid of all of your docker files, it would just be a way to instead of using docker build, and uh you could do it.

E

Mechanical would basically do because, when you do a docker build what's happening is that the docker build cli is not doing the work. The docker cli is just handing the your source code and your docker file up to the docker demon and the docker demon is doing the work of ex of executing every line in your docker file and producing the image. So if you're in a kubernetes cluster that doesn't really work, because you don't have docker there to do that, heavy lifting for you so canaco gives you that sort of back end.

E

That will you can still give it your source code and you give it the same docker file and canonical will do what it will execute the docker file for you and produce the image. So it's a way to use your docker file without the docker or demon there, but you're still using a docker file or you're still writing that custom script. You're still, you know, have no mechanism to share it across development teams.

E

To sort of you know to have this better structure to have more, uh you know just a better quality image and a better structured image and a more respectable, more transparent. All the great things that library so canico is still dockerfile.

A

Amero amigo called you the bodhisattva of build packs. I love that both of us.

F

That sounds good.

F

B

F

A

Does the kpac builder require root privileges.

C

F

Shouldn't right tom: can you confirm that, but it should not.

A

No does it require, what is the like, does it require? uh Is it using the runtime? That's on the is that using the daemon, like whatever container daemon and your kubernetes cluster.

E

So so, when no so when you use, when you use pack build and the builder, if you, if you're, if you're going to use combinator, build packs using the pax, cli or maven.

C

Us or the spring boot made in our gradle uh plug-ins.

E

Then, on your computer, it will use the docker demon on your computer to do that, build right. It's going to use that builder image run that builder image somewhere and inside of that builder image. It's going to build your code, but when it's on kubernetes uh it just uses that pod everything is happening inside of that pod. Every stage of your.

F

E

In a container.

F

Inside of that, it does not rely on a docker demon, so.

E

There's no side car, docker or anything like that, and since this is just building an image, it's not actually running your image right. This is just here's your image in your registry, you, you, then have to do the cuddle run or the apply deployment, and that's going to use runtime in your cluster right, but um but kpac not itself. So, okay, so tom tom, thank you tom. It's confirming.

A

No root no root privileges needed for the k-pac matter,.

E

I'm uh I have to say I'm so grateful for everybody who's. I mean this has been long right. It's like almost thank you to everybody. Who's stayed this long. uh All of the questions that we've gotten uh martin that, like critical uh help.

E

Yes, probably a developer on the team, who's uh so kind to be here throughout to make sure that we didn't get stuck anywhere and- uh and you know just be there with extra expertise, should we need it. um Thank you so much um thanks.

A

To everyone in the future, who watches the replay too, we're grateful, yeah and um and we're available, I think both of us are available. We have our twitter handles and our in fact, let's stop sharing screens we'll talk a little bit. We have a.

D

A

Handle so feel free to dm either of us with questions. Let's be real you're gonna d, dm cora. No! No, if you I mean I really uh we talked about like helping with um proposals for related things. um I I will be less knowledgeable, but I am if you need a pep talk, I'm very good at those and.

E

Yourself, she's so she's.

C

Out really fast and she's, really uh very courageous,.

E

In putting herself out there uh and helping others learn and make it making it relatable and asking great questions, I mean the ability to ask great questions says a lot about. uh You know the clarity of your thought and your curiosity so don't understand yourself.

B

You've been wonderful. Thank you. Cora thanks.

C

F

Thank you, and you just want to do this- have a great night.