►
Description
Come hang out with Kris Nova as she does a bit of hands on hacking of Kubernetes and related topics. Some of this will be Kris talking about the things she knows. Some of this will be Kris exploring something new with the audience. Come join the fun, ask questions, comment, and participate in the live chat!
A
A
So
let's
start
off-
and
let's
say
hello
to
everyone
thanks
for
joining
this
week,
we're
gonna
be
talking
about
building
containers
and
container
images
with
this
new
fancy
tool
called
bilder,
and
we
got
some
other
cool
stuff
we're
going
to
talk
about
before
then
that's
exciting
this
week
in
kubernetes
and
I've
got
some
cool
links
and
some
new
goodies
for
folks
to
check
out
unrelated
to
build
a
that
are
related
to
kubernetes
I'm,
your
host
Chris
Nova.
So
let's
see
what
people
are
saying
in
chat.
A
As
we
all
know,
this
is
my
legit
favorite
part
of
the
week.
So
let
me
scroll
up
here.
It
says:
Shawn
Smith's
was
our
number
one.
This
week,
hi
Shawn
happy
Friday.
Everyone
hope
you
all
had
a
good
week.
So
rush
says:
hi
greetings
from
Hamburg,
happy
Friday,
everyone,
hello
from
San,
Diego,
California,
hey
Peter,
good,
to
see
you
Justin
good,
to
see
you
a
decent
good
to
see
you
again
while
lead
hello
from
Saudi
Arabia.
We
have
somebody
from
the
Big
Apple
joining
you.
A
Neen
from
Locke
go
yell
he'd
head
I
have
no
idea
where
that
is,
but
it
sounds
impressive.
We
have
somebody
joining
from
Guatemala
I
looks
like
Duffy
is
filling
in
for
George
this
week
on
the
hefty
owe
official
TGI
K
handle
and
he's
gonna
be
helping
out
with
us
today
and
the
hack
and
be,
and
some
other
stuff
Sean
says.
Thanks
to
Duffy
good,
happy
Friday,
everyone
more
happy,
Fridays
lots
of
happy
Fridays.
A
It
looks
like
we
have
somebody
from
New
Zealand,
hello
from
New
Jersey,
more
hellos,
it's
good
to
see
everyone
Roy
happy
Friday
from
Toronto.
It
is
a
good
Friday.
It's
been
a
good
week.
We
had
really
great
weather
this
week,
so
I
feel,
like
everybody
was
in
a
really
good
mood
this
week,
both
here
in
Seattle
and
an
open
source.
So
it
was
a
good
positive
week
for
everyone.
So
yeah
I've
already
noticed
folks
are
coming
in
and
May
key
changes
to
the
hacking
D.
A
A
We
actually
create
a
new
directory.
I
already
created
one
for
the
this
week's
episode,
which
is
episode
54
on
bilder,
and
you
can
see
that
this
is
actually
what's
in
get
right
now
and
then
work
live
editing.
This
marked
down
here
that
will
be
merged
into
the
the
tree
upstream
looks
like
we
have
some
more
hellos
couple,
folks
from
mains
somebody
from
Serbia
somebody
from
Chile
Montreal
from
London.
So
as
always,
we
have
people
from
all
over
the
world,
which
means
it's
all
different
times
for
everyone
right
now.
A
So
it's
interesting
because
it
you
know
some
folks
are
just
waking
up.
Some
people
are
getting
ready
for
dinner,
maybe
having
a
drink
and
getting
ready
for
bed.
So
thanks
for
joining
everybody,
it's
always
a
pleasure
to
see
so
many
people
from
all
around
the
world
and
it's
one
o'clock
here
on
Friday
afternoon
in
Seattle,
which
is
where
I
am
and
TGI
K
is
one
of
the
last
things
I
do
for
the
week.
A
I
pretty
much
wrap
up
this
and
then
I
do
my
snippets
for
the
week
and
then
I
finish
up
any
last
minute
things
that
I
have
outstanding
on
my
plate
and
that
pretty
much
calls
it
a
week
for
me.
So
this
is
always
a
really
exciting
part
of
my
day
when
I
finally
make
it
to
one
o'clock
and
I,
get
to
hang
out
and
talk
about
kubernetes
with
a
bunch
of
cool
people
every
week.
So
this
is
exciting.
So
the
first
thing
we
want
to
talk
about
is
I.
A
Guess,
let's
look
at
our
reference
links
here.
So
we
have
this
build
without
a
docker,
daemon
I
think
it's
the
new
stack
who
did
this!
This
is
just
an
article,
okay
yeah.
This
was
the
new
stack
hello
from
India
good
to
see
you
Wally
did.
Did
you
notice
China,
yet
no
I
didn't
notice
China,
yet
welcome
from
China
thanks
for
joining.
That's
I
think
this
is
the
first
time
personally
I've
ever
how
do
you
enjoy
from
China?
So
that's
pretty
exciting.
All
right
welcome!
A
Okay,
so
this
article
is
I
think
wanted
the
original,
like
big
pipe
splash
articles
that
came
out
around
build
up
back
in
June
and
I,
wanted
to
call
it
out,
because
I
think
this
does
a
good
job
at
explaining
one
of
the
big
value
adds
that
builder
has
versus
docker.
So
if
you
want
to
come
through
and
read
this,
this
talks
a
lot
about
the
importance
of
building
a
container
without
the
docker
daemon,
and
why
folks,
the
original
authors
of
bilder
over
at
Red
Hat
decided
to
start
this
tool.
A
We're
gonna
get
a
little
bit
more
into
this
later,
but
this
is
a
good
read
and
I
was
actually
going
through
and
reading
a
little
bit
of
this
article
and
that's
what
kind
of
helped
steer
me
off
in
the
direction
of
even
doing
build
up
this
week.
Naturally.
So
this
is
where
it
all
kind
of
started
for
the
week
for
me
so
anyway,
this
is
a
good
read
if
you
want
to
come
check
it
out.
That's
relevant
to
today's
episode.
A
A
So
I
started
to
scroll
through
this
article
I
noticed
there
was
a
lot
of
like
clusters
are
isolated
from
each
other,
and
there
was
a
lot
of
like
value-adds
here
like
here
are
some
of
the
things
you
get
from
running
multiple
clusters,
and
none
of
this
really
explained
like
what
this
tool
was
or
what
this
library
was.
What
did
it
for
me
was
when
I
founded
this
link
here
and
I
clicked
on
the
multi
cluster
controller.
A
So
this
is
like
a
a
controller
or
an
operator
library
that
would
allow
you
to
plug
it
into
more
than
one
kubernetes
cluster
and
then
take
action
based
on
the
this
state
and
those
various
kubernetes
clusters
and
and
how
I
kind
of
came
to
that
conclusion
was
just
looking
at
the
go
here
so
yeah.
This
is
my
approach
to
figuring
out
what
something
does
is
read
an
article
about
it.
A
It
seems
too
wordy
and
then
just
go,
find
a
snippet
of
go
and
then
it
kind
of
cut
starts
to
come
together
for
me
in
my
brain.
But
anyway,
if
you
look
at
what's
going
on
here,
this
is
pretty
interesting.
We
initialized
a
new
pointer
to
reconciler.
We
pass
in
some
empty
options.
Here
we
have
this
slice
of
two
strings:
cluster
1
and
cluster
2.
We
call
context
we
loop
through
those
and
for
each
of
those
we
watch
and
resource
reconcile
object
and
we
pass
in
some
some
new
pods
and
some
watch
options.
A
Just
like
you
see
with
the
the
API
builder
framework
e
stuff
that
we
looked
at
and
queue
builder
that
we
looked
at
earlier
this
year
and
then
down
here.
At
the
end,
we
have
this
broader
reconcile
chunk
of
code,
so
it's
just
that
it
seems
to
be
a
way
where
you
can
actually
have
the
same
operator,
listen
or
be
aware
of
multiple
objects
and
multiple
clusters,
so
it's
kind
of
like
Federation
turned
backwards,
which
is
interesting.
It's
an
operator
model
for
multi
cluster,
which
is
exactly
what
the
original
article
said.
A
But
this
would
seem
like
a
cool
library
and
of
course
it's
only
got
21
stars.
So
anytime
I
see
a
new
project
I
like
to
kind
of
give
them
a
little
pat
on
the
back
and
say
thanks
for
doing
something
exciting
with
kubernetes.
So
this
was
pretty
cool
to
look
at
so
next
we
have
a
link
to
the
bilder
repository.
A
A
We're
actually
going
to
have
I
already
have
this
code
checked
out
locally
and
we're
going
to
dig
into
this
code
a
little
bit
deeper
when
we
go
into
our
going
a
sort
of
feature
lesson
for
the
day,
we're
going
to
talk
about
some
some
cool
stuff
that
they
actually
did
in
the
build
a
source
code.
That
I
think
makes
a
good
example.
So
next
we
have
oh,
this
was
a
really
cool.
One
I
was
really
excited
when
I,
when
I
saw
this
thing.
So
this
is
a
tool
called
cube
box.
A
A
But
this
is
a
really
cool
visual
way
to
visualize
the
kubernetes
cluster
and
actually
see
what's
going
on
in
your
cluster,
and
do
it
all
from
like
the
the
magic
of
your
command
line,
or
it
looks
like
you
can
also
do
it
all
from
a
web.
Ui
that
has
sort
of
the
same
looking
feel
and
I
bet.
I
would
actually
be
able
to
plug
this
into
a
kubernetes
cluster,
but
I
guess
we
can
do
a
whole
different
episode
on
cubox
in
the
future
and
see
what
this
thing
can
really
do.
A
But
this
was
really
exciting
and
anytime
I
see
somebody
coming
together
and
creating
some
sort
of
visual
user
interface,
II
abstraction
on
top
of
the
kubernetes
things
that
pretty
much
only
needs
like
a
cluster
URL
and
smoth
information.
I
get
pretty
excited
because
right
now
we
pretty
much
only
have
the
dashboard
or
Quebec
tool
as
our
two
options
and
I
think
there's
a
lot
of
room
and
a
lot
of
exciting
things.
We
can
do
other
than
what
those
two
tools
offered.
So
this
was
really
exciting.
A
To
see
so
cube
box
is
a
good
one,
and
last
but
not
least,
we
have
this
unshare
man
page.
This
is
mostly
going
to
be
some
reference
material
for
women
to
get
into
the
actual
source
code
of
bilder
and
we
talked
about
how
it's
actually
creating
processes
and
how
it's
calling
me
the
unshare
new
Colonel
feature
and
what
that
actually
does
and
what
that
means,
and
we'll
talk
a
little
bit
more
about
that
later.
But
a
good
TGI
K
episode,
always
references
a
good
man
page
in
my
mind.
A
So
here
is
a
man
page
for
lunch
here
that
we're
going
to
talk
about
a
little
bit
later.
So,
let's
see
what
our
friends
in
chat
are
saying,
and
then
we
can
talk
about
our
are
going
5
minute.
Little
go
snippet
for
the
day.
So,
let's
see
we
have
more
people
joining.
Oh
whoa,
we've
had
quite
a
few.
Let
me
scroll
up
here
so
hello,
more
hello,
hello
from
Maine.
We
already.
We
saw
a
Maine
hello
from
Montreal
hi
from
Paris.
A
A
Actually,
let's
not
start
in
the
terminal,
let's
start
here
at
the
build
a
source
code,
so
I
checked
out
the
source
code,
primarily
because
I
wanted
to
see
how
this
thing
is
built
and
one
of
the
reasons
I
wanted
to
see
how
it's
built
is
because
I
was
trying
to
actually
get
a
copy
of
it
in
running
so
without
going
into
too
much
detail
of
what
it
takes
to
build.
This
thing
what
I
wanted
to
point
out
was
this
really
interesting
tag
in
the
top
of
our
source
code?
A
Here,
that's
called
it's
this
building
tag
and,
let's
actually
see
if
we
can
find
the
go
documentation
on
this,
go
build
tags,
hello
from
Sweden,
we're
good
to
see
you
so,
let's
see
if
I
can
actually
pull
up
like
the
the
programming
language
docs
on
this,
oh
here's,
an
article
that
our
friend
Dave
Cheney
Road.
Let's
see
what
dave
has
to
say
about
this,
let
me
pull
this
over
cool,
so
I
think,
let's
see
here
yeah.
A
A
A
Tool,
this
was
one
of
the
unfortunate
banalities
I
discovered.
If
we
look
in
this
package
here
in
the
lib
pod
package,
true
user
you'll
see
we
have
three
files,
we
have
user
go
and
then
we
have
user
underbar,
basic
and
user
underbar
Linux
and
if
we
go
and
we
look
at
user
underbar
Linux,
we
can
see
at
the
top,
it
just
says
build
tag,
and
then
it
says
Linux.
B
A
If
we
go
and
we
actually
look
through
this
file,
we
can
see
there's
a
couple
of
different
unexploited
functions
here.
The
one
that
I
wanted
to
look
at
was
this
lookup
group
for
UID
and
container
function,
and
you
cannot,
you
can
see
that
it
like
opens
this
treated
file,
Etsy,
password
and
loops
over
it,
and
this
basically,
is
what
we
are
calling
the
implementation
for
this
abstraction,
which
is
Luca
lookup
group
for
UID
in
container.
A
So
this
is
exciting,
because,
if
we're
running
on
a
Linux
system
and
we're
compiling
our
source
code
for
Linux,
the
go
compiler
is
going
to
come
up
here
and
say:
oh
yeah,
we're
gonna
build
this
thing
for
Linux
and
we're
going
to
include
this
function
in
the
rest
of
the
code
as
we
compile
it
now.
If
we
were
compiling
for
an
architecture,
others
in
Linux,
the
go
compiler
would
then
trigger
on
this
build
tag
in
a
completely
different
file,
and
this
build
tag
says
everything
that
is
not
Linux,
so
this
would
be
FreeBSD.
A
B
A
B
A
I
ran
this
and
you
can
see
I
actually
got
this
supplemental
groups
list
look
up
by
UID,
not
supported
and
I
began
to
go
and
actually
grep
through
the
code
and
found
out
that.
Yes,
if
you
tried
to
compile
bilder
for
Darwin,
which
I
did
here
on
my
Mac
I
was
just
hitting
this
error
message
here:
supplemental
groups
list
look
up
by
UID,
not
supported
so
anyway.
A
So
that's
like
our
quick
little
five-minute
go
lesson
of
the
day
and
in
case
you're,
ever
seeing
these
build
tags
and
they
seem
a
little
bit
confusing
just
remind
yourself
that
there's
just
a
way
for
to
tell
the
compiler
to
include
or
exclude
an
entire
file.
And
if
you
look
at
this
user
go,
you
will
notice
up
here
at
the
top
there's
no
build
tag
and
all
littered
throughout
this
code.
You
can
see
that
we're
actually
calling
this
function
here.
A
So
if
we
take
this
and
we
go
look
in
user
code,
we
can
actually
go
through
and
see
that
there's
broader
level
functions
that
call
this
internal
function
and
then
this
function
here
will
exist
depending
on
if
you're
running,
on
Linux
or
anything
else,
so
a
decent
says
Chris.
Could
you
please
say
something
that
you're
docker
on
FreeBSD
project?
Do
you
achieve
any
results?
So
a
decent
brings
up
a
really
great
question
which,
while
we're
here,
let's
see
if
I
can't
pull
this
up
really
quick.
A
A
So
anyway,
to
answer
your
question
concretely,
a
decent,
the
FreeBSD
project,
we
we
were
able
to
do
some
basic
container
running
at
a
try
at
the
hack
day
that
we
did
at
the
Microsoft
office
in
San
Francisco.
The
project
itself.
I
can't
give
an
update
on
I'm
already
pretty
tight,
as
it
is
with
a
lot
of
open
source
involvement,
but
in
the
future,
if
I
get
some
more
time,
I
would
love
to
go
back
to
get
docker
running
on
FreeBSD.
A
That
allows
all
the
rest
of
the
container
tools
to
talk
to
jails,
and
then
we
get
all
of
the
benefits
of
jails,
but
we
can
plug
them
into
the
rest
of
the
container
ecosystem.
To
me,
that's
like
the
the
match
made
in
heaven.
That
would
be
a
game-changer
for
the
industry,
but
again
I,
simply
just
don't
have
it
enough
hours
in
the
day
to
do
that.
So.
A
The
high-level
update
on
docker
on
FreeBSD
and
the
high-level
explanation
of
build
tags
and
go
and
I
guess
to
complete
this
file
just
for
my
own
sanity
here,
we're
gonna
mimic
at
the
top
of
this
bill
tag,
but
we're
just
going
to
change
it
from
Linux
to
FreeBSD.
So
we
would
just
do
that
and
then,
if
we
did
I
come
if
we
compile
this
code
with
Goosen
Gorch,
which
would
look
like
this.
A
Go
to
the
Builder
directory
go
source,
github,
calm
containers
build,
we
could
do
like
a
go
build
and
we
could
say:
go
OS
equal
to
FreeBSD
and
Gorge
go
Arch
and
we
could
set
that
equal
to
whatever
you
want
it
to
and
based
on
those
values.
We
would
then
include
the
the
FreeBSD
file
that
I
just
defined
there.
So
anyway,.
B
A
Scorch
build
tags
that
are
conditional
based
on
your
architecture
and
go
that's
how
all
of
that
works
and
that's
how
you
can
build
go
programs
that
run
close
to
the
same
dependent
that
are
able
to
span
different
architectures
underneath,
ok
and
Qadir,
says:
okay,
cool
and
indecent,
says
it
sounds
great
things:
cool,
alright,
so
let's
actually
get
into
and
to
build
it
here
and
talk
a
little
bit
about
my
journey
and
how
I
ended
up
digging
through
the
the
source
code
of
bilder.
So
just
start
off.
A
Let's
see
it
looks
like
folks
are
just
talking
about
whether
or
not
they
can
see
comments
over
in
the
chat
right
now.
I'm
gonna,
stick,
Dave's,
lovely
post
here
in
our
hacking
D,
so
folks
at
home
can
see
it
Dave
things
for
for
all
of
the
hard
work
you
do
in
blogging
and
explaining
the
stuff
to
folks
like
us.
We
really
appreciate
it.
So
let's
do
this.
A
Cheney's
blog
on
conditional,
build
tags,
paste,
awesome,
ok
and
then
I
guess
I
can
have
my
FreeBSD
stuff
if
you're
interested,
but
I
can
do
that
later.
We
don't
have
to
do
that
right
now.
So
anyway,
let's
go
to
the
Builder
repo,
which
is
here
and
so
to
kind
of
like
paint
the
history
of
Nghia
trying
to
get
build
up
up
and
running
for
TGI
K.
Today,
oh,
it
looks
like
Joe's
like
retweeting
my
stuff
right
now,
thanks
Joe
I
just
got
a
notification
on
my
phone
anyway
to
paint
a
picture.
A
I
wanted
to
check
out
bilder
like
all
command
line
tools.
I
always
prefer
to
run
them
on
my
Mac
for
a
demo.
It
just
makes
it
a
little
bit
easier
and
then
I
can
open
up
the
files
locally.
In
my
text,
editor
of
choice
and
depending
on
the
presentation
and
text
editors,
sometimes
changes
so
I
went
here
to
build
a
and
I
noticed.
There
was
some
releases,
so
I
came
in
and
I
checked
out.
The
releases.
A
The
first
thing,
I
noticed
was
all
we're
doing
is
releasing
source
code,
which
is
good
because
when
you
now
have
a
snapshot
of
the
source
code
for
a
given
release,
but
it
was
kind
of
a
bummer,
because
I
was
hoping
to
find,
like
a
very
nice
convenient
static
binary
that
was
gonna
work
perfectly
on
my
Mac
and
I
didn't
find
that
so
I
kept
digging.
So
I
came
down
here
and
I
found
these
little
pages
here.
B
A
I
said:
okay,
here's
some
tutorials,
we
have
a
troubleshooting
guide
and
then
yes
installation
notes.
So
let's
go
look
at
installing
bilder
and
so
off-the-cuff.
You
can
see
that
we
have
some
kernel
version
requirements
which
makes
sense
if
you
think
about
what
bilder
does
is
its
building
containers.
So
a
container
is
pretty
much
a
glorified
system
process
that
takes
advantage
of
some
new
features
in
the
kernels
like
namespaces
and
unshare
that
we're
going
to
talk
about
it
a
little
bit
and
see
groups,
and
so
in
order
for
those
those
to
exist.
A
We
need
the
underlying
kernel
to
be
at
a
minimum
version
which
they
call
out
that
you
need
version
4.0
for
build
up,
and
then
it
talks
about
how
it
uses
Runcie,
which
is
a
docker
runtime
for
a
builder
run,
which
is
actually
running
a
container
that
you
can.
You
can
do
things
with.
You
can
write
in
a
process
inside
of
it
or
jump
inside
of
a
shell
inside
of
it.
A
If
you
want
to
and
then
also
uses
that
for
the
build
using
docker
file,
which
can
it
be
abbreviated,
bud,
PUD,
which
you
saw
me
run
just
a
moment
ago
and
again,
we're
gonna
run,
a
lot
of
these
you'll
be
pretty
familiar
with
them.
By
the
end
of
the
episode,
can
a
sheesh
says:
can
this
run
in
the
kubernetes
pod?
Yes,
it
can
ultimately
run
in
a
kubernetes,
pod,
Ashish
and
that's
gonna,
be
one
of
the
things
we
do
today
on.
A
The
episode
is
taking
the
world's
simplest
go
program
in
the
world's
simplest
docker
file
and
actually
building
a
container,
pushing
it
to
a
GC,
our
registry,
pulling
that
GC
our
registry
into
a
kubernetes
cluster
and
then
checking
out
the
logs
to
make
sure
everything
works.
So
we'll
do
that
hole
in
to
end
kind
of
run
through
today.
We're
just
talking
about
the
installation
requirement,
so
folks
get
an
idea
of
who
and
how
build.
A
Who
can
you
run
bilder
and
then
how,
of
course,
it's
it's
ran
and
then
we're
going
to
talk
a
little
bit
about
why
this
is
different
and
why
it's
important
compared
to
to
the
docker
build
tool
as
well.
So
anyway,
the
CNI
requirement
pretty
straightforward.
Basically,
you
need
to
use
C&I
and
it
uses
the
built-in
run
see
stuff
the
package
installation.
So
here
is
where
we
started
getting
off
into
the
weeds
okay.
A
So
if
you're
gonna
install
build
up
from
github,
you
need
to
make
sure
you
have
all
of
these
packages
already
installed
on
your
system
and
Tientsin
I'm
gonna
I'm,
assuming
that
the
Sun
or
Sean
I'm.
Sorry,
if
I,
if
I
mispronounced
your
name,
but
their
comment
was
seems,
build
is
still
required,
privileged
container
and
yes,
that
is
the
case
and
we'll
talk
a
little
bit
about
that
in
a
moment
as
well.
Okay,
so
if
he
goes
through
a
solution
from
github,
you
need
those
packages
installed.
A
If
you
want
to
run
this
on
fedora
here's
the
one-liner
that
you
need-
which
of
course,
I'm
not
running
in
fedora,
my
MacBook
here
so
I
kept
scrolling
down
and
trying
to
find
some
Darwin
installation
instructions.
So
here's
rel
here's
Santos,
here's
open,
SUSE,
here's
who
bun
here's
debian
and
then
the
rest
of
the
installation
continues
and
I
didn't
notice
anything
darwin
related.
A
And
so
I
went
and
checked
out
the
build,
a
source
code
which
is
where
we
are
now
and
I
went
ahead
and
I
pulled
up
the
make
file
and
I'll
just
use
an
Emacs.
Really
quick.
Do
you
do
and
I
grabbed
for
Darwin
and
I
found?
Oh
here's,
this
lovely
Darwin
target
and
here's
the
goose
and
Gorch
that
we
looked
at
a
little
bit
earlier.
So
this
is
starting
to
look
familiar,
and
this
is
how
build
it
would
be
compiled
for
Darwin
and
it
says
goose
is
equal
to
Darwin.
Then
we
call
go
build.
A
We
pass
in
our
LD
flags
here
our
output
is
build
a
Darwin,
we
give
it
a
handful
of
tags
and
we
tell
it
to
build
from
the
command
builder
directory.
So
I'm,
like
okay,
that
seems
straightforward,
so
I
went
ahead
and
did
a
make
Darwin,
and
you
know
first
time,
I'm
doing
this
doing
it
kind
of
blind,
so
I
kind
of
held
my
breath.
Actually,
it
did
looks
like
this
one
didn't
work,
Oh,
cuz,
I
think
I
needed
to
do
like
a
dependency
like
I,
think
it's
make
up
or
something
make
that's
yeah.
A
Okay,
ultimately,
I
was
able
to
get
it
to
work,
though
it
was
pretty
easy
to
get
it
to
compile
to
Darwin
and
then
after
I
had
it
compiled
to
Darwin
I
tried
to
actually
build
a
docker
container,
and
that's
where
I
hit
that
that
error
that
ultimately
led
to
me
digging
into
the
source
code
and
discovering
that
builder
basically
doesn't
work
on
any
architecture
but
Linux
right
now,
although
it's
sort
of
stubbed
out
or
the
scaffolding
is
there
for
other
implementations
like
Darwin,
so
it
might
be
worthwhile
to
you
know
if
you're
interested
in
contributing
to
the
project.
A
B
A
Looks
like
we
have
people
in
check,
it
says
well,
lead
side,
it
comes
RPM
packages,
4l,
7.6
and
other
related,
stuffed
cRIO,
pod
man's
scope,
EO
and
Muhammad
says
Parris.
So,
basically,
while
leta
saying
that
it,
there
is
a
some
official
RPM
packages
for
it
if
you're
running
on
rel,
so
you
can
just
go
ahead
and
like
download
those
RPM
packages
and
get
it
up
and
working
okay.
A
So
my
macbook
is
the
fans
just
kicked
on
so
hopefully
I'm,
not
overloading
my
CPU
by
trying
to
run
OBS
and
do
a
clone
here,
but
I'm
trying
to
demonstrate
that
we
can
and
actually
compile
the
darwin
by
an
area.
But
it's
not
actually
going
to
get
us
where
we
want
with
building
container
images.
So
I
guess.
A
A
We
can
see
that
I
should
have
a
kubernetes
cluster
and
a
build
ami
or
not
ami,
but
a
build
an
instance
that
I've
already
kind
of
done.
The
noisy
work
on
up
and
running,
which
is
this
top
one
here.
So
this
too
small
is
the
build
a
virtual
machine,
we're
going
to
be
using,
and
then
we
have
just
a
one
node
t
gik
number
54
kubernetes
cluster,
with
a
single
node
in
a
master.
A
So
we
can
copy
this
to
the
public
IP
here
to
the
clipboard,
and
we
can
actually
SSA
to
this
virtual
machine
and
see
what
we
have
up
and
running
so
SSH
Ubuntu
at
our
public
address
there,
and
if
we
look
in
our
home
directory,
yes,
we
do
have
the
T
gik
repository
checked
out,
and
we
also
have
this
install
shell
script.
So
if
we
cut
out
this
install
shell
script,
you
can
see.
A
All
this
is
is
basically
copy
copy
pasta
or
it's
just
been
copy
and
pasted
from
these
two
snippets
here
and
those
works
like
a
charm.
I
think
the
important
thing
to
call
out
is:
you
need
move
on
to
SSD
or
Ubuntu
xenial.
If
you
want
to
run
in
Ubuntu
or,
as
somebody
pointed
out
earlier,
if
you
want
to
run
in
fedora
or
rel,
there's
an
RPM
for
it
already.
Is
there
a
link
to
this
week's
hack?
Indeed,
okay,
so
Rory
I
can
help
with
that.
Here
is
a
link
to
this
week's
hack.
A
Indeed,
let's
see
if
I
can
drop
this
in
the
chat.
Oh
looks
like
Duffy
beat
me
to
it.
Ok,
so
anyway,
if
you
go
into
the
docs
here,
you
pull
up
the
ubuntu,
install
instructions
and
you
actually
run
them.
This
is
what
you
end
up
with.
You
will
end
up
with
this
build
a
directory
here
and
you
can
see
I
just
dropped.
Everything
into
a
shell
script
and
build
I
should
now
be
in
path.
A
So
if
I
run
builder
poof
there
we
go
and
then
I
also,
we
all
know
how
lazy
I
am
I
went
ahead
and
I
did
alias.
B
is
equal
to
tilde,
and
so
that
I
can
just
run
B
today
on
T
gik,
and
we
can
actually
really
start
to
to
motor
on
this
command
line
tool
and
see.
What's
going
on
yep
and
roy
says,
thank
you
and
thank
you
very
much
duffy
for
sharing
the
hacking
d.
So
let's
go
back
to
the
installation
bits
here.
A
A
A
So
thanks
for
pointing
that
out,
Duffy,
okay,
so
for
the
configuration
files,
the
first
one
is
this
registries
conf,
and
they
give
working
examples
that
I
were
able
to
get
all
of
these
working
on
Ubuntu.
So
all
I
did
is
I
grabbed.
This
configuration
file
and
I
went
and
I
dropped
it
in
at
sea
containers,
registry,
comm
and
I
kind
of
went
through
the
motions
here
and
I
did
mounts
comm.
A
That
I
did
the
second
fisa
and
the
policy
Jason
and
I
kind
of
configured
all
of
these
according
to
where
they
say
they
should
live
on
the
file
system
and
after
I
did
all
that
it
actually
worked
and
I
was
able
to
start
building
containers.
So
that's
where
we
are
today,
so
we
have
bilder
in
our
path
when
a
leus
is
equal
to
B,
we
have
the
T
gik
repo
checked
out
and
we
have
our
system
configured
and
tested
beforehand,
with
the
build
configuration
bits
already
up
and
running
just
with
the
basic
defaults.
A
I
didn't
actually
go
through
and
change
anything
I
just
copy
and
pasted
directly
from
the
the
working
examples
on
to
my
Ubuntu
system
and
everything
is
working
and
then
I
guess
for
a
good
measure.
If
folks
want
to
see
what
I'm
running,
there's
my
you
name
and
then
how
do
I
do
my?
What
is
it
lists?
Yeah
list
LSB
release?
No
LSB
models
are:
how
do
you
tell
which
run
to
version
you're
running
cat,
/,
@c
issue?
A
There
we
go
okay,
so
there's
my
kernel
looks
like
I'm
running
for
dot
for
the
AWS
Ubuntu
kernel
and
then
I'm
running,
ubuntu,
16.04,
dot,
v,
long-term
support,
so
very,
very
standard,
Ubuntu
installation
here-
and
this
is
how
I
was
able
to
get
build
a
up
and
running
on
a
Linux
like
system
that
we
just
learned
is
only
the
only
type
of
system
that
does
support
builder
right
now.
So
let's
go
back
and
see.
A
What's
going
on
here
earlier,
I
had
tried
to
get
this
thing
running
up
in
Darwin,
I'm
gonna
go
ahead
and
I'm
just
gonna
jump
out
of
that
I
think
we
might
have
the
Darwin
binary
here,
maybe
not,
but
either
way,
if
folks
want
to
go
down
the
rabbit
hole
of
compiling
for
Darwin
just
to
demonstrate
that
it,
in
fact
doesn't
work,
go
for
it.
I'm
gonna,
get
out
of
here
and
just
focus
on
running
this
thing
into
Linux
for
the
rest
of
the
episode.
A
A
Excuse
me:
okay,
so
let's
talk
building
a
container
image
with
build
em
and
I.
Guess,
let's
even
talk
about
what
a
container
image
is
in
the
context
of
build
a
little
bit
here.
So
let's
get
into
our
sort
of
home
base
for
this,
which
is
going
to
be
the
54
directory
here
yeah
and
you
can
see.
I
have
a
bunch
of
files
here
that
I
think
made
it
into
TG.
Like
hey.
Let's
see,
TG
Ike,
hey
episode,
54,
yes,
okay,
so
you
can
see
I
have
a
docker
file.
I
have
a
main
go
I.
A
A
Are
sort
of
mimicked
here
on
my
system
as
well
I,
actually
just
didn't
get
check
out
for
the
TGA
repo
here
and
I've,
just
been
working
on
the
command
line
all
day.
So
the
first
thing
we
want
to
do
is:
let's
just
get
familiar
with
the
build,
a
command
line
and
see
what
the
options
are.
So
to
do
that
we
can
just
run
B
and
it's
a
very
basic
command
line
tool.
A
It's
real
familiar
to
anybody,
who's
run
or
written
a
cobra
command
line
tool
and
the
go
programming
language
before
you
can
see
you
get
all
of
your
sub
commands
here.
You
get
examples
of
how
to
actually
form
your
commands
up
here
at
the
top,
and
then
you
have
build
a
an
image
builder
and
then
down
here
at
the
bottom.
You
have
all
of
these
optional
flags
and
global
options.
A
That
sort
of
tell
you
how
you
can
start
to
piece
your
commands
together
so
right
away
if
you've
actually
ever
run
docker
before
you,
you
can
that
this
is
a
little
bit
simpler,
in
other
words,
there's
less
sub
commands
here
with
bilder
than
we
would
see
with
docker.
In
fact,
if
you
I
think
Dockers
on
the
system
yeah,
you
can
see,
docker
has
all
of
these
sub
commands
here
and
there's
even
more
management
commands
and
it's
a
very
similar
format.
So
off-the-cuff
building
in
docker
solve
a
lot
of
the
same
problems.
A
Now
they
do
it
in
kind
of
two
different
ways.
I
think
the
important
thing
to
call
out
for
for
bilder
that
I
mentioned
earlier
in
that
new
stack
article
is
build.
I
can
do
all
of
this
building
a
container
image
and
pushing
it
up
to
registry
and
running
a
container
image
without
having
any
sort
of
daemon
running
on
your
file
system.
A
So
this
is
huge
if
you're,
if
you're
into
CI,
CD
and
you're
tired
of
dealing
with
the
docker
demon
on
your
underlining
host
server
and
making
sure
that
whatever
your
CI
CD
job
is,
can
can
access
that
demon,
or
you
know,
keeping
the
daemon
up
and
running
and
all
of
a
sudden
introduces
a
layer
of
complexity
for
you
trying
to
just
simply
build
a
container
image,
so
the
beauty
of
Bill.
That
is,
if
you
can
just
get
a
glynn
existing
with
the
build,
a
static
binary
on
it.
A
You
can
go
ahead
and
generate
a
container
images,
pretty
quick
and
it's
much
more
less
complex
and
it's
at
a
lower
cost
to
the
overall
system
to
just
run
it
with
this
static
binary
that
will
create
OCI
container
images.
So
we've
talked
about
this
before
in
the
past,
but
I
guess
it's
probably
a
good
time
to
even
mention
what
OC
is
so
the
OCI
spec
is
a
standard
for
a
container
image.
A
So
a
container
is
the
actual
instance
of
an
image
and
the
image
itself
is
sort
of
like
this
snapshot
or
the
representation
of
an
image
looks
like
somebody
has
a
comment.
It
says
I
think
an
Rican
was
wondering
how
build
up
in
Paris
was
image
originally
started
by
just
as
I
was
wondering
that
too
that's
another
good
question.
I
was
actually
talking
to
Jesse
about
some
of
this
stuff.
Yesterday,
a
little
bit
I
did
not
ask
her
about
image.
I've,
never
used
Jesse's
tool,
image,
I.
A
Think
Joe
has
so
maybe
he
can,
if
you
guys,
want
to
bother
him
on
Twitter.
You
can
get
some
input
from
him,
even
ping
Jessie,
and
get
her
thoughts
as
well.
I'm
happy
to
do
a
TGI
K
on
Jessie's
tool,
and
maybe
we
can
even
get
her
to
join
me
here
in
the
Seattle
office
or
something-
and
we
can
talk
about
it,
a
little
more
in
detail
later,
but
yeah,
I,
I,
just
I,
don't
know
I'm,
not
I
haven't
used
it
yet
I'm,
not
that
well,
rounded
I.
A
Don't
build
container
images
all
that
much
and
if
I
do
I,
usually
just
keep
it
simple
and
a
decent
says.
Also
there
is
Kenny
Kuh
from
from
Google
yeah
I
mean.
So
this
is
how
she
and
I
started
right
was
I.
Think
I
wanted
to
do
one
of
the
scene,
I
providers
and
this
turned
into
a
whole
like
series
of
me
doing,
scene
I.
A
So
if
folks
are
interested
in
and
doing
a
broader
compare
and
contrast
against
all
of
the
different
ways
of
building
containers,
this
might
be
the
first
of
many
container
building
episodes
where
we
look
at
some
of
these
other
ones.
So
yeah
I
actually
like
that
idea
quite
a
bit.
So
maybe
we
can.
We
can
kind
of
like
let
this
thing
roll
and
keep
it
going
a
decent.
If
you
wouldn't
mind,
maybe
dropping
that
in
and
chat
we
can,
we
can.
A
Well
thanks
for
the
the
idea
there
so
anyway,
the
open
container
spec
is
going
to
be
relevant
to
all
of
these
tools
that
we
were
just
talking
about
not
just
to
build
a
or
docker,
but
this
is
basically
a
spec
that
the
community
has
come
together
and
said
if
you're
gonna
create
a
container
image,
it
might
as
well
meet
the
following
criteria,
and
if
you
create
a
container
image
that
meets
the
spec,
you
should
be
able
to
plug
that
container
engine
image
into
any
tooling.
That
also
advertises
to
accept
OCI
complain
images
as
well.
A
So
this
is
nice
because
with
bilder
we
can
create
a
container
that
we
can
know.
We
can
then
get
up
and
running
in
kubernetes,
just
because
we
know
that
it
speaks
the
standardized
image
specification,
so
this
is
cool.
So
if
we
go
back
here,
we
can
actually
see
which
images
we
have
in
our
builder
registry
and
I.
Guess.
Registry
is
the
technically
correct
word
to
use
here,
although
probably
confusing
to
folks
at
home.
They
aren't
familiar
with
how
this
whole
thing
works.
So
if
we
do
a/b
images
actually
need
to
run
this
command
B
images.
A
Now
you
can
see
we
get.
We
get
nothing
back
because
we
don't
have
any
images
currently
saved
on
this
local
system,
because
I
deleted
them
all
before
tjk
and
we
can
do
B
containers
and
we
can
see
that
we
actually
don't
have
any
containers
currently
running
on
the
system,
also
because
I
deleted
all
of
them.
Before
tgia
k.
Peter
says
there
is
actually
a
scene.
C
F
talk
by
Matt
Ricard,
Google
software
engineer
about
building
docker
images,
a
brief
comparison
and
existing
tools
and
reasons
behind
Kanak
Oh,
awesome
Peter.
A
If
we
actually
start
doing
a
deep
dive
into
container
and
container
image
building
tools
and
then
I
have
a
feeling
if
we
do
a
deep
dive
into
container
image,
building
tools,
I'm,
probably
going
to
develop
strong
opinions
and
then
probably
go
off
on
a
tangent
and
try
to
build
my
own
or
something
crazy
like
that.
So
looks
like
hep
tio
has
a
link
in
the
chat
as
well.
So
thanks
for
sharing
Duffy
okay,
so
we
know
what
a
container
image
is.
A
It's
the
the
single
entity,
a
snapshot,
and
we
know
what
a
container
is,
which
is
a
current
running
or
a
currently
dead
instance
of
a
container.
So
from
a
single
image.
We
can
run
multiple
containers
and
then
again
container
is
literally
nothing
than
just
a
system
process
that
takes
advantage
of
a
handful
of
Linux
kernel
features
that
didn't
exist
until
recently.
Waleed
says
another
thing:
docker
images
will
show
a
different
view
than
build
images.
A
It
seems
they
do
not
share
the
same
files
while
he
brings
up
a
good
point:
I'm
not
gonna,
like
no
spoilers,
because
we're
gonna
get
into
this
a
little
bit
later.
But
yes,
there
are
some
formatting
things
that
we
have
to
be
aware
of
when
it
comes
time
with
building
with
docker
and
building
with
bilder,
and
then
I
really
wanted
to
bring
up
this
really
good
quote:
where's
our
hack
MD.
This
first
article
I
mentioned
it's
grunt
for
Jason.
A
This
quote
here,
I
really
really
enjoyed.
Why
do
we
need
a
big
container
to
basically
create
the
content
inside
of
a
directory,
tore
it
up
and
then
write
some
simple
JSON
files
with
it,
which
is
basically
another
way
of
describing?
What
actually
a
container
image
is?
Is
it's
just
a
very
simple
way
of
representing
a
container
that
you
that
we
can
guarantee
is
reproducible?
So
if
you
actually
want
to
boil
this
down
to
raw
ingredients,
it's
just
some
content.
A
All
of
that
lives
in
VAR,
Lib
containers
and
in
the
case
of
docker,
all
of
that
lives
and
var
Lib
docker
and
you
can
go
in
there
and
you
can
poke
around
and
you
can
see
all
of
these
files
that
actually
make
up
things
like
containers
and
images.
And
that
effectively
is
your
doctor
or
your
build
a
registry.
So
there
that's,
where
the
rubber
meets
the
road
in
raw
computer
science
terms,
container
images
and
containers.
A
A
This
is
cool
because
the
whole
like
paradigms
behind
how
you
would
build
a
container
image
are
different
in
bilder
versus
in
docker.
So,
let's
see,
if
I
can't
find
this
tutorial
really
quick,
because
this
was
a
really
good
one.
Where
were
tutorials
here
and
I.
Think
it's.
This
introduction
tutorial
here,
yeah.
B
A
I
kind
of
went
through
this
a
little
bit
to
get
a
container
up
and
running
and
we're
gonna
modify
it
just
a
little
bit,
but
to
start
off
we're
gonna
start
off
with
a
command
similar
to
this
one
here
and
we're
gonna
kind
of
explain
what's
going
on
here,
so
we're
here
in
our
T
gik
54
directory.
We
know
we
have
like
this.
Shell
script
called
test.
A
Nutshell,
and
if
we
run
it,
you
can
just
see
that
it
just
says:
welcome
to
T,
tik
and
gonna,
hang
for
I,
think
five
thousand
seconds
and
then
ultimately
exit
and
we're
gonna
use
that
to
stick
that
inside
of
the
container.
We
might
even
do
a
mango,
which
just
says
hello
and
doesn't
even
have
a
sleep
yet
so
we
can
stick
either
of
those
inside
of
the
container
with
bill
done
so
for
us
to
build
a
container
with
build
up.
A
We're
gonna
run
a
command
that
looks
like
this
and,
let's
see
what's
going
on
here
so
at
the
beginning
of
the
line,
we're
creating
this
new
variable
in
bash
called
container
and
I'm
going
to
change
this
a
little
bit
and
I'm
gonna
call
this
TDI
k1
and
here
we're
gonna,
run
we're
gonna
capture
the
output
of
this
command
that
says
build
up
from
fedora
and
we're
gonna
change
this
to
build
a
from.
Let's
do
a
bun
to
just
to
keep
everything
straight
and
bun
two
for
the
for
the
whole
episode
here.
A
A
So
if
you're
gonna
run
build,
you
have
to
have
root
access,
that's
just
the
way.
It
is.
If
you
don't
like
it,
don't
run
builder
or
pull
requests.
Accept
it
I
think
would
be
the
appropriate
response
there.
Okay!
So
anyway,
now,
let's
try
to
run
this
TGI
cake
command
again.
Now
that
we
have
sudo
upped
and
we
are
running
as
root
permanently
so
TGI
k1
equals
builder
from
bun
and
we'll
clear
our
screen
beforehand
and
run
that
command
now.
A
Aha,
we
now
have
our
first
container
record
defined
in
our
our
registry,
which
remember
just
lives
here
and
var
Lib
containers,
and
if
we
wanted
to
go
explore
that
I'm
sure
we'd
be
able
to
find
references
and
IDs
and
files
that
that
sort
of
start
to
glue
all
of
this.
This
line
together.
So
if
you
notice
that
I
did
from
Ubuntu
here
well,
actually
I
ran
it.
Where
did
I
run.
B
A
I
did
run
it
there
and
the
the
parlance
here
is
to
append
working
container
to
the
the
from
name
of
the
container
that
we're
building
and
if
you
actually
go
and
you
look
in
the
documentation,
you
can
sort
of
see
that
it.
It
talks
about
Bill
there
builded
defaults
to
appending
working
container
to
the
containers,
image
name,
I'm,
just
kind
of
regurgitating
it
here
in
the
command
line
for
you,
so
that
we're
not
going
back
and
forth
all
day.
A
So
anyway,
we
did
the
echo
container
move,
except
for
we
called
it
TJ,
I
k1
and
the
next
thing
it
suggests
that
we
do
is
we
do
this,
build
a
run
command
and
it's
like?
Okay,
so
I
know
we
have
a
container
running,
do
have
we
created
an
image
yet
so,
if
we
run
B
images,
you
can
see
that
we
actually
have
three
images
that
have
now
presented
to
themselves
on
our
file
system.
We
have
going
latest
and
we
have
bun
to
latest
and
we
have
test
image
latest
I.
A
Don't
know,
I
was
doing
test
image
earlier.
So
maybe
this
is.
You
should
overhanging
from
yeah
created
on
October
19th
and
October
16th,
so
maybe
these
are
just
hanging
from
earlier
that
we
can
see
them
now
that
we've
created
our
first
container
or
something
that's
interesting,
behavior
but
yeah.
So
we
shouldn't
have
really
created
a
container
image.
Yet
we
should
only
have
this
working
container,
which
is
effectively
running
so
how
we
can
test
me
even
see
if
this
is
running
is
we
can
do
a
PS
ox?
A
We
can
pipe
that
to
grep
and
we
can
say
grep
I
bun
and
you
can
see
that
we
should
or
the
script
for
builder.
We
should
have
a
process
running
so
you
says:
well,
that's
the
big
difference
with
image.
Then
image.
Big
selling
point
is
that
you
don't
need
to
be
rude.
Yes,
I
think
for
the
to
comment
their
site.
So
anyway,
let's
do
our
containers
command
again
and
you
can
see
we
have
a
bun
to
working
container
and
it's
not
currently
running.
A
A
Oh
my
gosh
T
GI,
k,
1,
and
then
afterwards
we
would
tell
it
the
the
name
of
the
command
we
want
to
run
inside.
So
let's
just
run
what
we'll
run
so
that
we
get
some
exciting
feature
is
in
our
shell
other
than
just
running
aborning
and
a
regular
shell.
We
get
a
born
again,
shell,
so
anyway,
so
be
run.
T
GI
k,
1
bash.
So
if
we
run
this,
you
can
see
that
we
have
created
this.
A
Mrs
Dalloway
thing,
and
we
are
now
actually
running
in
this
container,
and
so
let's
open
up
another
terminal
here
and
let's
resize
this,
because
we
want
to
kind
of
inspect
the
system
as
we're
doing
things
here
with
bilder.
What
was
our
ssh
command
ssh
there
we
go
okay,
so
now
we're
at
the
station
to
that
same
bunty,
server,
I'll,
see
you
up
again
and
now.
Let's
run
this
PS
ox
pipe
grep
for
bilder
again,
and
you
can
see
that
we
actually
have
this
process.
That
is
build
a
run.
A
We
want
to
work
in
container
bash
and
then
you
see
we
have
this
other
process
here.
That
is,
to
build
a
OCI
runtime,
which
is
I,
think
built
on
renze.
So
this
is
the
two
processes
that
actually
make
up
this
proceed
process,
II
that
we
are
running
here
in
a
containerized
environment
and
of
course
we
can
go.
A
We
can
explore
this
file
system
that
we're
on,
and
you
can
see
that
this
file
system
is
actually
different
than
this
file
system
here,
because
we
were
running
in
like
a
container
proper,
so
to
speak
and
container
with
an
operating
system
attached
to
it.
Ok,
so
that
is
how
you
start
to
create
a
container
and
how
you
can
actually
run
it
now.
What's
cool
is
because
we
still
have
this
container
that's
considered
a
working
container.
We
can
actually
kind
of
build
it
over
time.
So
this
is
one
of
the
similarities
to
jails.
A
Excuse
me,
you
can
see
that
there's
like
some
examples
of
build
installing
Java
and
you
can
start
to
install
things
on
your
container
and
running
commands
inside
your
container.
But,
more
importantly,
what
I
wanted
to
demonstrate
was
these
copy
and
these
run
commands,
which
I'm
not
sure?
Is
there
a
copy
example
in
here
I
thought
there
was.
A
Okay,
I'm
just
gonna,
do
this
kind
of
my
my
own
way,
really
quick
and
then
we
can
go
through
and
see
if,
if
folks
want
to
see
anything
else,
because
this
is
how
I
this
is
one
of
the
big
value
ads.
That
I
saw
when
I
was
messing
with
builder
or
build
I
should
say,
which
is
the
ability
for
you
to
kind
of
build
a
container
as
you
see
fit.
So
here
in
TGA
54.
A
We
have
this
test
dot
shell
file,
so
we
can
actually
add
that
file
to
our
containers
underlying
volume
by
doing
a/b
ad,
and
we
want
to
say
the
name
in
the
container.
We
want
to
add
two
which
is
TDI
k1
and
we
want
to
add
test
SH
and
let's
just
go
ahead
and
call
that
will
actually
rename
it
to
run
dot
sh
inside
the
container.
So
if
we
add
that
and
then
we
do
our
run
command
again,
this
is
like
where
the
magic
happens.
A
We
list
here,
you
can
see
that
we
actually
now
have
run
dot.
Sh
has
been
added
to
this
filesystem
and
if
we
exit-
and
we
run
it
again-
we
can
actually
see
that
it's
persisted
and
it's
still
running
here.
So
if
we
went
through
and
we
actually
did,
our
sh
run
SH,
you
can
see
it
says,
welcome
to
TGI
K
and
it's
gonna
sleep
for
you
know
2,000
seconds
it
looks
like
folks
are
still
talking
about
image.
A
It
says
Peter
says
for
image:
you
don't
need
to
be
rude
on
a
local
machine,
but
on
containers
it
requires
caps,
sysadmin
linux
capability,
github
issue
170,
which
may
have
been
resolved
11
days
ago,
shrekface,
I'm
gonna.
Let
you
folks
continue
talking
about
image.
I,
think
it's
good
to
bring
it
up,
but
I'm
gonna
stay
focused
here
on
adding
and
copying
files
we
build
up
just
for
folks
at
home
who
are
interested
in
learning
about
build
up.
A
Ok,
so
we've
added
you
run
dot,
SH
file
to
our
container
and
let's
go
ahead
and
was
just
like
add
another
file
for
good
measure.
So
we
can
exit
out
in
this
lets,
touch
a
new
file
and
we'll
just
say
it
exciting,
TGA
k
and
we
can
copy
this
file
instead
of
adding
it
and
that's
actually
going
to
make
a
copy
of
it.
So
I
guess
the
big
difference
is
the
first
one
you're
adding
a
reference,
the
second
one,
you're
actually
creating
a
copy.
A
So
if
we
come
in
and
we
do
a
build
a
copy,
we
can
copy
exciting
T
gik
and
we
will
copy
that
let's
actually
follow
our
or
syntax
here,
build
a
copy,
the
name
of
the
container,
which
is
TGA
k1
this
file,
and
we
will
just
copy
it.
Let's
call
it
something:
dot,
txt
perfect
and
if
we
go
in
and
we
run
our
bash
command
again,
we
should
see
that
we
have
something
that
txt
and
run
dot
SH.
And
if
we
is
he
max
on
here.
A
No,
if
we
RM
RF
something
dot
txt,
we
exit,
you
can
still
see
that
exciting.
T
gik
is
here
because
we
just
made
a
copy
of
it.
So
that's
kind
of
difference
between
adding
and
copying
files
into
bilder.
So
this
is
cool,
because
you
can
now
start
to
piece
together
your
container
and
inspect
it
and
actually
see
what's
going
on.
So
it's
a
little
more
hands-on
for
folks
who
are
looking
at
building
containers
a
little
more
interactively.
A
One
of
the
huge
value-adds
of
docker
is
the
docker
file,
because
we
know
that
if,
if
we
have
a
docker
file
that
generates
a
container
image
for
us
is
reproducible
in
this
manner.
If
we're
actually
going
through
and
doing
this
manually
on
the
command
line,
there's
a
chance
that
you
would
still
get
into
a
situation
where
somebody
had
some
step
that
was
required
to
replicate
behavior.
A
That
was
not
captured
in
a
docker
file
or
something
similar
I
think
it
would
be
really
cool
to
actually
look
at
how
you
could
start
to
use
bilder
inside
of
a
bash
script
instead
of
a
docker
file,
so
that
you
can
actually
use
bash
to
create
really
really
complex,
logical
files
that
build
container
images
for
you,
because
now,
instead
of
actually
doing
things
like
copy
that,
you
would
see
her
file.
You
can
actually
use
bash
and
you
know
interpolate
variables
or
have
conditional
logic
based
on
the
state
of
the
system.
A
And
it
just
gives
you
a
much
more
mature
programming
language
for
constructing
an
image.
Then
the
dockerfile
does
by
itself,
which
would
be
just
to
write
a
regular
old
bash
file,
using
the
commands
that
we
just
saw
so
pros
and
cons
there
to
doing
it
with
docker
files
or
with
the
method
that
we
just
looked
at.
Also
with
bilder.
You
can
actually
par
as
a
docker
file
proper.
So
if
we
look
at
this
docker
file,
I
have
here
it's
like
the
world's
simplest
docker
file.
A
It
just
says
from
going
latest
add
the
T
gik
directory
and
just
go
ahead
and
do
go
run
mean
dot
go.
So
if
we
do
build
up
what
is
the
command
I'm
thinking
of
so
be
I,
think
it's
run,
I
want
to
say
F
docker
file,
T
or
we're
going
to
call
this
example:
docker
files,
the
name
of
our
tag.
We
should
be
able
to
what
it's
not
be
run.
What
am
I
trying
to
do
here,
Oh
beat
bud,
of
course,
so
build
bu
D
build
using
docker
file,
which
is
the
shorthand
here.
A
Well,
Syed
builded
uses
doctor
files
as
well.
I
was
just
showing
you
that
you
can
do
both
with
bilder
and
talking
about
pros
and
cons.
I
think
the
thing
that
the
point
I
was
trying
to
make
with
bilder
or
any
container
image
building
tool
is
the
importance
of
repeatability.
So
regardless,
if
you
have
a
docker
file
that
looks
like
this
or
if
we
had
a
bash.
Let's,
actually,
let's
just
do
this:
let's
write
a
bash
file.
That
would
basically
do
this
exact
same
thing,
but
using
bilder.
A
So
let's
Emacs
we'll
call
this
build
a
will,
call
it
build
a
file,
why
not
dot
SH
and
let's
just
go
in
and
we'll
bin
bash,
and
we
can
paste
this
and
we'll
just
comment
all
these
lines
out,
because
we're
just
gonna
use
this
for
a
reference,
and
so
what
we
would
do
is
we
would
do
build
from
going
latest
and
remember.
This
is
proper
bash
that
we're
doing
here
so
we'll
call
this.
What
is
called
a
c4
container
will
capture
this
output
and
then
we
would
say
build
a
add.
A
This
directory
actually
I
think
the
syntax
would
be
like
this
see
this
directory,
and
actually
we
can
just
even
do.
Let's
make
this
really
resilient
print
working
directory
to
/t,
gik
and
then
I,
don't
know
how
you
would
do
a
build,
enter
the
run
command.
I,
don't
think
you
would
I
think
you
can
just
specify
that
later
at
runtime.
That's
a
good
question.
If
folks
are
interested
in
actually
defining
the
default
entry
point
command
for
their
build
a
container.
A
Is
there
a
way
to
define
that
using
the
Builder
sub
commands
that
we're
seeing
here
so
question
for
anybody
at
home
of
who's
watching
and
if
not,
I
can
try
to
look
after
the
episode
and
see
if
we
can't
figure
it
out
so
anyway,
then
you
know
if
we
maybe
some
optional
command
to
run,
may
echo
unsure
if
we
can
do
that
yet
so
anyway,
we
save
this
and
we
can
actually
run
that
build
a
file,
and
you
can
actually
see
that
we're
given
this
little
output
here
and
if
we
do
beat
images.
A
A
I
think
these
are
things
that
you
want
to
ensure
as
you're
you're
setting
up
your
system,
that
you're
always
going
to
be
able
to
generate
a
container
and
there's
never
going
to
be
any
sort
of
chance
of
human
involvement
along
the
way
and
I
think
there's
just
a
greater
risk
of
that.
With
bilder,
because
it
makes
it
so
easy
to
do
this
type
of
stuff
from
the
command
line
ricans
says:
do.
Building
with
shell
commands
generate
the
same
image
layers
so
that
they
can
be
cached.
A
I,
don't
know,
that's
another
great
question,
okay,
so
we
only
have
a
few
a
few
like
running
out
of
time
and
probably
got
fifteen
or
twenty
minutes
left
I
want
to
actually
get
this
thing
up
and
running
in
kubernetes.
So
let's,
let's
run
the
container
here
locally
and
then
let's
push
that
up
to
GC
R
and
let's
try
to
pull
that
down
into
kubernetes,
so
how
we
would
do
that
is.
We
would
do
B
containers
and
you
can
see
that
we
have
an
Ubuntu
working
container
and
we
have
this
going
working
container.
A
Oh,
my
gosh
lots
of
people
chatting,
let's
see
what's
going
on
a
decent
from
Guild
have
builded
run,
is
the
same
as
docker
run.
Docker
file
run
requires
a
command
okay.
So
that's
a
decent,
basically
asking
my
question
about
defining
a
default
command
there
and
roy
says
does
bill
to
create
layers
which
are
actually
ro
like
docker,
or
is
it
a
different
recognizing
roy
there's
a
flag
that
we're
about
to
look
at
in
about
five
or
ten
minutes?
A
That's
going
to
show
us
how
we're
going
to
create
the
layers
similar
to
docker
so
that
we
can
run
it
using
docker
and
I'll
demonstrate
all
that
as
we
get
these
containers
built
and
pushed
up
to
GCR
okay.
So
let's
look
at
the
documentation
for
committing
what
we
currently
have
and
I'm
kind
of
intentionally
doing
this
in
a
broken
way,
so
that
we
can
look
at
the
format
flag
in
a
moment.
So
in
order
to
do
this,
we're
gonna
sort
of
mirror
this
command
here
and
I.
A
Think
you
can
unmount
this
new
container
and
this
is
actually
I
think
considered
best
practice,
because
that's
going
to
stop
the
container
with
a
mounted
volume,
that's
running
on
your
system,
but
we're
going
to
go
ahead
and
skip
straight
into
the
building
it
here.
So
we
do
build
a
commitment
and
instead
of
doing
new
container
we're
gonna,
do
our
t,
GI
k1
variable
and
we're
gonna
call
this
a
TGA,
I
k1.
A
Okay,
you
can
see,
that's
now
been
committed
and
if
we
do
beat
images
you
can
see,
we
now
have
TGA
one
latest,
which
was
just
created
a
decent
says:
it's
not
a
question.
It's
an
answer
from
issue
in
the
Builder
repo.
Oh
yes,
I
I
know
a
decent
I'm.
Sorry,
if
that
came
off
the
wrong
way,
I
was
just
saying
you
were
answering
our
question
about
the
entry
point,
which
is
basically
it
behaves
like
docker
run
and
that
using
the
command-line
sub
commands.
A
You
really
can't
define
a
default
entry
point
like
that,
because
it's
always
just
going
to
be
run
at
runtime.
So
thank
you
for
that.
That
was
much
appreciated.
Okay,
so
we
finally
have
our
TGI
k1
latest
image
here
and
if
we
actually
want
to
run
this,
we
can
do
a
build,
a
run,
TGI,
k1
latest
and
we'll
say
bash.
Oh,
is
it
you
do
have
to
do
localhost
and
see
localhost
/.
Maybe
not.
A
We
can't
run
this.
This
imagename
build
a
run
error.
Reading,
build
container
I
think
it's
trying
to
find
a
container,
not
an
image,
so
you
can't
really
pass
in
an
image
which
is
interesting.
Okay,
so
I
think
if
we
passed
in
one
of
these,
we
would
actually
be
able
to
get
one
of
these
container
names.
We'd
have
to
be
able
to
do
a
builder
run,
so
that's
interesting,
behavior
as
well.
So
anyway,
we've
committed
the
image.
We
have
the
image.
A
Let's
now
try
to
push
the
image
up
to
TCR,
so
let's
jump
into
our
GC,
our
console
Google.
No,
it's
cloud!
Google
com
go
to
the
console
here
and
you
can
see
that
I
have
this
hefty
Oh
advocacy
project
and
then
here
on
the
left.
We're
gonna
go
into.
Gc
are
actually
I'll
just
go
to
the
top
and
do
it
that
way,
it's
a
little
bit
quicker
and
then
we
have
this
test
container
and
we're
gonna
create
140
gik
right
now.
A
So
now
that
we
have
committed,
let's
look
at
an
example:
push
command
here
and
I
already
have
one
here
in
my
history.
So
let's
just
grab
it
out
of
my
bash
history.
Here,
grep
for
push
okay,
so
you
can
see
I
had
this
is
me
debugging
earlier
I
had
a
Chris
know
of
a
test
container
and
I
had
this
working
command
here
as
well,
so
just
to
kind
of
in
the
saving
time.
A
I
want
to
show
folks
a
working
command
here
for
pushing
this
image
up
to
AGC
our
registry,
so
that
folks,
at
home
kind
of
get
the
nugget
of
the
episode
that
they're
looking
for,
which
is
this
command
here
and
we're
going
to
kind
of
piece
us.
Apart
with
what
we
have
now
with
A
to
G,
I
can
take
T
gik
image
we
just
created,
so
we're
gonna
do
build
up.
Push
format
is
equal
to
docker.
Now
this
is
like
the
magic
flag
here.
A
So
the
name
of
the
tag
that
we
want
to
create,
which,
if
we
scroll
up,
we
can
see
that
our
commit
file.
Where
was
that
here,
is
TJ
k1,
so
we're
gonna,
say
TTI
k1
and
then
we're
gonna
actually
pass
in
the
name
of
our
GC,
our
registry
and
we're
gonna
call
it
t
GI
k1
instead
of
tes
container.
So
this
should
work
and
I
can
talk
a
little
bit
more
about
how
I
was
able
to
authenticate
with
GC
r
in
a
moment.
Actually,
I
can
do
that
right
now.
A
Why
not
so
I
basically
had
to
do
a
docker
login
and
get
the
G
cloud?
There's
like
a
g-cloud
command
that
you
can
get
I'm,
trying
to
think
there's,
there's
somewhere
where
you
can
find
the
the
G
cloud
push
container
to
registry
and
they
go
through
and
they
say,
download,
G
cloud
and
run
this
off
command
for
docker
and
it'll
generate
your
auth
file
for
you
and
then
build
I
just
used
the
docker
default
off
stuff.
So
this
is
the
command
here.
G
cloud
off,
configure
docker,
so
I
downloaded
G
cloud.
A
I
authenticated
with
my
Google
Cloud
account.
I
ran
this
and
then
gelda
poof
just
magically
work
tonight
after
I
did
a
docker
I,
don't
even
think
I
had
to
do
a
docker,
login
I
might
have
had
to
do
a
docker,
login
and
then
I
built
it
just
started
to
push
so
I
think
it's
just
reading
those
credentials
in
the
file
system
as
they
are
populated
by
those
tools.
Okay,
so
we're
all
indicated
with
g-cloud
and
we
just
pushed
it
up
successfully.
A
A
A
So
now
that
we've
pushed
our
container,
let's
jump
on
to
let's
come
off
this
virtual
machine,
and
let's
come
down
to
my
my
macbook
here
so
like
we're,
coming
back
down
the
earth
on
my
macbook
and
I'm
gonna
open
up
a
new
terminal
and
I'm
gonna
resize
that
and
here
I'm
gonna,
actually
try
to
do
a
docker
run
with
that
container
image
that
we
just
put.
So
this
is
like
the
big
test
right.
Can
we
go
from
a
Linux
virtual
machine
running
an
Amazon,
create
a
container
image
with
shell
script?
A
Push
it
up
through
registry
and
then
pull
from
that
registry
using
just
regular
old
docker
and
actually
get
this
container
running
so
how
we're
gonna
do
that
is
we're
actually
going
to
do
a
docker
run?
But
if
we
come
here,
I
think
we
can
actually
get
like
the
polka
mancho
polka
man.
Yeah
is
what
we
want.
So
we
can
just
copy
this
thing
and
actually
I
don't
wanna.
Do
the
Polka
man
I
just
want
to
grab
this
part
here
so
we're
gonna.
A
Do
a
docker
run
IT
for
interactive
TTY
is
the
name
of
the
container
that
we're
running
and
then
we'll
do
good,
old-fashioned
bash,
and
that
should
work
so
unable
to
find
the
image
it's
pulling
from
the
hefty
Oh
advocacy
repo,
which
is
are
not
me
put
registry,
which
is
now
public
and
it
downloaded
it.
And
here
we
are
in
this
container
on
my
local
map.
Can
we
do
a
list?
A
And
lo
and
behold
there
is
our
run,
SH
command
and
it
says,
welcome
to
T
tik
and
it's
been
running
for
like
2000
SEC
it'll
sleep
for
2,000
seconds
and
it
she
says,
use
the
image
sha.
Instead
of
the
tag
sorry
is
sheesh,
I
could
have
used
the
image,
sha
I'm,
sorry,
but
yeah
I
just
did
the
tag,
because
again
I'm
lazy.
A
But
what
if
she's
just
saying
is
you
could
use
this
hich
image
shot
here,
which
is
a
much
more
secure
way
of
ensuring
that
you're
actually
getting
the
image
sha
or
the
unique
image
that
we
created
earlier
and
that
somebody
else
hasn't
come
and
created
a
latest
tag
and
swooped
that
out
from
underneath
of
us,
hep
Tia
says
another
trick
is
to
add
the
RM
to
the
run
command.
Yes,
so
Duffy
brings
up
a
good
point,
which
is
if
I
would
have
added
the
RM
at
the
end
of
my
run
command.
A
It
would
have
actually
deleted
this
once
I
got
done
running
otherwise.
I
have
to
go
manually,
delete
it
as
well
so
anyway.
These
are
good
tips,
thanks
for
pointing
them
out
and
I
just
wanted
to
show
that
what
you
can
actually
get.
This
run
dog
SH
up
and
running.
So,
let's
exit
out
of
this
and
now
for
like
the
moment
of
truth,
scan
this
thing
run
in
kubernetes.
A
So,
let's
do
k
run
k
again
is
alias
to
ki
Bechdel
queue
Bechtel
run,
so
let's
do
the
name
of
our
container,
which
we'll
call
TGA
k1
the
command
that
we
want
to
run,
which
is
just
going
to
be
run
SH.
This
is
this
is
new
syntax
for
a
lot
of
folks
run
dot
Sh
then
we
want
to
say
the
name
space
which
will
the
student
the
default
namespace.
A
A
Gcr
ggggg,
all
the
way
down
here
to
this
next
line
a
zero
and
we
can
pass
in
our
image
sha,
and
then
we
run
that
and
if
we
do
ok
get
P.
Oh,
oh,
you
can
see
that
I've
already
got
one
up
and
running
so,
let's
keg
elite
deploy
test
container.
This
is
left
over
for
me
to
grade
beforehand.
Now,
let's
try
this
again
k
get
P,
oh
and
you
can
see
well
that
one's
terminating,
but
we
want
to
look
at
this
one
which
is
t
GI,
k1.
A
A
We
build
a
so
that's
exciting,
but
let's
go
back
and
let's
see
what
else
we
can
do
here
and
actually,
let's
just
go
ahead
and
demonstrate
what
would
happen
if
we
clobbered
where's
our
push
command
I'm
wondering
what
would
happen
if
we
clobbered
that
image
when
they
neglected
the
pass
in
the
format
docker.
So
we
can
actually
see
what
what
happened
on
kubernetes
in
that
kubernetes
side
of
things
am
I
in
the
wrong.
Yes,
here
we
go,
I
was
in
the
wrong
shell.
That's
why?
A
So,
if
we
do
our
B
push
again
and
we
push,
we
take
off
the
format
equal
to
docker
and
we'll
let
this
push
up,
and
then
all
we
need
to
do
is
just
delete
that
pod
I
believe
the
pull
policy
should
be
set
to
always,
and
then
that
should
reap
all
the
image
or
and
then
that
image
should
air
out
a
decent
says.
Hefty
Oh
timecode
looks
dope
Thanks.
A
So
this
is
a
great
example
that
would
demonstrate
a
shishas
point
of
why
you
should
always
use
the
Shah,
so
this
Shah
here
is
inherently
different
than
this
Shah,
although
a
moments
ago,
if
I
would
have
done
a
docker,
pull
on
latest
I
would
have
got
a
working
container
that
was
built
here
and
if
I
did
a
docker
Pollin
latest
now,
I
would
actually
get
a
intentionally
broke
or
broken
container.
So
that's
why
it's
the
best
practice
to
use
the
Shah.
A
Whenever
you
can
so
you
know
you're,
actually
getting
the
exact
copy
of
the
container
you're.
Looking
for
and
that
you're
not
getting
a
container
image
that
has
been
overwritten
and
Wiley
says
if
you
have
Padma
and
try
pushing
and
using
pot
man
so
while
leave.
This
brings
up
a
good
point
here,
which
there's
a
sort
of
a
sister
project
called
pod
man
and
I
kind
of
went
out
of
my
way,
not
necessarily
talk
about
lib,
pod
or
pod
man.
A
A
That
you
can
do
with
bilder
that
folks
seem
to
be
excited
about
in
a
in
Hualien.
If
you
have
any
good
getting
started,
links
for
pod
man
or
limb
pod
feel
free
to
drop
those
in
the
Hackham
d
for
folks
at
home.
So
anyway,
let's
go
back
to
my
local
macbook
here
and
let's
get
our
pods
and
let's
actually
kill
this
pot.
Now
that
we
know
we've
pushed
a
intentionally
broken
container
image
up
to
the
registry
can
delete
p.
Oh
so
now,
if
we
do
k
get
p,
oh
I'm,
not
sure.
A
Let's
delete
this
hold
appointment,
let's
see:
okay,
good,
deploy,
ok,
delete,
deploy,
ttak
one
and
let's
just
start
from
scratch,
because
I
don't
feel
like
I
did
even
the
whole
image
pool
policy
right
now,
so
k
run
and
let's
call
this
TGI
K
BAM
and
now
let's
do
K
get
pods,
and
you
can
see
this
one
cake
and
Keo.
Oh.
A
Why
that's
the
problem?
Yeah
I
was
actually
just
seeing
if
she
totally
made
a
comment
there
yeah
the
image
saucy,
but
the
fact
that
I
did
that
a
second
ago
is
actually
a
saving
of
you
right
now.
So,
let's,
let's
delete
this
can
delete,
deploy
ttak
too
and
let's,
let's
reform
this
command
duty.
Gi,
hey
30!
Oh!
This
is
too
funny.
A
A
Soaked
a
get
P
o
t,
GI
k
3.
Actually,
what
am
I
trying
to
do
now?
I
can't
get
P.
Oh
I
want
to
take
it.
Okay,
logs
this
f
and
you
can
see
for
the
logs,
it
says,
container
t
GI,
k,
3
and
pod
is
waiting
to
start
trying
and
failing
to
pull
image.
Okay.
So
this
is
the
error
that
kubernetes
is
going
to
give
us
and
then
I
can
go
and
do
an
entire
episode
on
debugging
pods
in
kubernetes.
A
That's
kind
of
out
of
scope
for
today,
but
basically
the
point
I'm
trying
to
make
is,
without
that
format
equal
to
docker
flag
or
without
configuring,
your
kubernetes
server
to
support
the
build,
a
containment,
Ida
fault.
You
can
get
into
a
little
bit
of
trouble
here
if
you
don't
actually
create
a
docker
standardized
image
like
we
did
with
build
a
moment
ago.
A
So
that's
the
lesson
that
somebody
asked
for
on
Twitter
and
that's
what
kubernetes
will
do
if
you
actually
try
to
run
it
without
that
format,
equal
doctored
flag,
so
anyway,
let's
run
build
it
again
and
let's
see,
if
there's
anything
else,
we
want
to
talk
about.
Oh
there's
something
I
want
to
talk
about,
so
I
was
gonna,
get
a
little
bit
off
in
the
weeds
talking
about
this,
not
unmount
unshare,
and
what
this
whole
unfair
thing
is
and
talk
about.
A
Why
that's
relevant
around
containers-
and
you
know-
we've
already
an
hour
in
almost
20
minutes
into
the
episode.
So
I
can
do
a
quick
little
review
here
and
just
sort
of
like
talk
about
what
unshare
and
why
it's
important,
and
why
we
do
that.
If
folks
want
to
ask
any
questions
or
seeing
anything
else,
why
I
have
the
system
up
and
running
feel
free
to
ask
your
chat
and
then
we'll
call
it
a
day
after
I
kind
of
go
through
this
unshare
stuff
a
little
bit
here.
So
the
first
thing
I
want
to
talk
about.
A
Is
this
unshare
command?
So
if
you
actually
have
a
Linux
system,
you
can
actually
run
unshare
and
if
you
wanted
to
share
it,
looks
like
pretty
much.
Nothing
happened
but,
what's
exciting
is
you
can
actually
exit
out
of
that
and
you'll
see
that
we
went
back
to
root,
and
so
we
actually
created
a
new
process
and
you
shall
running
in
a
different
name
space
that
was
mirrored
off
of
the
the
hostname
space
namespace
that
we
started
in
and.
B
A
The
sort
of
unshare
mentality
here
and
if
you
actually
run
on
share
Oleg's
command,
you
can
do
help.
You
can
see
that
you
can
unshare
different
types
of
namespaces.
You
can
share
the
pig's
name:
space,
the
user
name
space
or
even
the
network
name
space
without
going
into
the
details
of
how
the
kernel
works
and
what
all
these
different
namespaces
mean.
It's
just
basically
more
elaborate
ways
of
you
controlling
how
your
processes
are
ran
and
what
they
do
and
don't
have
access
to
and
how
memory
is
shared
between
them.
A
So
if
you
actually
look
at
the
build
a
command,
you
can
see
that
there
is
this
on,
share
command
here
and
it
says,
run
a
command
and
a
modified
user
name
space.
So,
to
give
an
example
of
doing
this
with
Linux,
you
would
do
under
share
and
let's
just
run
shell,
and
you
can
see
that
we
have
the
shell
and
we
can
exit
out
of
it
and
we're
back
to
the
the
previous
process
and
with
bilder
you
could
run
be
on
share
shell
and
we
effectively
get
the
the
same
behavior
here
now.
A
This
is
cool
because,
in
order
for
you
to
actually
build
a
lot
of
the
container
libraries
and
a
lot
of
the
image
building
libraries,
you
really
have
to
go
and
get
off
in
the
weeds
with
managing
different
namespaces
and
actually
interacting
with
the
kernel
on
that
level.
So
that's
probably
one
of
the
reasons
why
I
build
only
runs
on
Linux
is
because
the
Linux
kernel
is
sort
of
the
the
champion
of
the
container
name
space
features.
So
it's
got
to
make
it
parent
Li
easier
to
build
this
type
of
stuff
on
a
Linux
environment.
A
So
anyway,
what
I
wanted
to
show
folks
was
actually
how
easy
it
is
to
implement
in
the
C
programming
language,
so
that
folks
get
an
idea
of
what's
actually
going
on
with
tools
like
docker
and
bilder
and
how
they're
actually
implementing
some
of
these.
These
namespace
features
and
these
these
built-in
system
calls
and
these
built-in
pieces
of
functionality
like
unshare,
so
I
found
this
really
great
C
example
online,
and
it's
really
simple:
I
promise
we're
not
going
to
talk
too
much
about
C,
but
if
we
actually
cat
this
unshared
C
file
out.
A
Actually,
let's
open
this
up
and
in
Emacs
unshared
C,
you
can
see
here
we
have
a
lot
of
boilerplate
up
here
at
the
top.
We've
defined
a
few
very
important
constants,
which
is
clone
new
C
group,
and
this
is
a
date
in
linux,
4.6
and
if
you
scroll
down
here,
you
can
see
we're
just
parsing
some
command
line
flags
and
then
down
here
at
the
very
bottom.
A
So
we've
demonstrated
that
builder
has
this
both
in
capability
that
docker
has
this
built-in
capability,
and
now
we
actually
showed
a
very
simple
example.
Let
me
see
of
how
you
would
actually
unshare
a
process,
so
let's
go
ahead
and
compile
our
C
code
I'm
to
do
GCC.
Oh
we're,
gonna
call
it
unshared,
TGI,
Kay
and
we're
say
it's
unshared
C
and
now
we
can
run
unshared,
TGI,
K
SH
and
look
we
get
the
exact
same
behavior
that
we
got
with
regular
unshare,
I'm.
Sorry,
regular
unshare!
Here,
oh
my
gosh.
A
Let's
start
over
a
pseudo
bash!
Okay!
Let's
now!
Let's
do
all
three
of
these:
let's
do
unshare
Sh!
Okay!
Now,
let's
do
the
t,
GI
KC,
unshare,
Sh,
okay,
and
now,
let's
do
the
build
unshare
Sh,
okay,
so,
regardless
of
if
you're
coming
in
through
the
go
programming
language,
regardless,
if
you're
coming
and
using
good
old
fashioned
C
and
calling
the
function
directly
or
regardless,
if
you're,
using
build
as
abstraction.
These
are
core
building
blocks
for
creating
and
maintaining
containers
and
that's
how
the
whole
container
building
thing
works.
A
So
that
was
just
my
local
example
to
sort
of
demonstrate
that
it's
not
as
complicated
as
you
think
it
might
be,
and
to
encourage
folks
to
start
to
explore
the
stuff
a
little
bit
more
and
learn
more
about
it.
Okay,
so
that's
unshared
a
process
in
Linux
and
that's
the
build
up,
building,
containers
and
building
images
and
pushing
them
up
to
a
registry.
A
Does
anybody
else
have
any
questions
or
anything
else
they
would
like
to
see
while
I
am
here
with
all
of
my
systems
pulled
up
and
everything
kind
of
in
place
and
up
and
running
and
configured
and
authenticated
I'm
happy
to
do
a
quick
demo.
Otherwise,
it's
you
know
it's
almost
been
an
hour
and
a
half.
So
thanks
for
joining
TGI
Kay-
and
you
know-
let's
do
a
couple
minutes
here
at
the
end
to
say
goodbyes
and
let
folks
ask
questions.
A
It's
always
a
little
bit
of
an
overhang,
so
I
always
try
to
kind
of
pull
back.
A
few
minutes
are
really
say
good
about
to
start
saying
goodbye
if
folks
chance
to
say
goodbye
and
fill
this.
These
last
few
minutes
of
the
episode
with
some
sort
of
content,
I
think
sometimes
I'll
talk
about
my
weekend,
boring
nothing's,
changed
I'm
gonna
go
climb,
the
mountain
as
per
usual
I,
think
my
girlfriend's
coming
with
me.
So
that's
exciting
and
we
might
get
a
dog
soon
we're
waiting
to
hear
about
back
about
a
puppy
later
today.
A
So
those
are
like
my
my
big,
exciting
life
updates
and
I
would
love
to
hear
about
your
use
cases
for
bilder
your
use
cases
for
docker,
and
of
course,
if
you,
if
you
like
the
idea
of
going
through
and
digging
through
all
of
the
container
image
building
tools,
we
can
totally
start
a
series
and
I'm
happy
to
go
through
and
do
compare
and
contrast
like
we
did
with
C
and
I
as
well.
Shawn
Smith
says
have
a
good
weekend.
A
He
says
how
are
the
cats
okay,
so
the
kitties
are
really
good
for
folks
that
don't
know.
Since
my
girlfriend
moved
in.
We
now
have
two
cats,
mr.
Darcy,
who
is
the
best
cat
in
the
world
and
then
his
sister
Kylie,
who
is
literally
a
demon
and
will
draw
blood
for
a
required
blood
sacrifice,
at
least
once
a
day
from
your
legs
and
I
love
them
both
very
much
and
they're.
My
favorite
kitties
in
the
world
and
I'm,
usually
not
a
cat
person.
A
So
this
I
feel,
like
that's
saying
a
lot
and
then
yes,
Duffy,
says
dog
photos
so
hopefully
we'll
have
some
dog
photos.
Walid
says
thank
you.
Chris
have
a
nice
weekend,
everyone,
while
Lee,
says
bill
before
CIC,
D
I.
Think
that's.
You
know
that's
one
of
the
good
takeaways.
If
we,
if
you
want
to
look
at
the
advantages
of
bilder
and
why
it
is
the
way
it
is,
it
does
simplify
the
CITV
process
and
I.
A
A
For
you
and
your
team
and
I
just
gave
you
a
quick
rundown
of
how
actually
you
can
you
can
do
that
and
still
get
your
containers
built
in
the
same
way
that
they
were
built
using
a
docker,
CLI
tool,
so
peter
says,
thank
you.
A
decent
sense
have
a
great
weekend
thanks
Chris
from
gift
abusin
says
thanks
Kristen
Duffy
yeah.
A
So
thanks
for
joining
everyone,
oh
as
she
says,
thanks
Chris,
what
kind
of
dog
are
you
getting
so
we're
looking
at
rescuing
another
Australian
Shepherd
border
collie,
which,
if
her
folks
at
home,
who
knew
Charlie
before
he
passed
away
earlier
this
year
he
was
an
Australian
border
collie
and
he
was
just
a
big
pain.
So,
hopefully
we're
trying
to
find
another
dog,
that's
gonna,
be
just
as
annoying
as
Charlie
and
if
we're
lucky
we're
gonna
get
this
puppy.
A
That's
super
cute
and
we're
gonna
rescue
them
from
a
horse
ranch
down
in
Texas,
Roy,
says
cic
be
under
route.
That's
a
really
good
point.
Roy
now
would
be
wanted,
like
the
blemishes
in
running.
Build
up
for
your
CI
CV
system
is
that
you
would
have
to
run
it
using
route
which,
though,
obviously
there's
a
lot
of
vulnerabilities
and
security
concerns.
They
are
just
blindly
running
commands
as
route,
so
yeah
pros
and
cons
just
stuff
to
think
about.
A
You
know,
as
always,
with
any
engineering
and
technical
decision
figure
out
what
makes
sense
for
you
and
your
team
understand
the
risks
associated
with
in
with
any
and
all
technical
decisions
and
make
one
and
see
if
it
works,
and
you
know,
experiment
and
gather
data
and
make
things
repeatable.
She
says
basil
can
do
this
without
root.
Yes,
that's
another
good
point:
google
has
a
tool
called
basil
that
allows
you
to
build
containers.
You
don't
need
to
run
it
as
fruit,
but
yeah
anyway.
I'm
gonna
get
out
of
here
folks
hit
us
up
on
Twitter.